From 50367ca7eb83f8f00caf2f606c42ccad51664f1c Mon Sep 17 00:00:00 2001 From: Cedric Lamoriniere Date: Mon, 12 Feb 2024 20:05:56 +0100 Subject: [PATCH 001/209] add(tooling): Add disktype label on kind nodes (#1316) the goal is to ease the CI migration from `kubeval` to `kubeconform` introduced by the PR #1199 --- .github/kind_config.yaml | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/.github/kind_config.yaml b/.github/kind_config.yaml index 752e993cd..4a421438a 100644 --- a/.github/kind_config.yaml +++ b/.github/kind_config.yaml @@ -2,5 +2,11 @@ kind: Cluster apiVersion: kind.x-k8s.io/v1alpha4 nodes: - role: control-plane + labels: + disktype: ssd - role: worker + labels: + disktype: ssd - role: worker + labels: + disktype: ssd From e099df6439c87b52e18908920652779f6704d718 Mon Sep 17 00:00:00 2001 From: Cedric Lamoriniere Date: Mon, 12 Feb 2024 22:25:41 +0100 Subject: [PATCH 002/209] fix(tooling): add config file path in helm/kind-action (#1317) --- .github/kind_config.yaml | 16 +++++++--------- .github/workflows/ci.yaml | 2 ++ 2 files changed, 9 insertions(+), 9 deletions(-) diff --git a/.github/kind_config.yaml b/.github/kind_config.yaml index 4a421438a..fc38ce068 100644 --- a/.github/kind_config.yaml +++ b/.github/kind_config.yaml @@ -1,12 +1,10 @@ +--- kind: Cluster apiVersion: kind.x-k8s.io/v1alpha4 nodes: -- role: control-plane - labels: - disktype: ssd -- role: worker - labels: - disktype: ssd -- role: worker - labels: - disktype: ssd + - role: control-plane + labels: + disktype: ssd + - role: worker + labels: + disktype: ssd diff --git a/.github/workflows/ci.yaml b/.github/workflows/ci.yaml index c842ec95e..fddde5673 100644 --- a/.github/workflows/ci.yaml +++ b/.github/workflows/ci.yaml @@ -104,6 +104,7 @@ jobs: install-chart: name: install-chart runs-on: ubuntu-20.04 + timeout-minutes: 60 needs: - lint-chart - kubeval-chart @@ -124,6 +125,7 @@ jobs: uses: helm/kind-action@v1.5.0 with: node_image: kindest/node:${{ matrix.k8s }} + config: .github/kind_config.yaml - uses: actions/setup-python@v4 with: python-version: 3.7 From 2e320f75d1dcba04e8f778efc65222a989cbe623 Mon Sep 17 00:00:00 2001 From: Will Yardley Date: Tue, 13 Feb 2024 00:27:32 -0800 Subject: [PATCH 003/209] ci: switch from kubeval to kubeconform (#1199) - Switch from kubeval, which is unmaintained and outdated, to kubeconform - Update kubernetes versions in test matrices - Use upstream schema for CRDs, so we don't have to ignore missing schemas in validation - Switch away from deprecated output https://github.blog/changelog/2022-10-11-github-actions-deprecating-save-state-and-set-output-commands/ - Switch CI nodeSelector examples to use disktype: ssd to avoid creating duplicates with baked in os defaults --------- Co-authored-by: Cedric Lamoriniere --- .github/kubeconform.sh | 38 +++++++++++++++++++ .github/kubeval.sh | 24 ------------ .github/workflows/ci.yaml | 26 +++++++------ .gitignore | 2 +- charts/datadog-crds/CHANGELOG.md | 3 ++ charts/datadog-crds/Chart.yaml | 2 +- charts/datadog-crds/README.md | 2 +- ...al-values.yaml => kubeconform-values.yaml} | 0 charts/datadog-operator/CHANGELOG.md | 4 ++ charts/datadog-operator/Chart.yaml | 2 +- charts/datadog-operator/README.md | 2 +- ...al-values.yaml => kubeconform-values.yaml} | 0 charts/datadog/CHANGELOG.md | 6 ++- charts/datadog/Chart.yaml | 2 +- charts/datadog/README.md | 2 +- ...al-values.yaml => kubeconform-values.yaml} | 6 +-- charts/extended-daemon-set/CHANGELOG.md | 4 ++ charts/extended-daemon-set/Chart.yaml | 2 +- charts/extended-daemon-set/README.md | 2 +- ...al-values.yaml => kubeconform-values.yaml} | 0 .../CHANGELOG.md | 4 ++ .../observability-pipelines-worker/Chart.yaml | 2 +- .../observability-pipelines-worker/README.md | 2 +- ...al-values.yaml => kubeconform-values.yaml} | 0 .../synthetics-private-location/CHANGELOG.md | 4 ++ charts/synthetics-private-location/Chart.yaml | 2 +- charts/synthetics-private-location/README.md | 2 +- ...al-values.yaml => kubeconform-values.yaml} | 0 28 files changed, 92 insertions(+), 53 deletions(-) create mode 100755 .github/kubeconform.sh delete mode 100755 .github/kubeval.sh rename charts/datadog-crds/ci/{kubeval-values.yaml => kubeconform-values.yaml} (100%) rename charts/datadog-operator/ci/{kubeval-values.yaml => kubeconform-values.yaml} (100%) rename charts/datadog/ci/{kubeval-values.yaml => kubeconform-values.yaml} (93%) rename charts/extended-daemon-set/ci/{kubeval-values.yaml => kubeconform-values.yaml} (100%) rename charts/observability-pipelines-worker/ci/{kubeval-values.yaml => kubeconform-values.yaml} (100%) rename charts/synthetics-private-location/ci/{kubeval-values.yaml => kubeconform-values.yaml} (100%) diff --git a/.github/kubeconform.sh b/.github/kubeconform.sh new file mode 100755 index 000000000..872c011d3 --- /dev/null +++ b/.github/kubeconform.sh @@ -0,0 +1,38 @@ +#!/bin/bash +set -euo pipefail + +KUBECONFORM_VERSION="v0.6.4" +# https://github.com/yannh/kubeconform/issues/51 +CRD_SPEC_URL="https://raw.githubusercontent.com/kubernetes/kubernetes/master/api/openapi-spec/v3/apis__apiextensions.k8s.io__v1_openapi.json" +# Remove after v1.16 support / testing is dropped +LEGACY_SCHEMA_URL="https://github.com/instrumenta/kubernetes-json-schema" +OS=$(uname) + +CHANGED_CHARTS=${CHANGED_CHARTS:-${1:-}} +if [ -n "$CHANGED_CHARTS" ]; +then + CHART_DIRS=$CHANGED_CHARTS +else + CHART_DIRS=$(ls -d charts/*) +fi + +# install kubeconform +curl --silent --show-error --fail --location --output /tmp/kubeconform.tar.gz "https://github.com/yannh/kubeconform/releases/download/${KUBECONFORM_VERSION}/kubeconform-${OS}-amd64.tar.gz" +tar -xf /tmp/kubeconform.tar.gz kubeconform + +# validate charts +for CHART_DIR in ${CHART_DIRS}; do + echo "Running kubeconform for folder: '$CHART_DIR'" + + # Note: -ignore-missing-schemas could be added if needed, but not currently + # needed since we have the schema necessary to validate the CRDs themselves. + # + # Also, if at some point we needed to validate things _using_ these CRDs, + # they're available via + # https://github.com/datreeio/CRDs-catalog/tree/main/datadoghq.com + helm dep up "${CHART_DIR}" && helm template --kube-version "${KUBERNETES_VERSION#v}" \ + --values "${CHART_DIR}/ci/kubeconform-values.yaml" "${CHART_DIR}" \ + | ./kubeconform -strict -schema-location default -schema-location "$CRD_SPEC_URL" \ + -schema-location $LEGACY_SCHEMA_URL -output pretty \ + -verbose -kubernetes-version "${KUBERNETES_VERSION#v}" - +done diff --git a/.github/kubeval.sh b/.github/kubeval.sh deleted file mode 100755 index 181f7c84c..000000000 --- a/.github/kubeval.sh +++ /dev/null @@ -1,24 +0,0 @@ -#!/bin/bash -set -euo pipefail - -KUBEVAL_VERSION="v0.16.1" -SCHEMA_LOCATION="https://raw.githubusercontent.com/yannh/kubernetes-json-schema/master" -OS=$(uname) - -CHANGED_CHARTS=${CHANGED_CHARTS:-${1:-}} -if [ -n "$CHANGED_CHARTS" ]; -then - CHART_DIRS=$CHANGED_CHARTS -else - CHART_DIRS=$(ls -d charts/*) -fi - -# install kubeval -curl --silent --show-error --fail --location --output /tmp/kubeval.tar.gz "https://github.com/instrumenta/kubeval/releases/download/${KUBEVAL_VERSION}/kubeval-${OS}-amd64.tar.gz" -tar -xf /tmp/kubeval.tar.gz kubeval - -# validate charts -for CHART_DIR in ${CHART_DIRS}; do - echo "Running kubeval for folder: '$CHART_DIR'" - helm dep up "${CHART_DIR}" && helm template --kube-version "${KUBERNETES_VERSION#v}" --values "${CHART_DIR}"/ci/kubeval-values.yaml "${CHART_DIR}" | ./kubeval --strict --ignore-missing-schemas --kubernetes-version "${KUBERNETES_VERSION#v}" --schema-location "${SCHEMA_LOCATION}" -done diff --git a/.github/workflows/ci.yaml b/.github/workflows/ci.yaml index fddde5673..d6a4f786a 100644 --- a/.github/workflows/ci.yaml +++ b/.github/workflows/ci.yaml @@ -33,7 +33,9 @@ jobs: if [[ -n "$changed" ]]; then echo -n "Charts changed:" echo "$changed" - echo "::set-output name=changed::$changed" + echo "changed<> $GITHUB_OUTPUT + echo "$changed" >> $GITHUB_OUTPUT + echo "EOF" >> $GITHUB_OUTPUT else echo "PR without any chart changes - failing" exit 1 @@ -68,7 +70,7 @@ jobs: - name: Run helm-docs run: .github/helm-docs.sh - kubeval-chart: + kubeconform-chart: runs-on: ubuntu-latest needs: - changed @@ -80,12 +82,12 @@ jobs: # https://github.com/instrumenta/kubernetes-json-schema is no # longer updated k8s: - # - v1.14.10 (deprecated with kind 1.16) - - v1.16.15 + - v1.16.4 - v1.18.20 - - v1.22.9 - - v1.24.2 - # v1.25.2 (when agent 7.40 is out) + - v1.22.17 + - v1.24.17 + - v1.25.16 + - v1.26.13 steps: - name: Checkout uses: actions/checkout@v3 @@ -95,11 +97,11 @@ jobs: run: helm repo add datadog https://helm.datadoghq.com && helm repo update - name: Add KSM helm repo run: helm repo add kube-state-metrics https://prometheus-community.github.io/helm-charts - - name: Run kubeval + - name: Run kubeconform env: KUBERNETES_VERSION: ${{ matrix.k8s }} CHANGED_CHARTS: ${{needs.changed.outputs.charts}} - run: .github/kubeval.sh + run: .github/kubeconform.sh install-chart: name: install-chart @@ -107,15 +109,15 @@ jobs: timeout-minutes: 60 needs: - lint-chart - - kubeval-chart + - kubeconform-chart strategy: matrix: k8s: - - v1.16.15 - v1.18.20 - v1.22.9 - v1.24.2 - - v1.25.2 + - v1.25.16 + - v1.26.13 steps: - name: Checkout uses: actions/checkout@v3 diff --git a/.gitignore b/.gitignore index 9f0bb268c..089390f06 100644 --- a/.gitignore +++ b/.gitignore @@ -1,6 +1,6 @@ charts/*/charts helm-docs -kubeval +kubeconform .idea vendor/ .vscode diff --git a/charts/datadog-crds/CHANGELOG.md b/charts/datadog-crds/CHANGELOG.md index 3e4c23ef8..b47bfbc6a 100644 --- a/charts/datadog-crds/CHANGELOG.md +++ b/charts/datadog-crds/CHANGELOG.md @@ -1,5 +1,8 @@ # Changelog +## 1.3.1 +* Migrate from `kubeval` to `kubeconform` for ci chart validation. + ## 1.3.0 * Update CRDs from Datadog Operator v1.3.0 tag. diff --git a/charts/datadog-crds/Chart.yaml b/charts/datadog-crds/Chart.yaml index 416ef901b..ec19ee5e7 100644 --- a/charts/datadog-crds/Chart.yaml +++ b/charts/datadog-crds/Chart.yaml @@ -1,7 +1,7 @@ apiVersion: v1 name: datadog-crds description: Datadog Kubernetes CRDs chart -version: 1.3.0 +version: 1.3.1 appVersion: "1" keywords: - monitoring diff --git a/charts/datadog-crds/README.md b/charts/datadog-crds/README.md index 40d5ee6d0..8a0149622 100644 --- a/charts/datadog-crds/README.md +++ b/charts/datadog-crds/README.md @@ -1,6 +1,6 @@ # Datadog CRDs -![Version: 1.3.0](https://img.shields.io/badge/Version-1.3.0-informational?style=flat-square) ![AppVersion: 1](https://img.shields.io/badge/AppVersion-1-informational?style=flat-square) +![Version: 1.3.1](https://img.shields.io/badge/Version-1.3.1-informational?style=flat-square) ![AppVersion: 1](https://img.shields.io/badge/AppVersion-1-informational?style=flat-square) This chart was designed to allow other "datadog" charts to share `CustomResourceDefinitions` such as the `DatadogMetric`. diff --git a/charts/datadog-crds/ci/kubeval-values.yaml b/charts/datadog-crds/ci/kubeconform-values.yaml similarity index 100% rename from charts/datadog-crds/ci/kubeval-values.yaml rename to charts/datadog-crds/ci/kubeconform-values.yaml diff --git a/charts/datadog-operator/CHANGELOG.md b/charts/datadog-operator/CHANGELOG.md index 06d1f6fd5..1468c4e69 100644 --- a/charts/datadog-operator/CHANGELOG.md +++ b/charts/datadog-operator/CHANGELOG.md @@ -1,5 +1,9 @@ # Changelog +## 1.4.2 + +* Migrate from `kubeval` to `kubeconform` for ci chart validation. + ## 1.4.1 * Add configuration for Operator flag `datadogSLOEnabled` : this parameter is used to enable the Datadog SLO Controller. It is disabled by default. diff --git a/charts/datadog-operator/Chart.yaml b/charts/datadog-operator/Chart.yaml index 67efc918e..8ddcf6bc8 100644 --- a/charts/datadog-operator/Chart.yaml +++ b/charts/datadog-operator/Chart.yaml @@ -1,6 +1,6 @@ apiVersion: v2 name: datadog-operator -version: 1.4.1 +version: 1.4.2 appVersion: 1.3.0 description: Datadog Operator keywords: diff --git a/charts/datadog-operator/README.md b/charts/datadog-operator/README.md index 0e9d28def..2df990a9f 100644 --- a/charts/datadog-operator/README.md +++ b/charts/datadog-operator/README.md @@ -1,6 +1,6 @@ # Datadog Operator -![Version: 1.4.1](https://img.shields.io/badge/Version-1.4.1-informational?style=flat-square) ![AppVersion: 1.3.0](https://img.shields.io/badge/AppVersion-1.3.0-informational?style=flat-square) +![Version: 1.4.2](https://img.shields.io/badge/Version-1.4.2-informational?style=flat-square) ![AppVersion: 1.3.0](https://img.shields.io/badge/AppVersion-1.3.0-informational?style=flat-square) ## Values diff --git a/charts/datadog-operator/ci/kubeval-values.yaml b/charts/datadog-operator/ci/kubeconform-values.yaml similarity index 100% rename from charts/datadog-operator/ci/kubeval-values.yaml rename to charts/datadog-operator/ci/kubeconform-values.yaml diff --git a/charts/datadog/CHANGELOG.md b/charts/datadog/CHANGELOG.md index b3d4fa869..645f41a1d 100644 --- a/charts/datadog/CHANGELOG.md +++ b/charts/datadog/CHANGELOG.md @@ -1,12 +1,16 @@ # Datadog changelog +## 3.54.1 + +* Migrate from `kubeval` to `kubeconform` for ci chart validation. + ## 3.53.3 * Update `fips.image.tag` to `1.1.1` ## 3.53.2 -* Exclude agent pod from labels injection from the admission controller +* Exclude agent pod from labels injection from the admission controller. ## 3.53.1 diff --git a/charts/datadog/Chart.yaml b/charts/datadog/Chart.yaml index 61ed41284..8a811cd17 100644 --- a/charts/datadog/Chart.yaml +++ b/charts/datadog/Chart.yaml @@ -1,6 +1,6 @@ apiVersion: v1 name: datadog -version: 3.53.3 +version: 3.54.1 appVersion: "7" description: Datadog Agent keywords: diff --git a/charts/datadog/README.md b/charts/datadog/README.md index 450c918b1..d1fae80ee 100644 --- a/charts/datadog/README.md +++ b/charts/datadog/README.md @@ -1,6 +1,6 @@ # Datadog -![Version: 3.53.3](https://img.shields.io/badge/Version-3.53.3-informational?style=flat-square) ![AppVersion: 7](https://img.shields.io/badge/AppVersion-7-informational?style=flat-square) +![Version: 3.54.1](https://img.shields.io/badge/Version-3.54.1-informational?style=flat-square) ![AppVersion: 7](https://img.shields.io/badge/AppVersion-7-informational?style=flat-square) [Datadog](https://www.datadoghq.com/) is a hosted infrastructure monitoring platform. This chart adds the Datadog Agent to all nodes in your cluster via a DaemonSet. It also optionally depends on the [kube-state-metrics chart](https://github.com/prometheus-community/helm-charts/tree/main/charts/kube-state-metrics). For more information about monitoring Kubernetes with Datadog, please refer to the [Datadog documentation website](https://docs.datadoghq.com/agent/basic_agent_usage/kubernetes/). diff --git a/charts/datadog/ci/kubeval-values.yaml b/charts/datadog/ci/kubeconform-values.yaml similarity index 93% rename from charts/datadog/ci/kubeval-values.yaml rename to charts/datadog/ci/kubeconform-values.yaml index 162127c79..5fb292aef 100644 --- a/charts/datadog/ci/kubeval-values.yaml +++ b/charts/datadog/ci/kubeconform-values.yaml @@ -36,7 +36,7 @@ clusterAgent: enabled: true createPodDisruptionBudget: true nodeSelector: - kubernetes.io/os: linux + disktype: ssd metricsProvider: enabled: false admissionController: @@ -46,10 +46,10 @@ clusterChecksRunner: enabled: true createPodDisruptionBudget: true nodeSelector: - kubernetes.io/os: linux + disktype: ssd agents: nodeSelector: - kubernetes.io/os: linux + disktype: ssd podSecurity: podSecurityPolicy: create: true diff --git a/charts/extended-daemon-set/CHANGELOG.md b/charts/extended-daemon-set/CHANGELOG.md index e4b46d670..a5242cee5 100644 --- a/charts/extended-daemon-set/CHANGELOG.md +++ b/charts/extended-daemon-set/CHANGELOG.md @@ -1,5 +1,9 @@ # Changelog +## 0.3.1 + +* Migrate from `kubeval` to `kubeconform` for ci chart validation. + ## 0.3.0 * Updated for EDS 0.8.0. diff --git a/charts/extended-daemon-set/Chart.yaml b/charts/extended-daemon-set/Chart.yaml index 4be6b294d..b8cc49934 100644 --- a/charts/extended-daemon-set/Chart.yaml +++ b/charts/extended-daemon-set/Chart.yaml @@ -2,7 +2,7 @@ apiVersion: v1 appVersion: v0.8.0 description: Extended Daemonset Controller name: extendeddaemonset -version: v0.3.0 +version: v0.3.1 keywords: - monitoring - alerting diff --git a/charts/extended-daemon-set/README.md b/charts/extended-daemon-set/README.md index fe0c4a05d..26b39da47 100644 --- a/charts/extended-daemon-set/README.md +++ b/charts/extended-daemon-set/README.md @@ -1,6 +1,6 @@ # Extended DaemonSet -![Version: v0.3.0](https://img.shields.io/badge/Version-v0.3.0-informational?style=flat-square) ![AppVersion: v0.8.0](https://img.shields.io/badge/AppVersion-v0.8.0-informational?style=flat-square) +![Version: v0.3.1](https://img.shields.io/badge/Version-v0.3.1-informational?style=flat-square) ![AppVersion: v0.8.0](https://img.shields.io/badge/AppVersion-v0.8.0-informational?style=flat-square) This chart installs the Extended DaemonSet (EDS). It aims to provide a new implementation of the Kubernetes DaemonSet resource with key features: - Canary Deployment: Deploy a new DaemonSet version with only a few nodes. diff --git a/charts/extended-daemon-set/ci/kubeval-values.yaml b/charts/extended-daemon-set/ci/kubeconform-values.yaml similarity index 100% rename from charts/extended-daemon-set/ci/kubeval-values.yaml rename to charts/extended-daemon-set/ci/kubeconform-values.yaml diff --git a/charts/observability-pipelines-worker/CHANGELOG.md b/charts/observability-pipelines-worker/CHANGELOG.md index 6021faef1..ea0c2d35a 100644 --- a/charts/observability-pipelines-worker/CHANGELOG.md +++ b/charts/observability-pipelines-worker/CHANGELOG.md @@ -1,5 +1,9 @@ # Changelog +## 1.8.1 + +* Migrate from `kubeval` to `kubeconform` for ci chart validation. + ## 1.8.0 * Official image `1.8.0` diff --git a/charts/observability-pipelines-worker/Chart.yaml b/charts/observability-pipelines-worker/Chart.yaml index fa6f7a36f..592df157c 100644 --- a/charts/observability-pipelines-worker/Chart.yaml +++ b/charts/observability-pipelines-worker/Chart.yaml @@ -1,6 +1,6 @@ apiVersion: v2 name: observability-pipelines-worker -version: "1.8.0" +version: "1.8.1" description: Observability Pipelines Worker type: application keywords: diff --git a/charts/observability-pipelines-worker/README.md b/charts/observability-pipelines-worker/README.md index 5b82ccaf1..cc45ada43 100644 --- a/charts/observability-pipelines-worker/README.md +++ b/charts/observability-pipelines-worker/README.md @@ -1,6 +1,6 @@ # Observability Pipelines Worker -![Version: 1.8.0](https://img.shields.io/badge/Version-1.8.0-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 1.8.0](https://img.shields.io/badge/AppVersion-1.8.0-informational?style=flat-square) +![Version: 1.8.1](https://img.shields.io/badge/Version-1.8.1-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 1.8.0](https://img.shields.io/badge/AppVersion-1.8.0-informational?style=flat-square) ## How to use Datadog Helm repository diff --git a/charts/observability-pipelines-worker/ci/kubeval-values.yaml b/charts/observability-pipelines-worker/ci/kubeconform-values.yaml similarity index 100% rename from charts/observability-pipelines-worker/ci/kubeval-values.yaml rename to charts/observability-pipelines-worker/ci/kubeconform-values.yaml diff --git a/charts/synthetics-private-location/CHANGELOG.md b/charts/synthetics-private-location/CHANGELOG.md index 49cb64fc2..fd5e381a4 100644 --- a/charts/synthetics-private-location/CHANGELOG.md +++ b/charts/synthetics-private-location/CHANGELOG.md @@ -1,5 +1,9 @@ # Datadog changelog +## 0.15.26 + +* Migrate from `kubeval` to `kubeconform` for ci chart validation. + ## 0.15.25 * Update private location image version to `1.44.0`. diff --git a/charts/synthetics-private-location/Chart.yaml b/charts/synthetics-private-location/Chart.yaml index 467126e38..18ce0b289 100644 --- a/charts/synthetics-private-location/Chart.yaml +++ b/charts/synthetics-private-location/Chart.yaml @@ -1,6 +1,6 @@ apiVersion: v2 name: synthetics-private-location -version: 0.15.25 +version: 0.15.26 appVersion: 1.44.0 description: Datadog Synthetics Private Location keywords: diff --git a/charts/synthetics-private-location/README.md b/charts/synthetics-private-location/README.md index 098c16bc2..9224ef930 100644 --- a/charts/synthetics-private-location/README.md +++ b/charts/synthetics-private-location/README.md @@ -1,6 +1,6 @@ # Datadog Synthetics Private Location -![Version: 0.15.25](https://img.shields.io/badge/Version-0.15.25-informational?style=flat-square) ![AppVersion: 1.44.0](https://img.shields.io/badge/AppVersion-1.44.0-informational?style=flat-square) +![Version: 0.15.26](https://img.shields.io/badge/Version-0.15.26-informational?style=flat-square) ![AppVersion: 1.44.0](https://img.shields.io/badge/AppVersion-1.44.0-informational?style=flat-square) [Datadog](https://www.datadoghq.com/) is a hosted infrastructure monitoring platform. This chart adds a Datadog Synthetics Private Location Deployment. For more information about synthetics monitoring with Datadog, please refer to the [Datadog documentation website](https://docs.datadoghq.com/synthetics/private_locations). diff --git a/charts/synthetics-private-location/ci/kubeval-values.yaml b/charts/synthetics-private-location/ci/kubeconform-values.yaml similarity index 100% rename from charts/synthetics-private-location/ci/kubeval-values.yaml rename to charts/synthetics-private-location/ci/kubeconform-values.yaml From 8d1dd1f068df7b94e0d03527f073c07aad827394 Mon Sep 17 00:00:00 2001 From: Baptiste Foy Date: Tue, 13 Feb 2024 17:57:01 +0100 Subject: [PATCH 004/209] fix(datadog-agent): Properly set DD_APM_ENABLED in the core agent container (#1310) The `DD_APM_ENABLED` value has always been hardcoded to `false` in the core agent container, leading to situations where APM is indeed enabled and the value of `apm.enabled` is set to false in the core agent and true in the trace agent. This hasn't been an issue until we started reporting the agent configuration to the backend, and to display it in the UI. The agent configuration is reported from the core agent, meaning that customers will see `apm.enabled: false` in the UI even if the trace agent exists. Here we fix this by setting DD_APM_ENABLED to true in the core agent if the trace agent exists or if APM is enabled. The latter should imply the former, but this makes the logic future-proof. --- charts/datadog/CHANGELOG.md | 8 ++++++-- charts/datadog/Chart.yaml | 2 +- charts/datadog/README.md | 2 +- charts/datadog/templates/_container-agent.yaml | 2 +- 4 files changed, 9 insertions(+), 5 deletions(-) diff --git a/charts/datadog/CHANGELOG.md b/charts/datadog/CHANGELOG.md index 645f41a1d..316bf5346 100644 --- a/charts/datadog/CHANGELOG.md +++ b/charts/datadog/CHANGELOG.md @@ -1,5 +1,9 @@ # Datadog changelog +## 3.54.2 + +* Set `DD_APM_ENABLED` value in the core agent container to properly report its value. + ## 3.54.1 * Migrate from `kubeval` to `kubeconform` for ci chart validation. @@ -90,7 +94,7 @@ Get rid of the old GODEBUG=x509ignoreCN=0 hack that is not effective anymore in ## 3.49.2 -* Fix check for APM Instrumentation when apm.intrumentation.disabledNamespaces is set +* Fix check for APM Instrumentation when apm.intrumentation.disabledNamespaces is set ## 3.49.1 @@ -147,7 +151,7 @@ Get rid of the old GODEBUG=x509ignoreCN=0 hack that is not effective anymore in ## 3.42.1 -* Bump FIPS proxy OpenSSL version to 3.0.12 +* Bump FIPS proxy OpenSSL version to 3.0.12 ## 3.42.0 diff --git a/charts/datadog/Chart.yaml b/charts/datadog/Chart.yaml index 8a811cd17..58b79c402 100644 --- a/charts/datadog/Chart.yaml +++ b/charts/datadog/Chart.yaml @@ -1,6 +1,6 @@ apiVersion: v1 name: datadog -version: 3.54.1 +version: 3.54.2 appVersion: "7" description: Datadog Agent keywords: diff --git a/charts/datadog/README.md b/charts/datadog/README.md index d1fae80ee..4a4038898 100644 --- a/charts/datadog/README.md +++ b/charts/datadog/README.md @@ -1,6 +1,6 @@ # Datadog -![Version: 3.54.1](https://img.shields.io/badge/Version-3.54.1-informational?style=flat-square) ![AppVersion: 7](https://img.shields.io/badge/AppVersion-7-informational?style=flat-square) +![Version: 3.54.2](https://img.shields.io/badge/Version-3.54.2-informational?style=flat-square) ![AppVersion: 7](https://img.shields.io/badge/AppVersion-7-informational?style=flat-square) [Datadog](https://www.datadoghq.com/) is a hosted infrastructure monitoring platform. This chart adds the Datadog Agent to all nodes in your cluster via a DaemonSet. It also optionally depends on the [kube-state-metrics chart](https://github.com/prometheus-community/helm-charts/tree/main/charts/kube-state-metrics). For more information about monitoring Kubernetes with Datadog, please refer to the [Datadog documentation website](https://docs.datadoghq.com/agent/basic_agent_usage/kubernetes/). diff --git a/charts/datadog/templates/_container-agent.yaml b/charts/datadog/templates/_container-agent.yaml index cc71feddd..e1d618a63 100644 --- a/charts/datadog/templates/_container-agent.yaml +++ b/charts/datadog/templates/_container-agent.yaml @@ -101,7 +101,7 @@ {{- include "containers-cluster-agent-env" . | nindent 4 }} {{- end }} - name: DD_APM_ENABLED - value: "false" + value: {{ include "should-enable-trace-agent" . | quote }} - name: DD_LOGS_ENABLED value: {{ (default false (or .Values.datadog.logs.enabled .Values.datadog.logsEnabled)) | quote}} - name: DD_LOGS_CONFIG_CONTAINER_COLLECT_ALL From 717dd418472cedca8a27e6f12fc1299c054fd661 Mon Sep 17 00:00:00 2001 From: Celene Date: Thu, 15 Feb 2024 15:00:06 -0500 Subject: [PATCH 005/209] update datadog-crds for operator 1.4.0 (#1322) --- charts/datadog-crds/CHANGELOG.md | 3 ++ charts/datadog-crds/Chart.yaml | 2 +- charts/datadog-crds/README.md | 2 +- .../datadoghq.com_datadogagents_v1.yaml | 42 +++++++++++++++++++ .../datadoghq.com_datadogagents_v1beta1.yaml | 42 +++++++++++++++++++ .../datadoghq.com_datadogmonitors_v1.yaml | 3 ++ ...datadoghq.com_datadogmonitors_v1beta1.yaml | 3 ++ crds/datadoghq.com_datadogagents.yaml | 42 +++++++++++++++++++ crds/datadoghq.com_datadogmonitors.yaml | 3 ++ 9 files changed, 140 insertions(+), 2 deletions(-) diff --git a/charts/datadog-crds/CHANGELOG.md b/charts/datadog-crds/CHANGELOG.md index b47bfbc6a..4df1b2ae0 100644 --- a/charts/datadog-crds/CHANGELOG.md +++ b/charts/datadog-crds/CHANGELOG.md @@ -1,5 +1,8 @@ # Changelog +## 1.4.0 +* Update CRDs from Datadog Operator v1.4.0 tag. + ## 1.3.1 * Migrate from `kubeval` to `kubeconform` for ci chart validation. diff --git a/charts/datadog-crds/Chart.yaml b/charts/datadog-crds/Chart.yaml index ec19ee5e7..366d72bb1 100644 --- a/charts/datadog-crds/Chart.yaml +++ b/charts/datadog-crds/Chart.yaml @@ -1,7 +1,7 @@ apiVersion: v1 name: datadog-crds description: Datadog Kubernetes CRDs chart -version: 1.3.1 +version: 1.4.0 appVersion: "1" keywords: - monitoring diff --git a/charts/datadog-crds/README.md b/charts/datadog-crds/README.md index 8a0149622..8cf2d9663 100644 --- a/charts/datadog-crds/README.md +++ b/charts/datadog-crds/README.md @@ -1,6 +1,6 @@ # Datadog CRDs -![Version: 1.3.1](https://img.shields.io/badge/Version-1.3.1-informational?style=flat-square) ![AppVersion: 1](https://img.shields.io/badge/AppVersion-1-informational?style=flat-square) +![Version: 1.4.0](https://img.shields.io/badge/Version-1.4.0-informational?style=flat-square) ![AppVersion: 1](https://img.shields.io/badge/AppVersion-1-informational?style=flat-square) This chart was designed to allow other "datadog" charts to share `CustomResourceDefinitions` such as the `DatadogMetric`. diff --git a/charts/datadog-crds/templates/datadoghq.com_datadogagents_v1.yaml b/charts/datadog-crds/templates/datadoghq.com_datadogagents_v1.yaml index d54a9d840..a9195ca47 100644 --- a/charts/datadog-crds/templates/datadoghq.com_datadogagents_v1.yaml +++ b/charts/datadog-crds/templates/datadoghq.com_datadogagents_v1.yaml @@ -6351,6 +6351,8 @@ spec: type: object clusterName: type: string + containerStrategy: + type: string credentials: properties: apiKey: @@ -6378,6 +6380,8 @@ spec: type: object criSocketPath: type: string + disableNonResourceRules: + type: boolean dockerSocketPath: type: string endpoint: @@ -8277,6 +8281,44 @@ spec: - ready - upToDate type: object + agentList: + items: + properties: + available: + format: int32 + type: integer + current: + format: int32 + type: integer + currentHash: + type: string + daemonsetName: + type: string + desired: + format: int32 + type: integer + lastUpdate: + format: date-time + type: string + ready: + format: int32 + type: integer + state: + type: string + status: + type: string + upToDate: + format: int32 + type: integer + required: + - available + - current + - desired + - ready + - upToDate + type: object + type: array + x-kubernetes-list-type: atomic clusterAgent: properties: availableReplicas: diff --git a/charts/datadog-crds/templates/datadoghq.com_datadogagents_v1beta1.yaml b/charts/datadog-crds/templates/datadoghq.com_datadogagents_v1beta1.yaml index fd1004c1e..a27df90f4 100644 --- a/charts/datadog-crds/templates/datadoghq.com_datadogagents_v1beta1.yaml +++ b/charts/datadog-crds/templates/datadoghq.com_datadogagents_v1beta1.yaml @@ -6340,6 +6340,8 @@ spec: type: object clusterName: type: string + containerStrategy: + type: string credentials: properties: apiKey: @@ -6367,6 +6369,8 @@ spec: type: object criSocketPath: type: string + disableNonResourceRules: + type: boolean dockerSocketPath: type: string endpoint: @@ -8266,6 +8270,44 @@ spec: - ready - upToDate type: object + agentList: + items: + properties: + available: + format: int32 + type: integer + current: + format: int32 + type: integer + currentHash: + type: string + daemonsetName: + type: string + desired: + format: int32 + type: integer + lastUpdate: + format: date-time + type: string + ready: + format: int32 + type: integer + state: + type: string + status: + type: string + upToDate: + format: int32 + type: integer + required: + - available + - current + - desired + - ready + - upToDate + type: object + type: array + x-kubernetes-list-type: atomic clusterAgent: properties: availableReplicas: diff --git a/charts/datadog-crds/templates/datadoghq.com_datadogmonitors_v1.yaml b/charts/datadog-crds/templates/datadoghq.com_datadogmonitors_v1.yaml index fe62dd6b6..be9c6e3f4 100644 --- a/charts/datadog-crds/templates/datadoghq.com_datadogmonitors_v1.yaml +++ b/charts/datadog-crds/templates/datadoghq.com_datadogmonitors_v1.yaml @@ -98,6 +98,9 @@ spec: description: The number of minutes before a monitor notifies after data stops reporting. Datadog recommends at least 2x the monitor timeframe for metric alerts or 2 minutes for service checks. If omitted, 2x the evaluation timeframe is used for metric alerts, and 24 hours is used for service checks. format: int64 type: integer + notificationPresetName: + description: An enum that toggles the display of additional content sent in the monitor notification. + type: string notifyAudit: description: A Boolean indicating whether tagged users are notified on changes to this monitor. type: boolean diff --git a/charts/datadog-crds/templates/datadoghq.com_datadogmonitors_v1beta1.yaml b/charts/datadog-crds/templates/datadoghq.com_datadogmonitors_v1beta1.yaml index a17c7fa58..0f483ae1a 100644 --- a/charts/datadog-crds/templates/datadoghq.com_datadogmonitors_v1beta1.yaml +++ b/charts/datadog-crds/templates/datadoghq.com_datadogmonitors_v1beta1.yaml @@ -98,6 +98,9 @@ spec: description: The number of minutes before a monitor notifies after data stops reporting. Datadog recommends at least 2x the monitor timeframe for metric alerts or 2 minutes for service checks. If omitted, 2x the evaluation timeframe is used for metric alerts, and 24 hours is used for service checks. format: int64 type: integer + notificationPresetName: + description: An enum that toggles the display of additional content sent in the monitor notification. + type: string notifyAudit: description: A Boolean indicating whether tagged users are notified on changes to this monitor. type: boolean diff --git a/crds/datadoghq.com_datadogagents.yaml b/crds/datadoghq.com_datadogagents.yaml index 5e46ad034..81a1e415b 100644 --- a/crds/datadoghq.com_datadogagents.yaml +++ b/crds/datadoghq.com_datadogagents.yaml @@ -6325,6 +6325,8 @@ spec: type: object clusterName: type: string + containerStrategy: + type: string credentials: properties: apiKey: @@ -6352,6 +6354,8 @@ spec: type: object criSocketPath: type: string + disableNonResourceRules: + type: boolean dockerSocketPath: type: string endpoint: @@ -8251,6 +8255,44 @@ spec: - ready - upToDate type: object + agentList: + items: + properties: + available: + format: int32 + type: integer + current: + format: int32 + type: integer + currentHash: + type: string + daemonsetName: + type: string + desired: + format: int32 + type: integer + lastUpdate: + format: date-time + type: string + ready: + format: int32 + type: integer + state: + type: string + status: + type: string + upToDate: + format: int32 + type: integer + required: + - available + - current + - desired + - ready + - upToDate + type: object + type: array + x-kubernetes-list-type: atomic clusterAgent: properties: availableReplicas: diff --git a/crds/datadoghq.com_datadogmonitors.yaml b/crds/datadoghq.com_datadogmonitors.yaml index a7fdfadc4..682ab8d51 100644 --- a/crds/datadoghq.com_datadogmonitors.yaml +++ b/crds/datadoghq.com_datadogmonitors.yaml @@ -92,6 +92,9 @@ spec: description: The number of minutes before a monitor notifies after data stops reporting. Datadog recommends at least 2x the monitor timeframe for metric alerts or 2 minutes for service checks. If omitted, 2x the evaluation timeframe is used for metric alerts, and 24 hours is used for service checks. format: int64 type: integer + notificationPresetName: + description: An enum that toggles the display of additional content sent in the monitor notification. + type: string notifyAudit: description: A Boolean indicating whether tagged users are notified on changes to this monitor. type: boolean From f67c31fb6cd8a9ff0f98bd4d54ac249b918bc7bd Mon Sep 17 00:00:00 2001 From: Celene Date: Fri, 16 Feb 2024 06:58:44 -0500 Subject: [PATCH 006/209] update latest image in datadog-operator chart to 1.4.0 (#1323) * update latest image in datadog-operator chart to 1.4.0 * [integration-test] update number of expected agent pods --- charts/datadog-operator/CHANGELOG.md | 4 ++ charts/datadog-operator/Chart.lock | 6 +-- charts/datadog-operator/Chart.yaml | 6 +-- charts/datadog-operator/README.md | 6 +-- charts/datadog-operator/README.md.gotmpl | 2 +- charts/datadog-operator/values.yaml | 2 +- .../baseline/DatadogAgent_CRD_default.yaml | 44 ++++++++++++++++++- .../DatadogAgent_CRD_with_certManager.yaml | 44 ++++++++++++++++++- .../baseline/Operator_Deployment_default.yaml | 6 +-- .../Operator_Deployment_with_certManager.yaml | 6 +-- .../operator_deployment_test.go | 2 +- test/integ/operator_integ_test.go | 2 +- 12 files changed, 109 insertions(+), 21 deletions(-) diff --git a/charts/datadog-operator/CHANGELOG.md b/charts/datadog-operator/CHANGELOG.md index 1468c4e69..8780ca9ac 100644 --- a/charts/datadog-operator/CHANGELOG.md +++ b/charts/datadog-operator/CHANGELOG.md @@ -1,5 +1,9 @@ # Changelog +## 1.5.0 + +* Update Datadog Operator version to 1.4.0. + ## 1.4.2 * Migrate from `kubeval` to `kubeconform` for ci chart validation. diff --git a/charts/datadog-operator/Chart.lock b/charts/datadog-operator/Chart.lock index b6e053faf..6632b4a31 100644 --- a/charts/datadog-operator/Chart.lock +++ b/charts/datadog-operator/Chart.lock @@ -1,6 +1,6 @@ dependencies: - name: datadog-crds repository: https://helm.datadoghq.com - version: 1.3.0 -digest: sha256:c0d897e7b5648db215c1c051fed5a3d431fadb1d92784ed0eb5b0f0f6574821e -generated: "2023-12-11T14:56:49.631017-05:00" + version: 1.4.0 +digest: sha256:051b894b6d03a9a78919a1549b891592cb1aa82e59386c237b93241bdba7054c +generated: "2024-02-15T15:04:10.736131-05:00" diff --git a/charts/datadog-operator/Chart.yaml b/charts/datadog-operator/Chart.yaml index 8ddcf6bc8..ce0c44af5 100644 --- a/charts/datadog-operator/Chart.yaml +++ b/charts/datadog-operator/Chart.yaml @@ -1,7 +1,7 @@ apiVersion: v2 name: datadog-operator -version: 1.4.2 -appVersion: 1.3.0 +version: 1.5.0 +appVersion: 1.4.0 description: Datadog Operator keywords: - monitoring @@ -17,7 +17,7 @@ maintainers: email: support@datadoghq.com dependencies: - name: datadog-crds - version: "=1.3.0" + version: "=1.4.0" alias: datadogCRDs repository: https://helm.datadoghq.com condition: installCRDs diff --git a/charts/datadog-operator/README.md b/charts/datadog-operator/README.md index 2df990a9f..94d05f939 100644 --- a/charts/datadog-operator/README.md +++ b/charts/datadog-operator/README.md @@ -1,6 +1,6 @@ # Datadog Operator -![Version: 1.4.2](https://img.shields.io/badge/Version-1.4.2-informational?style=flat-square) ![AppVersion: 1.3.0](https://img.shields.io/badge/AppVersion-1.3.0-informational?style=flat-square) +![Version: 1.5.0](https://img.shields.io/badge/Version-1.5.0-informational?style=flat-square) ![AppVersion: 1.4.0](https://img.shields.io/badge/AppVersion-1.4.0-informational?style=flat-square) ## Values @@ -30,7 +30,7 @@ | fullnameOverride | string | `""` | | | image.pullPolicy | string | `"IfNotPresent"` | Define the pullPolicy for Datadog Operator image | | image.repository | string | `"gcr.io/datadoghq/operator"` | Repository to use for Datadog Operator image | -| image.tag | string | `"1.3.0"` | Define the Datadog Operator version to use | +| image.tag | string | `"1.4.0"` | Define the Datadog Operator version to use | | imagePullSecrets | list | `[]` | Datadog Operator repository pullSecret (ex: specify docker registry credentials) | | installCRDs | bool | `true` | Set to true to deploy the Datadog's CRDs | | logLevel | string | `"info"` | Set Datadog Operator log level (debug, info, error, panic, fatal) | @@ -120,7 +120,7 @@ You can update with the following: ``` helm upgrade \ datadog-operator datadog/datadog-operator \ - --set image.tag=1.3.0 \ + --set image.tag=1.4.0 \ --set datadogCRDs.migration.datadogAgents.version=v2alpha1 \ --set datadogCRDs.migration.datadogAgents.useCertManager=true \ --set datadogCRDs.migration.datadogAgents.conversionWebhook.enabled=true diff --git a/charts/datadog-operator/README.md.gotmpl b/charts/datadog-operator/README.md.gotmpl index c21bb39ed..1a869be84 100644 --- a/charts/datadog-operator/README.md.gotmpl +++ b/charts/datadog-operator/README.md.gotmpl @@ -68,7 +68,7 @@ You can update with the following: ``` helm upgrade \ datadog-operator datadog/datadog-operator \ - --set image.tag=1.3.0 \ + --set image.tag=1.4.0 \ --set datadogCRDs.migration.datadogAgents.version=v2alpha1 \ --set datadogCRDs.migration.datadogAgents.useCertManager=true \ --set datadogCRDs.migration.datadogAgents.conversionWebhook.enabled=true diff --git a/charts/datadog-operator/values.yaml b/charts/datadog-operator/values.yaml index 59101aff9..15ecc5a3c 100644 --- a/charts/datadog-operator/values.yaml +++ b/charts/datadog-operator/values.yaml @@ -43,7 +43,7 @@ image: # image.repository -- Repository to use for Datadog Operator image repository: gcr.io/datadoghq/operator # image.tag -- Define the Datadog Operator version to use - tag: 1.3.0 + tag: 1.4.0 # image.pullPolicy -- Define the pullPolicy for Datadog Operator image pullPolicy: IfNotPresent # imagePullSecrets -- Datadog Operator repository pullSecret (ex: specify docker registry credentials) diff --git a/test/datadog-operator/baseline/DatadogAgent_CRD_default.yaml b/test/datadog-operator/baseline/DatadogAgent_CRD_default.yaml index e1aefa046..5ffe8dc97 100644 --- a/test/datadog-operator/baseline/DatadogAgent_CRD_default.yaml +++ b/test/datadog-operator/baseline/DatadogAgent_CRD_default.yaml @@ -8,7 +8,7 @@ metadata: creationTimestamp: null name: datadogagents.datadoghq.com labels: - helm.sh/chart: 'datadogCRDs-1.3.0' + helm.sh/chart: 'datadogCRDs-1.4.0' app.kubernetes.io/managed-by: 'Helm' app.kubernetes.io/name: 'datadogCRDs' app.kubernetes.io/instance: 'datadog-operator' @@ -6330,6 +6330,8 @@ spec: type: object clusterName: type: string + containerStrategy: + type: string credentials: properties: apiKey: @@ -6357,6 +6359,8 @@ spec: type: object criSocketPath: type: string + disableNonResourceRules: + type: boolean dockerSocketPath: type: string endpoint: @@ -8256,6 +8260,44 @@ spec: - ready - upToDate type: object + agentList: + items: + properties: + available: + format: int32 + type: integer + current: + format: int32 + type: integer + currentHash: + type: string + daemonsetName: + type: string + desired: + format: int32 + type: integer + lastUpdate: + format: date-time + type: string + ready: + format: int32 + type: integer + state: + type: string + status: + type: string + upToDate: + format: int32 + type: integer + required: + - available + - current + - desired + - ready + - upToDate + type: object + type: array + x-kubernetes-list-type: atomic clusterAgent: properties: availableReplicas: diff --git a/test/datadog-operator/baseline/DatadogAgent_CRD_with_certManager.yaml b/test/datadog-operator/baseline/DatadogAgent_CRD_with_certManager.yaml index 2130ebff3..f068d8f7c 100644 --- a/test/datadog-operator/baseline/DatadogAgent_CRD_with_certManager.yaml +++ b/test/datadog-operator/baseline/DatadogAgent_CRD_with_certManager.yaml @@ -9,7 +9,7 @@ metadata: creationTimestamp: null name: datadogagents.datadoghq.com labels: - helm.sh/chart: 'datadogCRDs-1.3.0' + helm.sh/chart: 'datadogCRDs-1.4.0' app.kubernetes.io/managed-by: 'Helm' app.kubernetes.io/name: 'datadogCRDs' app.kubernetes.io/instance: 'datadog-operator' @@ -6341,6 +6341,8 @@ spec: type: object clusterName: type: string + containerStrategy: + type: string credentials: properties: apiKey: @@ -6368,6 +6370,8 @@ spec: type: object criSocketPath: type: string + disableNonResourceRules: + type: boolean dockerSocketPath: type: string endpoint: @@ -8267,6 +8271,44 @@ spec: - ready - upToDate type: object + agentList: + items: + properties: + available: + format: int32 + type: integer + current: + format: int32 + type: integer + currentHash: + type: string + daemonsetName: + type: string + desired: + format: int32 + type: integer + lastUpdate: + format: date-time + type: string + ready: + format: int32 + type: integer + state: + type: string + status: + type: string + upToDate: + format: int32 + type: integer + required: + - available + - current + - desired + - ready + - upToDate + type: object + type: array + x-kubernetes-list-type: atomic clusterAgent: properties: availableReplicas: diff --git a/test/datadog-operator/baseline/Operator_Deployment_default.yaml b/test/datadog-operator/baseline/Operator_Deployment_default.yaml index 3b4bc62ee..f220c91a1 100644 --- a/test/datadog-operator/baseline/Operator_Deployment_default.yaml +++ b/test/datadog-operator/baseline/Operator_Deployment_default.yaml @@ -7,9 +7,9 @@ metadata: namespace: datadog-agent labels: app.kubernetes.io/name: datadog-operator - helm.sh/chart: datadog-operator-1.4.1 + helm.sh/chart: datadog-operator-1.5.0 app.kubernetes.io/instance: datadog-operator - app.kubernetes.io/version: "1.3.0" + app.kubernetes.io/version: "1.4.0" app.kubernetes.io/managed-by: Helm spec: replicas: 1 @@ -35,7 +35,7 @@ spec: serviceAccountName: datadog-operator containers: - name: datadog-operator - image: "gcr.io/datadoghq/operator:1.3.0" + image: "gcr.io/datadoghq/operator:1.4.0" imagePullPolicy: IfNotPresent env: - name: WATCH_NAMESPACE diff --git a/test/datadog-operator/baseline/Operator_Deployment_with_certManager.yaml b/test/datadog-operator/baseline/Operator_Deployment_with_certManager.yaml index 6684fe392..7f505dc91 100644 --- a/test/datadog-operator/baseline/Operator_Deployment_with_certManager.yaml +++ b/test/datadog-operator/baseline/Operator_Deployment_with_certManager.yaml @@ -7,9 +7,9 @@ metadata: namespace: datadog-agent labels: app.kubernetes.io/name: datadog-operator - helm.sh/chart: datadog-operator-1.4.1 + helm.sh/chart: datadog-operator-1.5.0 app.kubernetes.io/instance: datadog-operator - app.kubernetes.io/version: "1.3.0" + app.kubernetes.io/version: "1.4.0" app.kubernetes.io/managed-by: Helm spec: replicas: 1 @@ -35,7 +35,7 @@ spec: serviceAccountName: datadog-operator containers: - name: datadog-operator - image: "gcr.io/datadoghq/operator:1.3.0" + image: "gcr.io/datadoghq/operator:1.4.0" imagePullPolicy: IfNotPresent env: - name: WATCH_NAMESPACE diff --git a/test/datadog-operator/operator_deployment_test.go b/test/datadog-operator/operator_deployment_test.go index 45c3d3fa0..9de730c85 100644 --- a/test/datadog-operator/operator_deployment_test.go +++ b/test/datadog-operator/operator_deployment_test.go @@ -130,7 +130,7 @@ func verifyDeployment(t *testing.T, manifest string) { assert.Equal(t, 1, len(deployment.Spec.Template.Spec.Containers)) operatorContainer := deployment.Spec.Template.Spec.Containers[0] assert.Equal(t, v1.PullPolicy("IfNotPresent"), operatorContainer.ImagePullPolicy) - assert.Equal(t, "gcr.io/datadoghq/operator:1.3.0", operatorContainer.Image) + assert.Equal(t, "gcr.io/datadoghq/operator:1.4.0", operatorContainer.Image) assert.Contains(t, operatorContainer.Args, "-webhookEnabled=false") } diff --git a/test/integ/operator_integ_test.go b/test/integ/operator_integ_test.go index 59b3a8031..142213cb1 100644 --- a/test/integ/operator_integ_test.go +++ b/test/integ/operator_integ_test.go @@ -118,7 +118,7 @@ func verifyOperator(t *testing.T, kubectlOptions *k8s.KubectlOptions) { } func verifyAgent(t *testing.T, kubectlOptions *k8s.KubectlOptions) { - verifyNumPodsForSelector(t, kubectlOptions, 2, "agent.datadoghq.com/component=agent") + verifyNumPodsForSelector(t, kubectlOptions, 1, "agent.datadoghq.com/component=agent") verifyNumPodsForSelector(t, kubectlOptions, 1, "agent.datadoghq.com/component=cluster-agent") verifyNumPodsForSelector(t, kubectlOptions, 1, "agent.datadoghq.com/component=cluster-checks-runner") } From 6c78e696c6e9980dca5453d9b1413cb298437b9a Mon Sep 17 00:00:00 2001 From: AliDatadog <125997632+AliDatadog@users.noreply.github.com> Date: Mon, 19 Feb 2024 14:16:56 +0100 Subject: [PATCH 007/209] [CONTINT-3688] Enable origin detection from client when origin detection is enabled (#1297) --- charts/datadog/CHANGELOG.md | 4 ++++ charts/datadog/Chart.yaml | 2 +- charts/datadog/README.md | 2 +- charts/datadog/templates/_container-agent.yaml | 2 ++ 4 files changed, 8 insertions(+), 2 deletions(-) diff --git a/charts/datadog/CHANGELOG.md b/charts/datadog/CHANGELOG.md index 316bf5346..3bd991a25 100644 --- a/charts/datadog/CHANGELOG.md +++ b/charts/datadog/CHANGELOG.md @@ -1,5 +1,9 @@ # Datadog changelog +## 3.55.0 + +* Modify `datadog.dogstatsd.originDetection` to also support container tagging for origin detection enabled clients. + ## 3.54.2 * Set `DD_APM_ENABLED` value in the core agent container to properly report its value. diff --git a/charts/datadog/Chart.yaml b/charts/datadog/Chart.yaml index 58b79c402..5088a01f6 100644 --- a/charts/datadog/Chart.yaml +++ b/charts/datadog/Chart.yaml @@ -1,6 +1,6 @@ apiVersion: v1 name: datadog -version: 3.54.2 +version: 3.55.0 appVersion: "7" description: Datadog Agent keywords: diff --git a/charts/datadog/README.md b/charts/datadog/README.md index 4a4038898..3219fcc43 100644 --- a/charts/datadog/README.md +++ b/charts/datadog/README.md @@ -1,6 +1,6 @@ # Datadog -![Version: 3.54.2](https://img.shields.io/badge/Version-3.54.2-informational?style=flat-square) ![AppVersion: 7](https://img.shields.io/badge/AppVersion-7-informational?style=flat-square) +![Version: 3.55.0](https://img.shields.io/badge/Version-3.55.0-informational?style=flat-square) ![AppVersion: 7](https://img.shields.io/badge/AppVersion-7-informational?style=flat-square) [Datadog](https://www.datadoghq.com/) is a hosted infrastructure monitoring platform. This chart adds the Datadog Agent to all nodes in your cluster via a DaemonSet. It also optionally depends on the [kube-state-metrics chart](https://github.com/prometheus-community/helm-charts/tree/main/charts/kube-state-metrics). For more information about monitoring Kubernetes with Datadog, please refer to the [Datadog documentation website](https://docs.datadoghq.com/agent/basic_agent_usage/kubernetes/). diff --git a/charts/datadog/templates/_container-agent.yaml b/charts/datadog/templates/_container-agent.yaml index e1d618a63..aa17c0cd5 100644 --- a/charts/datadog/templates/_container-agent.yaml +++ b/charts/datadog/templates/_container-agent.yaml @@ -73,6 +73,8 @@ {{- if .Values.datadog.dogstatsd.originDetection }} - name: DD_DOGSTATSD_ORIGIN_DETECTION value: {{ .Values.datadog.dogstatsd.originDetection | quote }} + - name: DD_DOGSTATSD_ORIGIN_DETECTION_CLIENT + value: {{ .Values.datadog.dogstatsd.originDetection | quote }} {{- end }} {{- if .Values.datadog.dogstatsd.tagCardinality }} - name: DD_DOGSTATSD_TAG_CARDINALITY From 2edea43dc1bfff5e1935ee49f1972f1a24efb7d7 Mon Sep 17 00:00:00 2001 From: Robin Breathe Date: Mon, 19 Feb 2024 18:31:20 +0100 Subject: [PATCH 008/209] feat: support templated clusterName (#1324) - In order to support templated clusterName, useful in multi-cluster setups, we need to render clusterName as a template variable. --- charts/datadog/CHANGELOG.md | 4 ++++ charts/datadog/Chart.yaml | 2 +- charts/datadog/README.md | 2 +- charts/datadog/templates/_components-common-env.yaml | 2 +- charts/datadog/templates/_helpers.tpl | 5 +++-- charts/datadog/templates/agent-clusterchecks-deployment.yaml | 2 +- 6 files changed, 11 insertions(+), 6 deletions(-) diff --git a/charts/datadog/CHANGELOG.md b/charts/datadog/CHANGELOG.md index 3bd991a25..49b94370e 100644 --- a/charts/datadog/CHANGELOG.md +++ b/charts/datadog/CHANGELOG.md @@ -1,5 +1,9 @@ # Datadog changelog +## 3.56.0 + +* Allow templating of `datadog.clusterName`. + ## 3.55.0 * Modify `datadog.dogstatsd.originDetection` to also support container tagging for origin detection enabled clients. diff --git a/charts/datadog/Chart.yaml b/charts/datadog/Chart.yaml index 5088a01f6..d2502da51 100644 --- a/charts/datadog/Chart.yaml +++ b/charts/datadog/Chart.yaml @@ -1,6 +1,6 @@ apiVersion: v1 name: datadog -version: 3.55.0 +version: 3.56.0 appVersion: "7" description: Datadog Agent keywords: diff --git a/charts/datadog/README.md b/charts/datadog/README.md index 3219fcc43..d32bd1553 100644 --- a/charts/datadog/README.md +++ b/charts/datadog/README.md @@ -1,6 +1,6 @@ # Datadog -![Version: 3.55.0](https://img.shields.io/badge/Version-3.55.0-informational?style=flat-square) ![AppVersion: 7](https://img.shields.io/badge/AppVersion-7-informational?style=flat-square) +![Version: 3.56.0](https://img.shields.io/badge/Version-3.56.0-informational?style=flat-square) ![AppVersion: 7](https://img.shields.io/badge/AppVersion-7-informational?style=flat-square) [Datadog](https://www.datadoghq.com/) is a hosted infrastructure monitoring platform. This chart adds the Datadog Agent to all nodes in your cluster via a DaemonSet. It also optionally depends on the [kube-state-metrics chart](https://github.com/prometheus-community/helm-charts/tree/main/charts/kube-state-metrics). For more information about monitoring Kubernetes with Datadog, please refer to the [Datadog documentation website](https://docs.datadoghq.com/agent/basic_agent_usage/kubernetes/). diff --git a/charts/datadog/templates/_components-common-env.yaml b/charts/datadog/templates/_components-common-env.yaml index 8ddd83a99..cfd5dc580 100644 --- a/charts/datadog/templates/_components-common-env.yaml +++ b/charts/datadog/templates/_components-common-env.yaml @@ -16,7 +16,7 @@ {{- if .Values.datadog.clusterName }} {{- template "check-cluster-name" . }} - name: DD_CLUSTER_NAME - value: {{ .Values.datadog.clusterName | quote }} + value: {{ tpl .Values.datadog.clusterName . | quote }} {{- end }} {{- if .Values.datadog.tags }} - name: DD_TAGS diff --git a/charts/datadog/templates/_helpers.tpl b/charts/datadog/templates/_helpers.tpl index a66fc4e10..9408f0f2b 100644 --- a/charts/datadog/templates/_helpers.tpl +++ b/charts/datadog/templates/_helpers.tpl @@ -67,11 +67,12 @@ true {{- end -}} {{- define "check-cluster-name" }} -{{- $length := len .Values.datadog.clusterName -}} +{{- $clusterName := tpl .Values.datadog.clusterName . -}} +{{- $length := len $clusterName -}} {{- if (gt $length 80)}} {{- fail "Your `clusterName` isn’t valid it has to be below 81 chars." -}} {{- end}} -{{- if not (regexMatch "^([a-z]([a-z0-9\\-]*[a-z0-9])?\\.)*([a-z]([a-z0-9\\-]*[a-z0-9])?)$" .Values.datadog.clusterName) -}} +{{- if not (regexMatch "^([a-z]([a-z0-9\\-]*[a-z0-9])?\\.)*([a-z]([a-z0-9\\-]*[a-z0-9])?)$" $clusterName) -}} {{- fail "Your `clusterName` isn’t valid. It must be dot-separated tokens where a token start with a lowercase letter followed by lowercase letters, numbers, or hyphens, can only end with a with [a-z0-9] and has to be below 80 chars." -}} {{- end -}} {{- end -}} diff --git a/charts/datadog/templates/agent-clusterchecks-deployment.yaml b/charts/datadog/templates/agent-clusterchecks-deployment.yaml index 5f036010f..edcbfaf26 100644 --- a/charts/datadog/templates/agent-clusterchecks-deployment.yaml +++ b/charts/datadog/templates/agent-clusterchecks-deployment.yaml @@ -194,7 +194,7 @@ spec: {{- if .Values.datadog.clusterName }} {{- template "check-cluster-name" . }} - name: DD_CLUSTER_NAME - value: {{ .Values.datadog.clusterName | quote }} + value: {{ tpl .Values.datadog.clusterName . | quote }} {{- end }} {{- include "provider-env" . | nindent 10 }} {{- include "fips-envvar" . | nindent 10 }} From 369ca0ac4965077cf7a23e37835614f146a4cd04 Mon Sep 17 00:00:00 2001 From: Wassim Dhif Date: Tue, 20 Feb 2024 10:33:54 +0100 Subject: [PATCH 009/209] [datadog] Update agents to 7.51.0 (#1325) Signed-off-by: Wassim DHIF --- charts/datadog/CHANGELOG.md | 4 ++++ charts/datadog/Chart.yaml | 2 +- charts/datadog/README.md | 8 ++++---- charts/datadog/values.yaml | 6 +++--- 4 files changed, 12 insertions(+), 8 deletions(-) diff --git a/charts/datadog/CHANGELOG.md b/charts/datadog/CHANGELOG.md index 49b94370e..65d14dc62 100644 --- a/charts/datadog/CHANGELOG.md +++ b/charts/datadog/CHANGELOG.md @@ -1,5 +1,9 @@ # Datadog changelog +## 3.57.0 + +* Set default `Agent` and `Cluster-Agent` version to `7.51.0`. + ## 3.56.0 * Allow templating of `datadog.clusterName`. diff --git a/charts/datadog/Chart.yaml b/charts/datadog/Chart.yaml index d2502da51..b44e8fcea 100644 --- a/charts/datadog/Chart.yaml +++ b/charts/datadog/Chart.yaml @@ -1,6 +1,6 @@ apiVersion: v1 name: datadog -version: 3.56.0 +version: 3.57.0 appVersion: "7" description: Datadog Agent keywords: diff --git a/charts/datadog/README.md b/charts/datadog/README.md index d32bd1553..6a3cd3493 100644 --- a/charts/datadog/README.md +++ b/charts/datadog/README.md @@ -1,6 +1,6 @@ # Datadog -![Version: 3.56.0](https://img.shields.io/badge/Version-3.56.0-informational?style=flat-square) ![AppVersion: 7](https://img.shields.io/badge/AppVersion-7-informational?style=flat-square) +![Version: 3.57.0](https://img.shields.io/badge/Version-3.57.0-informational?style=flat-square) ![AppVersion: 7](https://img.shields.io/badge/AppVersion-7-informational?style=flat-square) [Datadog](https://www.datadoghq.com/) is a hosted infrastructure monitoring platform. This chart adds the Datadog Agent to all nodes in your cluster via a DaemonSet. It also optionally depends on the [kube-state-metrics chart](https://github.com/prometheus-community/helm-charts/tree/main/charts/kube-state-metrics). For more information about monitoring Kubernetes with Datadog, please refer to the [Datadog documentation website](https://docs.datadoghq.com/agent/basic_agent_usage/kubernetes/). @@ -508,7 +508,7 @@ helm install \ | agents.image.pullPolicy | string | `"IfNotPresent"` | Datadog Agent image pull policy | | agents.image.pullSecrets | list | `[]` | Datadog Agent repository pullSecret (ex: specify docker registry credentials) | | agents.image.repository | string | `nil` | Override default registry + image.name for Agent | -| agents.image.tag | string | `"7.50.3"` | Define the Agent version to use | +| agents.image.tag | string | `"7.51.0"` | Define the Agent version to use | | agents.image.tagSuffix | string | `""` | Suffix to append to Agent tag | | agents.localService.forceLocalServiceEnabled | bool | `false` | Force the creation of the internal traffic policy service to target the agent running on the local node. By default, the internal traffic service is created only on Kubernetes 1.22+ where the feature became beta and enabled by default. This option allows to force the creation of the internal traffic service on kubernetes 1.21 where the feature was alpha and required a feature gate to be explicitly enabled. | | agents.localService.overrideName | string | `""` | Name of the internal traffic service to target the agent running on the local node | @@ -574,7 +574,7 @@ helm install \ | clusterAgent.image.pullPolicy | string | `"IfNotPresent"` | Cluster Agent image pullPolicy | | clusterAgent.image.pullSecrets | list | `[]` | Cluster Agent repository pullSecret (ex: specify docker registry credentials) | | clusterAgent.image.repository | string | `nil` | Override default registry + image.name for Cluster Agent | -| clusterAgent.image.tag | string | `"7.50.3"` | Cluster Agent image tag to use | +| clusterAgent.image.tag | string | `"7.51.0"` | Cluster Agent image tag to use | | clusterAgent.livenessProbe | object | Every 15s / 6 KO / 1 OK | Override default Cluster Agent liveness probe settings | | clusterAgent.metricsProvider.aggregator | string | `"avg"` | Define the aggregator the cluster agent will use to process the metrics. The options are (avg, min, max, sum) | | clusterAgent.metricsProvider.createReaderRbac | bool | `true` | Create `external-metrics-reader` RBAC automatically (to allow HPA to read data from Cluster Agent) | @@ -625,7 +625,7 @@ helm install \ | clusterChecksRunner.image.pullPolicy | string | `"IfNotPresent"` | Datadog Agent image pull policy | | clusterChecksRunner.image.pullSecrets | list | `[]` | Datadog Agent repository pullSecret (ex: specify docker registry credentials) | | clusterChecksRunner.image.repository | string | `nil` | Override default registry + image.name for Cluster Check Runners | -| clusterChecksRunner.image.tag | string | `"7.50.3"` | Define the Agent version to use | +| clusterChecksRunner.image.tag | string | `"7.51.0"` | Define the Agent version to use | | clusterChecksRunner.image.tagSuffix | string | `""` | Suffix to append to Agent tag | | clusterChecksRunner.livenessProbe | object | Every 15s / 6 KO / 1 OK | Override default agent liveness probe settings | | clusterChecksRunner.networkPolicy.create | bool | `false` | If true, create a NetworkPolicy for the cluster checks runners. DEPRECATED. Use datadog.networkPolicy.create instead | diff --git a/charts/datadog/values.yaml b/charts/datadog/values.yaml index dc79456f2..5f8152c5a 100644 --- a/charts/datadog/values.yaml +++ b/charts/datadog/values.yaml @@ -887,7 +887,7 @@ clusterAgent: name: cluster-agent # clusterAgent.image.tag -- Cluster Agent image tag to use - tag: 7.50.3 + tag: 7.51.0 # clusterAgent.image.digest -- Cluster Agent image digest to use, takes precedence over tag if specified digest: "" @@ -1315,7 +1315,7 @@ agents: name: agent # agents.image.tag -- Define the Agent version to use - tag: 7.50.3 + tag: 7.51.0 # agents.image.digest -- Define Agent image digest to use, takes precedence over tag if specified digest: "" @@ -1783,7 +1783,7 @@ clusterChecksRunner: name: agent # clusterChecksRunner.image.tag -- Define the Agent version to use - tag: 7.50.3 + tag: 7.51.0 # clusterChecksRunner.image.digest -- Define Agent image digest to use, takes precedence over tag if specified digest: "" From 2cc1090f5c6bb4fa7e4648625dec6592bee4bcd6 Mon Sep 17 00:00:00 2001 From: Paul Cacheux Date: Tue, 20 Feb 2024 11:47:29 +0100 Subject: [PATCH 010/209] allow configuring CWS security profile based auto suppression feature and enable it by default (#1315) --- charts/datadog/CHANGELOG.md | 4 ++++ charts/datadog/Chart.yaml | 2 +- charts/datadog/README.md | 3 ++- charts/datadog/templates/system-probe-configmap.yaml | 2 +- charts/datadog/values.yaml | 4 ++++ 5 files changed, 12 insertions(+), 3 deletions(-) diff --git a/charts/datadog/CHANGELOG.md b/charts/datadog/CHANGELOG.md index 65d14dc62..d7a0dda5f 100644 --- a/charts/datadog/CHANGELOG.md +++ b/charts/datadog/CHANGELOG.md @@ -1,5 +1,9 @@ # Datadog changelog +## 3.57.1 + +* Allow configuring CWS security profile based auto suppression feature and enable it by default. + ## 3.57.0 * Set default `Agent` and `Cluster-Agent` version to `7.51.0`. diff --git a/charts/datadog/Chart.yaml b/charts/datadog/Chart.yaml index b44e8fcea..23f173e03 100644 --- a/charts/datadog/Chart.yaml +++ b/charts/datadog/Chart.yaml @@ -1,6 +1,6 @@ apiVersion: v1 name: datadog -version: 3.57.0 +version: 3.57.1 appVersion: "7" description: Datadog Agent keywords: diff --git a/charts/datadog/README.md b/charts/datadog/README.md index 6a3cd3493..eee03e8cd 100644 --- a/charts/datadog/README.md +++ b/charts/datadog/README.md @@ -1,6 +1,6 @@ # Datadog -![Version: 3.57.0](https://img.shields.io/badge/Version-3.57.0-informational?style=flat-square) ![AppVersion: 7](https://img.shields.io/badge/AppVersion-7-informational?style=flat-square) +![Version: 3.57.1](https://img.shields.io/badge/Version-3.57.1-informational?style=flat-square) ![AppVersion: 7](https://img.shields.io/badge/AppVersion-7-informational?style=flat-square) [Datadog](https://www.datadoghq.com/) is a hosted infrastructure monitoring platform. This chart adds the Datadog Agent to all nodes in your cluster via a DaemonSet. It also optionally depends on the [kube-state-metrics chart](https://github.com/prometheus-community/helm-charts/tree/main/charts/kube-state-metrics). For more information about monitoring Kubernetes with Datadog, please refer to the [Datadog documentation website](https://docs.datadoghq.com/agent/basic_agent_usage/kubernetes/). @@ -785,6 +785,7 @@ helm install \ | datadog.securityAgent.runtime.network.enabled | bool | `true` | Set to true to enable the collection of CWS network events | | datadog.securityAgent.runtime.policies.configMap | string | `nil` | Contains CWS policies that will be used | | datadog.securityAgent.runtime.securityProfile.anomalyDetection.enabled | bool | `true` | Set to true to enable CWS runtime drift events | +| datadog.securityAgent.runtime.securityProfile.autoSuppression.enabled | bool | `true` | Set to true to enable CWS runtime auto suppression | | datadog.securityAgent.runtime.securityProfile.enabled | bool | `true` | Set to true to enable CWS runtime security profiles | | datadog.securityAgent.runtime.syscallMonitor.enabled | bool | `false` | Set to true to enable the Syscall monitoring (recommended for troubleshooting only) | | datadog.securityContext | object | `{"runAsUser":0}` | Allows you to overwrite the default PodSecurityContext on the Daemonset or Deployment | diff --git a/charts/datadog/templates/system-probe-configmap.yaml b/charts/datadog/templates/system-probe-configmap.yaml index 233e18fda..55ce1162c 100644 --- a/charts/datadog/templates/system-probe-configmap.yaml +++ b/charts/datadog/templates/system-probe-configmap.yaml @@ -73,7 +73,7 @@ data: anomaly_detection: enabled: {{ $.Values.datadog.securityAgent.runtime.securityProfile.anomalyDetection.enabled }} auto_suppression: - enabled: false + enabled: {{ $.Values.datadog.securityAgent.runtime.securityProfile.autoSuppression.enabled }} {{- if eq .Values.datadog.systemProbe.seccomp "localhost/system-probe" }} --- diff --git a/charts/datadog/values.yaml b/charts/datadog/values.yaml index 5f8152c5a..8f805415a 100644 --- a/charts/datadog/values.yaml +++ b/charts/datadog/values.yaml @@ -783,6 +783,10 @@ datadog: # datadog.securityAgent.runtime.securityProfile.anomalyDetection.enabled -- Set to true to enable CWS runtime drift events enabled: true + autoSuppression: + # datadog.securityAgent.runtime.securityProfile.autoSuppression.enabled -- Set to true to enable CWS runtime auto suppression + enabled: true + ## Manage NetworkPolicy networkPolicy: # datadog.networkPolicy.create -- If true, create NetworkPolicy for all the components From 96399e1e442d8eefe5ec6ce469028b04c86af104 Mon Sep 17 00:00:00 2001 From: Fanny Jiang Date: Wed, 21 Feb 2024 10:15:21 -0500 Subject: [PATCH 011/209] Enable datadog chart EKS E2E tests in CI (#1320) * test e2e in ci * update e2e tests/bump infra ci image * run on push for testing * update integ tests, remove awscli update, add gh token * debug gh token * debug gh token * debug gh token * run e2e * add ssh key for ci * update tests * cleanup gitlab config * fix baselines * bump packages * test ci * bump runner resources * run on main/merge * add manual run --- .gitlab-ci.yml | 34 +- Makefile | 12 +- test/common/common_e2e.go | 14 +- test/{ => e2e}/datadog/e2e_eks_test.go | 27 +- test/{ => e2e}/datadog/testdatadog_test.go | 0 test/go.mod | 144 +++++---- test/go.sum | 343 ++++++++++++--------- 7 files changed, 338 insertions(+), 236 deletions(-) rename test/{ => e2e}/datadog/e2e_eks_test.go (80%) rename test/{ => e2e}/datadog/testdatadog_test.go (100%) diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml index c9882e344..6a2598a02 100644 --- a/.gitlab-ci.yml +++ b/.gitlab-ci.yml @@ -1,7 +1,3 @@ -variables: - # Do not modify this - must be the repository name for Kubernetes gitlab runners to run - KUBERNETES_SERVICE_ACCOUNT_OVERWRITE: helm-charts - stages: - e2e @@ -14,22 +10,32 @@ e2e: - charts/**/*.yaml - test/**/* compare_to: "refs/heads/main" - image: 486234852809.dkr.ecr.us-east-1.amazonaws.com/ci/test-infra-definitions/runner:986d192b + when: always + - if: $CI_COMMIT_BRANCH != "main" + when: manual + image: 486234852809.dkr.ecr.us-east-1.amazonaws.com/ci/test-infra-definitions/runner:95dca87f269a tags: ["arch:amd64"] + variables: + AWS_KEYPAIR_NAME: datadog-agent-ci + AWS_PRIVATE_KEY_FILE: $CI_PROJECT_DIR/ssh_key + KUBERNETES_CPU_REQUEST: 2 + KUBERNETES_MEMORY_REQUEST: 4Gi + KUBERNETES_MEMORY_LIMIT: 12Gi before_script: - # Update awscli v2 - - aws --version - - curl "https://awscli.amazonaws.com/awscli-exe-linux-x86_64.zip" -o "awscliv2.zip" - - unzip awscliv2.zip - - ./aws/install --update - - aws --version - # Setup AWS Credentials - mkdir -p ~/.aws - set +x + # Set GITHUB_TOKEN to avoid getting rate-limited when pulumi sdk downloads the kubernetes provider + - export GITHUB_TOKEN=$(aws ssm get-parameter --region us-east-1 --name ci.helm-charts.github_token --with-decryption --query "Parameter.Value" --out text) + # Configure AWS EC2 ssh key needed for create pulumi EKS environment + - aws ssm get-parameter --region us-east-1 --name ci.helm-charts.ssh_key --with-decryption --query "Parameter.Value" --out text > $AWS_PRIVATE_KEY_FILE + - set -x + # Without the newline ssh silently fails and moves on to try other auth methods + - echo "" >> $AWS_PRIVATE_KEY_FILE + - chmod 600 $AWS_PRIVATE_KEY_FILE + # Configure AWS profile - aws ssm get-parameter --region us-east-1 --name ci.helm-charts.e2e-agent-qa-profile --with-decryption --query "Parameter.Value" --out text >> ~/.aws/config - set -x - export AWS_PROFILE=agent-qa-ci - pulumi login "s3://dd-pulumi-state?region=us-east-1&awssdk=v2&profile=$AWS_PROFILE" script: - # TODO: enable running E2E tests when upstream pulumi-eks fix is merged https://github.com/pulumi/pulumi-eks/pull/886 - - echo "Success!" + - make test-e2e diff --git a/Makefile b/Makefile index 4516019f1..4c6a14b4d 100644 --- a/Makefile +++ b/Makefile @@ -46,15 +46,15 @@ vet: .PHONY: unit-test unit-test: - go test -C test ./... -count=1 -skip=E2E + go test -C test ./... -count=1 .PHONY: update-test-baselines update-test-baselines: - go test -C test ./... -count=1 -skip=E2E -args -updateBaselines=true + go test -C test ./... -count=1 -args -updateBaselines=true .PHONY: integration-test integration-test: - go test -C test/integ --tags=integration -skip=E2E -count=1 -v + go test -C test/integ --tags=integration -count=1 -v # Running E2E tests locally: ## Must be connected to appgate @@ -67,14 +67,14 @@ test-e2e: fmt vet e2e-test # aws-vault exec sso-agent-sandbox-account-admin -- make e2e-test .PHONY: e2e-test e2e-test: - E2E_CONFIG_PARAMS=$(E2E_CONFIG_PARAMS) E2E_PROFILE=$(E2E_PROFILE) go test -C test ./... -v -run=E2E -vet=off -timeout 1h -count=1 + E2E_CONFIG_PARAMS=$(E2E_CONFIG_PARAMS) E2E_PROFILE=$(E2E_PROFILE) go test -C test/e2e ./... --tags=e2e -v -vet=off -timeout 1h -count=1 # aws-vault exec sso-agent-sandbox-account-admin -- make e2e-test-preserve-stacks .PHONY: e2e-test-preserve-stacks e2e-test-preserve-stacks: - E2E_CONFIG_PARAMS=$(E2E_CONFIG_PARAMS) E2E_PROFILE=$(E2E_PROFILE) go test -C test ./... -v -run=E2E -vet=off -timeout 1h -count=1 -args -preserveStacks=true + E2E_CONFIG_PARAMS=$(E2E_CONFIG_PARAMS) E2E_PROFILE=$(E2E_PROFILE) go test -C test/e2e ./... --tags=e2e -v -vet=off -timeout 1h -count=1 -args -preserveStacks=true # aws-vault exec sso-agent-sandbox-account-admin -- make e2e-test-cleanup-stacks .PHONY: e2e-test-cleanup-stacks e2e-test-cleanup-stacks: - E2E_CONFIG_PARAMS=$(E2E_CONFIG_PARAMS) E2E_PROFILE=$(E2E_PROFILE) go test -C test ./... -v -run=E2E -vet=off -timeout 1h -count=1 -args -destroyStacks=true + E2E_CONFIG_PARAMS=$(E2E_CONFIG_PARAMS) E2E_PROFILE=$(E2E_PROFILE) go test -C test/e2e ./... --tags=e2e -v -vet=off -timeout 1h -count=1 -args -destroyStacks=true diff --git a/test/common/common_e2e.go b/test/common/common_e2e.go index de23599e6..ab8c6f38c 100644 --- a/test/common/common_e2e.go +++ b/test/common/common_e2e.go @@ -9,10 +9,10 @@ import ( "os" "strings" - "github.com/DataDog/datadog-agent/test/new-e2e/utils/infra" + "github.com/DataDog/datadog-agent/test/new-e2e/pkg/utils/infra" "github.com/DataDog/test-infra-definitions/scenarios/aws/eks" - "github.com/DataDog/datadog-agent/test/new-e2e/runner" + "github.com/DataDog/datadog-agent/test/new-e2e/pkg/runner" "github.com/pulumi/pulumi/sdk/v3/go/auto" corev1 "k8s.io/api/core/v1" metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" @@ -23,12 +23,13 @@ import ( "k8s.io/client-go/tools/remotecommand" ) -var defaultLocalPulumiConfigs = runner.ConfigMap{ +var defaultPulumiConfigs = runner.ConfigMap{ "ddinfra:aws/defaultKeyPairName": auto.ConfigValue{Value: os.Getenv("AWS_KEYPAIR_NAME")}, } var defaultCIPulumiConfigs = runner.ConfigMap{ - "aws:skipCredentialsValidation": auto.ConfigValue{Value: "true"}, - "aws:skipMetadataApiCheck": auto.ConfigValue{Value: "false"}, + "aws:skipCredentialsValidation": auto.ConfigValue{Value: "true"}, + "aws:skipMetadataApiCheck": auto.ConfigValue{Value: "false"}, + "ddinfra:aws/defaultPrivateKeyPath": auto.ConfigValue{Value: os.Getenv("AWS_PRIVATE_KEY_FILE")}, } type E2EEnv struct { @@ -101,6 +102,7 @@ func SetupConfig() (runner.ConfigMap, error) { res := runner.ConfigMap{} configs := parseE2EConfigParams() if os.Getenv("E2E_PROFILE") == "ci" { + res.Merge(defaultPulumiConfigs) res.Merge(defaultCIPulumiConfigs) } else { // use "local" E2E profile for local testing @@ -111,7 +113,7 @@ func SetupConfig() (runner.ConfigMap, error) { if !e2eApiKeyBool || !e2eAppKeyBool || !e2eAwsKeypairNameBool { return nil, fmt.Errorf("missing required environment variables. Must set `E2E_API_KEY`, `E2E_APP_KEY`, and `AWS_KEYPAIR_NAME` for the local E2E profile") } else { - res.Merge(defaultLocalPulumiConfigs) + res.Merge(defaultPulumiConfigs) } } diff --git a/test/datadog/e2e_eks_test.go b/test/e2e/datadog/e2e_eks_test.go similarity index 80% rename from test/datadog/e2e_eks_test.go rename to test/e2e/datadog/e2e_eks_test.go index 20252896d..0bf2e1f4f 100644 --- a/test/datadog/e2e_eks_test.go +++ b/test/e2e/datadog/e2e_eks_test.go @@ -1,17 +1,21 @@ +//go:build e2e +// +build e2e + package datadog import ( "fmt" "testing" - "github.com/DataDog/datadog-agent/test/new-e2e/runner" - "github.com/DataDog/helm-charts/test/common" + "github.com/DataDog/datadog-agent/test/new-e2e/pkg/runner" "github.com/pulumi/pulumi/sdk/v3/go/auto" "github.com/stretchr/testify/assert" "github.com/stretchr/testify/require" v1 "k8s.io/api/core/v1" "k8s.io/client-go/kubernetes" "k8s.io/client-go/rest" + + "github.com/DataDog/helm-charts/test/common" ) const namespace = "datadog" @@ -30,8 +34,6 @@ func Test_E2E_AgentOnEKS(t *testing.T) { "ddtestworkload:deploy": auto.ConfigValue{Value: "false"}, "ddinfra:aws/eks/linuxBottlerocketNodeGroup": auto.ConfigValue{Value: "false"}, "ddinfra:aws/eks/windowsNodeGroup": auto.ConfigValue{Value: "false"}, - // TODO: remove when upstream eks-pulumi bug is fixed https://github.com/pulumi/pulumi-eks/pull/886 - "pulumi:disable-default-providers": auto.ConfigValue{Value: "[]"}, } stackConfig.Merge(config) @@ -48,14 +50,14 @@ func Test_E2E_AgentOnEKS(t *testing.T) { kc := kubeconfig.Value.(map[string]interface{}) _, restConfig, k8sClient, err = common.NewClientFromKubeconfig(kc) if err == nil { - verifyPods(t) + t.Run("Agent pods should be created", verifyPods) } } else { err = fmt.Errorf("could not create Kubernetes client, cluster kubeconfig is nil") } } if err != nil { - t.Skipf("Skipping test. Encountered problem creating or updating E2E stack: %s", err) + t.Errorf("Skipping tests. Encountered problem creating or updating E2E stack: %s", err) } } @@ -79,10 +81,15 @@ func verifyPods(t *testing.T) { RestConfig: restConfig, } - assertPodStatus(t, podExec, ddaPodList, "agent") - assertPodStatus(t, podExec, dcaPodList, "cluster-agent") - assertPodStatus(t, podExec, ccPodList, "agent") - + t.Run("exec `agent status` for `agent` pod should not error", func(t *testing.T) { + assertPodStatus(t, podExec, ddaPodList, "agent") + }) + t.Run("`exec `agent status` for `cluster-agent` pod should not error", func(t *testing.T) { + assertPodStatus(t, podExec, dcaPodList, "cluster-agent") + }) + t.Run("exec `agent status` for `cluster-check-runner` pod should not error", func(t *testing.T) { + assertPodStatus(t, podExec, ccPodList, "agent") + }) } func assertPodStatus(t *testing.T, podExec common.K8sExec, podList *v1.PodList, containerName string) { diff --git a/test/datadog/testdatadog_test.go b/test/e2e/datadog/testdatadog_test.go similarity index 100% rename from test/datadog/testdatadog_test.go rename to test/e2e/datadog/testdatadog_test.go diff --git a/test/go.mod b/test/go.mod index f1ab19e33..ea7c8e545 100644 --- a/test/go.mod +++ b/test/go.mod @@ -3,71 +3,80 @@ module github.com/DataDog/helm-charts/test go 1.20 require ( - github.com/DataDog/datadog-agent/test/new-e2e v0.0.0-20230629135515-95256463c610 - github.com/DataDog/test-infra-definitions v0.0.0-20230629072331-ca7799ab15ca + github.com/DataDog/datadog-agent/test/new-e2e v0.50.2 + github.com/DataDog/test-infra-definitions v0.0.0-20231113131450-99ce13afdb49 github.com/google/go-cmp v0.5.9 github.com/gruntwork-io/terratest v0.43.0 - github.com/pulumi/pulumi/sdk/v3 v3.73.0 - github.com/stretchr/testify v1.8.4 - k8s.io/api v0.27.3 + github.com/pulumi/pulumi/sdk/v3 v3.99.0 + github.com/stretchr/testify v1.8.5-0.20231013065317-89920137cdfa + k8s.io/api v0.28.4 k8s.io/apiextensions-apiserver v0.23.5 - k8s.io/apimachinery v0.27.3 - k8s.io/client-go v0.27.3 + k8s.io/apimachinery v0.28.4 + k8s.io/client-go v0.28.4 ) require ( + dario.cat/mergo v1.0.0 // indirect github.com/Masterminds/semver v1.5.0 // indirect github.com/Microsoft/go-winio v0.6.1 // indirect - github.com/ProtonMail/go-crypto v0.0.0-20230528122434-6f98819771a1 // indirect + github.com/ProtonMail/go-crypto v0.0.0-20230828082145-3c4c8a2d2371 // indirect github.com/acomagu/bufpipe v1.0.4 // indirect github.com/aead/chacha20 v0.0.0-20180709150244-8b13a72661da // indirect github.com/agext/levenshtein v1.2.3 // indirect - github.com/alessio/shellescape v1.4.1 // indirect + github.com/alessio/shellescape v1.4.2 // indirect github.com/apparentlymart/go-textseg/v13 v13.0.0 // indirect - github.com/aws/aws-sdk-go v1.44.122 // indirect - github.com/aws/aws-sdk-go-v2 v1.18.1 // indirect - github.com/aws/aws-sdk-go-v2/config v1.18.27 // indirect - github.com/aws/aws-sdk-go-v2/credentials v1.13.26 // indirect - github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.13.4 // indirect - github.com/aws/aws-sdk-go-v2/internal/configsources v1.1.34 // indirect - github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.4.28 // indirect - github.com/aws/aws-sdk-go-v2/internal/ini v1.3.35 // indirect - github.com/aws/aws-sdk-go-v2/service/ecs v1.27.4 // indirect - github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.9.28 // indirect - github.com/aws/aws-sdk-go-v2/service/ssm v1.36.4 // indirect - github.com/aws/aws-sdk-go-v2/service/sso v1.12.12 // indirect - github.com/aws/aws-sdk-go-v2/service/ssooidc v1.14.12 // indirect - github.com/aws/aws-sdk-go-v2/service/sts v1.19.2 // indirect - github.com/aws/smithy-go v1.13.5 // indirect + github.com/atotto/clipboard v0.1.4 // indirect + github.com/aws/aws-sdk-go v1.44.298 // indirect + github.com/aws/aws-sdk-go-v2 v1.24.0 // indirect + github.com/aws/aws-sdk-go-v2/config v1.25.10 // indirect + github.com/aws/aws-sdk-go-v2/credentials v1.16.8 // indirect + github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.14.8 // indirect + github.com/aws/aws-sdk-go-v2/internal/configsources v1.2.9 // indirect + github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.5.9 // indirect + github.com/aws/aws-sdk-go-v2/internal/ini v1.7.1 // indirect + github.com/aws/aws-sdk-go-v2/service/ecs v1.35.1 // indirect + github.com/aws/aws-sdk-go-v2/service/internal/accept-encoding v1.10.4 // indirect + github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.10.9 // indirect + github.com/aws/aws-sdk-go-v2/service/ssm v1.44.1 // indirect + github.com/aws/aws-sdk-go-v2/service/sso v1.18.1 // indirect + github.com/aws/aws-sdk-go-v2/service/ssooidc v1.21.1 // indirect + github.com/aws/aws-sdk-go-v2/service/sts v1.26.1 // indirect + github.com/aws/smithy-go v1.19.0 // indirect + github.com/aymanbagabas/go-osc52/v2 v2.0.1 // indirect github.com/blang/semver v3.5.1+incompatible // indirect github.com/boombuler/barcode v1.0.1-0.20190219062509-6c824513bacc // indirect github.com/cenkalti/backoff v2.2.1+incompatible // indirect github.com/cenkalti/backoff/v4 v4.2.1 // indirect + github.com/charmbracelet/bubbles v0.16.1 // indirect + github.com/charmbracelet/bubbletea v0.24.2 // indirect + github.com/charmbracelet/lipgloss v0.7.1 // indirect github.com/cheggaaa/pb v1.0.29 // indirect github.com/cloudflare/circl v1.3.3 // indirect - github.com/cpuguy83/go-md2man/v2 v2.0.2 // indirect + github.com/containerd/console v1.0.4-0.20230313162750-1ae8d489ac81 // indirect + github.com/cpuguy83/go-md2man/v2 v2.0.3 // indirect + github.com/cyphar/filepath-securejoin v0.2.4 // indirect github.com/davecgh/go-spew v1.1.1 // indirect github.com/djherbis/times v1.5.0 // indirect github.com/emicklei/go-restful/v3 v3.9.0 // indirect github.com/emirpasic/gods v1.18.1 // indirect github.com/fsnotify/fsnotify v1.6.0 // indirect github.com/ghodss/yaml v1.0.0 // indirect - github.com/go-errors/errors v1.0.2-0.20180813162953-d98b870cc4e0 // indirect + github.com/go-errors/errors v1.4.2 // indirect github.com/go-git/gcfg v1.5.1-0.20230307220236-3a3c6141e376 // indirect - github.com/go-git/go-billy/v5 v5.4.1 // indirect - github.com/go-git/go-git/v5 v5.7.0 // indirect - github.com/go-logr/logr v1.2.3 // indirect + github.com/go-git/go-billy/v5 v5.5.0 // indirect + github.com/go-git/go-git/v5 v5.9.0 // indirect + github.com/go-logr/logr v1.2.4 // indirect github.com/go-openapi/jsonpointer v0.19.6 // indirect - github.com/go-openapi/jsonreference v0.20.1 // indirect + github.com/go-openapi/jsonreference v0.20.2 // indirect github.com/go-openapi/swag v0.22.3 // indirect github.com/go-sql-driver/mysql v1.4.1 // indirect github.com/gogo/protobuf v1.3.2 // indirect - github.com/golang/glog v1.1.1 // indirect + github.com/golang/glog v1.1.2 // indirect github.com/golang/groupcache v0.0.0-20210331224755-41bb18bfe9da // indirect github.com/golang/protobuf v1.5.3 // indirect - github.com/google/gnostic v0.5.7-v3refs // indirect + github.com/google/gnostic-models v0.6.8 // indirect github.com/google/gofuzz v1.2.0 // indirect - github.com/google/uuid v1.3.0 // indirect + github.com/google/uuid v1.5.0 // indirect github.com/grpc-ecosystem/grpc-opentracing v0.0.0-20180507213350-8e809c8a8645 // indirect github.com/gruntwork-io/go-commons v0.8.0 // indirect github.com/hashicorp/errwrap v1.1.0 // indirect @@ -80,8 +89,12 @@ require ( github.com/josharian/intern v1.0.0 // indirect github.com/json-iterator/go v1.1.12 // indirect github.com/kevinburke/ssh_config v1.2.0 // indirect + github.com/kr/fs v0.1.0 // indirect + github.com/lucasb-eyer/go-colorful v1.2.0 // indirect github.com/mailru/easyjson v0.7.7 // indirect - github.com/mattn/go-runewidth v0.0.14 // indirect + github.com/mattn/go-isatty v0.0.20 // indirect + github.com/mattn/go-localereader v0.0.1 // indirect + github.com/mattn/go-runewidth v0.0.15 // indirect github.com/mattn/go-zglob v0.0.2-0.20190814121620-e3c945676326 // indirect github.com/mitchellh/go-homedir v1.1.0 // indirect github.com/mitchellh/go-ps v1.0.0 // indirect @@ -89,31 +102,40 @@ require ( github.com/moby/spdystream v0.2.0 // indirect github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd // indirect github.com/modern-go/reflect2 v1.0.2 // indirect + github.com/muesli/ansi v0.0.0-20230316100256-276c6243b2f6 // indirect + github.com/muesli/cancelreader v0.2.2 // indirect + github.com/muesli/reflow v0.3.0 // indirect + github.com/muesli/termenv v0.15.2 // indirect github.com/munnerz/goautoneg v0.0.0-20191010083416-a7dc8b61c822 // indirect github.com/nxadm/tail v1.4.8 // indirect github.com/opentracing/basictracer-go v1.1.0 // indirect github.com/opentracing/opentracing-go v1.2.0 // indirect + github.com/pgavlin/fx v0.1.6 // indirect github.com/pjbgf/sha1cd v0.3.0 // indirect github.com/pkg/errors v0.9.1 // indirect + github.com/pkg/sftp v1.13.6 // indirect github.com/pkg/term v1.1.0 // indirect github.com/pmezard/go-difflib v1.0.0 // indirect github.com/pquerna/otp v1.2.0 // indirect - github.com/pulumi/pulumi-aws/sdk/v5 v5.41.0 // indirect - github.com/pulumi/pulumi-awsx/sdk v1.0.2 // indirect - github.com/pulumi/pulumi-command/sdk v0.7.2 // indirect + github.com/pulumi/appdash v0.0.0-20231130102222-75f619a67231 // indirect + github.com/pulumi/esc v0.6.2 // indirect + github.com/pulumi/pulumi-aws/sdk/v5 v5.42.0 // indirect + github.com/pulumi/pulumi-awsx/sdk v1.0.6 // indirect + github.com/pulumi/pulumi-command/sdk v0.9.2 // indirect github.com/pulumi/pulumi-docker/sdk/v3 v3.6.1 // indirect - github.com/pulumi/pulumi-eks/sdk v1.0.1 // indirect - github.com/pulumi/pulumi-kubernetes/sdk/v3 v3.29.1 // indirect - github.com/pulumi/pulumi-random/sdk/v4 v4.13.2 // indirect + github.com/pulumi/pulumi-eks/sdk v1.0.4 // indirect + github.com/pulumi/pulumi-kubernetes/sdk/v3 v3.30.2 // indirect + github.com/pulumi/pulumi-random/sdk/v4 v4.13.4 // indirect github.com/rivo/uniseg v0.4.4 // indirect - github.com/rogpeppe/go-internal v1.10.0 // indirect + github.com/rogpeppe/go-internal v1.11.0 // indirect github.com/russross/blackfriday/v2 v2.1.0 // indirect github.com/sabhiram/go-gitignore v0.0.0-20210923224102-525f6e181f06 // indirect - github.com/santhosh-tekuri/jsonschema/v5 v5.3.0 // indirect + github.com/samber/lo v1.38.1 // indirect + github.com/santhosh-tekuri/jsonschema/v5 v5.3.1 // indirect github.com/sergi/go-diff v1.3.1 // indirect - github.com/skeema/knownhosts v1.1.1 // indirect + github.com/skeema/knownhosts v1.2.0 // indirect github.com/spf13/cast v1.5.1 // indirect - github.com/spf13/cobra v1.7.0 // indirect + github.com/spf13/cobra v1.8.0 // indirect github.com/spf13/pflag v1.0.5 // indirect github.com/texttheater/golang-levenshtein v1.0.1 // indirect github.com/tweekmonster/luser v0.0.0-20161003172636-3fa38070dbd7 // indirect @@ -123,31 +145,31 @@ require ( github.com/xanzy/ssh-agent v0.3.3 // indirect github.com/zclconf/go-cty v1.13.2 // indirect go.uber.org/atomic v1.11.0 // indirect - golang.org/x/crypto v0.10.0 // indirect - golang.org/x/exp v0.0.0-20230522175609-2e198f4a06a1 // indirect - golang.org/x/mod v0.11.0 // indirect - golang.org/x/net v0.11.0 // indirect - golang.org/x/oauth2 v0.7.0 // indirect - golang.org/x/sys v0.9.0 // indirect - golang.org/x/term v0.9.0 // indirect - golang.org/x/text v0.10.0 // indirect - golang.org/x/time v0.0.0-20220210224613-90d013bbcef8 // indirect - golang.org/x/tools v0.10.0 // indirect + golang.org/x/crypto v0.17.0 // indirect + golang.org/x/exp v0.0.0-20231110203233-9a3e6036ecaa // indirect + golang.org/x/mod v0.14.0 // indirect + golang.org/x/net v0.19.0 // indirect + golang.org/x/oauth2 v0.11.0 // indirect + golang.org/x/sync v0.5.0 // indirect + golang.org/x/sys v0.15.0 // indirect + golang.org/x/term v0.15.0 // indirect + golang.org/x/text v0.14.0 // indirect + golang.org/x/time v0.3.0 // indirect + golang.org/x/tools v0.15.0 // indirect google.golang.org/appengine v1.6.7 // indirect - google.golang.org/genproto/googleapis/rpc v0.0.0-20230530153820-e85fd2cbaebc // indirect - google.golang.org/grpc v1.56.0 // indirect - google.golang.org/protobuf v1.30.0 // indirect + google.golang.org/genproto/googleapis/rpc v0.0.0-20230822172742-b8732ec3820d // indirect + google.golang.org/grpc v1.59.0 // indirect + google.golang.org/protobuf v1.31.0 // indirect gopkg.in/inf.v0 v0.9.1 // indirect gopkg.in/tomb.v1 v1.0.0-20141024135613-dd632973f1e7 // indirect gopkg.in/warnings.v0 v0.1.2 // indirect gopkg.in/yaml.v2 v2.4.0 // indirect gopkg.in/yaml.v3 v3.0.1 // indirect - k8s.io/klog/v2 v2.90.1 // indirect - k8s.io/kube-openapi v0.0.0-20230501164219-8b0f38b5fd1f // indirect - k8s.io/utils v0.0.0-20230209194617-a36077c30491 // indirect + k8s.io/klog/v2 v2.100.1 // indirect + k8s.io/kube-openapi v0.0.0-20230717233707-2695361300d9 // indirect + k8s.io/utils v0.0.0-20230406110748-d93618cff8a2 // indirect lukechampine.com/frand v1.4.2 // indirect sigs.k8s.io/json v0.0.0-20221116044647-bc3834ca7abd // indirect sigs.k8s.io/structured-merge-diff/v4 v4.2.3 // indirect sigs.k8s.io/yaml v1.3.0 // indirect - sourcegraph.com/sourcegraph/appdash v0.0.0-20211028080628-e2786a622600 // indirect ) diff --git a/test/go.sum b/test/go.sum index 527feca58..3d02d06f4 100644 --- a/test/go.sum +++ b/test/go.sum @@ -36,6 +36,8 @@ cloud.google.com/go/storage v1.5.0/go.mod h1:tpKbwo567HUNpVclU5sGELwQWBDZ8gh0Zeo cloud.google.com/go/storage v1.6.0/go.mod h1:N7U0C8pVQ/+NIKOBQyamJIeKQKkZ+mxpohlUTyfDhBk= cloud.google.com/go/storage v1.8.0/go.mod h1:Wv1Oy7z6Yz3DshWRJFhqM/UCfaWIRTdp0RXyy7KQOVs= cloud.google.com/go/storage v1.10.0/go.mod h1:FLPqc6j+Ki4BU591ie1oL6qBQGu2Bl/tZ9ullr3+Kg0= +dario.cat/mergo v1.0.0 h1:AGCNq9Evsj31mOgNPcLyXc+4PNABt905YmuqPYYpBWk= +dario.cat/mergo v1.0.0/go.mod h1:uNxQE+84aUszobStD9th8a29P2fMDhsBdgRYvZOxGmk= dmitri.shuralyov.com/gpu/mtl v0.0.0-20190408044501-666a987793e9/go.mod h1:H6x//7gZCb22OMCxBHrMx7a5I7Hp++hsVxbQ4BYO7hU= github.com/Azure/go-ansiterm v0.0.0-20210608223527-2377c96fe795/go.mod h1:LmzpDX56iTiv29bbRTIsUNlaFfuhWRQBWjQdVyAevI8= github.com/Azure/go-ansiterm v0.0.0-20210617225240-d185dfc1b5a1/go.mod h1:xomTg63KZ2rFqZQzSB4Vz2SUXa1BpHTVz9L5PTmPC4E= @@ -48,24 +50,27 @@ github.com/Azure/go-autorest/logger v0.2.1/go.mod h1:T9E3cAhj2VqvPOtCYAvby9aBXkZ github.com/Azure/go-autorest/tracing v0.6.0/go.mod h1:+vhtPC754Xsa23ID7GlGsrdKBpUA79WCAKPPZVC2DeU= github.com/BurntSushi/toml v0.3.1/go.mod h1:xHWCNGjB5oqiDr8zfno3MHue2Ht5sIBksp03qcyfWMU= github.com/BurntSushi/xgb v0.0.0-20160522181843-27f122750802/go.mod h1:IVnqGOEym/WlBOVXweHU+Q+/VP0lqqI8lqeDx9IjBqo= -github.com/DataDog/datadog-agent/test/new-e2e v0.0.0-20230629135515-95256463c610 h1:5fbeQTdzvcf64tnyz2FDOgPX/3ynuXCQMzGM5Ka/6AY= -github.com/DataDog/datadog-agent/test/new-e2e v0.0.0-20230629135515-95256463c610/go.mod h1:lWhjDI78vpbL+qRYRQ8JBbQwx7bXfVqp05VxbfdE/Y4= -github.com/DataDog/test-infra-definitions v0.0.0-20230629072331-ca7799ab15ca h1:In0LmW10UWRmzhDFXsrpvMykeuIsb9I+kZe/C8R68+g= -github.com/DataDog/test-infra-definitions v0.0.0-20230629072331-ca7799ab15ca/go.mod h1:ooZpPM5wPJNEIjDQfrWdWLlw2waB0xB8bG+J5XRDVKk= +github.com/DataDog/datadog-agent/test/new-e2e v0.50.2 h1:iDRXnDeZ0EfAdRUuAqwEKtrBSq0WU2H0UGbFoNz35mk= +github.com/DataDog/datadog-agent/test/new-e2e v0.50.2/go.mod h1:QB38Gm39iGOhs2wzGyZSIYIXUs3/BP+DjP/H6OJJu8A= +github.com/DataDog/test-infra-definitions v0.0.0-20231113131450-99ce13afdb49 h1:X08p5axuFeIC+9UWyZukTQTvpP6YKcKxjjvB6i6NWyc= +github.com/DataDog/test-infra-definitions v0.0.0-20231113131450-99ce13afdb49/go.mod h1:PqwpYO1dh26TxKAY1TiiMLmmSxzytx3OrXtYl086m2c= github.com/HdrHistogram/hdrhistogram-go v1.1.2 h1:5IcZpTvzydCQeHzK4Ef/D5rrSqwxob0t8PQPMybUNFM= github.com/Masterminds/semver v1.5.0 h1:H65muMkzWKEuNDnfl9d70GUjFniHKHRbFPGBuZ3QEww= github.com/Masterminds/semver v1.5.0/go.mod h1:MB6lktGJrhw8PrUyiEoblNEGEQ+RzHPF078ddwwvV3Y= github.com/Microsoft/go-winio v0.4.14/go.mod h1:qXqCSQ3Xa7+6tgxaGTIe4Kpcdsi+P8jBhyzoq1bpyYA= +github.com/Microsoft/go-winio v0.4.16/go.mod h1:XB6nPKklQyQ7GC9LdcBEcBl8PF76WugXOPRXwdLnMv0= github.com/Microsoft/go-winio v0.5.2/go.mod h1:WpS1mjBmmwHBEWmogvA2mj8546UReBk4v8QkMxJ6pZY= github.com/Microsoft/go-winio v0.6.1 h1:9/kr64B9VUZrLm5YYwbGtUJnMgqWVOdUAXu6Migciow= github.com/Microsoft/go-winio v0.6.1/go.mod h1:LRdKpFKfdobln8UmuiYcKPot9D2v6svN5+sAH+4kjUM= github.com/NYTimes/gziphandler v0.0.0-20170623195520-56545f4a5d46/go.mod h1:3wb06e3pkSAbeQ52E9H9iFoQsEEwGN64994WTCIhntQ= github.com/NYTimes/gziphandler v1.1.1/go.mod h1:n/CVRwUEOgIxrgPvAQhUUr9oeUtvrhMomdKFjzJNB0c= github.com/OneOfOne/xxhash v1.2.2/go.mod h1:HSdplMjZKSmBqAxg5vPj2TmRDmfkzw+cTzAElWljhcU= -github.com/ProtonMail/go-crypto v0.0.0-20230528122434-6f98819771a1 h1:JMDGhoQvXNTqH6Y3MC0IUw6tcZvaUdujNqzK2HYWZc8= -github.com/ProtonMail/go-crypto v0.0.0-20230528122434-6f98819771a1/go.mod h1:EjAoLdwvbIOoOQr3ihjnSoLZRtE8azugULFRteWMNc0= +github.com/ProtonMail/go-crypto v0.0.0-20210428141323-04723f9f07d7/go.mod h1:z4/9nQmJSSwwds7ejkxaJwO37dru3geImFUdJlaLzQo= +github.com/ProtonMail/go-crypto v0.0.0-20230828082145-3c4c8a2d2371 h1:kkhsdkhsCvIsutKu5zLMgWtgh9YxGCNAw8Ad8hjwfYg= +github.com/ProtonMail/go-crypto v0.0.0-20230828082145-3c4c8a2d2371/go.mod h1:EjAoLdwvbIOoOQr3ihjnSoLZRtE8azugULFRteWMNc0= github.com/PuerkitoBio/purell v1.1.1/go.mod h1:c11w/QuzBsJSee3cPx9rAFu61PvFxuPbtSwDGJws/X0= github.com/PuerkitoBio/urlesc v0.0.0-20170810143723-de5bf2ad4578/go.mod h1:uGdkoq3SwY9Y+13GIhn11/XLaGBb4BfwItxLd5jeuXE= +github.com/acomagu/bufpipe v1.0.3/go.mod h1:mxdxdup/WdsKVreO5GpW4+M/1CE2sMG4jeGJ2sYmHc4= github.com/acomagu/bufpipe v1.0.4 h1:e3H4WUzM3npvo5uv95QuJM3cQspFNtFBzvJ2oNjKIDQ= github.com/acomagu/bufpipe v1.0.4/go.mod h1:mxdxdup/WdsKVreO5GpW4+M/1CE2sMG4jeGJ2sYmHc4= github.com/aead/chacha20 v0.0.0-20180709150244-8b13a72661da h1:KjTM2ks9d14ZYCvmHS9iAKVt9AyzRSqNU1qabPih5BY= @@ -78,8 +83,8 @@ github.com/alecthomas/template v0.0.0-20190718012654-fb15b899a751/go.mod h1:LOuy github.com/alecthomas/units v0.0.0-20151022065526-2efee857e7cf/go.mod h1:ybxpYRFXyAe+OPACYpWeL0wqObRcbAqCMya13uyzqw0= github.com/alecthomas/units v0.0.0-20190717042225-c3de453c63f4/go.mod h1:ybxpYRFXyAe+OPACYpWeL0wqObRcbAqCMya13uyzqw0= github.com/alecthomas/units v0.0.0-20190924025748-f65c72e2690d/go.mod h1:rBZYJk541a8SKzHPHnH3zbiI+7dagKZ0cgpgrD7Fyho= -github.com/alessio/shellescape v1.4.1 h1:V7yhSDDn8LP4lc4jS8pFkt0zCnzVJlG5JXy9BVKJUX0= -github.com/alessio/shellescape v1.4.1/go.mod h1:PZAiSCk0LJaZkiCSkPv8qIobYglO3FPpyFjDCtHLS30= +github.com/alessio/shellescape v1.4.2 h1:MHPfaU+ddJ0/bYWpgIeUnQUqKrlJ1S7BfEYPM4uEoM0= +github.com/alessio/shellescape v1.4.2/go.mod h1:PZAiSCk0LJaZkiCSkPv8qIobYglO3FPpyFjDCtHLS30= github.com/anmitsu/go-shlex v0.0.0-20161002113705-648efa622239/go.mod h1:2FmKhYUyUczH0OGQWaF5ceTx0UBShxjsH6f8oGKYe2c= github.com/anmitsu/go-shlex v0.0.0-20200514113438-38f4b401e2be h1:9AeTilPcZAjCFIImctFaOjnTIavg87rW78vTPkQqLI8= github.com/antihax/optional v1.0.0/go.mod h1:uupD/76wgC+ih3iEmQUL+0Ugr19nfwCT1kdvxnR2qWY= @@ -93,39 +98,42 @@ github.com/armon/go-radix v0.0.0-20180808171621-7fddfc383310/go.mod h1:ufUuZ+zHj github.com/armon/go-socks5 v0.0.0-20160902184237-e75332964ef5 h1:0CwZNZbxp69SHPdPJAN/hZIm0C4OItdklCFmMRWYpio= github.com/armon/go-socks5 v0.0.0-20160902184237-e75332964ef5/go.mod h1:wHh0iHkYZB8zMSxRWpUBQtwG5a7fFgvEO+odwuTv2gs= github.com/asaskevich/govalidator v0.0.0-20190424111038-f61b66f89f4a/go.mod h1:lB+ZfQJz7igIIfQNfa7Ml4HSf2uFQQRzpGGRXenZAgY= -github.com/aws/aws-sdk-go v1.44.122 h1:p6mw01WBaNpbdP2xrisz5tIkcNwzj/HysobNoaAHjgo= -github.com/aws/aws-sdk-go v1.44.122/go.mod h1:y4AeaBuwd2Lk+GepC1E9v0qOiTws0MIWAX4oIKwKHZo= -github.com/aws/aws-sdk-go-v2 v1.18.0/go.mod h1:uzbQtefpm44goOPmdKyAlXSNcwlRgF3ePWVW6EtJvvw= -github.com/aws/aws-sdk-go-v2 v1.18.1 h1:+tefE750oAb7ZQGzla6bLkOwfcQCEtC5y2RqoqCeqKo= -github.com/aws/aws-sdk-go-v2 v1.18.1/go.mod h1:uzbQtefpm44goOPmdKyAlXSNcwlRgF3ePWVW6EtJvvw= -github.com/aws/aws-sdk-go-v2/config v1.18.27 h1:Az9uLwmssTE6OGTpsFqOnaGpLnKDqNYOJzWuC6UAYzA= -github.com/aws/aws-sdk-go-v2/config v1.18.27/go.mod h1:0My+YgmkGxeqjXZb5BYme5pc4drjTnM+x1GJ3zv42Nw= -github.com/aws/aws-sdk-go-v2/credentials v1.13.26 h1:qmU+yhKmOCyujmuPY7tf5MxR/RKyZrOPO3V4DobiTUk= -github.com/aws/aws-sdk-go-v2/credentials v1.13.26/go.mod h1:GoXt2YC8jHUBbA4jr+W3JiemnIbkXOfxSXcisUsZ3os= -github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.13.4 h1:LxK/bitrAr4lnh9LnIS6i7zWbCOdMsfzKFBI6LUCS0I= -github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.13.4/go.mod h1:E1hLXN/BL2e6YizK1zFlYd8vsfi2GTjbjBazinMmeaM= -github.com/aws/aws-sdk-go-v2/internal/configsources v1.1.33/go.mod h1:7i0PF1ME/2eUPFcjkVIwq+DOygHEoK92t5cDqNgYbIw= -github.com/aws/aws-sdk-go-v2/internal/configsources v1.1.34 h1:A5UqQEmPaCFpedKouS4v+dHCTUo2sKqhoKO9U5kxyWo= -github.com/aws/aws-sdk-go-v2/internal/configsources v1.1.34/go.mod h1:wZpTEecJe0Btj3IYnDx/VlUzor9wm3fJHyvLpQF0VwY= -github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.4.27/go.mod h1:UrHnn3QV/d0pBZ6QBAEQcqFLf8FAzLmoUfPVIueOvoM= -github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.4.28 h1:srIVS45eQuewqz6fKKu6ZGXaq6FuFg5NzgQBAM6g8Y4= -github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.4.28/go.mod h1:7VRpKQQedkfIEXb4k52I7swUnZP0wohVajJMRn3vsUw= -github.com/aws/aws-sdk-go-v2/internal/ini v1.3.35 h1:LWA+3kDM8ly001vJ1X1waCuLJdtTl48gwkPKWy9sosI= -github.com/aws/aws-sdk-go-v2/internal/ini v1.3.35/go.mod h1:0Eg1YjxE0Bhn56lx+SHJwCzhW+2JGtizsrx+lCqrfm0= -github.com/aws/aws-sdk-go-v2/service/ecs v1.27.4 h1:F1N0Eh5EGRRY9QpF+tMTkx8Wb59DkQWE91Xza/9dk1c= -github.com/aws/aws-sdk-go-v2/service/ecs v1.27.4/go.mod h1:0irnFofeEZwT7uTjSkNVcSQJbWRqZ9BRoxhKjt1BObM= -github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.9.28 h1:bkRyG4a929RCnpVSTvLM2j/T4ls015ZhhYApbmYs15s= -github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.9.28/go.mod h1:jj7znCIg05jXlaGBlFMGP8+7UN3VtCkRBG2spnmRQkU= -github.com/aws/aws-sdk-go-v2/service/ssm v1.36.4 h1:3AjvCuRS8OnNVRC/UBagp1Jo2feR94+VAIKO4lz8gOQ= -github.com/aws/aws-sdk-go-v2/service/ssm v1.36.4/go.mod h1:p6MaesK9061w6NTiFmZpUzEkKUY5blKlwD2zYyErxKA= -github.com/aws/aws-sdk-go-v2/service/sso v1.12.12 h1:nneMBM2p79PGWBQovYO/6Xnc2ryRMw3InnDJq1FHkSY= -github.com/aws/aws-sdk-go-v2/service/sso v1.12.12/go.mod h1:HuCOxYsF21eKrerARYO6HapNeh9GBNq7fius2AcwodY= -github.com/aws/aws-sdk-go-v2/service/ssooidc v1.14.12 h1:2qTR7IFk7/0IN/adSFhYu9Xthr0zVFTgBrmPldILn80= -github.com/aws/aws-sdk-go-v2/service/ssooidc v1.14.12/go.mod h1:E4VrHCPzmVB/KFXtqBGKb3c8zpbNBgKe3fisDNLAW5w= -github.com/aws/aws-sdk-go-v2/service/sts v1.19.2 h1:XFJ2Z6sNUUcAz9poj+245DMkrHE4h2j5I9/xD50RHfE= -github.com/aws/aws-sdk-go-v2/service/sts v1.19.2/go.mod h1:dp0yLPsLBOi++WTxzCjA/oZqi6NPIhoR+uF7GeMU9eg= -github.com/aws/smithy-go v1.13.5 h1:hgz0X/DX0dGqTYpGALqXJoRKRj5oQ7150i5FdTePzO8= -github.com/aws/smithy-go v1.13.5/go.mod h1:Tg+OJXh4MB2R/uN61Ko2f6hTZwB/ZYGOtib8J3gBHzA= +github.com/atotto/clipboard v0.1.4 h1:EH0zSVneZPSuFR11BlR9YppQTVDbh5+16AmcJi4g1z4= +github.com/atotto/clipboard v0.1.4/go.mod h1:ZY9tmq7sm5xIbd9bOK4onWV4S6X0u6GY7Vn0Yu86PYI= +github.com/aws/aws-sdk-go v1.44.298 h1:5qTxdubgV7PptZJmp/2qDwD2JL187ePL7VOxsSh1i3g= +github.com/aws/aws-sdk-go v1.44.298/go.mod h1:aVsgQcEevwlmQ7qHE9I3h+dtQgpqhFB+i8Phjh7fkwI= +github.com/aws/aws-sdk-go-v2 v1.24.0 h1:890+mqQ+hTpNuw0gGP6/4akolQkSToDJgHfQE7AwGuk= +github.com/aws/aws-sdk-go-v2 v1.24.0/go.mod h1:LNh45Br1YAkEKaAqvmE1m8FUx6a5b/V0oAKV7of29b4= +github.com/aws/aws-sdk-go-v2/config v1.25.10 h1:qw/e8emDtNufTkrAU86DlQ18DruMyyM7ttW6Lgwp4v0= +github.com/aws/aws-sdk-go-v2/config v1.25.10/go.mod h1:203YiAtb6XyoGxXMPsUVwEcuxCiTQY/r8P27IDjfvMc= +github.com/aws/aws-sdk-go-v2/credentials v1.16.8 h1:phw9nRLy/77bPk6Mfu2SHCOnHwfVB7WWrOa5rZIY2Fc= +github.com/aws/aws-sdk-go-v2/credentials v1.16.8/go.mod h1:MrS4SOin6adbO6wgWhdifyPiq+TX7fPPwyA/ZLC1F5M= +github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.14.8 h1:tQZLSPC2Zj2CqZHonLmWEvCsbpMX5tQvaYJWHadcPek= +github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.14.8/go.mod h1:5+YpvTHDFffykWr5qAGjqwoh8oVYZOddL3sSrEN7lws= +github.com/aws/aws-sdk-go-v2/internal/configsources v1.2.9 h1:v+HbZaCGmOwnTTVS86Fleq0vPzOd7tnJGbFhP0stNLs= +github.com/aws/aws-sdk-go-v2/internal/configsources v1.2.9/go.mod h1:Xjqy+Nyj7VDLBtCMkQYOw1QYfAEZCVLrfI0ezve8wd4= +github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.5.9 h1:N94sVhRACtXyVcjXxrwK1SKFIJrA9pOJ5yu2eSHnmls= +github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.5.9/go.mod h1:hqamLz7g1/4EJP+GH5NBhcUMLjW+gKLQabgyz6/7WAU= +github.com/aws/aws-sdk-go-v2/internal/ini v1.7.1 h1:uR9lXYjdPX0xY+NhvaJ4dD8rpSRz5VY81ccIIoNG+lw= +github.com/aws/aws-sdk-go-v2/internal/ini v1.7.1/go.mod h1:6fQQgfuGmw8Al/3M2IgIllycxV7ZW7WCdVSqfBeUiCY= +github.com/aws/aws-sdk-go-v2/service/ecs v1.35.1 h1:f4DtxnDnREgJADZUxuRdzGBKRH1H0G6wF6JWq0yXERY= +github.com/aws/aws-sdk-go-v2/service/ecs v1.35.1/go.mod h1:6qineQ2FiFd4AQckMmDOF/tLSQuq+Me1sZO1znKkmgc= +github.com/aws/aws-sdk-go-v2/service/internal/accept-encoding v1.10.4 h1:/b31bi3YVNlkzkBrm9LfpaKoaYZUxIAj4sHfOTmLfqw= +github.com/aws/aws-sdk-go-v2/service/internal/accept-encoding v1.10.4/go.mod h1:2aGXHFmbInwgP9ZfpmdIfOELL79zhdNYNmReK8qDfdQ= +github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.10.9 h1:Nf2sHxjMJR8CSImIVCONRi4g0Su3J+TSTbS7G0pUeMU= +github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.10.9/go.mod h1:idky4TER38YIjr2cADF1/ugFMKvZV7p//pVeV5LZbF0= +github.com/aws/aws-sdk-go-v2/service/ssm v1.44.1 h1:LwoTceR/pj+zzIuVrBrESQ5K8N0T0F3agz+yUXIoVxA= +github.com/aws/aws-sdk-go-v2/service/ssm v1.44.1/go.mod h1:N/ISupi87tK6YpOxPDTmF7i6qedc0HYPiUuUY8zU6RI= +github.com/aws/aws-sdk-go-v2/service/sso v1.18.1 h1:V40g2daNO3l1J94JYwqfkyvQMYXi5I25fs3fNQW8iDs= +github.com/aws/aws-sdk-go-v2/service/sso v1.18.1/go.mod h1:0ZWQJP/mBOUxkCvZKybZNz1XmdUKSBxoF0dzgfxtvDs= +github.com/aws/aws-sdk-go-v2/service/ssooidc v1.21.1 h1:uQrj7SpUNC3r55vc1CDh3qV9wJC66lz546xM9dhSo5s= +github.com/aws/aws-sdk-go-v2/service/ssooidc v1.21.1/go.mod h1:oyaTk5xEAOuPXX1kCD7HmIeuLqdj3Bk5yGkqGXtGi14= +github.com/aws/aws-sdk-go-v2/service/sts v1.26.1 h1:K33V7L0XDdb23FMOZySr8bon1jou5SHn1fiv7NJ1SUg= +github.com/aws/aws-sdk-go-v2/service/sts v1.26.1/go.mod h1:YtXUl/sfnS06VksYhr855hTQf2HphfT1Xv/EwuzbPjg= +github.com/aws/smithy-go v1.19.0 h1:KWFKQV80DpP3vJrrA9sVAHQ5gc2z8i4EzrLhLlWXcBM= +github.com/aws/smithy-go v1.19.0/go.mod h1:NukqUGpCZIILqqiV0NIjeFh24kd/FAa4beRb6nbIUPE= +github.com/aymanbagabas/go-osc52/v2 v2.0.1 h1:HwpRHbFMcZLEVr42D4p7XBqjyuxQH5SMiErDT4WkJ2k= +github.com/aymanbagabas/go-osc52/v2 v2.0.1/go.mod h1:uYgXzlJ7ZpABp8OJ+exZzJJhRNQ2ASbcXHWsFqH8hp8= github.com/benbjohnson/clock v1.0.3/go.mod h1:bGMdMPoPVvcYyt1gHDf4J2KE153Yf9BuiUKYMaxlTDM= github.com/benbjohnson/clock v1.1.0/go.mod h1:J11/hYXuz8f4ySSvYwY0FKfm+ezbsZBKZxNJlLklBHA= github.com/beorn7/perks v0.0.0-20180321164747-3a771d992973/go.mod h1:Dwedo/Wpr24TaqPxmxbtue+5NUziq4I4S80YR8gNf3Q= @@ -148,6 +156,12 @@ github.com/certifi/gocertifi v0.0.0-20191021191039-0944d244cd40/go.mod h1:sGbDF6 github.com/certifi/gocertifi v0.0.0-20200922220541-2c3bb06c6054/go.mod h1:sGbDF6GwGcLpkNXPUTkMRoywsNa/ol15pxFe6ERfguA= github.com/cespare/xxhash v1.1.0/go.mod h1:XrSqR1VqqWfGrhpAt58auRo0WTKS1nRRg3ghfAqPWnc= github.com/cespare/xxhash/v2 v2.1.1/go.mod h1:VGX0DQ3Q6kWi7AoAeZDth3/j3BFtOZR5XLFGgcrjCOs= +github.com/charmbracelet/bubbles v0.16.1 h1:6uzpAAaT9ZqKssntbvZMlksWHruQLNxg49H5WdeuYSY= +github.com/charmbracelet/bubbles v0.16.1/go.mod h1:2QCp9LFlEsBQMvIYERr7Ww2H2bA7xen1idUDIzm/+Xc= +github.com/charmbracelet/bubbletea v0.24.2 h1:uaQIKx9Ai6Gdh5zpTbGiWpytMU+CfsPp06RaW2cx/SY= +github.com/charmbracelet/bubbletea v0.24.2/go.mod h1:XdrNrV4J8GiyshTtx3DNuYkR1FDaJmO3l2nejekbsgg= +github.com/charmbracelet/lipgloss v0.7.1 h1:17WMwi7N1b1rVWOjMT+rCh7sQkvDU75B2hbZpc5Kc1E= +github.com/charmbracelet/lipgloss v0.7.1/go.mod h1:yG0k3giv8Qj8edTCbbg6AlQ5e8KNWpFujkNawKNhE2c= github.com/cheggaaa/pb v1.0.18/go.mod h1:pQciLPpbU0oxA0h+VJYYLxO+XeDQb5pZijXscXHm81s= github.com/cheggaaa/pb v1.0.29 h1:FckUN5ngEk2LpvuG0fw1GEFx6LtyY2pWI/Z2QgCnEYo= github.com/cheggaaa/pb v1.0.29/go.mod h1:W40334L7FMC5JKWldsTWbdGjLo0RxUKK73K+TuPxX30= @@ -165,6 +179,8 @@ github.com/cockroachdb/datadriven v0.0.0-20200714090401-bf6692d28da5/go.mod h1:h github.com/cockroachdb/errors v1.2.4/go.mod h1:rQD95gz6FARkaKkQXUksEje/d9a6wBJoCr5oaCLELYA= github.com/cockroachdb/logtags v0.0.0-20190617123548-eb05cc24525f/go.mod h1:i/u985jwjWRlyHXQbwatDASoW0RMlZ/3i9yJHE2xLkI= github.com/codahale/hdrhistogram v0.0.0-20161010025455-3a0bb77429bd/go.mod h1:sE/e/2PUdi/liOCUjSTXgM1o87ZssimdTWN964YiIeI= +github.com/containerd/console v1.0.4-0.20230313162750-1ae8d489ac81 h1:q2hJAaP1k2wIvVRd/hEHD7lacgqrCPS+k8g1MndzfWY= +github.com/containerd/console v1.0.4-0.20230313162750-1ae8d489ac81/go.mod h1:YynlIjWYF8myEu6sdkwKIvGQq+cOckRm6So2avqoYAk= github.com/coreos/bbolt v1.3.2/go.mod h1:iRUV2dpdMOn7Bo10OQBFzIJO9kkE559Wcmn+qkEiiKk= github.com/coreos/etcd v3.3.10+incompatible/go.mod h1:uF7uidLiAD3TWHmW31ZFd/JWoc32PjwdhPthX9715RE= github.com/coreos/etcd v3.3.13+incompatible/go.mod h1:uF7uidLiAD3TWHmW31ZFd/JWoc32PjwdhPthX9715RE= @@ -177,11 +193,13 @@ github.com/coreos/pkg v0.0.0-20180928190104-399ea9e2e55f/go.mod h1:E3G3o1h8I7cfc github.com/cpuguy83/go-md2man/v2 v2.0.0-20190314233015-f79a8a8ca69d/go.mod h1:maD7wRr/U5Z6m/iR4s+kqSMx2CaBsrgA7czyZG/E6dU= github.com/cpuguy83/go-md2man/v2 v2.0.0/go.mod h1:maD7wRr/U5Z6m/iR4s+kqSMx2CaBsrgA7czyZG/E6dU= github.com/cpuguy83/go-md2man/v2 v2.0.1/go.mod h1:tgQtvFlXSQOSOSIRvRPT7W67SCa46tRHOmNcaadrF8o= -github.com/cpuguy83/go-md2man/v2 v2.0.2 h1:p1EgwI/C7NhT0JmVkwCD2ZBK8j4aeHQX2pMHHBfMQ6w= -github.com/cpuguy83/go-md2man/v2 v2.0.2/go.mod h1:tgQtvFlXSQOSOSIRvRPT7W67SCa46tRHOmNcaadrF8o= +github.com/cpuguy83/go-md2man/v2 v2.0.3 h1:qMCsGGgs+MAzDFyp9LpAe1Lqy/fY/qCovCm0qnXZOBM= +github.com/cpuguy83/go-md2man/v2 v2.0.3/go.mod h1:tgQtvFlXSQOSOSIRvRPT7W67SCa46tRHOmNcaadrF8o= github.com/creack/pty v1.1.7/go.mod h1:lj5s0c3V2DBrqTV7llrYr5NG6My20zk30Fl46Y7DoTY= github.com/creack/pty v1.1.9/go.mod h1:oKZEueFk5CKHvIhNR5MUki03XCEU+Q6VDXinZuGJ33E= github.com/creack/pty v1.1.11/go.mod h1:oKZEueFk5CKHvIhNR5MUki03XCEU+Q6VDXinZuGJ33E= +github.com/cyphar/filepath-securejoin v0.2.4 h1:Ugdm7cg7i6ZK6x3xDF1oEu1nfkyfH53EtKeQYTC3kyg= +github.com/cyphar/filepath-securejoin v0.2.4/go.mod h1:aPGpWjXOXUn2NCNjFvBE6aRxGGx79pTxQpKOJNYHHl4= github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= github.com/davecgh/go-spew v1.1.1 h1:vj9j/u1bqnvCEfJOwUhtlOARqs3+rkHYY13jYWTU97c= github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= @@ -193,7 +211,7 @@ github.com/djherbis/times v1.5.0/go.mod h1:5q7FDLvbNg1L/KaBmPcWlVR9NmoKo3+ucqUA3 github.com/docopt/docopt-go v0.0.0-20180111231733-ee0de3bc6815/go.mod h1:WwZ+bS3ebgob9U8Nd0kOddGdZWjyMGR8Wziv+TBNwSE= github.com/dustin/go-humanize v1.0.0/go.mod h1:HtrtbFcZ19U5GC7JDqmcUSB87Iq5E25KnS6fMYU6eOk= github.com/elazarl/goproxy v0.0.0-20180725130230-947c36da3153/go.mod h1:/Zj4wYkgs4iZTTu3o/KG3Itv/qCCa8VVMlb3i9OVuzc= -github.com/elazarl/goproxy v0.0.0-20221015165544-a0805db90819 h1:RIB4cRk+lBqKK3Oy0r2gRX4ui7tuhiZq2SuTtTCi0/0= +github.com/elazarl/goproxy v0.0.0-20230808193330-2592e75ae04a h1:mATvB/9r/3gvcejNsXKSkQ6lcIaNec2nyfOdlTBR2lU= github.com/emicklei/go-restful v0.0.0-20170410110728-ff4f55a20633/go.mod h1:otzb+WCGbkyDHkqmQmT5YD2WR4BBwUdeQoFo8l/7tVs= github.com/emicklei/go-restful v2.9.5+incompatible/go.mod h1:otzb+WCGbkyDHkqmQmT5YD2WR4BBwUdeQoFo8l/7tVs= github.com/emicklei/go-restful/v3 v3.9.0 h1:XwGDlfxEnQZzuopoqxwSEllNcCOM9DhhFyhFIIGKwxE= @@ -212,7 +230,7 @@ github.com/envoyproxy/protoc-gen-validate v0.1.0/go.mod h1:iSmxcyjqTsJpI2R4NaDN7 github.com/evanphx/json-patch v4.12.0+incompatible/go.mod h1:50XU6AFN0ol/bzJsmQLiYLvXMP4fmwYFNcr97nuDLSk= github.com/fatih/color v1.7.0/go.mod h1:Zm6kSWBoL9eyXnKyktHP6abPY2pDugNf5KwzbycvMj4= github.com/fatih/color v1.9.0/go.mod h1:eQcE1qtQxscV5RaZvpXrrb8Drkc3/DdQ+uUYCNjL+zU= -github.com/fatih/color v1.13.0 h1:8LOYc1KYPPmyKMuN8QV2DNRWNbLo6LZ0iLs8+mlH53w= +github.com/fatih/color v1.15.0 h1:kOqh6YHBtK8aywxGerMG2Eq3H6Qgoqeo13Bk2Mv/nBs= github.com/felixge/httpsnoop v1.0.1/go.mod h1:m8KPJKqk1gH5J9DgRY2ASl2lWCfGKXixSwevea8zH2U= github.com/flynn/go-shlex v0.0.0-20150515145356-3f9db97f8568/go.mod h1:xEzjJPgXI435gkrCt3MPfRiAkVrwSbHsst4LCFVfpJc= github.com/form3tech-oss/jwt-go v3.2.2+incompatible/go.mod h1:pbq4aXjuKjdthFRnoDwaVPLA+WlJuPGy+QneDUgJi2k= @@ -229,15 +247,20 @@ github.com/ghodss/yaml v1.0.0/go.mod h1:4dBDuWmgqj2HViK6kFavaiC9ZROes6MMH2rRYeME github.com/gliderlabs/ssh v0.2.2/go.mod h1:U7qILu1NlMHj9FlMhZLlkCdDnU1DBEAqr0aevW3Awn0= github.com/gliderlabs/ssh v0.3.5 h1:OcaySEmAQJgyYcArR+gGGTHCyE7nvhEMTlYY+Dp8CpY= github.com/go-errors/errors v1.0.1/go.mod h1:f4zRHt4oKfwPJE5k8C9vpYG+aDHdBFUsgrm6/TyX73Q= -github.com/go-errors/errors v1.0.2-0.20180813162953-d98b870cc4e0 h1:skJKxRtNmevLqnayafdLe2AsenqRupVmzZSqrvb5caU= -github.com/go-errors/errors v1.0.2-0.20180813162953-d98b870cc4e0/go.mod h1:f4zRHt4oKfwPJE5k8C9vpYG+aDHdBFUsgrm6/TyX73Q= +github.com/go-errors/errors v1.4.2 h1:J6MZopCL4uSllY1OfXM374weqZFFItUbrImctkmUxIA= +github.com/go-errors/errors v1.4.2/go.mod h1:sIVyrIiJhuEF+Pj9Ebtd6P/rEYROXFi3BopGUQ5a5Og= +github.com/go-git/gcfg v1.5.0/go.mod h1:5m20vg6GwYabIxaOonVkTdrILxQMpEShl1xiMF4ua+E= github.com/go-git/gcfg v1.5.1-0.20230307220236-3a3c6141e376 h1:+zs/tPmkDkHx3U66DAb0lQFJrpS6731Oaa12ikc+DiI= github.com/go-git/gcfg v1.5.1-0.20230307220236-3a3c6141e376/go.mod h1:an3vInlBmSxCcxctByoQdvwPiA7DTK7jaaFDBTtu0ic= -github.com/go-git/go-billy/v5 v5.4.1 h1:Uwp5tDRkPr+l/TnbHOQzp+tmJfLceOlbVucgpTz8ix4= -github.com/go-git/go-billy/v5 v5.4.1/go.mod h1:vjbugF6Fz7JIflbVpl1hJsGjSHNltrSw45YK/ukIvQg= +github.com/go-git/go-billy/v5 v5.2.0/go.mod h1:pmpqyWchKfYfrkb/UVH4otLvyi/5gJlGI4Hb3ZqZ3W0= +github.com/go-git/go-billy/v5 v5.3.1/go.mod h1:pmpqyWchKfYfrkb/UVH4otLvyi/5gJlGI4Hb3ZqZ3W0= +github.com/go-git/go-billy/v5 v5.5.0 h1:yEY4yhzCDuMGSv83oGxiBotRzhwhNr8VZyphhiu+mTU= +github.com/go-git/go-billy/v5 v5.5.0/go.mod h1:hmexnoNsr2SJU1Ju67OaNz5ASJY3+sHgFRpCtpDCKow= +github.com/go-git/go-git-fixtures/v4 v4.2.1/go.mod h1:K8zd3kDUAykwTdDCr+I0per6Y6vMiRR/nnVTBtavnB0= github.com/go-git/go-git-fixtures/v4 v4.3.2-0.20230305113008-0c11038e723f h1:Pz0DHeFij3XFhoBRGUDPzSJ+w2UcK5/0JvF8DRI58r8= -github.com/go-git/go-git/v5 v5.7.0 h1:t9AudWVLmqzlo+4bqdf7GY+46SUuRsx59SboFxkq2aE= -github.com/go-git/go-git/v5 v5.7.0/go.mod h1:coJHKEOk5kUClpsNlXrUvPrDxY3w3gjHvhcZd8Fodw8= +github.com/go-git/go-git/v5 v5.4.2/go.mod h1:gQ1kArt6d+n+BGd+/B/I74HwRTLhth2+zti4ihgckDc= +github.com/go-git/go-git/v5 v5.9.0 h1:cD9SFA7sHVRdJ7AYck1ZaAa/yeuBvGPxwXDL8cxrObY= +github.com/go-git/go-git/v5 v5.9.0/go.mod h1:RKIqga24sWdMGZF+1Ekv9kylsDz6LzdTSI2s/OsZWE0= github.com/go-gl/glfw v0.0.0-20190409004039-e6da0acd62b1/go.mod h1:vR7hzQXu2zJy9AVAgeJqvqgH9Q5CA+iKCZ2gyEVpxRU= github.com/go-gl/glfw/v3.3/glfw v0.0.0-20191125211704-12ad95a8df72/go.mod h1:tQ2UAYgL5IevRw8kRxooKSPJfGvJ9fJQFa0TUsXzTg8= github.com/go-gl/glfw/v3.3/glfw v0.0.0-20200222043503-6f7a984d4dc4/go.mod h1:tQ2UAYgL5IevRw8kRxooKSPJfGvJ9fJQFa0TUsXzTg8= @@ -250,8 +273,8 @@ github.com/go-logfmt/logfmt v0.5.0/go.mod h1:wCYkCAKZfumFQihp8CzCvQ3paCTfi41vtzG github.com/go-logr/logr v0.1.0/go.mod h1:ixOQHD9gLJUVQQ2ZOR7zLEifBX6tGkNJF4QyIY7sIas= github.com/go-logr/logr v0.2.0/go.mod h1:z6/tIYblkpsD+a4lm/fGIIU9mZ+XfAiaFtq7xTgseGU= github.com/go-logr/logr v1.2.0/go.mod h1:jdQByPbusPIv2/zmleS9BjJVeZ6kBagPoEUsqbVz/1A= -github.com/go-logr/logr v1.2.3 h1:2DntVwHkVopvECVRSlL5PSo9eG+cAkDCuckLubN+rq0= -github.com/go-logr/logr v1.2.3/go.mod h1:jdQByPbusPIv2/zmleS9BjJVeZ6kBagPoEUsqbVz/1A= +github.com/go-logr/logr v1.2.4 h1:g01GSCwiDw2xSZfjJ2/T9M+S6pFdcNtFYsp+Y43HYDQ= +github.com/go-logr/logr v1.2.4/go.mod h1:jdQByPbusPIv2/zmleS9BjJVeZ6kBagPoEUsqbVz/1A= github.com/go-logr/zapr v1.2.0/go.mod h1:Qa4Bsj2Vb+FAVeAKsLD8RLQ+YRJB8YDmOAKxaBQf7Ro= github.com/go-openapi/jsonpointer v0.19.3/go.mod h1:Pl9vOtqEWErmShwVjC8pYs9cog34VGT37dQOVbmoatg= github.com/go-openapi/jsonpointer v0.19.5/go.mod h1:Pl9vOtqEWErmShwVjC8pYs9cog34VGT37dQOVbmoatg= @@ -259,8 +282,8 @@ github.com/go-openapi/jsonpointer v0.19.6 h1:eCs3fxoIi3Wh6vtgmLTOjdhSpiqphQ+DaPn github.com/go-openapi/jsonpointer v0.19.6/go.mod h1:osyAmYz/mB/C3I+WsTTSgw1ONzaLJoLCyoi6/zppojs= github.com/go-openapi/jsonreference v0.19.3/go.mod h1:rjx6GuL8TTa9VaixXglHmQmIL98+wF9xc8zWvFonSJ8= github.com/go-openapi/jsonreference v0.19.5/go.mod h1:RdybgQwPxbL4UEjuAruzK1x3nE69AqPYEJeo/TWfEeg= -github.com/go-openapi/jsonreference v0.20.1 h1:FBLnyygC4/IZZr893oiomc9XaghoveYTrLC1F86HID8= -github.com/go-openapi/jsonreference v0.20.1/go.mod h1:Bl1zwGIM8/wsvqjsOQLJ/SH+En5Ap4rVB5KVcIDZG2k= +github.com/go-openapi/jsonreference v0.20.2 h1:3sVjiK66+uXK/6oQ8xgcRKcFgQ5KXa2KvnJRumpMGbE= +github.com/go-openapi/jsonreference v0.20.2/go.mod h1:Bl1zwGIM8/wsvqjsOQLJ/SH+En5Ap4rVB5KVcIDZG2k= github.com/go-openapi/swag v0.19.5/go.mod h1:POnQmlKehdgb5mhVOsnJFsivZCEZ/vjK9gh66Z9tfKk= github.com/go-openapi/swag v0.19.14/go.mod h1:QYRuS/SOXUCsnplDa677K7+DxSOj6IPNl/eQntq43wQ= github.com/go-openapi/swag v0.22.3 h1:yMBqmnQ0gyZvEb/+KzuWZOXgllrXT4SADYbvDaXHv/g= @@ -268,7 +291,7 @@ github.com/go-openapi/swag v0.22.3/go.mod h1:UzaqsxGiab7freDnrUUra0MwWfN/q7tE4j+ github.com/go-sql-driver/mysql v1.4.1 h1:g24URVg0OFbNUTx9qqY1IRZ9D9z3iPyi5zKhQZpNwpA= github.com/go-sql-driver/mysql v1.4.1/go.mod h1:zAC/RDZ24gD3HViQzih4MyKcchzm+sOG5ZlKdlhCg5w= github.com/go-stack/stack v1.8.0/go.mod h1:v0f6uXyyMGvRgIKkXu+yp6POWl0qKG85gN/melR3HDY= -github.com/go-task/slim-sprig v0.0.0-20210107165309-348f09dbbbc0 h1:p104kn46Q8WdvHunIJ9dAyjPVtrBPhSr3KT2yUst43I= +github.com/go-task/slim-sprig v0.0.0-20230315185526-52ccab3ef572 h1:tfuBGBXKqDEevZMzYi5KSi8KkcZtzBcTgAUUtapy0OI= github.com/godbus/dbus/v5 v5.0.4/go.mod h1:xhWf0FNVPg57R7Z0UbKHbJfkEywrmjJnf7w5xrFpKfA= github.com/gofrs/flock v0.7.1/go.mod h1:F1TvTiK9OcQqauNUHlbJvyl9Qa1QvF/gOUDKA14jxHU= github.com/gofrs/uuid v3.3.0+incompatible/go.mod h1:b2aQJv3Z4Fp6yNu3cdSllBxTCLRxnplIgP/c0N/04lM= @@ -279,8 +302,8 @@ github.com/gogo/protobuf v1.3.2 h1:Ov1cvc58UF3b5XjBnZv7+opcTcQFZebYjWzi34vdm4Q= github.com/gogo/protobuf v1.3.2/go.mod h1:P1XiOD3dCwIKUDQYPy72D8LYyHL2YPYrpS2s69NZV8Q= github.com/golang/glog v0.0.0-20160126235308-23def4e6c14b/go.mod h1:SBH7ygxi8pfUlaOkMMuAQtPIUF8ecWP5IEl/CR7VP2Q= github.com/golang/glog v1.0.0/go.mod h1:EWib/APOK0SL3dFbYqvxE3UYd8E6s1ouQ7iEp/0LWV4= -github.com/golang/glog v1.1.1 h1:jxpi2eWoU84wbX9iIEyAeeoac3FLuifZpY9tcNUD9kw= -github.com/golang/glog v1.1.1/go.mod h1:zR+okUeTbrL6EL3xHUDxZuEtGv04p5shwip1+mL/rLQ= +github.com/golang/glog v1.1.2 h1:DVjP2PbBOzHyzA+dn3WhHIq4NdVu3Q+pvivFICf/7fo= +github.com/golang/glog v1.1.2/go.mod h1:zR+okUeTbrL6EL3xHUDxZuEtGv04p5shwip1+mL/rLQ= github.com/golang/groupcache v0.0.0-20190129154638-5b532d6fd5ef/go.mod h1:cIg4eruTrX1D+g88fzRXU5OdNfaM+9IcxsU14FzY7Hc= github.com/golang/groupcache v0.0.0-20190702054246-869f871628b6/go.mod h1:cIg4eruTrX1D+g88fzRXU5OdNfaM+9IcxsU14FzY7Hc= github.com/golang/groupcache v0.0.0-20191227052852-215e87163ea7/go.mod h1:cIg4eruTrX1D+g88fzRXU5OdNfaM+9IcxsU14FzY7Hc= @@ -319,8 +342,8 @@ github.com/google/btree v1.0.0/go.mod h1:lNA+9X1NB3Zf8V7Ke586lFgjr2dZNuvo3lPJSGZ github.com/google/btree v1.0.1/go.mod h1:xXMiIv4Fb/0kKde4SpL7qlzvu5cMJDRkFDxJfI9uaxA= github.com/google/cel-go v0.9.0/go.mod h1:U7ayypeSkw23szu4GaQTPJGx66c20mx8JklMSxrmI1w= github.com/google/cel-spec v0.6.0/go.mod h1:Nwjgxy5CbjlPrtCWjeDjUyKMl8w41YBYGjsyDdqk0xA= -github.com/google/gnostic v0.5.7-v3refs h1:FhTMOKj2VhjpouxvWJAV1TL304uMlb9zcDqkl6cEI54= -github.com/google/gnostic v0.5.7-v3refs/go.mod h1:73MKFl6jIHelAJNaBGFzt3SPtZULs9dYrGFt8OiIsHQ= +github.com/google/gnostic-models v0.6.8 h1:yo/ABAfM5IMRsS1VnXjTBvUb61tFIHozhlYvRgGre9I= +github.com/google/gnostic-models v0.6.8/go.mod h1:5n7qKqH0f5wFt+aWF8CW6pZLLNOfYuF5OpfBSENuI8U= github.com/google/go-cmp v0.2.0/go.mod h1:oXzfMopK8JAjlY9xF4vHSVASa0yLyX7SntLO5aqRK0M= github.com/google/go-cmp v0.3.0/go.mod h1:8QqcDgzrUqlUb/G2PQTWiueGozuR1884gddMywk6iLU= github.com/google/go-cmp v0.3.1/go.mod h1:8QqcDgzrUqlUb/G2PQTWiueGozuR1884gddMywk6iLU= @@ -332,7 +355,6 @@ github.com/google/go-cmp v0.5.2/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/ github.com/google/go-cmp v0.5.3/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE= github.com/google/go-cmp v0.5.4/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE= github.com/google/go-cmp v0.5.5/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE= -github.com/google/go-cmp v0.5.8/go.mod h1:17dUlkBOakJ0+DkrSSNjCkIjxS6bF9zb3elmeNGIjoY= github.com/google/go-cmp v0.5.9 h1:O2Tfq5qg4qc4AmwVlvv0oLiVAGB7enBSJ2x2DqQFi38= github.com/google/go-cmp v0.5.9/go.mod h1:17dUlkBOakJ0+DkrSSNjCkIjxS6bF9zb3elmeNGIjoY= github.com/google/gofuzz v1.0.0/go.mod h1:dBl0BpW6vV/+mYPU4Po3pmUjxk6FQPldtuIdl/M65Eg= @@ -357,8 +379,8 @@ github.com/google/pprof v0.0.0-20210720184732-4bb14d4b1be1 h1:K6RDEckDVWvDI9JAJY github.com/google/renameio v0.1.0/go.mod h1:KWCgfxg9yswjAJkECMjeO8J8rahYeXnNhOm40UhjYkI= github.com/google/shlex v0.0.0-20191202100458-e7afc7fbc510/go.mod h1:pupxD2MaaD3pAXIBCelhxNneeOaAeabZDe5s4K6zSpQ= github.com/google/uuid v1.1.2/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo= -github.com/google/uuid v1.3.0 h1:t6JiXgmwXMjEs8VusXIJk2BXHsn+wx8BZdTaoZ5fu7I= -github.com/google/uuid v1.3.0/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo= +github.com/google/uuid v1.5.0 h1:1p67kYwdtXjb0gL0BPiP1Av9wiZPo5A8z2cWkTZ+eyU= +github.com/google/uuid v1.5.0/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo= github.com/googleapis/gax-go/v2 v2.0.4/go.mod h1:0Wqv26UfaUD9n4G6kQubkQ+KchISgw+vpHVxEJEs9eg= github.com/googleapis/gax-go/v2 v2.0.5/go.mod h1:DWXyrwAJ9X0FpwwEdw+IPEYBICEFu5mhpdKc/us6bOk= github.com/googleapis/gnostic v0.5.1/go.mod h1:6U4PtQXGIEt/Z3h5MAT7FNofLnw9vXk2cUuW7uA/OeU= @@ -410,6 +432,7 @@ github.com/hpcloud/tail v1.0.0/go.mod h1:ab1qPbhIpdTxEkNHXyeSf5vhxWSCs/tWer42PpO github.com/ianlancetaylor/demangle v0.0.0-20181102032728-5e5cf60278f6/go.mod h1:aSSvb/t6k1mPoxDqO4vJh6VOCGPwU4O0C2/Eqndh1Sc= github.com/ianlancetaylor/demangle v0.0.0-20200824232613-28f6c0f3b639/go.mod h1:aSSvb/t6k1mPoxDqO4vJh6VOCGPwU4O0C2/Eqndh1Sc= github.com/imdario/mergo v0.3.5/go.mod h1:2EnlNZ0deacrJVfApfmtdGgDfMuh/nq6Ok1EcJh5FfA= +github.com/imdario/mergo v0.3.12/go.mod h1:jmQim1M+e3UYxmgPu/WyfjB3N3VflVyUjjjwH0dnCYA= github.com/imdario/mergo v0.3.16 h1:wwQJbIsHYGMUyLSPrEq1CT16AhnhNJQ51+4fdHUnCl4= github.com/imdario/mergo v0.3.16/go.mod h1:WBLT9ZmE3lPoWsEzCh9LPo3TiwVN+ZKEjmz+hD27ysY= github.com/inconshreveable/mousetrap v1.0.0/go.mod h1:PxqpIevigyE2G7u3NXJIT2ANytuPF1OarO4DADm73n8= @@ -418,6 +441,7 @@ github.com/inconshreveable/mousetrap v1.1.0/go.mod h1:vpF70FUmC8bwa3OWnCshd2FqLf github.com/jbenet/go-context v0.0.0-20150711004518-d14ea06fba99 h1:BQSFePA1RWJOlocH6Fxy8MmwDt+yVQYULKfN0RoTN8A= github.com/jbenet/go-context v0.0.0-20150711004518-d14ea06fba99/go.mod h1:1lJo3i6rXxKeerYnT8Nvf0QmHCRC1n8sfWVwXF2Frvo= github.com/jessevdk/go-flags v1.4.0/go.mod h1:4FA24M0QyGHXBuZZK/XkWh8h0e1EYbRYJSGM75WSRxI= +github.com/jessevdk/go-flags v1.5.0/go.mod h1:Fw0T6WPc1dYxT4mKEZRfG5kJhaTDP9pj1c2EWnYs/m4= github.com/jmespath/go-jmespath v0.4.0 h1:BEgLn5cpjn8UN1mAw4NjwDrS35OdebyEtFe+9YPoQUg= github.com/jmespath/go-jmespath v0.4.0/go.mod h1:T8mJZnbsbmF+m6zOOFylbeCJqk5+pHWvzYPziyZiYoo= github.com/jmespath/go-jmespath/internal/testify v1.5.1 h1:shLQSRRSCCPj3f2gpwzGwWFoC7ycTf1rcQZHOlsJ6N8= @@ -438,6 +462,7 @@ github.com/jtolds/gls v4.20.0+incompatible/go.mod h1:QJZ7F/aHp+rZTRtaJ1ow/lLfFfV github.com/julienschmidt/httprouter v1.2.0/go.mod h1:SYymIcj16QtmaHHD7aYtjjsJG7VTCxuUUipMqKk8s4w= github.com/julienschmidt/httprouter v1.3.0/go.mod h1:JR6WtHb+2LUe8TCKY3cZOxFyyO8IZAc4RVcycCCAKdM= github.com/kevinburke/ssh_config v0.0.0-20190725054713-01f96b0aa0cd/go.mod h1:CT57kijsi8u/K/BOFA39wgDQJ9CxiF4nAY/ojJ6r6mM= +github.com/kevinburke/ssh_config v0.0.0-20201106050909-4977a11b4351/go.mod h1:CT57kijsi8u/K/BOFA39wgDQJ9CxiF4nAY/ojJ6r6mM= github.com/kevinburke/ssh_config v1.2.0 h1:x584FjTGwHzMwvHx18PXxbBVzfnxogHaAReU4gf13a4= github.com/kevinburke/ssh_config v1.2.0/go.mod h1:CT57kijsi8u/K/BOFA39wgDQJ9CxiF4nAY/ojJ6r6mM= github.com/kisielk/errcheck v1.1.0/go.mod h1:EZBBE59ingxPouuu3KfxchcWSUPOHkagtvWXihfKN4Q= @@ -446,6 +471,7 @@ github.com/kisielk/errcheck v1.5.0/go.mod h1:pFxgyoBC7bSaBwPgfKdkLd5X25qrDl4LWUI github.com/kisielk/gotool v1.0.0/go.mod h1:XhKaO+MFFWcvkIS/tQcRk01m1F5IRFswLeQ+oQHNcck= github.com/konsorten/go-windows-terminal-sequences v1.0.1/go.mod h1:T0+1ngSBFLxvqU3pZ+m/2kptfBszLMUkC4ZK/EgS/cQ= github.com/konsorten/go-windows-terminal-sequences v1.0.3/go.mod h1:T0+1ngSBFLxvqU3pZ+m/2kptfBszLMUkC4ZK/EgS/cQ= +github.com/kr/fs v0.1.0 h1:Jskdu9ieNAYnjxsi0LbQp1ulIKZV1LAFgK1tWhpZgl8= github.com/kr/fs v0.1.0/go.mod h1:FFnZGqtBN9Gxj7eW1uZ42v5BccTP0vu6NEaFoC2HwRg= github.com/kr/logfmt v0.0.0-20140226030751-b84e30acd515/go.mod h1:+0opPa2QZZtGFBFZlji/RkVcI2GknAs/DXo4wKdlNEc= github.com/kr/pretty v0.1.0/go.mod h1:dAy3ld7l9f0ibDNOQOHHMYYIIbhfbHSm3C4ZsoJORNo= @@ -458,6 +484,8 @@ github.com/kr/pty v1.1.8/go.mod h1:O1sed60cT9XZ5uDucP5qwvh+TE3NnUj51EiZO/lmSfw= github.com/kr/text v0.1.0/go.mod h1:4Jbv+DJW3UT/LiOwJeYQe1efqtUx/iVham/4vfdArNI= github.com/kr/text v0.2.0 h1:5Nx0Ya0ZqY2ygV366QzturHI13Jq95ApcVaJBhpS+AY= github.com/kr/text v0.2.0/go.mod h1:eLer722TekiGuMkidMxC/pM04lWEeraHUUmBw8l2grE= +github.com/lucasb-eyer/go-colorful v1.2.0 h1:1nnpGOrhyZZuNyfu1QjKiUICQ74+3FNCN69Aj6K7nkY= +github.com/lucasb-eyer/go-colorful v1.2.0/go.mod h1:R4dSotOR9KMtayYi1e77YzuveK+i7ruzyGqttikkLy0= github.com/magiconair/properties v1.8.0/go.mod h1:PppfXfuXeibc/6YijjN8zIbojt8czPbwD3XqdrwzmxQ= github.com/magiconair/properties v1.8.1/go.mod h1:PppfXfuXeibc/6YijjN8zIbojt8czPbwD3XqdrwzmxQ= github.com/magiconair/properties v1.8.5/go.mod h1:y3VJvCyxH9uVvJTWEGAELF3aiYNyPKd5NZ3oSwXrF60= @@ -471,16 +499,21 @@ github.com/matryer/is v1.2.0/go.mod h1:2fLPjFQM9rhQ15aVEtbuwhJinnOqrmgXPNdZsdwlW github.com/mattn/go-colorable v0.0.9/go.mod h1:9vuHe8Xs5qXnSaW/c/ABM9alt+Vo+STaOChaDxuIBZU= github.com/mattn/go-colorable v0.1.4/go.mod h1:U0ppj6V5qS13XJ6of8GYAs25YV2eR4EVcfRqFIhoBtE= github.com/mattn/go-colorable v0.1.6/go.mod h1:u6P/XSegPjTcexA+o6vUJrdnUu04hMope9wVRipJSqc= -github.com/mattn/go-colorable v0.1.12 h1:jF+Du6AlPIjs2BiUiQlKOX0rt3SujHxPnksPKZbaA40= +github.com/mattn/go-colorable v0.1.13 h1:fFA4WZxdEF4tXPZVKMLwD8oUnCTTo08duU7wxecdEvA= github.com/mattn/go-isatty v0.0.3/go.mod h1:M+lRXTBqGeGNdLjl/ufCoiOlB5xdOkqRJdNxMWT7Zi4= github.com/mattn/go-isatty v0.0.8/go.mod h1:Iq45c/XA43vh69/j3iqttzPXn0bhXyGjM0Hdxcsrc5s= github.com/mattn/go-isatty v0.0.11/go.mod h1:PhnuNfih5lzO57/f3n+odYbM4JtupLOxQOAqxQCu2WE= github.com/mattn/go-isatty v0.0.12/go.mod h1:cbi8OIDigv2wuxKPP5vlRcQ1OAZbq2CE4Kysco4FUpU= -github.com/mattn/go-isatty v0.0.19 h1:JITubQf0MOLdlGRuRq+jtsDlekdYPia9ZFsB8h/APPA= +github.com/mattn/go-isatty v0.0.14/go.mod h1:7GGIvUiUoEMVVmxf/4nioHXj79iQHKdU27kJ6hsGG94= +github.com/mattn/go-isatty v0.0.20 h1:xfD0iDuEKnDkl03q4limB+vH+GxLEtL/jb4xVJSWWEY= +github.com/mattn/go-isatty v0.0.20/go.mod h1:W+V8PltTTMOvKvAeJH7IuucS94S2C6jfK/D7dTCTo3Y= +github.com/mattn/go-localereader v0.0.1 h1:ygSAOl7ZXTx4RdPYinUpg6W99U8jWvWi9Ye2JC/oIi4= +github.com/mattn/go-localereader v0.0.1/go.mod h1:8fBrzywKY7BI3czFoHkuzRoWE9C+EiG4R1k4Cjx5p88= github.com/mattn/go-runewidth v0.0.4/go.mod h1:LwmH8dsx7+W8Uxz3IHJYH5QSwggIsqBzpuz5H//U1FU= github.com/mattn/go-runewidth v0.0.8/go.mod h1:H031xJmbD/WCDINGzjvQ9THkh0rPKHF+m2gUSrubnMI= -github.com/mattn/go-runewidth v0.0.14 h1:+xnbZSEeDbOIg5/mE6JF0w6n9duR1l3/WmbinWVwUuU= -github.com/mattn/go-runewidth v0.0.14/go.mod h1:Jdepj2loyihRzMpdS35Xk/zdY8IAYHsh153qUoGf23w= +github.com/mattn/go-runewidth v0.0.12/go.mod h1:RAqKPSqVFrSLVXbA8x7dzmKdmGzieGRCM46jaSJTDAk= +github.com/mattn/go-runewidth v0.0.15 h1:UNAjwbU9l54TA3KzvqLGxwWjHmMgBUVhBiTjelZgg3U= +github.com/mattn/go-runewidth v0.0.15/go.mod h1:Jdepj2loyihRzMpdS35Xk/zdY8IAYHsh153qUoGf23w= github.com/mattn/go-zglob v0.0.1/go.mod h1:9fxibJccNxU2cnpIKLRRFA7zX7qhkJIQWBb449FYHOo= github.com/mattn/go-zglob v0.0.2-0.20190814121620-e3c945676326 h1:ofNAzWCcyTALn2Zv40+8XitdzCgXY6e9qvXwN9W0YXg= github.com/mattn/go-zglob v0.0.2-0.20190814121620-e3c945676326/go.mod h1:9fxibJccNxU2cnpIKLRRFA7zX7qhkJIQWBb449FYHOo= @@ -511,6 +544,14 @@ github.com/modern-go/reflect2 v0.0.0-20180701023420-4b7aa43c6742/go.mod h1:bx2lN github.com/modern-go/reflect2 v1.0.1/go.mod h1:bx2lNnkwVCuqBIxFjflWJWanXIb3RllmbCylyMrvgv0= github.com/modern-go/reflect2 v1.0.2 h1:xBagoLtFs94CBntxluKeaWgTMpvLxC4ur3nMaC9Gz0M= github.com/modern-go/reflect2 v1.0.2/go.mod h1:yWuevngMOJpCy52FWWMvUC8ws7m/LJsjYzDa0/r8luk= +github.com/muesli/ansi v0.0.0-20230316100256-276c6243b2f6 h1:ZK8zHtRHOkbHy6Mmr5D264iyp3TiX5OmNcI5cIARiQI= +github.com/muesli/ansi v0.0.0-20230316100256-276c6243b2f6/go.mod h1:CJlz5H+gyd6CUWT45Oy4q24RdLyn7Md9Vj2/ldJBSIo= +github.com/muesli/cancelreader v0.2.2 h1:3I4Kt4BQjOR54NavqnDogx/MIoWBFa0StPA8ELUXHmA= +github.com/muesli/cancelreader v0.2.2/go.mod h1:3XuTXfFS2VjM+HTLZY9Ak0l6eUKfijIfMUZ4EgX0QYo= +github.com/muesli/reflow v0.3.0 h1:IFsN6K9NfGtjeggFP+68I4chLZV2yIKsXJFNZ+eWh6s= +github.com/muesli/reflow v0.3.0/go.mod h1:pbwTDkVPibjO2kyvBQRBxTWEEGDGq0FlB1BIKtnHY/8= +github.com/muesli/termenv v0.15.2 h1:GohcuySI0QmI3wN8Ok9PtKGkgkFIk7y6Vpb5PvrY+Wo= +github.com/muesli/termenv v0.15.2/go.mod h1:Epx+iuz8sNs7mNKhxzH4fWXGNpZwUaJKRS1noLXviQ8= github.com/munnerz/goautoneg v0.0.0-20120707110453-a547fc61f48d/go.mod h1:+n7T8mK8HuQTcFwEeznm/DIxMOiR9yIdICNftLE1DvQ= github.com/munnerz/goautoneg v0.0.0-20191010083416-a7dc8b61c822 h1:C3w9PqII01/Oq1c1nUAm88MOHcQC9l5mIlSMApZMrHA= github.com/munnerz/goautoneg v0.0.0-20191010083416-a7dc8b61c822/go.mod h1:+n7T8mK8HuQTcFwEeznm/DIxMOiR9yIdICNftLE1DvQ= @@ -527,11 +568,11 @@ github.com/onsi/ginkgo v1.6.0/go.mod h1:lLunBs/Ym6LB5Z9jYTR76FiuTmxDTDusOGeTQH+W github.com/onsi/ginkgo v1.12.1/go.mod h1:zj2OWP4+oCPe1qIXoGWkgMRwljMUYCdkwsT2108oapk= github.com/onsi/ginkgo v1.14.0 h1:2mOpI4JVVPBN+WQRa0WKH2eXR+Ey+uK4n7Zj0aYpIQA= github.com/onsi/ginkgo v1.14.0/go.mod h1:iSB4RoI2tjJc9BBv4NKIKWKya62Rps+oPG/Lv9klQyY= -github.com/onsi/ginkgo/v2 v2.9.1 h1:zie5Ly042PD3bsCvsSOPvRnFwyo3rKe64TJlD6nu0mk= +github.com/onsi/ginkgo/v2 v2.9.4 h1:xR7vG4IXt5RWx6FfIjyAtsoMAtnc3C/rFXBBd2AjZwE= github.com/onsi/gomega v0.0.0-20170829124025-dcabb60a477c/go.mod h1:C1qb7wdrVGGVU+Z6iS04AVkA3Q65CEZX59MT0QO5uiA= github.com/onsi/gomega v1.7.1/go.mod h1:XdKZgCCFLUoM/7CFJVPcG8C1xQ1AJ0vpAezJrB7JYyY= github.com/onsi/gomega v1.10.1/go.mod h1:iN09h71vgCQne3DLsj+A5owkum+a2tYe+TOCB1ybHNo= -github.com/onsi/gomega v1.27.4 h1:Z2AnStgsdSayCMDiCU42qIz+HLqEPcgiOCXjAU/w+8E= +github.com/onsi/gomega v1.27.10 h1:naR28SdDFlqrG6kScpT8VWpu1xWY5nJRCF3XaYyBjhI= github.com/opentracing/basictracer-go v1.0.0/go.mod h1:QfBfYuafItcjQuMwinw9GhYKwFXS9KnPs5lxoYwgW74= github.com/opentracing/basictracer-go v1.1.0 h1:Oa1fTSBvAl8pa3U+IJYqrKm0NALwH9OsgwOqDv4xJW0= github.com/opentracing/basictracer-go v1.1.0/go.mod h1:V2HZueSJEp879yv285Aap1BS69fQMD+MNP1mRs6mBQc= @@ -543,6 +584,8 @@ github.com/pelletier/go-buffruneio v0.2.0/go.mod h1:JkE26KsDizTr40EUHkXVtNPvgGtb github.com/pelletier/go-toml v1.2.0/go.mod h1:5z9KED0ma1S8pY6P1sdut58dfprrGBbd/94hg7ilaic= github.com/pelletier/go-toml v1.9.3/go.mod h1:u1nR/EPcESfeI/szUZKdtJ0xRNbUoANCkoOuaOx1Y+c= github.com/peterbourgon/diskv v2.0.1+incompatible/go.mod h1:uqqh8zWWbv1HBMNONnaR/tNboyR3/BZd58JJSHlUSCU= +github.com/pgavlin/fx v0.1.6 h1:r9jEg69DhNoCd3Xh0+5mIbdbS3PqWrVWujkY76MFRTU= +github.com/pgavlin/fx v0.1.6/go.mod h1:KWZJ6fqBBSh8GxHYqwYCf3rYE7Gp2p0N8tJp8xv9u9M= github.com/pjbgf/sha1cd v0.3.0 h1:4D5XXmUUBUl/xQ6IjCkEAbqXskkq/4O7LmGn0AqMDs4= github.com/pjbgf/sha1cd v0.3.0/go.mod h1:nZ1rrWOcGJ5uZgEEVL1VUM9iRQiZvWdbZjkKyFzPPsI= github.com/pkg/diff v0.0.0-20210226163009-20ebb0f2a09e/go.mod h1:pJLUxLENpZxwdsKMEsNbx1VGcRFpLqf3715MtcvvzbA= @@ -551,6 +594,8 @@ github.com/pkg/errors v0.8.1/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINE github.com/pkg/errors v0.9.1 h1:FEBLx1zS214owpjy7qsBeixbURkuhQAwrK5UwLGTwt4= github.com/pkg/errors v0.9.1/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0= github.com/pkg/sftp v1.10.1/go.mod h1:lYOWFsE0bwd1+KfKJaKeuokY15vzFx25BLbzYYoAxZI= +github.com/pkg/sftp v1.13.6 h1:JFZT4XbOU7l77xGSpOdW+pwIMqP044IyjXX6FGyEKFo= +github.com/pkg/sftp v1.13.6/go.mod h1:tz1ryNURKu77RL+GuCzmoJYxQczL3wLNNpPWagdg4Qk= github.com/pkg/term v1.1.0 h1:xIAAdCMh3QIAy+5FrE8Ad8XoDhEU4ufwbaSozViP9kk= github.com/pkg/term v1.1.0/go.mod h1:E25nymQcrSllhX42Ok8MRm1+hyBdHY0dCeiKZ9jpNGw= github.com/pmezard/go-difflib v1.0.0 h1:4DBwDE0NGyQoBHbLQYPwSUPoCMWR5BEzIk/f1lZbAQM= @@ -580,27 +625,32 @@ github.com/prometheus/procfs v0.0.2/go.mod h1:TjEm7ze935MbeOT/UhFTIMYKhuLP4wbCsT github.com/prometheus/procfs v0.1.3/go.mod h1:lV6e/gmhEcM9IjHGsFOCxxuZ+z1YqCvr4OA4YeYWdaU= github.com/prometheus/procfs v0.6.0/go.mod h1:cz+aTbrPOrUb4q7XlbU9ygM+/jj0fzG6c1xBZuNvfVA= github.com/prometheus/tsdb v0.7.1/go.mod h1:qhTCs0VvXwvX/y3TZrWD7rabWM+ijKTux40TwIPHuXU= -github.com/pulumi/pulumi-aws/sdk/v5 v5.1.2/go.mod h1:5Bl3enkEyJD5oDkNZYfduZP7aP3xFjCf7yaBdNuifEo= -github.com/pulumi/pulumi-aws/sdk/v5 v5.41.0 h1:SJwp+c3GsfnUk3lP0yJJUsQ7FE5SnHINZpUqQkgYiPQ= -github.com/pulumi/pulumi-aws/sdk/v5 v5.41.0/go.mod h1:qFeKTFSNIlMHotu9ntOWFjJBHtCiUhJeaiUB/0nVwXk= -github.com/pulumi/pulumi-awsx/sdk v1.0.2 h1:SLm2MUICM91b/02r7KTI2/4R1XRJedIeMQdeYxATe9k= -github.com/pulumi/pulumi-awsx/sdk v1.0.2/go.mod h1:jwPmIPvPTVYkq+n6Nz/QfMhNZ1cHvBSORdRYvljV9Xo= -github.com/pulumi/pulumi-command/sdk v0.7.2 h1:YmnCX2lc70kpO9DxE4TJyApL1Tq19gxAaVpThQuDthY= -github.com/pulumi/pulumi-command/sdk v0.7.2/go.mod h1:niZxKP6w3PQdwOWnRwjop2LNd1TcdIQR+LuzIEGX4kU= +github.com/pulumi/appdash v0.0.0-20231130102222-75f619a67231 h1:vkHw5I/plNdTr435cARxCW6q9gc0S/Yxz7Mkd38pOb0= +github.com/pulumi/appdash v0.0.0-20231130102222-75f619a67231/go.mod h1:murToZ2N9hNJzewjHBgfFdXhZKjY3z5cYC1VXk+lbFE= +github.com/pulumi/esc v0.6.2 h1:+z+l8cuwIauLSwXQS0uoI3rqB+YG4SzsZYtHfNoXBvw= +github.com/pulumi/esc v0.6.2/go.mod h1:jNnYNjzsOgVTjCp0LL24NsCk8ZJxq4IoLQdCT0X7l8k= +github.com/pulumi/pulumi-aws/sdk/v5 v5.31.0/go.mod h1:axXtUAYEclH+SVqr/QmWFzMfJchxrrPiyMrywCcMF9A= +github.com/pulumi/pulumi-aws/sdk/v5 v5.42.0 h1:QdJvPoUklXdNL8faCOuCrv7qmMNp68jiewbGH8ZboUU= +github.com/pulumi/pulumi-aws/sdk/v5 v5.42.0/go.mod h1:qFeKTFSNIlMHotu9ntOWFjJBHtCiUhJeaiUB/0nVwXk= +github.com/pulumi/pulumi-awsx/sdk v1.0.6 h1:oUan8VgA/pqEmbS2vXhh5Zbn7Lhs6yX5bPMzM03QuMI= +github.com/pulumi/pulumi-awsx/sdk v1.0.6/go.mod h1:2H8uPHxZbfsIg9qr6yAfiIuvNnhBUqyhxw/8mXNLDFg= +github.com/pulumi/pulumi-azure-native-sdk v1.104.0 h1:vyD4PvKSOkwL1z9WTis3ZE9XC73UM/7AyMNek4Vm1+E= +github.com/pulumi/pulumi-command/sdk v0.9.2 h1:2siCFR8pS2sSwXkeWiLrprGEtBL54FsHTzdyl125UuI= +github.com/pulumi/pulumi-command/sdk v0.9.2/go.mod h1:VeUXTI/iTgKVjRChRJbLRlBVGxAH+uymscfwzBC2VqY= github.com/pulumi/pulumi-docker/sdk/v3 v3.6.1 h1:plWLn9O6u80Vr37LoCsckyobBfcrdTU9cERor72QjqA= github.com/pulumi/pulumi-docker/sdk/v3 v3.6.1/go.mod h1:N4Yu4c49QErfucPt9Y/fGmpTryRqc0VfhyKHsGR9/g8= -github.com/pulumi/pulumi-eks/sdk v1.0.1 h1:/QstsE+ETWhx3hYVDWHhn4GT7V9aVWrPtyCjKckxB8o= -github.com/pulumi/pulumi-eks/sdk v1.0.1/go.mod h1:H1+qy3r+WqP4Bw/zSd6vb+ZoY3zjDkCq0B1IScAcxhk= +github.com/pulumi/pulumi-eks/sdk v1.0.4 h1:j2tul6k0oZHDQwHU+75Jo8Qe4neYxv2hNpo5uanywrQ= +github.com/pulumi/pulumi-eks/sdk v1.0.4/go.mod h1:eSRoTIxvvu+uyc4tXo//TCsE9qD/DUx+OSLiyZvRB/A= github.com/pulumi/pulumi-kubernetes/sdk/v3 v3.17.0/go.mod h1:w+Y1d8uqc+gv7JYWLF4rfzvTsIIHR1SCL+GG6sX1xMM= -github.com/pulumi/pulumi-kubernetes/sdk/v3 v3.29.1 h1:8j8eTyZjHAClfjAqDyq2VrR59VDGDFKA88/z9qavtB8= -github.com/pulumi/pulumi-kubernetes/sdk/v3 v3.29.1/go.mod h1:l+08Lg5PzbjvVcuazOsXgZIXMES70UtirJ5boDrvcTI= -github.com/pulumi/pulumi-random/sdk/v4 v4.13.2 h1:p4Cti4RIBKA0qi+JG/AofpcVsdyCaHd5gKMU5y/3I2Q= -github.com/pulumi/pulumi-random/sdk/v4 v4.13.2/go.mod h1:cFlJw0eQnqN+62QpITEF9M08gVyzNCeXrKRsuJptFak= +github.com/pulumi/pulumi-kubernetes/sdk/v3 v3.30.2 h1:xJu48+RW+BHHnKtBni6Vj5vKqOEgCzdZAysGbh6tVM0= +github.com/pulumi/pulumi-kubernetes/sdk/v3 v3.30.2/go.mod h1:7yCJFC/jnUwFs566f0FAY2iAzc4G1mQP8H6K+40FK4Y= +github.com/pulumi/pulumi-random/sdk/v4 v4.13.4 h1:g3jdktE5L5IDrOw4OiB+yhgxSw0okRPJnyV6PlIzTEQ= +github.com/pulumi/pulumi-random/sdk/v4 v4.13.4/go.mod h1:cFlJw0eQnqN+62QpITEF9M08gVyzNCeXrKRsuJptFak= github.com/pulumi/pulumi/sdk/v3 v3.16.0/go.mod h1:252ou/zAU1g6E8iTwe2Y9ht7pb5BDl2fJlOuAgZCHiA= -github.com/pulumi/pulumi/sdk/v3 v3.25.0/go.mod h1:VsxW+TGv2VBLe/MeqsAr9r0zKzK/gbAhFT9QxYr24cY= -github.com/pulumi/pulumi/sdk/v3 v3.36.0/go.mod h1:e1xuPnh9aKzCesrFf96DEzcybLdRWRMhKeKVBmb2lm0= -github.com/pulumi/pulumi/sdk/v3 v3.73.0 h1:GXultRLRKyoxPAluyd3RtPCjqGw1Ivc49BF20CEZuIo= -github.com/pulumi/pulumi/sdk/v3 v3.73.0/go.mod h1:BUUBfQZsH0FPuznRfFHkR+b96VlXELnn+DgidFj4XSQ= +github.com/pulumi/pulumi/sdk/v3 v3.50.1/go.mod h1:tqQ4z9ocyM/UI2VQ7ZReWR3w6dF5ffEozoHipOMcDh4= +github.com/pulumi/pulumi/sdk/v3 v3.99.0 h1:vsFoEEdweYg3Hm6/Jlj1sE2cLtauzoqAdVbLMcC7Cw8= +github.com/pulumi/pulumi/sdk/v3 v3.99.0/go.mod h1:wFM/6iAMlidgLDSF9QU+p3P+B+vg/xloFyVeZrVwA1w= +github.com/rivo/uniseg v0.1.0/go.mod h1:J6wj4VEh+S6ZtnVlnTBMWIodfgj8LQOQFoIToxlJtxc= github.com/rivo/uniseg v0.2.0/go.mod h1:J6wj4VEh+S6ZtnVlnTBMWIodfgj8LQOQFoIToxlJtxc= github.com/rivo/uniseg v0.4.4 h1:8TfxU8dW6PdqD27gjM8MVNuicgxIjxpm4K7x4jp8sis= github.com/rivo/uniseg v0.4.4/go.mod h1:FN3SvrM+Zdj16jyLfmOkMNblXMcoc8DfTHruCPUcx88= @@ -609,8 +659,8 @@ github.com/rogpeppe/fastuuid v1.2.0/go.mod h1:jVj6XXZzXRy/MSR5jhDC/2q6DgLz+nrA6L github.com/rogpeppe/go-internal v1.3.0/go.mod h1:M8bDsm7K2OlrFYOpmOWEs/qY81heoFRclV5y23lUDJ4= github.com/rogpeppe/go-internal v1.6.1/go.mod h1:xXDCJY+GAPziupqXw64V24skbSoqbTEfhy4qGm1nDQc= github.com/rogpeppe/go-internal v1.8.1/go.mod h1:JeRgkft04UBgHMgCIwADu4Pn6Mtm5d4nPKWu0nJ5d+o= -github.com/rogpeppe/go-internal v1.10.0 h1:TMyTOH3F/DB16zRVcYyreMH6GnZZrwQVAoYjRBZyWFQ= -github.com/rogpeppe/go-internal v1.10.0/go.mod h1:UQnix2H7Ngw/k4C5ijL5+65zddjncjaFoBhdsK/akog= +github.com/rogpeppe/go-internal v1.11.0 h1:cWPaGQEPrBb5/AsnsZesgZZ9yb1OQ+GOISoDNXVBh4M= +github.com/rogpeppe/go-internal v1.11.0/go.mod h1:ddIwULY96R17DhadqLgMfk9H9tvdUzkipdSkR5nkCZA= github.com/russross/blackfriday/v2 v2.0.1/go.mod h1:+Rmxgy9KzJVeS9/2gXHxylqXiyQDYRxCVz55jmeOWTM= github.com/russross/blackfriday/v2 v2.1.0 h1:JIOH55/0cWyOuilr9/qlrm0BSXldqnqwMsf35Ld67mk= github.com/russross/blackfriday/v2 v2.1.0/go.mod h1:+Rmxgy9KzJVeS9/2gXHxylqXiyQDYRxCVz55jmeOWTM= @@ -618,8 +668,11 @@ github.com/ryanuber/columnize v0.0.0-20160712163229-9b3edd62028f/go.mod h1:sm1tb github.com/sabhiram/go-gitignore v0.0.0-20180611051255-d3107576ba94/go.mod h1:b18R55ulyQ/h3RaWyloPyER7fWQVZvimKKhnI5OfrJQ= github.com/sabhiram/go-gitignore v0.0.0-20210923224102-525f6e181f06 h1:OkMGxebDjyw0ULyrTYWeN0UNCCkmCWfjPnIA2W6oviI= github.com/sabhiram/go-gitignore v0.0.0-20210923224102-525f6e181f06/go.mod h1:+ePHsJ1keEjQtpvf9HHw0f4ZeJ0TLRsxhunSI2hYJSs= -github.com/santhosh-tekuri/jsonschema/v5 v5.3.0 h1:uIkTLo0AGRc8l7h5l9r+GcYi9qfVPt6lD4/bhmzfiKo= -github.com/santhosh-tekuri/jsonschema/v5 v5.3.0/go.mod h1:FKdcjfQW6rpZSnxxUvEA5H/cDPdvJ/SZJQLWWXWGrZ0= +github.com/samber/lo v1.38.1 h1:j2XEAqXKb09Am4ebOg31SpvzUTTs6EN3VfgeLUhPdXM= +github.com/samber/lo v1.38.1/go.mod h1:+m/ZKRl6ClXCE2Lgf3MsQlWfh4bn1bz6CXEOxnEXnEA= +github.com/santhosh-tekuri/jsonschema/v5 v5.0.0/go.mod h1:FKdcjfQW6rpZSnxxUvEA5H/cDPdvJ/SZJQLWWXWGrZ0= +github.com/santhosh-tekuri/jsonschema/v5 v5.3.1 h1:lZUw3E0/J3roVtGQ+SCrUrg3ON6NgVqpn3+iol9aGu4= +github.com/santhosh-tekuri/jsonschema/v5 v5.3.1/go.mod h1:uToXkOrWAZ6/Oc07xWQrPOhJotwFIyu2bBVN41fcDUY= github.com/sean-/seed v0.0.0-20170313163322-e2103e2c3529/go.mod h1:DxrIzT+xaE7yg65j358z/aeFdxmN0P9QXhEzd20vsDc= github.com/sergi/go-diff v1.0.0/go.mod h1:0CfEIISq7TuYL3j771MWULgwwjU+GofnZX9QAmXWZgo= github.com/sergi/go-diff v1.1.0/go.mod h1:STckp+ISIX8hZLjrqAeVduY0gWCT9IjLuqbuNXdaHfM= @@ -632,8 +685,8 @@ github.com/sirupsen/logrus v1.4.2/go.mod h1:tLMulIdttU9McNUspp0xgXVQah82FyeX6Mwd github.com/sirupsen/logrus v1.6.0/go.mod h1:7uNnSEd1DgxDLC74fIahvMZmmYsHGZGEOFrfsX/uA88= github.com/sirupsen/logrus v1.7.0/go.mod h1:yWOB1SBYBC5VeMP7gHvWumXLIWorT60ONWic61uBYv0= github.com/sirupsen/logrus v1.8.1/go.mod h1:yWOB1SBYBC5VeMP7gHvWumXLIWorT60ONWic61uBYv0= -github.com/skeema/knownhosts v1.1.1 h1:MTk78x9FPgDFVFkDLTrsnnfCJl7g1C/nnKvePgrIngE= -github.com/skeema/knownhosts v1.1.1/go.mod h1:g4fPeYpque7P0xefxtGzV81ihjC8sX2IqpAoNkjxbMo= +github.com/skeema/knownhosts v1.2.0 h1:h9r9cf0+u7wSE+M183ZtMGgOJKiL96brpaz5ekfJCpM= +github.com/skeema/knownhosts v1.2.0/go.mod h1:g4fPeYpque7P0xefxtGzV81ihjC8sX2IqpAoNkjxbMo= github.com/smartystreets/assertions v0.0.0-20180927180507-b2de0cb4f26d/go.mod h1:OnSkiWE9lh6wB0YB77sQom3nweQdgAjqCqsofrRNTgc= github.com/smartystreets/goconvey v1.6.4/go.mod h1:syvi0/a8iFYH4r/RixwvyeAJjdLS9QV7WQ/tjFTllLA= github.com/soheilhy/cmux v0.1.4/go.mod h1:IM3LyeVVIOuxMH7sFAkER9+bJ4dT7Ms6E4xg4kGIyLM= @@ -650,8 +703,8 @@ github.com/spf13/cobra v1.0.0/go.mod h1:/6GTrnGXV9HjY+aR4k0oJ5tcvakLuG6EuKReYlHN github.com/spf13/cobra v1.1.3/go.mod h1:pGADOWyqRD/YMrPZigI/zbliZ2wVD/23d+is3pSWzOo= github.com/spf13/cobra v1.2.1/go.mod h1:ExllRjgxM/piMAM+3tAZvg8fsklGAf3tPfi+i8t68Nk= github.com/spf13/cobra v1.4.0/go.mod h1:Wo4iy3BUC+X2Fybo0PDqwJIv3dNRiZLHQymsfxlB84g= -github.com/spf13/cobra v1.7.0 h1:hyqWnYt1ZQShIddO5kBpj3vu05/++x6tJ6dg8EC572I= -github.com/spf13/cobra v1.7.0/go.mod h1:uLxZILRyS/50WlhOIKD7W6V5bgeIt+4sICxh6uRMrb0= +github.com/spf13/cobra v1.8.0 h1:7aJaZx1B85qltLMc546zn58BxxfZdR/W22ej9CFoEf0= +github.com/spf13/cobra v1.8.0/go.mod h1:WXLWApfZ71AjXPya3WOlMsY9yMs7YeiHhFVlvLyhcho= github.com/spf13/jwalterweatherman v1.0.0/go.mod h1:cQK4TGJAtQXfYWX+Ddv3mKDzgVb68N+wFjFa4jdeBTo= github.com/spf13/jwalterweatherman v1.1.0/go.mod h1:aNWZUN0dPAAO/Ljvb5BEdw96iTZ0EXowPYD95IqWIGo= github.com/spf13/pflag v1.0.3/go.mod h1:DYY7MBk1bdzusC3SYhjObp+wFpr4gzcvqqNjLnInEg4= @@ -677,8 +730,8 @@ github.com/stretchr/testify v1.7.0/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/ github.com/stretchr/testify v1.7.1/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg= github.com/stretchr/testify v1.8.0/go.mod h1:yNjHg4UonilssWZ8iaSj1OCr/vHnekPRkoO+kdMU+MU= github.com/stretchr/testify v1.8.1/go.mod h1:w2LPCIKwWwSfY2zedu0+kehJoqGctiVI29o6fzry7u4= -github.com/stretchr/testify v1.8.4 h1:CcVxjf3Q8PM0mHUKJCdn+eZZtm5yQwehR5yeSVQQcUk= -github.com/stretchr/testify v1.8.4/go.mod h1:sz/lmYIOXD/1dqDmKjjqLyZ2RngseejIcXlSw2iwfAo= +github.com/stretchr/testify v1.8.5-0.20231013065317-89920137cdfa h1:I9YHewamqSIcEG6rpRhgF9p79H0cOojefpiOH0pe0VY= +github.com/stretchr/testify v1.8.5-0.20231013065317-89920137cdfa/go.mod h1:LZ02lxBfF+JCTGmBu/SyjoaIlOF6u2nxMP788uhnZlI= github.com/subosito/gotenv v1.2.0/go.mod h1:N0PQaV/YGNqwC0u51sEeR/aUtSLEXKX9iv69rRypqCw= github.com/texttheater/golang-levenshtein v0.0.0-20191208221605-eb6844b05fc6/go.mod h1:XDKHRm5ThF8YJjx001LtgelzsoaEcvnA7lVWz9EeX3g= github.com/texttheater/golang-levenshtein v1.0.1 h1:+cRNoVrfiwufQPhoMzB6N0Yf/Mqajr6t1lOv8GyGE2U= @@ -697,6 +750,8 @@ github.com/ugorji/go v1.1.4/go.mod h1:uQMGLiO92mf5W77hV/PUCpI3pbzQx3CRekS0kk+RGr github.com/urfave/cli v1.22.2 h1:gsqYFH8bb9ekPA12kRo0hfjngWQjkJPlN9R0N78BoUo= github.com/urfave/cli v1.22.2/go.mod h1:Gos4lmkARVdJ6EkW0WaNv/tZAAMe9V7XWyB60NtXRu0= github.com/xanzy/ssh-agent v0.2.1/go.mod h1:mLlQY/MoOhWBj+gOGMQkOeiEvkx+8pJSI+0Bx9h2kr4= +github.com/xanzy/ssh-agent v0.3.0/go.mod h1:3s9xbODqPuuhK9JV1R321M/FlMZSBvE5aY6eAcqrDh0= +github.com/xanzy/ssh-agent v0.3.2/go.mod h1:6dzNDKs0J9rVPHPhaGCukekBHKqfl+L3KghI1Bc68Uw= github.com/xanzy/ssh-agent v0.3.3 h1:+/15pJfg/RsTxqYcX6fHqOXZwwMP+2VyYWJeWM2qQFM= github.com/xanzy/ssh-agent v0.3.3/go.mod h1:6dzNDKs0J9rVPHPhaGCukekBHKqfl+L3KghI1Bc68Uw= github.com/xiang90/probing v0.0.0-20190116061207-43a291ad63a2/go.mod h1:UETIi67q53MR2AWcXfiuqkDkRtnGDLqkBTpCHuJHxtU= @@ -761,13 +816,17 @@ golang.org/x/crypto v0.0.0-20191011191535-87dc89f01550/go.mod h1:yigFU9vqHzYiE8U golang.org/x/crypto v0.0.0-20200317142112-1b76d66859c6/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto= golang.org/x/crypto v0.0.0-20200622213623-75b288015ac9/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto= golang.org/x/crypto v0.0.0-20201002170205-7f63de1d35b0/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto= +golang.org/x/crypto v0.0.0-20210322153248-0c34fe9e7dc2/go.mod h1:T9bdIzuCu7OtxOm1hfPfRQxPLYneinmdGuTeoZ9dtd4= +golang.org/x/crypto v0.0.0-20210421170649-83a5a9bb288b/go.mod h1:T9bdIzuCu7OtxOm1hfPfRQxPLYneinmdGuTeoZ9dtd4= golang.org/x/crypto v0.0.0-20210817164053-32db794688a5/go.mod h1:GvvjBRRGRdwPK5ydBHafDWAxML/pGHZbMvKqRZ5+Abc= golang.org/x/crypto v0.0.0-20210921155107-089bfa567519/go.mod h1:GvvjBRRGRdwPK5ydBHafDWAxML/pGHZbMvKqRZ5+Abc= golang.org/x/crypto v0.0.0-20220622213112-05595931fe9d/go.mod h1:IxCIyHEi3zRg3s0A5j5BB6A9Jmi73HwBIUl50j+osU4= +golang.org/x/crypto v0.0.0-20220824171710-5757bc0c5503/go.mod h1:IxCIyHEi3zRg3s0A5j5BB6A9Jmi73HwBIUl50j+osU4= +golang.org/x/crypto v0.1.0/go.mod h1:RecgLatLF4+eUMCP1PoPZQb+cVrJcOPbHkTkbkB9sbw= golang.org/x/crypto v0.3.1-0.20221117191849-2c476679df9a/go.mod h1:hebNnKkNXi2UzZN1eVRvBB7co0a+JxK6XbPiWVs/3J4= golang.org/x/crypto v0.7.0/go.mod h1:pYwdfH91IfpZVANVyUOhSIPZaFoJGxTFbZhFTx+dXZU= -golang.org/x/crypto v0.10.0 h1:LKqV2xt9+kDzSTfOhx4FrkEBcMrAgHSYgzywV9zcGmM= -golang.org/x/crypto v0.10.0/go.mod h1:o4eNf7Ede1fv+hwOwZsTHl9EsPFO6q6ZvYR8vYfY45I= +golang.org/x/crypto v0.17.0 h1:r8bRNjWL3GshPW3gkd+RpvzWrZAwPS49OmTGZ/uhM4k= +golang.org/x/crypto v0.17.0/go.mod h1:gCAAfMLgwOJRpTjQ2zCCt2OcSfYMTeZVSRtQlPC7Nq4= golang.org/x/exp v0.0.0-20190121172915-509febef88a4/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA= golang.org/x/exp v0.0.0-20190306152737-a1d7652674e8/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA= golang.org/x/exp v0.0.0-20190510132918-efd6b22b2522/go.mod h1:ZjyILWgesfNpC6sMxTJOJm9Kp84zZh5NQWvqDGG3Qr8= @@ -778,8 +837,8 @@ golang.org/x/exp v0.0.0-20191227195350-da58074b4299/go.mod h1:2RIsYlXP63K8oxa1u0 golang.org/x/exp v0.0.0-20200119233911-0405dc783f0a/go.mod h1:2RIsYlXP63K8oxa1u096TMicItID8zy7Y6sNkU49FU4= golang.org/x/exp v0.0.0-20200207192155-f17229e696bd/go.mod h1:J/WKrq2StrnmMY6+EHIKF9dgMWnmCNThgcyBT1FY9mM= golang.org/x/exp v0.0.0-20200224162631-6cc2880d07d6/go.mod h1:3jZMyOhIsHpP37uCMkUooju7aAi5cS1Q23tOzKc+0MU= -golang.org/x/exp v0.0.0-20230522175609-2e198f4a06a1 h1:k/i9J1pBpvlfR+9QsetwPyERsqu1GIbi967PQMq3Ivc= -golang.org/x/exp v0.0.0-20230522175609-2e198f4a06a1/go.mod h1:V1LtkGg67GoY2N1AnLN78QLrzxkLyJw7RJb1gzOOz9w= +golang.org/x/exp v0.0.0-20231110203233-9a3e6036ecaa h1:FRnLl4eNAQl8hwxVVC17teOw8kdjVDVAiFMtgUdTSRQ= +golang.org/x/exp v0.0.0-20231110203233-9a3e6036ecaa/go.mod h1:zk2irFbV9DP96SEBUUAy67IdHUaZuSnrz1n472HUCLE= golang.org/x/image v0.0.0-20190227222117-0694c2d4d067/go.mod h1:kZ7UVZpmo3dzQBMxlp+ypCbDeSB+sBbTgSJuh5dn5js= golang.org/x/image v0.0.0-20190802002840-cff245a6509b/go.mod h1:FeLwcggjj3mMvU+oOTbSwawSJRM1uh48EjtB4UJZlP0= golang.org/x/lint v0.0.0-20181026193005-c67002cb31c3/go.mod h1:UVdnD1Gm6xHRNCYTkRU2/jEulfH38KcIWyp/GAMgvoE= @@ -807,8 +866,8 @@ golang.org/x/mod v0.4.1/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA= golang.org/x/mod v0.4.2/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA= golang.org/x/mod v0.6.0-dev.0.20220419223038-86c51ed26bb4/go.mod h1:jJ57K6gSWd91VN4djpZkiMVwK6gcyfeH4XE8wZrZaV4= golang.org/x/mod v0.8.0/go.mod h1:iBbtSCu2XBx23ZKBPSOrRkjjQPZFPuis4dIYUhu/chs= -golang.org/x/mod v0.11.0 h1:bUO06HqtnRcc/7l71XBe4WcqTZ+3AH1J59zWDDwLKgU= -golang.org/x/mod v0.11.0/go.mod h1:iBbtSCu2XBx23ZKBPSOrRkjjQPZFPuis4dIYUhu/chs= +golang.org/x/mod v0.14.0 h1:dGoOF9QVLYng8IHTm7BAyWqCqSheQ5pYWGhzW00YJr0= +golang.org/x/mod v0.14.0/go.mod h1:hTbmBsO62+eylJbnUtE2MGJUyE7QWk4xUqPFrRgJ+7c= golang.org/x/net v0.0.0-20180724234803-3673e40ba225/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= golang.org/x/net v0.0.0-20180826012351-8a410e7b638d/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= golang.org/x/net v0.0.0-20180906233101-161cd47e91fd/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= @@ -854,19 +913,20 @@ golang.org/x/net v0.0.0-20201209123823-ac852fbbde11/go.mod h1:m0MpNAwzfU5UDzcl9v golang.org/x/net v0.0.0-20210119194325-5f4716e94777/go.mod h1:m0MpNAwzfU5UDzcl9v0D8zg8gWTRqZa9RBIspLL5mdg= golang.org/x/net v0.0.0-20210226172049-e18ecbb05110/go.mod h1:m0MpNAwzfU5UDzcl9v0D8zg8gWTRqZa9RBIspLL5mdg= golang.org/x/net v0.0.0-20210316092652-d523dce5a7f4/go.mod h1:RBQZq4jEuRlivfhVLdyRGr576XBO4/greRjx4P4O3yc= +golang.org/x/net v0.0.0-20210326060303-6b1517762897/go.mod h1:uSPa2vr4CLtc/ILN5odXGNXS6mhrKVzTaCXzk9m6W3k= golang.org/x/net v0.0.0-20210405180319-a5a99cb37ef4/go.mod h1:p54w0d4576C0XHj96bSt6lcn1PtDYWL6XObtHCRCNQM= golang.org/x/net v0.0.0-20210525063256-abc453219eb5/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y= golang.org/x/net v0.0.0-20210805182204-aaa1db679c0d/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y= golang.org/x/net v0.0.0-20210825183410-e898025ed96a/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y= golang.org/x/net v0.0.0-20211112202133-69e39bad7dc2/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y= golang.org/x/net v0.0.0-20211209124913-491a49abca63/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y= -golang.org/x/net v0.0.0-20220127200216-cd36cc0744dd/go.mod h1:CfG3xpIq0wQ8r1q4Su4UZFWDARRcnwPjda9FqA0JpMk= golang.org/x/net v0.0.0-20220722155237-a158d28d115b/go.mod h1:XRhObCWvk6IyKnWLug+ECip1KBveYUHfp+8e9klMJ9c= +golang.org/x/net v0.1.0/go.mod h1:Cx3nUiGt4eDBEyega/BKRp+/AlGL8hYe7U9odMt2Cco= golang.org/x/net v0.2.0/go.mod h1:KqCZLdyyvdV855qA2rE3GC2aiw5xGR5TEjj8smXukLY= golang.org/x/net v0.6.0/go.mod h1:2Tu9+aMcznHK/AK1HMvgo6xiTLG5rD5rZLDS+rp2Bjs= golang.org/x/net v0.8.0/go.mod h1:QVkue5JL9kW//ek3r6jTKnTFis1tRmNAW2P1shuFdJc= -golang.org/x/net v0.11.0 h1:Gi2tvZIJyBtO9SDr1q9h5hEQCp/4L2RQ+ar0qjx2oNU= -golang.org/x/net v0.11.0/go.mod h1:2L/ixqYpgIVXmeoSA/4Lu7BzTG4KIyPIryS4IsOd1oQ= +golang.org/x/net v0.19.0 h1:zTwKpTd2XuCqf8huc7Fo2iSy+4RHPd10s4KzeTnVr1c= +golang.org/x/net v0.19.0/go.mod h1:CfAk/cbD4CthTvqiEl8NpboMuiuOYsAr/7NOjZJtv1U= golang.org/x/oauth2 v0.0.0-20180821212333-d2e6202438be/go.mod h1:N/0e6XlmueqKjAGxoOufVs8QHGRruUQn6yWY3a++T0U= golang.org/x/oauth2 v0.0.0-20190226205417-e64efc72b421/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw= golang.org/x/oauth2 v0.0.0-20190604053449-0f29369cfe45/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw= @@ -881,8 +941,8 @@ golang.org/x/oauth2 v0.0.0-20210313182246-cd4f82c27b84/go.mod h1:KelEdhl1UZF7XfJ golang.org/x/oauth2 v0.0.0-20210402161424-2e8d93401602/go.mod h1:KelEdhl1UZF7XfJ4dDtk6s++YSgaE7mD/BuKKDLBl4A= golang.org/x/oauth2 v0.0.0-20210514164344-f6687ab2804c/go.mod h1:KelEdhl1UZF7XfJ4dDtk6s++YSgaE7mD/BuKKDLBl4A= golang.org/x/oauth2 v0.0.0-20210819190943-2bc19b11175f/go.mod h1:KelEdhl1UZF7XfJ4dDtk6s++YSgaE7mD/BuKKDLBl4A= -golang.org/x/oauth2 v0.7.0 h1:qe6s0zUXlPX80/dITx3440hWZ7GwMwgDDyrSGTPJG/g= -golang.org/x/oauth2 v0.7.0/go.mod h1:hPLQkd9LyjfXTiRohC/41GhcFqxisoUQ99sCUOHO9x4= +golang.org/x/oauth2 v0.11.0 h1:vPL4xzxBM4niKCW6g9whtaWVXTJf1U5e4aZxxFx/gbU= +golang.org/x/oauth2 v0.11.0/go.mod h1:LdF7O/8bLR/qWK9DrpXmbHLTouvRHK0SgJl0GmDBchk= golang.org/x/sync v0.0.0-20180314180146-1d60e4601c6f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.0.0-20181108010431-42b317875d0f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.0.0-20181221193216-37e7f081c4d4/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= @@ -896,7 +956,8 @@ golang.org/x/sync v0.0.0-20201207232520-09787c993a3a/go.mod h1:RxMgew5VJxzue5/jJ golang.org/x/sync v0.0.0-20210220032951-036812b2e83c/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.0.0-20220722155255-886fb9371eb4/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.1.0/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= -golang.org/x/sync v0.3.0 h1:ftCYgMx6zT/asHUrPw8BLLscYtGznsLAnjq5RH9P66E= +golang.org/x/sync v0.5.0 h1:60k92dhOjHxJkrqnwsfl8KuaHbn/5dl0lUPUklKo3qE= +golang.org/x/sync v0.5.0/go.mod h1:Czt+wKu1gCyEFDUtn0jG5QVvpJ6rzVqr5aXyt9drQfk= golang.org/x/sys v0.0.0-20180823144017-11551d06cbcc/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= golang.org/x/sys v0.0.0-20180830151530-49385e6e1522/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= golang.org/x/sys v0.0.0-20180905080454-ebe1bf3edb33/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= @@ -917,6 +978,7 @@ golang.org/x/sys v0.0.0-20190624142023-c5567b49c5d0/go.mod h1:h1NjWce9XRLGQEsW7w golang.org/x/sys v0.0.0-20190626221950-04f50cda93cb/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20190726091711-fc99dfbffb4e/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20190904154756-749cb33beabd/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= +golang.org/x/sys v0.0.0-20190916202348-b4ddaad3f8a3/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20191001151750-bb3f8db39f24/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20191005200804-aed5e4c7ecf9/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20191026070338-33540a1f6037/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= @@ -955,35 +1017,40 @@ golang.org/x/sys v0.0.0-20210220050731-9a76102bfb43/go.mod h1:h1NjWce9XRLGQEsW7w golang.org/x/sys v0.0.0-20210305230114-8fe3ee5dd75b/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20210315160823-c6e025ad8005/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20210320140829-1e4c9ba3b0c4/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= +golang.org/x/sys v0.0.0-20210324051608-47abb6519492/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20210330210617-4fbd30eecc44/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20210403161142-5e06dd20ab57/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20210423082822-04245dca01da/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= +golang.org/x/sys v0.0.0-20210502180810-71e4cd670f79/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20210510120138-977fb7262007/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.0.0-20210603081109-ebe580a85c40/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.0.0-20210615035016-665e8c7367d1/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.0.0-20210616094352-59db8d763f22/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= +golang.org/x/sys v0.0.0-20210630005230-0f9fa26af87c/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.0.0-20210809222454-d867a43fc93e/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.0.0-20210817190340-bfb29a6856f2/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.0.0-20210831042530-f4d43177bf5e/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= -golang.org/x/sys v0.0.0-20211216021012-1d35b9e2eb4e/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.0.0-20220520151302-bc2c85ada10a/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.0.0-20220715151400-c0bba94af5f8/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.0.0-20220722155257-8c9f86f7a55f/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= +golang.org/x/sys v0.0.0-20220823224334-20c2bfdbfe24/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.0.0-20220908164124-27713097b956/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= +golang.org/x/sys v0.1.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.2.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.3.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.5.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.6.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= -golang.org/x/sys v0.9.0 h1:KS/R3tvhPqvJvwcKfnBHJwwthS11LRhmM5D59eEXa0s= -golang.org/x/sys v0.9.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= +golang.org/x/sys v0.15.0 h1:h48lPFYpsTvQJZF4EKyI4aLHaev3CxivZmv7yZig9pc= +golang.org/x/sys v0.15.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo= golang.org/x/term v0.0.0-20210615171337-6886f2dfbf5b/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8= golang.org/x/term v0.0.0-20210927222741-03fcf44c2211/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8= +golang.org/x/term v0.1.0/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8= golang.org/x/term v0.2.0/go.mod h1:TVmDHMZPmdnySmBfhjOoOdhjzdE1h4u1VwSiw2l1Nuc= golang.org/x/term v0.5.0/go.mod h1:jMB1sMXY+tzblOD4FWmEbocvup2/aLOaQEp7JmGp78k= golang.org/x/term v0.6.0/go.mod h1:m6U89DPEgQRMq3DNkDClhWw02AUbt2daBVO4cn4Hv9U= -golang.org/x/term v0.9.0 h1:GRRCnKYhdQrD8kfRAdQ6Zcw1P0OcELxGLKJvtjVMZ28= -golang.org/x/term v0.9.0/go.mod h1:M6DEAAIenWoTxdKrOltXcmDY3rSplQUkrvaDU5FcQyo= +golang.org/x/term v0.15.0 h1:y/Oo/a/q3IXu26lQgl04j/gjuBDOBlx7X6Om1j2CPW4= +golang.org/x/term v0.15.0/go.mod h1:BDl952bC7+uMoWR75FIrCDx79TPU9oHkTZ9yRbYOrX0= golang.org/x/text v0.0.0-20170915032832-14c0d48ead0c/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= golang.org/x/text v0.3.1-0.20180807135948-17ff2d5776d2/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= @@ -996,15 +1063,15 @@ golang.org/x/text v0.3.7/go.mod h1:u+2+/6zg+i71rQMx5EYifcz6MCKuco9NR6JIITiCfzQ= golang.org/x/text v0.4.0/go.mod h1:mrYo+phRRbMaCq/xk9113O4dZlRixOauAjOtrjsXDZ8= golang.org/x/text v0.7.0/go.mod h1:mrYo+phRRbMaCq/xk9113O4dZlRixOauAjOtrjsXDZ8= golang.org/x/text v0.8.0/go.mod h1:e1OnstbJyHTd6l/uOt8jFFHp6TRDWZR/bV3emEE/zU8= -golang.org/x/text v0.10.0 h1:UpjohKhiEgNc0CSauXmwYftY1+LlaC75SJwh0SgCX58= -golang.org/x/text v0.10.0/go.mod h1:TvPlkZtksWOMsz7fbANvkp4WM8x/WCo/om8BMLbz+aE= +golang.org/x/text v0.14.0 h1:ScX5w1eTa3QqT8oi6+ziP7dTV1S2+ALU0bI+0zXKWiQ= +golang.org/x/text v0.14.0/go.mod h1:18ZOQIKpY8NJVqYksKHtTdi31H5itFRjB5/qKTNYzSU= golang.org/x/time v0.0.0-20181108054448-85acf8d2951c/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ= golang.org/x/time v0.0.0-20190308202827-9d24e82272b4/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ= golang.org/x/time v0.0.0-20191024005414-555d28b269f0/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ= golang.org/x/time v0.0.0-20210220033141-f8bda1e9f3ba/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ= golang.org/x/time v0.0.0-20210723032227-1f47c861a9ac/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ= -golang.org/x/time v0.0.0-20220210224613-90d013bbcef8 h1:vVKdlvoWBphwdxWKrFZEuM0kGgGLxUOYcY4U/2Vjg44= -golang.org/x/time v0.0.0-20220210224613-90d013bbcef8/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ= +golang.org/x/time v0.3.0 h1:rg5rLMjNzMS1RkNLzCG38eapWhnYLFYXDXj2gOlr8j4= +golang.org/x/time v0.3.0/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ= golang.org/x/tools v0.0.0-20180221164845-07fd8470d635/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ= golang.org/x/tools v0.0.0-20180917221912-90fa682c2a6e/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ= golang.org/x/tools v0.0.0-20181030221726-6c7e314b6563/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ= @@ -1068,8 +1135,8 @@ golang.org/x/tools v0.1.5/go.mod h1:o0xws9oXOQQZyjljx8fwUC0k7L1pTE6eaCbjGeHmOkk= golang.org/x/tools v0.1.6-0.20210820212750-d4cc65f0b2ff/go.mod h1:YD9qOF0M9xpSpdWTBbzEl5e/RnCefISl8E5Noe10jFM= golang.org/x/tools v0.1.12/go.mod h1:hNGJHUnrk76NpqgfD5Aqm5Crs+Hm0VOH/i9J2+nxYbc= golang.org/x/tools v0.6.0/go.mod h1:Xwgl3UAJ/d3gWutnCtw505GrjyAbvKui8lOU390QaIU= -golang.org/x/tools v0.10.0 h1:tvDr/iQoUqNdohiYm0LmmKcBk+q86lb9EprIUFhHHGg= -golang.org/x/tools v0.10.0/go.mod h1:UJwyiVBsOA2uwvK/e5OY3GTpDUJriEd+/YlqAwLPmyM= +golang.org/x/tools v0.15.0 h1:zdAyfUGbYmuVokhzVmghFl2ZJh5QhcfebBgmVPFYA+8= +golang.org/x/tools v0.15.0/go.mod h1:hpksKq4dtpQWS1uQ61JkdqWM3LscIS6Slf+VVkm+wQk= golang.org/x/xerrors v0.0.0-20190717185122-a985d3407aa7/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= golang.org/x/xerrors v0.0.0-20191011141410-1b5146add898/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= golang.org/x/xerrors v0.0.0-20191204190536-9bdfabe68543/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= @@ -1150,8 +1217,8 @@ google.golang.org/genproto v0.0.0-20210319143718-93e7006c17a6/go.mod h1:FWY/as6D google.golang.org/genproto v0.0.0-20210402141018-6c239bbf2bb1/go.mod h1:9lPAdzaEmUacj36I+k7YKbEc5CXzPIeORRgDAUOu28A= google.golang.org/genproto v0.0.0-20210602131652-f16073e35f0c/go.mod h1:UODoCrxHCcBojKKwX1terBiRUaqAsFqJiF615XL43r0= google.golang.org/genproto v0.0.0-20210831024726-fe130286e0e2/go.mod h1:eFjDcFEctNawg4eG61bRv87N7iHBWyVhJu7u1kqDUXY= -google.golang.org/genproto/googleapis/rpc v0.0.0-20230530153820-e85fd2cbaebc h1:XSJ8Vk1SWuNr8S18z1NZSziL0CPIXLCCMDOEFtHBOFc= -google.golang.org/genproto/googleapis/rpc v0.0.0-20230530153820-e85fd2cbaebc/go.mod h1:66JfowdXAEgad5O9NnYcsNPLCPZJD++2L9X0PCMODrA= +google.golang.org/genproto/googleapis/rpc v0.0.0-20230822172742-b8732ec3820d h1:uvYuEyMHKNt+lT4K3bN6fGswmK8qSvcreM3BwjDh+y4= +google.golang.org/genproto/googleapis/rpc v0.0.0-20230822172742-b8732ec3820d/go.mod h1:+Bk1OCOj40wS2hwAMA+aCW9ypzm63QTBBHp6lQ3p+9M= google.golang.org/grpc v1.19.0/go.mod h1:mqu4LbDTu4XGKhr4mRzUsmM4RtVoemTSY81AxZiDr8c= google.golang.org/grpc v1.20.1/go.mod h1:10oTOabMzJvdu6/UiuZezV6QK5dSlG84ov/aaiqXj38= google.golang.org/grpc v1.21.0/go.mod h1:oYelfM1adQP15Ek0mdvEgi9Df8B9CZIaU1084ijfRaM= @@ -1175,8 +1242,8 @@ google.golang.org/grpc v1.36.1/go.mod h1:qjiiYl8FncCW8feJPdyg3v6XW24KsRHe+dy9BAG google.golang.org/grpc v1.37.0/go.mod h1:NREThFqKR1f3iQ6oBuvc5LadQuXVGo9rkm5ZGrQdJfM= google.golang.org/grpc v1.38.0/go.mod h1:NREThFqKR1f3iQ6oBuvc5LadQuXVGo9rkm5ZGrQdJfM= google.golang.org/grpc v1.40.0/go.mod h1:ogyxbiOoUXAkP+4+xa6PZSE9DZgIHtSpzjDTB9KAK34= -google.golang.org/grpc v1.56.0 h1:+y7Bs8rtMd07LeXmL3NxcTLn7mUkbKZqEpPhMNkwJEE= -google.golang.org/grpc v1.56.0/go.mod h1:I9bI3vqKfayGqPUAwGdOSu7kt6oIJLixfffKrpXqQ9s= +google.golang.org/grpc v1.59.0 h1:Z5Iec2pjwb+LEOqzpB2MR12/eKFhDPhuqW91O+4bwUk= +google.golang.org/grpc v1.59.0/go.mod h1:aUPDwccQo6OTjy7Hct4AfBPD1GptF4fyUjIkQ9YtF98= google.golang.org/protobuf v0.0.0-20200109180630-ec00e32a8dfd/go.mod h1:DFci5gLYBciE7Vtevhsrf46CRTquxDuWsQurQQe4oz8= google.golang.org/protobuf v0.0.0-20200221191635-4d8936d0db64/go.mod h1:kwYJMbMJ01Woi6D6+Kah6886xMZcty6N08ah7+eCXa0= google.golang.org/protobuf v0.0.0-20200228230310-ab0ca4ff8a60/go.mod h1:cfTl7dwQJ+fmap5saPgwCLgHXTUD7jkjRqWcaiX5VyM= @@ -1190,8 +1257,8 @@ google.golang.org/protobuf v1.25.0/go.mod h1:9JNX74DMeImyA3h4bdi1ymwjUzf21/xIlba google.golang.org/protobuf v1.26.0-rc.1/go.mod h1:jlhhOSvTdKEhbULTjvd4ARK9grFBp09yW+WbY/TyQbw= google.golang.org/protobuf v1.26.0/go.mod h1:9q0QmTI4eRPtz6boOQmLYwt+qCgq0jsYwAQnmE0givc= google.golang.org/protobuf v1.27.1/go.mod h1:9q0QmTI4eRPtz6boOQmLYwt+qCgq0jsYwAQnmE0givc= -google.golang.org/protobuf v1.30.0 h1:kPPoIgf3TsEvrm0PFe15JQ+570QVxYzEvvHqChK+cng= -google.golang.org/protobuf v1.30.0/go.mod h1:HV8QOd/L58Z+nl8r43ehVNZIU/HEI6OcFqwMG9pJV4I= +google.golang.org/protobuf v1.31.0 h1:g0LDEJHgrBl9N9r17Ru3sqWhkIx2NB67okBHPwC7hs8= +google.golang.org/protobuf v1.31.0/go.mod h1:HV8QOd/L58Z+nl8r43ehVNZIU/HEI6OcFqwMG9pJV4I= gopkg.in/alecthomas/kingpin.v2 v2.2.6/go.mod h1:FMv+mEhP44yOT+4EoQTLFTRgOQ1FBLkstjWtayDeSgw= gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0= gopkg.in/check.v1 v1.0.0-20180628173108-788fd7840127/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0= @@ -1241,32 +1308,32 @@ honnef.co/go/tools v0.0.1-2019.2.3/go.mod h1:a3bituU0lyd329TUQxRnasdCoJDkEUEAqEt honnef.co/go/tools v0.0.1-2020.1.3/go.mod h1:X/FiERA/W4tHapMX5mGpAtMSVEeEUOyHaw9vFzvIQ3k= honnef.co/go/tools v0.0.1-2020.1.4/go.mod h1:X/FiERA/W4tHapMX5mGpAtMSVEeEUOyHaw9vFzvIQ3k= k8s.io/api v0.23.5/go.mod h1:Na4XuKng8PXJ2JsploYYrivXrINeTaycCGcYgF91Xm8= -k8s.io/api v0.27.3 h1:yR6oQXXnUEBWEWcvPWS0jQL575KoAboQPfJAuKNrw5Y= -k8s.io/api v0.27.3/go.mod h1:C4BNvZnQOF7JA/0Xed2S+aUyJSfTGkGFxLXz9MnpIpg= +k8s.io/api v0.28.4 h1:8ZBrLjwosLl/NYgv1P7EQLqoO8MGQApnbgH8tu3BMzY= +k8s.io/api v0.28.4/go.mod h1:axWTGrY88s/5YE+JSt4uUi6NMM+gur1en2REMR7IRj0= k8s.io/apiextensions-apiserver v0.23.5 h1:5SKzdXyvIJKu+zbfPc3kCbWpbxi+O+zdmAJBm26UJqI= k8s.io/apiextensions-apiserver v0.23.5/go.mod h1:ntcPWNXS8ZPKN+zTXuzYMeg731CP0heCTl6gYBxLcuQ= k8s.io/apimachinery v0.23.5/go.mod h1:BEuFMMBaIbcOqVIJqNZJXGFTP4W6AycEpb5+m/97hrM= -k8s.io/apimachinery v0.27.3 h1:Ubye8oBufD04l9QnNtW05idcOe9Z3GQN8+7PqmuVcUM= -k8s.io/apimachinery v0.27.3/go.mod h1:XNfZ6xklnMCOGGFNqXG7bUrQCoR04dh/E7FprV6pb+E= +k8s.io/apimachinery v0.28.4 h1:zOSJe1mc+GxuMnFzD4Z/U1wst50X28ZNsn5bhgIIao8= +k8s.io/apimachinery v0.28.4/go.mod h1:wI37ncBvfAoswfq626yPTe6Bz1c22L7uaJ8dho83mgg= k8s.io/apiserver v0.23.5/go.mod h1:7wvMtGJ42VRxzgVI7jkbKvMbuCbVbgsWFT7RyXiRNTw= k8s.io/client-go v0.23.5/go.mod h1:flkeinTO1CirYgzMPRWxUCnV0G4Fbu2vLhYCObnt/r4= -k8s.io/client-go v0.27.3 h1:7dnEGHZEJld3lYwxvLl7WoehK6lAq7GvgjxpA3nv1E8= -k8s.io/client-go v0.27.3/go.mod h1:2MBEKuTo6V1lbKy3z1euEGnhPfGZLKTS9tiJ2xodM48= +k8s.io/client-go v0.28.4 h1:Np5ocjlZcTrkyRJ3+T3PkXDpe4UpatQxj85+xjaD2wY= +k8s.io/client-go v0.28.4/go.mod h1:0VDZFpgoZfelyP5Wqu0/r/TRYcLYuJ2U1KEeoaPa1N4= k8s.io/code-generator v0.23.5/go.mod h1:S0Q1JVA+kSzTI1oUvbKAxZY/DYbA/ZUb4Uknog12ETk= k8s.io/component-base v0.23.5/go.mod h1:c5Nq44KZyt1aLl0IpHX82fhsn84Sb0jjzwjpcA42bY0= k8s.io/gengo v0.0.0-20210813121822-485abfe95c7c/go.mod h1:FiNAH4ZV3gBg2Kwh89tzAEV2be7d5xI0vBa/VySYy3E= k8s.io/klog/v2 v2.0.0/go.mod h1:PBfzABfn139FHAV07az/IF9Wp1bkk3vpT2XSJ76fSDE= k8s.io/klog/v2 v2.2.0/go.mod h1:Od+F08eJP+W3HUb4pSrPpgp9DGU4GzlpG/TmITuYh/Y= k8s.io/klog/v2 v2.30.0/go.mod h1:y1WjHnz7Dj687irZUWR/WLkLc5N1YHtjLdmgWjndZn0= -k8s.io/klog/v2 v2.90.1 h1:m4bYOKall2MmOiRaR1J+We67Do7vm9KiQVlT96lnHUw= -k8s.io/klog/v2 v2.90.1/go.mod h1:y1WjHnz7Dj687irZUWR/WLkLc5N1YHtjLdmgWjndZn0= +k8s.io/klog/v2 v2.100.1 h1:7WCHKK6K8fNhTqfBhISHQ97KrnJNFZMcQvKp7gP/tmg= +k8s.io/klog/v2 v2.100.1/go.mod h1:y1WjHnz7Dj687irZUWR/WLkLc5N1YHtjLdmgWjndZn0= k8s.io/kube-openapi v0.0.0-20211115234752-e816edb12b65/go.mod h1:sX9MT8g7NVZM5lVL/j8QyCCJe8YSMW30QvGZWaCIDIk= -k8s.io/kube-openapi v0.0.0-20230501164219-8b0f38b5fd1f h1:2kWPakN3i/k81b0gvD5C5FJ2kxm1WrQFanWchyKuqGg= -k8s.io/kube-openapi v0.0.0-20230501164219-8b0f38b5fd1f/go.mod h1:byini6yhqGC14c3ebc/QwanvYwhuMWF6yz2F8uwW8eg= +k8s.io/kube-openapi v0.0.0-20230717233707-2695361300d9 h1:LyMgNKD2P8Wn1iAwQU5OhxCKlKJy0sHc+PcDwFB24dQ= +k8s.io/kube-openapi v0.0.0-20230717233707-2695361300d9/go.mod h1:wZK2AVp1uHCp4VamDVgBP2COHZjqD1T68Rf0CM3YjSM= k8s.io/utils v0.0.0-20210802155522-efc7438f0176/go.mod h1:jPW/WVKK9YHAvNhRxK0md/EJ228hCsBRufyofKtW8HA= k8s.io/utils v0.0.0-20211116205334-6203023598ed/go.mod h1:jPW/WVKK9YHAvNhRxK0md/EJ228hCsBRufyofKtW8HA= -k8s.io/utils v0.0.0-20230209194617-a36077c30491 h1:r0BAOLElQnnFhE/ApUsg3iHdVYYPBjNSSOMowRZxxsY= -k8s.io/utils v0.0.0-20230209194617-a36077c30491/go.mod h1:OLgZIPagt7ERELqWJFomSt595RzquPNLL48iOWgYOg0= +k8s.io/utils v0.0.0-20230406110748-d93618cff8a2 h1:qY1Ad8PODbnymg2pRbkyMT/ylpTrCM8P2RJ0yroCyIk= +k8s.io/utils v0.0.0-20230406110748-d93618cff8a2/go.mod h1:OLgZIPagt7ERELqWJFomSt595RzquPNLL48iOWgYOg0= lukechampine.com/frand v1.4.2 h1:RzFIpOvkMXuPMBb9maa4ND4wjBn71E1Jpf8BzJHMaVw= lukechampine.com/frand v1.4.2/go.mod h1:4S/TM2ZgrKejMcKMbeLjISpJMO+/eZ1zu3vYX9dtj3s= pgregory.net/rapid v0.4.7/go.mod h1:UYpPVyjFHzYBGHIxLFoupi8vwk6rXNzRY9OMvVxFIOU= @@ -1286,5 +1353,3 @@ sigs.k8s.io/yaml v1.2.0/go.mod h1:yfXDCHCao9+ENCvLSE62v9VSji2MKu5jeNfTrofGhJc= sigs.k8s.io/yaml v1.3.0 h1:a2VclLzOGrwOHDiV8EfBGhvjHvP46CtW5j6POvhYGGo= sigs.k8s.io/yaml v1.3.0/go.mod h1:GeOyir5tyXNByN85N/dRIT9es5UQNerPYEKK56eTBm8= sourcegraph.com/sourcegraph/appdash v0.0.0-20190731080439-ebfcffb1b5c0/go.mod h1:hI742Nqp5OhwiqlzhgfbWU4mW4yO10fP+LoT9WOswdU= -sourcegraph.com/sourcegraph/appdash v0.0.0-20211028080628-e2786a622600 h1:hfyJ5ku9yFtLVOiSxa3IN+dx5eBQT9mPmKFypAmg8XM= -sourcegraph.com/sourcegraph/appdash v0.0.0-20211028080628-e2786a622600/go.mod h1:hI742Nqp5OhwiqlzhgfbWU4mW4yO10fP+LoT9WOswdU= From db5a4d701b2aeec294e799c03773e7566eaf94d2 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Aur=C3=A8le=20Oul=C3=A8s?= Date: Wed, 21 Feb 2024 22:50:46 +0100 Subject: [PATCH 012/209] cluster-agent: Add network policy default permission (#1327) Co-authored-by: Cedric Lamoriniere --- charts/datadog/CHANGELOG.md | 4 ++++ charts/datadog/Chart.yaml | 2 +- charts/datadog/README.md | 2 +- charts/datadog/templates/cluster-agent-rbac.yaml | 1 + 4 files changed, 7 insertions(+), 2 deletions(-) diff --git a/charts/datadog/CHANGELOG.md b/charts/datadog/CHANGELOG.md index d7a0dda5f..e8d4d029c 100644 --- a/charts/datadog/CHANGELOG.md +++ b/charts/datadog/CHANGELOG.md @@ -1,5 +1,9 @@ # Datadog changelog +## 3.57.2 + +* Add `networkpolicies` default permission for the cluster agent. + ## 3.57.1 * Allow configuring CWS security profile based auto suppression feature and enable it by default. diff --git a/charts/datadog/Chart.yaml b/charts/datadog/Chart.yaml index 23f173e03..e997efad3 100644 --- a/charts/datadog/Chart.yaml +++ b/charts/datadog/Chart.yaml @@ -1,6 +1,6 @@ apiVersion: v1 name: datadog -version: 3.57.1 +version: 3.57.2 appVersion: "7" description: Datadog Agent keywords: diff --git a/charts/datadog/README.md b/charts/datadog/README.md index eee03e8cd..33fade3d5 100644 --- a/charts/datadog/README.md +++ b/charts/datadog/README.md @@ -1,6 +1,6 @@ # Datadog -![Version: 3.57.1](https://img.shields.io/badge/Version-3.57.1-informational?style=flat-square) ![AppVersion: 7](https://img.shields.io/badge/AppVersion-7-informational?style=flat-square) +![Version: 3.57.2](https://img.shields.io/badge/Version-3.57.2-informational?style=flat-square) ![AppVersion: 7](https://img.shields.io/badge/AppVersion-7-informational?style=flat-square) [Datadog](https://www.datadoghq.com/) is a hosted infrastructure monitoring platform. This chart adds the Datadog Agent to all nodes in your cluster via a DaemonSet. It also optionally depends on the [kube-state-metrics chart](https://github.com/prometheus-community/helm-charts/tree/main/charts/kube-state-metrics). For more information about monitoring Kubernetes with Datadog, please refer to the [Datadog documentation website](https://docs.datadoghq.com/agent/basic_agent_usage/kubernetes/). diff --git a/charts/datadog/templates/cluster-agent-rbac.yaml b/charts/datadog/templates/cluster-agent-rbac.yaml index 975098c8e..a414f640f 100644 --- a/charts/datadog/templates/cluster-agent-rbac.yaml +++ b/charts/datadog/templates/cluster-agent-rbac.yaml @@ -171,6 +171,7 @@ rules: - networking.k8s.io resources: - ingresses + - networkpolicies verbs: - list - get From 130a504efd9857dc5d071b303bbcb12801bd081b Mon Sep 17 00:00:00 2001 From: Cedric Lamoriniere Date: Thu, 22 Feb 2024 18:20:59 +0100 Subject: [PATCH 013/209] Add labeler github action (#1326) --- .github/workflows/labeler/labels.yaml | 45 +++++++++++++++++++++++++++ .github/workflows/pr-labeler.yaml | 16 ++++++++++ 2 files changed, 61 insertions(+) create mode 100644 .github/workflows/labeler/labels.yaml create mode 100644 .github/workflows/pr-labeler.yaml diff --git a/.github/workflows/labeler/labels.yaml b/.github/workflows/labeler/labels.yaml new file mode 100644 index 000000000..e520ab3d1 --- /dev/null +++ b/.github/workflows/labeler/labels.yaml @@ -0,0 +1,45 @@ +chart/datadog: + - changed-files: + - any-glob-to-any-file: "charts/datadog/**" + +chart/datadog-crds: + - changed-files: + - any-glob-to-any-file: "charts/datadog-crds/**" + - any-glob-to-any-file: "crds/**" + +chart/datadog-operator: + - changed-files: + - any-glob-to-any-file: "charts/datadog-operator/**" + +chart/extended-daemon-set: + - changed-files: + - any-glob-to-any-file: "charts/extended-daemon-set/**" + +chart/watermarkpodautoscaler: + - changed-files: + - any-glob-to-any-file: "charts/watermarkpodautoscaler/**" + +chart/observability-pipelines-worker: + - changed-files: + - any-glob-to-any-file: "charts/observability-pipelines-worker/**" + +chart/synthetics-private-location: + - changed-files: + - any-glob-to-any-file: "charts/synthetics-private-location/**" + +tools/tests: + - changed-files: + - any-glob-to-any-file: "tests/**" + +tools/ci: + - changed-files: + - any-glob-to-any-file: ".github/**" + - any-glob-to-any-file: ".gitlab-ci.yml" + - any-glob-to-any-file: "Makefile" + +documentation: + - changed-files: + - any-glob-to-any-file: "README.md" + - any-glob-to-any-file: "examples/**" + - any-glob-to-any-file: "CONTRIBUTING.md" + - any-glob-to-any-file: "LICENSE" diff --git a/.github/workflows/pr-labeler.yaml b/.github/workflows/pr-labeler.yaml new file mode 100644 index 000000000..f1d36ed3d --- /dev/null +++ b/.github/workflows/pr-labeler.yaml @@ -0,0 +1,16 @@ +name: Labeler +on: + pull_request: + branches: + - main + +jobs: + label: + name: Add label for PRs + runs-on: ubuntu-latest + timeout-minutes: 5 + steps: + - uses: actions/labeler@v5 + with: + repo-token: "${{ secrets.GITHUB_TOKEN }}" + configuration-path: .github/workflows/labeler/labels.yaml From 0b71eb1f4903cadf13a9bad6cac0a027833ba0b6 Mon Sep 17 00:00:00 2001 From: Liliya Belaus <59583867+liliyadd@users.noreply.github.com> Date: Fri, 23 Feb 2024 07:19:33 -0500 Subject: [PATCH 014/209] Disable mutations on Datadog resources pods (#1330) --- charts/datadog/CHANGELOG.md | 4 ++++ charts/datadog/Chart.yaml | 2 +- charts/datadog/README.md | 2 +- charts/datadog/templates/agent-clusterchecks-deployment.yaml | 1 + charts/datadog/templates/cluster-agent-deployment.yaml | 1 + charts/datadog/templates/daemonset.yaml | 2 +- 6 files changed, 9 insertions(+), 3 deletions(-) diff --git a/charts/datadog/CHANGELOG.md b/charts/datadog/CHANGELOG.md index e8d4d029c..28cc6e271 100644 --- a/charts/datadog/CHANGELOG.md +++ b/charts/datadog/CHANGELOG.md @@ -1,5 +1,9 @@ # Datadog changelog +## 3.57.3 + +* Exclude agent, cluster agent and agent clusterchecks pods from injection from the admission controller. + ## 3.57.2 * Add `networkpolicies` default permission for the cluster agent. diff --git a/charts/datadog/Chart.yaml b/charts/datadog/Chart.yaml index e997efad3..8818e551e 100644 --- a/charts/datadog/Chart.yaml +++ b/charts/datadog/Chart.yaml @@ -1,6 +1,6 @@ apiVersion: v1 name: datadog -version: 3.57.2 +version: 3.57.3 appVersion: "7" description: Datadog Agent keywords: diff --git a/charts/datadog/README.md b/charts/datadog/README.md index 33fade3d5..8a283120a 100644 --- a/charts/datadog/README.md +++ b/charts/datadog/README.md @@ -1,6 +1,6 @@ # Datadog -![Version: 3.57.2](https://img.shields.io/badge/Version-3.57.2-informational?style=flat-square) ![AppVersion: 7](https://img.shields.io/badge/AppVersion-7-informational?style=flat-square) +![Version: 3.57.3](https://img.shields.io/badge/Version-3.57.3-informational?style=flat-square) ![AppVersion: 7](https://img.shields.io/badge/AppVersion-7-informational?style=flat-square) [Datadog](https://www.datadoghq.com/) is a hosted infrastructure monitoring platform. This chart adds the Datadog Agent to all nodes in your cluster via a DaemonSet. It also optionally depends on the [kube-state-metrics chart](https://github.com/prometheus-community/helm-charts/tree/main/charts/kube-state-metrics). For more information about monitoring Kubernetes with Datadog, please refer to the [Datadog documentation website](https://docs.datadoghq.com/agent/basic_agent_usage/kubernetes/). diff --git a/charts/datadog/templates/agent-clusterchecks-deployment.yaml b/charts/datadog/templates/agent-clusterchecks-deployment.yaml index edcbfaf26..d845f4756 100644 --- a/charts/datadog/templates/agent-clusterchecks-deployment.yaml +++ b/charts/datadog/templates/agent-clusterchecks-deployment.yaml @@ -27,6 +27,7 @@ spec: labels: {{ include "datadog.template-labels" . | indent 8 }} app.kubernetes.io/component: clusterchecks-agent + admission.datadoghq.com/enabled: "false" app: {{ template "datadog.fullname" . }}-clusterchecks {{- if .Values.clusterChecksRunner.additionalLabels }} {{ toYaml .Values.clusterChecksRunner.additionalLabels | indent 8 }} diff --git a/charts/datadog/templates/cluster-agent-deployment.yaml b/charts/datadog/templates/cluster-agent-deployment.yaml index 636649ee1..d0bc7b0d3 100644 --- a/charts/datadog/templates/cluster-agent-deployment.yaml +++ b/charts/datadog/templates/cluster-agent-deployment.yaml @@ -38,6 +38,7 @@ spec: labels: {{ include "datadog.template-labels" . | indent 8 }} app.kubernetes.io/component: cluster-agent + admission.datadoghq.com/enabled: "false" app: {{ template "datadog.fullname" . }}-cluster-agent {{- if .Values.clusterAgent.podLabels }} {{ toYaml .Values.clusterAgent.podLabels | indent 8 }} diff --git a/charts/datadog/templates/daemonset.yaml b/charts/datadog/templates/daemonset.yaml index 5aba67ff2..15c75d96b 100644 --- a/charts/datadog/templates/daemonset.yaml +++ b/charts/datadog/templates/daemonset.yaml @@ -9,7 +9,6 @@ metadata: labels: {{ include "datadog.labels" . | indent 4 }} app.kubernetes.io/component: agent - admission.datadoghq.com/enabled: "false" {{- if .Values.agents.additionalLabels }} {{ toYaml .Values.agents.additionalLabels | indent 4 }} {{- end }} @@ -30,6 +29,7 @@ spec: labels: {{ include "datadog.template-labels" . | indent 8 }} app.kubernetes.io/component: agent + admission.datadoghq.com/enabled: "false" app: {{ template "datadog.fullname" . }} {{- if .Values.agents.podLabels }} {{ toYaml .Values.agents.podLabels | indent 8 }} From db6f0ebf576f90d37dd5986c6c7de19e6f3e1e11 Mon Sep 17 00:00:00 2001 From: Celene Date: Mon, 26 Feb 2024 16:54:29 -0500 Subject: [PATCH 015/209] [datadog-operator] add flag for introspection (#1333) --- charts/datadog-operator/CHANGELOG.md | 4 ++++ charts/datadog-operator/Chart.yaml | 2 +- charts/datadog-operator/README.md | 3 ++- charts/datadog-operator/templates/deployment.yaml | 3 +++ charts/datadog-operator/values.yaml | 5 +++++ .../baseline/Operator_Deployment_default.yaml | 3 ++- .../baseline/Operator_Deployment_with_certManager.yaml | 3 ++- 7 files changed, 19 insertions(+), 4 deletions(-) diff --git a/charts/datadog-operator/CHANGELOG.md b/charts/datadog-operator/CHANGELOG.md index 8780ca9ac..32d28b7aa 100644 --- a/charts/datadog-operator/CHANGELOG.md +++ b/charts/datadog-operator/CHANGELOG.md @@ -1,5 +1,9 @@ # Changelog +## 1.5.1 + +* Add configuration for Operator flag `introspectionEnabled`: this parameter is used to enable the Introspection. It is disabled by default. + ## 1.5.0 * Update Datadog Operator version to 1.4.0. diff --git a/charts/datadog-operator/Chart.yaml b/charts/datadog-operator/Chart.yaml index ce0c44af5..1a06dc951 100644 --- a/charts/datadog-operator/Chart.yaml +++ b/charts/datadog-operator/Chart.yaml @@ -1,6 +1,6 @@ apiVersion: v2 name: datadog-operator -version: 1.5.0 +version: 1.5.1 appVersion: 1.4.0 description: Datadog Operator keywords: diff --git a/charts/datadog-operator/README.md b/charts/datadog-operator/README.md index 94d05f939..75e029d94 100644 --- a/charts/datadog-operator/README.md +++ b/charts/datadog-operator/README.md @@ -1,6 +1,6 @@ # Datadog Operator -![Version: 1.5.0](https://img.shields.io/badge/Version-1.5.0-informational?style=flat-square) ![AppVersion: 1.4.0](https://img.shields.io/badge/AppVersion-1.4.0-informational?style=flat-square) +![Version: 1.5.1](https://img.shields.io/badge/Version-1.5.1-informational?style=flat-square) ![AppVersion: 1.4.0](https://img.shields.io/badge/AppVersion-1.4.0-informational?style=flat-square) ## Values @@ -33,6 +33,7 @@ | image.tag | string | `"1.4.0"` | Define the Datadog Operator version to use | | imagePullSecrets | list | `[]` | Datadog Operator repository pullSecret (ex: specify docker registry credentials) | | installCRDs | bool | `true` | Set to true to deploy the Datadog's CRDs | +| introspection.enabled | bool | `false` | If true, enables introspection feature (beta). Requires v1.4.0+ | | logLevel | string | `"info"` | Set Datadog Operator log level (debug, info, error, panic, fatal) | | maximumGoroutines | string | `nil` | Override default goroutines threshold for the health check failure. | | metricsPort | int | `8383` | Port used for OpenMetrics endpoint | diff --git a/charts/datadog-operator/templates/deployment.yaml b/charts/datadog-operator/templates/deployment.yaml index a8de14218..0c2b45f7f 100644 --- a/charts/datadog-operator/templates/deployment.yaml +++ b/charts/datadog-operator/templates/deployment.yaml @@ -107,6 +107,9 @@ spec: {{- end }} {{- if and .Values.maximumGoroutines (semverCompare ">=1.0.0-rc.13" .Values.image.tag) }} - "-maximumGoroutines={{ .Values.maximumGoroutines }}" + {{- end }} + {{- if (semverCompare ">=1.4.0" .Values.image.tag) }} + - "-introspectionEnabled={{ .Values.introspection.enabled }}" {{- end }} - "-datadogMonitorEnabled={{ .Values.datadogMonitor.enabled }}" {{- if (semverCompare ">=1.0.0-rc.13" .Values.image.tag) }} diff --git a/charts/datadog-operator/values.yaml b/charts/datadog-operator/values.yaml index 15ecc5a3c..af9863a35 100644 --- a/charts/datadog-operator/values.yaml +++ b/charts/datadog-operator/values.yaml @@ -56,6 +56,11 @@ fullnameOverride: "" logLevel: "info" # maximumGoroutines -- Override default goroutines threshold for the health check failure. maximumGoroutines: + + +introspection: +# introspection.enabled -- If true, enables introspection feature (beta). Requires v1.4.0+ + enabled: false # supportExtendedDaemonset -- If true, supports using ExtendedDaemonSet CRD supportExtendedDaemonset: "false" # operatorMetricsEnabled -- Enable forwarding of Datadog Operator metrics and events to Datadog. diff --git a/test/datadog-operator/baseline/Operator_Deployment_default.yaml b/test/datadog-operator/baseline/Operator_Deployment_default.yaml index f220c91a1..72d3f4534 100644 --- a/test/datadog-operator/baseline/Operator_Deployment_default.yaml +++ b/test/datadog-operator/baseline/Operator_Deployment_default.yaml @@ -7,7 +7,7 @@ metadata: namespace: datadog-agent labels: app.kubernetes.io/name: datadog-operator - helm.sh/chart: datadog-operator-1.5.0 + helm.sh/chart: datadog-operator-1.5.1 app.kubernetes.io/instance: datadog-operator app.kubernetes.io/version: "1.4.0" app.kubernetes.io/managed-by: Helm @@ -53,6 +53,7 @@ spec: - "-loglevel=info" - "-operatorMetricsEnabled=true" - "-webhookEnabled=false" + - "-introspectionEnabled=false" - "-datadogMonitorEnabled=false" - "-datadogAgentEnabled=true" - "-datadogSLOEnabled=false" diff --git a/test/datadog-operator/baseline/Operator_Deployment_with_certManager.yaml b/test/datadog-operator/baseline/Operator_Deployment_with_certManager.yaml index 7f505dc91..6718a89a2 100644 --- a/test/datadog-operator/baseline/Operator_Deployment_with_certManager.yaml +++ b/test/datadog-operator/baseline/Operator_Deployment_with_certManager.yaml @@ -7,7 +7,7 @@ metadata: namespace: datadog-agent labels: app.kubernetes.io/name: datadog-operator - helm.sh/chart: datadog-operator-1.5.0 + helm.sh/chart: datadog-operator-1.5.1 app.kubernetes.io/instance: datadog-operator app.kubernetes.io/version: "1.4.0" app.kubernetes.io/managed-by: Helm @@ -53,6 +53,7 @@ spec: - "-loglevel=info" - "-operatorMetricsEnabled=true" - "-webhookEnabled=true" + - "-introspectionEnabled=false" - "-datadogMonitorEnabled=false" - "-datadogAgentEnabled=true" - "-datadogSLOEnabled=false" From fde0bcd829923af4ebafb2ee5e3b530ab66a366a Mon Sep 17 00:00:00 2001 From: Levan Machablishvili Date: Tue, 27 Feb 2024 09:58:53 -0500 Subject: [PATCH 016/209] Add Kubernetes 1.28, 1.29 to Operator Go tests --- .github/workflows/go-test.yaml | 2 ++ 1 file changed, 2 insertions(+) diff --git a/.github/workflows/go-test.yaml b/.github/workflows/go-test.yaml index 1b1760931..544c57902 100644 --- a/.github/workflows/go-test.yaml +++ b/.github/workflows/go-test.yaml @@ -47,6 +47,8 @@ jobs: - v1.25.2 - v1.26.6 - v1.27.3 + - v1.28.7 + - v1.29.2 steps: - name: Checkout uses: actions/checkout@v3 From e5284d563b635628aa5650b827e16a2e15063b4e Mon Sep 17 00:00:00 2001 From: levan-m <116471169+levan-m@users.noreply.github.com> Date: Thu, 29 Feb 2024 15:54:34 -0500 Subject: [PATCH 017/209] Add DatadogAgent v1alpha1 deprecation warning (#1332) * Add DatadogAgent v1alpha1 deprecation warning * Update charts/datadog-operator/templates/NOTES.txt Co-authored-by: Celene * Update charts/datadog-operator/templates/NOTES.txt Co-authored-by: Celene * Update charts/datadog-operator/templates/NOTES.txt Co-authored-by: Celene --------- Co-authored-by: Celene --- charts/datadog-operator/CHANGELOG.md | 4 ++++ charts/datadog-operator/templates/NOTES.txt | 16 ++++++++++++++++ 2 files changed, 20 insertions(+) diff --git a/charts/datadog-operator/CHANGELOG.md b/charts/datadog-operator/CHANGELOG.md index 32d28b7aa..eb566f658 100644 --- a/charts/datadog-operator/CHANGELOG.md +++ b/charts/datadog-operator/CHANGELOG.md @@ -1,5 +1,9 @@ # Changelog +## 1.5.2 + +* Add deprecation warning for `DatadogAgent` `v1alpha1` CRD version. + ## 1.5.1 * Add configuration for Operator flag `introspectionEnabled`: this parameter is used to enable the Introspection. It is disabled by default. diff --git a/charts/datadog-operator/templates/NOTES.txt b/charts/datadog-operator/templates/NOTES.txt index 85723cecb..a6fea9c5d 100644 --- a/charts/datadog-operator/templates/NOTES.txt +++ b/charts/datadog-operator/templates/NOTES.txt @@ -40,6 +40,22 @@ The maximumGoroutines parameter isn't supported by the Operator 1.0.0-rc.12 and Setting a value will not change the default defined in the Operator. {{- end }} {{- end }} + +{{- if (semverCompare ">=1.0.0" .Values.image.tag) }} + {{- if .Values.datadogCRDs.migration.datadogAgents.conversionWebhook.enabled }} +############################################################################## +#### WARNING: v1alpha1 and conversion webhook deprecation. #### +############################################################################## + +DatadogAgent v1alpha1 reconciliation in the Operator is deprecated since v1.2.0+ and will be removed in v1.7.0. +Once removed, the Datadog Operator cannot be configured to reconcile the v1alpha1 DatadogAgent CRD. +However, you will still be able to apply a v1alpha1 manifest with the conversion webhook enabled (using `datadogCRDs.migration.datadogAgents.conversionWebhook.enabled`). +DatadogAgent v1alpha1 and the conversion webhook will be removed in v1.8.0. +See the migration page for instructions on migrating to v2alpha1: https://docs.datadoghq.com/containers/guide/datadogoperator_migration/ + {{- end }} +{{- end }} + + {{- if not (and (semverCompare ">=1.0.0-0" .Values.image.tag) (eq .Values.datadogCRDs.migration.datadogAgents.version "v2alpha1")) }} {{- fail "The Datadog Operator `1.0.0` reconciles `DatadogAgent` versions `v2alpha1`. Using an old version of the Datadog Operator (< 1.0.0) with the new version of the DatadogAgent Customer Resource, or the Datadog Operator `1.X` with the `v1alpha1` as stored version of the DatadogAgent is not supported. If you are using a DatadogAgent `v1alpha1`, refer to the Migration Steps: https://github.com/DataDog/helm-charts/blob/main/charts/datadog-operator/README.md#migrating-to-the-version-10-of-the-datadog-operator."}} {{- end }} From dd8fb79a08be14b1a3c94a36013a8eba31b78236 Mon Sep 17 00:00:00 2001 From: Liliya Belaus <59583867+liliyadd@users.noreply.github.com> Date: Mon, 11 Mar 2024 15:47:05 +0100 Subject: [PATCH 018/209] [APM Onboarding] Update configuration options for APM Instrumentation (#1318) --------- Co-authored-by: Cedric Lamoriniere --- charts/datadog/CHANGELOG.md | 8 +++++ charts/datadog/Chart.yaml | 2 +- charts/datadog/README.md | 6 ++-- charts/datadog/README.md.gotmpl | 4 +-- charts/datadog/templates/NOTES.txt | 16 ++-------- charts/datadog/templates/_helpers.tpl | 30 ------------------- .../templates/cluster-agent-deployment.yaml | 10 +++---- 7 files changed, 22 insertions(+), 54 deletions(-) diff --git a/charts/datadog/CHANGELOG.md b/charts/datadog/CHANGELOG.md index 28cc6e271..5fd263f26 100644 --- a/charts/datadog/CHANGELOG.md +++ b/charts/datadog/CHANGELOG.md @@ -1,5 +1,13 @@ # Datadog changelog +## 3.58.0 + +* Change configuration options for APM Instrumentation. Starting from Agent and Cluster-Agent version `7.51.0` APM Instrumentation needs to be configured using the following configuration options: +* `datadog.apm.instrumentation.enabled` - set to `true` to enable automatic instrumentation. +* `datadog.apm.instrumentation.enabledNamespaces` - optional; list of namespaces to enable automatic instrumentation in. If not provided, every namespace in the cluster will be instrumented. +* `datadog.apm.instrumentation.disabledNamespaces` - optional; list of namespaces to disable automatic instrumentation in. + + ## 3.57.3 * Exclude agent, cluster agent and agent clusterchecks pods from injection from the admission controller. diff --git a/charts/datadog/Chart.yaml b/charts/datadog/Chart.yaml index 8818e551e..3ee2a54dd 100644 --- a/charts/datadog/Chart.yaml +++ b/charts/datadog/Chart.yaml @@ -1,6 +1,6 @@ apiVersion: v1 name: datadog -version: 3.57.3 +version: 3.58.0 appVersion: "7" description: Datadog Agent keywords: diff --git a/charts/datadog/README.md b/charts/datadog/README.md index 8a283120a..b632839d4 100644 --- a/charts/datadog/README.md +++ b/charts/datadog/README.md @@ -1,6 +1,6 @@ # Datadog -![Version: 3.57.3](https://img.shields.io/badge/Version-3.57.3-informational?style=flat-square) ![AppVersion: 7](https://img.shields.io/badge/AppVersion-7-informational?style=flat-square) +![Version: 3.58.0](https://img.shields.io/badge/Version-3.58.0-informational?style=flat-square) ![AppVersion: 7](https://img.shields.io/badge/AppVersion-7-informational?style=flat-square) [Datadog](https://www.datadoghq.com/) is a hosted infrastructure monitoring platform. This chart adds the Datadog Agent to all nodes in your cluster via a DaemonSet. It also optionally depends on the [kube-state-metrics chart](https://github.com/prometheus-community/helm-charts/tree/main/charts/kube-state-metrics). For more information about monitoring Kubernetes with Datadog, please refer to the [Datadog documentation website](https://docs.datadoghq.com/agent/basic_agent_usage/kubernetes/). @@ -262,7 +262,7 @@ datadog: # (...) apm: instrumentation: - enabled: false + enabled: true enabledNamespaces: - namespaceC ``` @@ -274,7 +274,7 @@ datadog: # (...) apm: instrumentation: - enabled: false + enabled: true libVersions: java: v1.18.0 python: v1.20.0 diff --git a/charts/datadog/README.md.gotmpl b/charts/datadog/README.md.gotmpl index e0d78c0ec..6e4708ca0 100644 --- a/charts/datadog/README.md.gotmpl +++ b/charts/datadog/README.md.gotmpl @@ -258,7 +258,7 @@ datadog: # (...) apm: instrumentation: - enabled: false + enabled: true enabledNamespaces: - namespaceC ``` @@ -270,7 +270,7 @@ datadog: # (...) apm: instrumentation: - enabled: false + enabled: true libVersions: java: v1.18.0 python: v1.20.0 diff --git a/charts/datadog/templates/NOTES.txt b/charts/datadog/templates/NOTES.txt index c91017e0a..752e205c1 100644 --- a/charts/datadog/templates/NOTES.txt +++ b/charts/datadog/templates/NOTES.txt @@ -155,24 +155,14 @@ The Datadog Agent is listening on port {{ $apmPort }} for APM service. {{- end }} -{{- if and .Values.datadog.apm.instrumentation.enabled_namespaces (eq (include "cluster-agent-enabled" .) "false")}} +{{- if and .Values.datadog.apm.instrumentation.enabledNamespaces (not .Values.datadog.apm.instrumentation.enabled) }} ################################################################# #### WARNING: Configuration notice #### ################################################################# -You are using datadog.apm.instrumentation.enabledNamespaces but you disabled the cluster agent. This configuration is unsupported and Kubernetes resource monitoring has been turned off. -To enable it please set clusterAgent.enabled to 'true'. -{{- end }} - -{{- if and .Values.datadog.apm.instrumentation.enabled .Values.datadog.apm.instrumentation.enabledNamespaces }} - -################################################################# -#### WARNING: Configuration notice #### -################################################################# - -The options `datadog.apm.instrumentation.enabled` and `datadog.apm.instrumentation.enabledNamespaces` are set together. -APM Single Step Instrumentation will be enabled in the whole cluster. +The option `datadog.apm.instrumentation.enabledNamespaces` is set while `datadog.apm.instrumentation.enabled` is disabled. +APM Single Step Instrumentation will be disabled in the whole cluster. {{- end }} diff --git a/charts/datadog/templates/_helpers.tpl b/charts/datadog/templates/_helpers.tpl index 9408f0f2b..86fc75c98 100644 --- a/charts/datadog/templates/_helpers.tpl +++ b/charts/datadog/templates/_helpers.tpl @@ -903,34 +903,4 @@ Create RBACs for custom resources {{- end -}} {{- end -}} -{{/* -Return all namespaces with enabled Single Step Instrumentation. If instrumentation.enabledNamespaces contains the namespace where Datadog is installed, -it will be removed. -*/}} -{{- define "apmInstrumentation.enabledNamespaces" -}} -{{- if and .Values.datadog.apm .Values.datadog.apm.instrumentation -}} -{{- if and .Values.datadog.apm.instrumentation.enabledNamespaces (not .Values.datadog.apm.instrumentation.enabled) -}} -{{- if has .Release.Namespace .Values.datadog.apm.instrumentation.enabledNamespaces -}} -{{- $ns := mustWithout .Values.datadog.apm.instrumentation.enabledNamespaces .Release.Namespace -}} -{{- if $ns -}} -{{- $ns | toJson | quote -}} -{{- end -}} -{{- else -}} -{{- .Values.datadog.apm.instrumentation.enabledNamespaces | toJson | quote -}} -{{- end -}} -{{- end -}} -{{- end -}} -{{- end -}} -{{/* -Return all namespaces with disabled Single Step Instrumentation -*/}} -{{- define "apmInstrumentation.disabledNamespaces" -}} -{{- if and .Values.datadog.apm .Values.datadog.apm.instrumentation -}} -{{- if and .Values.datadog.apm.instrumentation.disabledNamespaces .Values.datadog.apm.instrumentation.enabled -}} -{{- append .Values.datadog.apm.instrumentation.disabledNamespaces .Release.Namespace | toJson | quote -}} -{{- else if .Values.datadog.apm.instrumentation.enabled -}} -{{- list .Release.Namespace | toJson | quote -}} -{{- end -}} -{{- end -}} -{{- end -}} diff --git a/charts/datadog/templates/cluster-agent-deployment.yaml b/charts/datadog/templates/cluster-agent-deployment.yaml index d0bc7b0d3..c86d8bf45 100644 --- a/charts/datadog/templates/cluster-agent-deployment.yaml +++ b/charts/datadog/templates/cluster-agent-deployment.yaml @@ -239,15 +239,15 @@ spec: value: {{ include "clusterAgent-remoteConfiguration-enabled" . | quote }} {{- if .Values.datadog.apm.instrumentation.enabled }} - name: DD_APM_INSTRUMENTATION_ENABLED - value: "true" + value: {{ .Values.datadog.apm.instrumentation.enabled | quote }} {{- end }} - {{- if ne (include "apmInstrumentation.enabledNamespaces" .) "" }} + {{- if .Values.datadog.apm.instrumentation.enabledNamespaces }} - name: DD_APM_INSTRUMENTATION_ENABLED_NAMESPACES - value: {{ include "apmInstrumentation.enabledNamespaces" . }} + value: {{ .Values.datadog.apm.instrumentation.enabledNamespaces | toJson | quote }} {{- end }} - {{- if ne (include "apmInstrumentation.disabledNamespaces" .) "" }} + {{- if .Values.datadog.apm.instrumentation.disabledNamespaces }} - name: DD_APM_INSTRUMENTATION_DISABLED_NAMESPACES - value: {{ include "apmInstrumentation.disabledNamespaces" . }} + value: {{ .Values.datadog.apm.instrumentation.disabledNamespaces | toJson | quote }} {{- end }} {{- if .Values.datadog.apm.instrumentation.libVersions }} - name: DD_APM_INSTRUMENTATION_LIB_VERSIONS From 84cd80e96696569451c54be0e22d8917a720f9e5 Mon Sep 17 00:00:00 2001 From: Cedric Lamoriniere Date: Mon, 11 Mar 2024 15:57:28 +0100 Subject: [PATCH 019/209] Avoid running e2e state during mergequeue run (#1341) the current `e2e` gitlab-ci job is manual. to avoid running it during the merge-queue process a new rules is needed to check the CI_COMMIT_BRANCH --- .gitlab-ci.yml | 2 ++ 1 file changed, 2 insertions(+) diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml index 6a2598a02..33a87c262 100644 --- a/.gitlab-ci.yml +++ b/.gitlab-ci.yml @@ -4,6 +4,8 @@ stages: e2e: stage: e2e rules: + - if: '$CI_COMMIT_BRANCH =~ /^mq-working-branch-/' + when: never - if: $CI_COMMIT_BRANCH == "main" changes: paths: From 01b4c40b74533e78e73f53e266b2dc939589cabd Mon Sep 17 00:00:00 2001 From: Cedric Lamoriniere Date: Mon, 11 Mar 2024 18:55:59 +0100 Subject: [PATCH 020/209] Run e2e tests during mergequeue for `datadog` chart (#1342) * Run e2e tests during mergequeue for `datadog` chart * Update .gitlab-ci.yml --- .gitlab-ci.yml | 16 ++++++++++++++-- 1 file changed, 14 insertions(+), 2 deletions(-) diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml index 33a87c262..7d92a3ff0 100644 --- a/.gitlab-ci.yml +++ b/.gitlab-ci.yml @@ -1,20 +1,32 @@ stages: - e2e +variables: + RUN_E2E_TEST: + description: "set RUN_E2E_TEST to 'true' if you want to trigger the e2e test on your pipeline." + e2e: stage: e2e rules: + - if: '$CI_COMMIT_BRANCH =~ /^mq-working-branch-/' + changes: + paths: + - charts/datadog/*.yaml + - test/**/* + compare_to: "refs/heads/main" + when: always - if: '$CI_COMMIT_BRANCH =~ /^mq-working-branch-/' when: never - if: $CI_COMMIT_BRANCH == "main" changes: paths: - - charts/**/*.yaml + - charts/datadog/** - test/**/* compare_to: "refs/heads/main" when: always - - if: $CI_COMMIT_BRANCH != "main" + - if: $RUN_E2E_TEST == "true" when: manual + - when: never image: 486234852809.dkr.ecr.us-east-1.amazonaws.com/ci/test-infra-definitions/runner:95dca87f269a tags: ["arch:amd64"] variables: From 40d8e3313397b3f901f0b65af81c2be04add0fe6 Mon Sep 17 00:00:00 2001 From: Jake Pruitt Date: Thu, 14 Mar 2024 13:58:21 +0100 Subject: [PATCH 021/209] [Synthetics] Update PL version to 1.45.0 (#1340) * [Synthetics] Update PL version to 1.45.0 * Update charts/synthetics-private-location/README.md Co-authored-by: Benoit Ruiz --------- Co-authored-by: Benoit Ruiz --- charts/synthetics-private-location/CHANGELOG.md | 4 ++++ charts/synthetics-private-location/Chart.yaml | 4 ++-- charts/synthetics-private-location/README.md | 4 ++-- charts/synthetics-private-location/values.yaml | 2 +- 4 files changed, 9 insertions(+), 5 deletions(-) diff --git a/charts/synthetics-private-location/CHANGELOG.md b/charts/synthetics-private-location/CHANGELOG.md index fd5e381a4..dfc1852b8 100644 --- a/charts/synthetics-private-location/CHANGELOG.md +++ b/charts/synthetics-private-location/CHANGELOG.md @@ -1,5 +1,9 @@ # Datadog changelog +## 0.15.27 + +* Update private location image version to `1.45.0`. + ## 0.15.26 * Migrate from `kubeval` to `kubeconform` for ci chart validation. diff --git a/charts/synthetics-private-location/Chart.yaml b/charts/synthetics-private-location/Chart.yaml index 18ce0b289..28ae39435 100644 --- a/charts/synthetics-private-location/Chart.yaml +++ b/charts/synthetics-private-location/Chart.yaml @@ -1,7 +1,7 @@ apiVersion: v2 name: synthetics-private-location -version: 0.15.26 -appVersion: 1.44.0 +version: 0.15.27 +appVersion: 1.45.0 description: Datadog Synthetics Private Location keywords: - monitoring diff --git a/charts/synthetics-private-location/README.md b/charts/synthetics-private-location/README.md index 9224ef930..0fdcf183f 100644 --- a/charts/synthetics-private-location/README.md +++ b/charts/synthetics-private-location/README.md @@ -1,6 +1,6 @@ # Datadog Synthetics Private Location -![Version: 0.15.26](https://img.shields.io/badge/Version-0.15.26-informational?style=flat-square) ![AppVersion: 1.44.0](https://img.shields.io/badge/AppVersion-1.44.0-informational?style=flat-square) +![Version: 0.15.27](https://img.shields.io/badge/Version-0.15.27-informational?style=flat-square) ![AppVersion: 1.45.0](https://img.shields.io/badge/AppVersion-1.45.0-informational?style=flat-square) [Datadog](https://www.datadoghq.com/) is a hosted infrastructure monitoring platform. This chart adds a Datadog Synthetics Private Location Deployment. For more information about synthetics monitoring with Datadog, please refer to the [Datadog documentation website](https://docs.datadoghq.com/synthetics/private_locations). @@ -40,7 +40,7 @@ helm install datadog/synthetics-private-location --set-file confi | hostAliases | list | `[]` | Add entries to Datadog Synthetics Private Location PODs' /etc/hosts | | image.pullPolicy | string | `"IfNotPresent"` | Define the pullPolicy for Datadog Synthetics Private Location image | | image.repository | string | `"gcr.io/datadoghq/synthetics-private-location-worker"` | Repository to use for Datadog Synthetics Private Location image | -| image.tag | string | `"1.44.0"` | Define the Datadog Synthetics Private Location version to use | +| image.tag | string | `"1.45.0"` | Define the Datadog Synthetics Private Location version to use | | imagePullSecrets | list | `[]` | Datadog Synthetics Private Location repository pullSecret (ex: specify docker registry credentials) | | nameOverride | string | `""` | Override name of app | | nodeSelector | object | `{}` | Allows to schedule Datadog Synthetics Private Location on specific nodes | diff --git a/charts/synthetics-private-location/values.yaml b/charts/synthetics-private-location/values.yaml index ac7c9705b..cbc1b2869 100644 --- a/charts/synthetics-private-location/values.yaml +++ b/charts/synthetics-private-location/values.yaml @@ -15,7 +15,7 @@ image: # image.pullPolicy -- Define the pullPolicy for Datadog Synthetics Private Location image pullPolicy: IfNotPresent # image.tag -- Define the Datadog Synthetics Private Location version to use - tag: 1.44.0 + tag: 1.45.0 # dnsPolicy -- DNS Policy to set to the Datadog Synthetics Private Location PODs dnsPolicy: ClusterFirst From dec6a84538cb45aa88985e052725c2ead21c6003 Mon Sep 17 00:00:00 2001 From: Celene Date: Fri, 15 Mar 2024 21:57:18 -0400 Subject: [PATCH 022/209] [datadog-operator] bump chart to 1.5.2 (#1349) --- charts/datadog-operator/Chart.yaml | 2 +- charts/datadog-operator/README.md | 2 +- test/datadog-operator/baseline/Operator_Deployment_default.yaml | 2 +- .../baseline/Operator_Deployment_with_certManager.yaml | 2 +- 4 files changed, 4 insertions(+), 4 deletions(-) diff --git a/charts/datadog-operator/Chart.yaml b/charts/datadog-operator/Chart.yaml index 1a06dc951..b61be3b7f 100644 --- a/charts/datadog-operator/Chart.yaml +++ b/charts/datadog-operator/Chart.yaml @@ -1,6 +1,6 @@ apiVersion: v2 name: datadog-operator -version: 1.5.1 +version: 1.5.2 appVersion: 1.4.0 description: Datadog Operator keywords: diff --git a/charts/datadog-operator/README.md b/charts/datadog-operator/README.md index 75e029d94..6343ff3e0 100644 --- a/charts/datadog-operator/README.md +++ b/charts/datadog-operator/README.md @@ -1,6 +1,6 @@ # Datadog Operator -![Version: 1.5.1](https://img.shields.io/badge/Version-1.5.1-informational?style=flat-square) ![AppVersion: 1.4.0](https://img.shields.io/badge/AppVersion-1.4.0-informational?style=flat-square) +![Version: 1.5.2](https://img.shields.io/badge/Version-1.5.2-informational?style=flat-square) ![AppVersion: 1.4.0](https://img.shields.io/badge/AppVersion-1.4.0-informational?style=flat-square) ## Values diff --git a/test/datadog-operator/baseline/Operator_Deployment_default.yaml b/test/datadog-operator/baseline/Operator_Deployment_default.yaml index 72d3f4534..ce97f5c1b 100644 --- a/test/datadog-operator/baseline/Operator_Deployment_default.yaml +++ b/test/datadog-operator/baseline/Operator_Deployment_default.yaml @@ -7,7 +7,7 @@ metadata: namespace: datadog-agent labels: app.kubernetes.io/name: datadog-operator - helm.sh/chart: datadog-operator-1.5.1 + helm.sh/chart: datadog-operator-1.5.2 app.kubernetes.io/instance: datadog-operator app.kubernetes.io/version: "1.4.0" app.kubernetes.io/managed-by: Helm diff --git a/test/datadog-operator/baseline/Operator_Deployment_with_certManager.yaml b/test/datadog-operator/baseline/Operator_Deployment_with_certManager.yaml index 6718a89a2..4c159d5ef 100644 --- a/test/datadog-operator/baseline/Operator_Deployment_with_certManager.yaml +++ b/test/datadog-operator/baseline/Operator_Deployment_with_certManager.yaml @@ -7,7 +7,7 @@ metadata: namespace: datadog-agent labels: app.kubernetes.io/name: datadog-operator - helm.sh/chart: datadog-operator-1.5.1 + helm.sh/chart: datadog-operator-1.5.2 app.kubernetes.io/instance: datadog-operator app.kubernetes.io/version: "1.4.0" app.kubernetes.io/managed-by: Helm From 5133bd775e91f23e0f0bae071c48693d5c1281cb Mon Sep 17 00:00:00 2001 From: AliDatadog <125997632+AliDatadog@users.noreply.github.com> Date: Mon, 18 Mar 2024 14:43:20 +0100 Subject: [PATCH 023/209] Fix typo in notes (#1331) * fix typo in helm chart * [datadog] bump chart --------- Co-authored-by: Celene --- charts/datadog/CHANGELOG.md | 4 ++++ charts/datadog/Chart.yaml | 2 +- charts/datadog/README.md | 2 +- charts/datadog/templates/NOTES.txt | 2 +- 4 files changed, 7 insertions(+), 3 deletions(-) diff --git a/charts/datadog/CHANGELOG.md b/charts/datadog/CHANGELOG.md index 5fd263f26..fbc8161a8 100644 --- a/charts/datadog/CHANGELOG.md +++ b/charts/datadog/CHANGELOG.md @@ -1,5 +1,9 @@ # Datadog changelog +## 3.58.1 + +* Fix typo in PodSecurityPolicy warning note. + ## 3.58.0 * Change configuration options for APM Instrumentation. Starting from Agent and Cluster-Agent version `7.51.0` APM Instrumentation needs to be configured using the following configuration options: diff --git a/charts/datadog/Chart.yaml b/charts/datadog/Chart.yaml index 3ee2a54dd..92e3e2231 100644 --- a/charts/datadog/Chart.yaml +++ b/charts/datadog/Chart.yaml @@ -1,6 +1,6 @@ apiVersion: v1 name: datadog -version: 3.58.0 +version: 3.58.1 appVersion: "7" description: Datadog Agent keywords: diff --git a/charts/datadog/README.md b/charts/datadog/README.md index b632839d4..a44d702de 100644 --- a/charts/datadog/README.md +++ b/charts/datadog/README.md @@ -1,6 +1,6 @@ # Datadog -![Version: 3.58.0](https://img.shields.io/badge/Version-3.58.0-informational?style=flat-square) ![AppVersion: 7](https://img.shields.io/badge/AppVersion-7-informational?style=flat-square) +![Version: 3.58.1](https://img.shields.io/badge/Version-3.58.1-informational?style=flat-square) ![AppVersion: 7](https://img.shields.io/badge/AppVersion-7-informational?style=flat-square) [Datadog](https://www.datadoghq.com/) is a hosted infrastructure monitoring platform. This chart adds the Datadog Agent to all nodes in your cluster via a DaemonSet. It also optionally depends on the [kube-state-metrics chart](https://github.com/prometheus-community/helm-charts/tree/main/charts/kube-state-metrics). For more information about monitoring Kubernetes with Datadog, please refer to the [Datadog documentation website](https://docs.datadoghq.com/agent/basic_agent_usage/kubernetes/). diff --git a/charts/datadog/templates/NOTES.txt b/charts/datadog/templates/NOTES.txt index 752e205c1..e3575c2cf 100644 --- a/charts/datadog/templates/NOTES.txt +++ b/charts/datadog/templates/NOTES.txt @@ -524,7 +524,7 @@ To send OTLP data to the Agent use the Service created by specifying "http://{{ ################################################################# #### WARNING: Incompatibility #### ################################################################# -You have enabled creataion of PodSecurityPolicy, however PSP have been removed from Kubernetes >= 1.25, thus PSP will not be created. +You have enabled creation of PodSecurityPolicy, however PSP have been removed from Kubernetes >= 1.25, thus PSP will not be created. You should deactivate these options: clusterAgent.podSecurity.podSecurityPolicy.create and/or agents.podSecurity.podSecurityPolicy.create {{- end }} From b11447bcb1f3fd33cfa2617c7d7f349056b14276 Mon Sep 17 00:00:00 2001 From: Cedric Lamoriniere Date: Thu, 21 Mar 2024 14:41:46 +0100 Subject: [PATCH 024/209] feat(datadog): set default version to 7.52.0 (#1351) --- charts/datadog/CHANGELOG.md | 4 ++++ charts/datadog/Chart.yaml | 2 +- charts/datadog/README.md | 8 ++++---- charts/datadog/values.yaml | 6 +++--- 4 files changed, 12 insertions(+), 8 deletions(-) diff --git a/charts/datadog/CHANGELOG.md b/charts/datadog/CHANGELOG.md index fbc8161a8..d0c62e05f 100644 --- a/charts/datadog/CHANGELOG.md +++ b/charts/datadog/CHANGELOG.md @@ -1,5 +1,9 @@ # Datadog changelog +## 3.59.0 + +* Set default `Agent` and `Cluster-Agent` version to `7.52.0`. + ## 3.58.1 * Fix typo in PodSecurityPolicy warning note. diff --git a/charts/datadog/Chart.yaml b/charts/datadog/Chart.yaml index 92e3e2231..7a24a76b4 100644 --- a/charts/datadog/Chart.yaml +++ b/charts/datadog/Chart.yaml @@ -1,6 +1,6 @@ apiVersion: v1 name: datadog -version: 3.58.1 +version: 3.59.0 appVersion: "7" description: Datadog Agent keywords: diff --git a/charts/datadog/README.md b/charts/datadog/README.md index a44d702de..30e41dc28 100644 --- a/charts/datadog/README.md +++ b/charts/datadog/README.md @@ -1,6 +1,6 @@ # Datadog -![Version: 3.58.1](https://img.shields.io/badge/Version-3.58.1-informational?style=flat-square) ![AppVersion: 7](https://img.shields.io/badge/AppVersion-7-informational?style=flat-square) +![Version: 3.59.0](https://img.shields.io/badge/Version-3.59.0-informational?style=flat-square) ![AppVersion: 7](https://img.shields.io/badge/AppVersion-7-informational?style=flat-square) [Datadog](https://www.datadoghq.com/) is a hosted infrastructure monitoring platform. This chart adds the Datadog Agent to all nodes in your cluster via a DaemonSet. It also optionally depends on the [kube-state-metrics chart](https://github.com/prometheus-community/helm-charts/tree/main/charts/kube-state-metrics). For more information about monitoring Kubernetes with Datadog, please refer to the [Datadog documentation website](https://docs.datadoghq.com/agent/basic_agent_usage/kubernetes/). @@ -508,7 +508,7 @@ helm install \ | agents.image.pullPolicy | string | `"IfNotPresent"` | Datadog Agent image pull policy | | agents.image.pullSecrets | list | `[]` | Datadog Agent repository pullSecret (ex: specify docker registry credentials) | | agents.image.repository | string | `nil` | Override default registry + image.name for Agent | -| agents.image.tag | string | `"7.51.0"` | Define the Agent version to use | +| agents.image.tag | string | `"7.52.0"` | Define the Agent version to use | | agents.image.tagSuffix | string | `""` | Suffix to append to Agent tag | | agents.localService.forceLocalServiceEnabled | bool | `false` | Force the creation of the internal traffic policy service to target the agent running on the local node. By default, the internal traffic service is created only on Kubernetes 1.22+ where the feature became beta and enabled by default. This option allows to force the creation of the internal traffic service on kubernetes 1.21 where the feature was alpha and required a feature gate to be explicitly enabled. | | agents.localService.overrideName | string | `""` | Name of the internal traffic service to target the agent running on the local node | @@ -574,7 +574,7 @@ helm install \ | clusterAgent.image.pullPolicy | string | `"IfNotPresent"` | Cluster Agent image pullPolicy | | clusterAgent.image.pullSecrets | list | `[]` | Cluster Agent repository pullSecret (ex: specify docker registry credentials) | | clusterAgent.image.repository | string | `nil` | Override default registry + image.name for Cluster Agent | -| clusterAgent.image.tag | string | `"7.51.0"` | Cluster Agent image tag to use | +| clusterAgent.image.tag | string | `"7.52.0"` | Cluster Agent image tag to use | | clusterAgent.livenessProbe | object | Every 15s / 6 KO / 1 OK | Override default Cluster Agent liveness probe settings | | clusterAgent.metricsProvider.aggregator | string | `"avg"` | Define the aggregator the cluster agent will use to process the metrics. The options are (avg, min, max, sum) | | clusterAgent.metricsProvider.createReaderRbac | bool | `true` | Create `external-metrics-reader` RBAC automatically (to allow HPA to read data from Cluster Agent) | @@ -625,7 +625,7 @@ helm install \ | clusterChecksRunner.image.pullPolicy | string | `"IfNotPresent"` | Datadog Agent image pull policy | | clusterChecksRunner.image.pullSecrets | list | `[]` | Datadog Agent repository pullSecret (ex: specify docker registry credentials) | | clusterChecksRunner.image.repository | string | `nil` | Override default registry + image.name for Cluster Check Runners | -| clusterChecksRunner.image.tag | string | `"7.51.0"` | Define the Agent version to use | +| clusterChecksRunner.image.tag | string | `"7.52.0"` | Define the Agent version to use | | clusterChecksRunner.image.tagSuffix | string | `""` | Suffix to append to Agent tag | | clusterChecksRunner.livenessProbe | object | Every 15s / 6 KO / 1 OK | Override default agent liveness probe settings | | clusterChecksRunner.networkPolicy.create | bool | `false` | If true, create a NetworkPolicy for the cluster checks runners. DEPRECATED. Use datadog.networkPolicy.create instead | diff --git a/charts/datadog/values.yaml b/charts/datadog/values.yaml index 8f805415a..748be61c2 100644 --- a/charts/datadog/values.yaml +++ b/charts/datadog/values.yaml @@ -891,7 +891,7 @@ clusterAgent: name: cluster-agent # clusterAgent.image.tag -- Cluster Agent image tag to use - tag: 7.51.0 + tag: 7.52.0 # clusterAgent.image.digest -- Cluster Agent image digest to use, takes precedence over tag if specified digest: "" @@ -1319,7 +1319,7 @@ agents: name: agent # agents.image.tag -- Define the Agent version to use - tag: 7.51.0 + tag: 7.52.0 # agents.image.digest -- Define Agent image digest to use, takes precedence over tag if specified digest: "" @@ -1787,7 +1787,7 @@ clusterChecksRunner: name: agent # clusterChecksRunner.image.tag -- Define the Agent version to use - tag: 7.51.0 + tag: 7.52.0 # clusterChecksRunner.image.digest -- Define Agent image digest to use, takes precedence over tag if specified digest: "" From 433211e9a77e0158789ce1e2d907aba602831856 Mon Sep 17 00:00:00 2001 From: levan-m <116471169+levan-m@users.noreply.github.com> Date: Thu, 21 Mar 2024 10:35:25 -0400 Subject: [PATCH 025/209] Agent sidecar injection support via Admission Controller (#1348) * Add basic baseline tests for agent chart * baselines for AC sidecar injection * Agent sidecar injection support via Admission Controller * Update charts/datadog/values.yaml Co-authored-by: Celene * Update charts/datadog/values.yaml Co-authored-by: Celene * Update charts/datadog/values.yaml Co-authored-by: Celene * Update charts/datadog/values.yaml Co-authored-by: Celene * Update charts/datadog/values.yaml Co-authored-by: Celene * Update charts/datadog/values.yaml Co-authored-by: Celene * Update charts/datadog/values.yaml Co-authored-by: Celene * Update charts/datadog/values.yaml Co-authored-by: Celene * Update charts/datadog/README.md Co-authored-by: Celene * PR review updates * Update charts/datadog/values.yaml Co-authored-by: Celene * Update charts/datadog/values.yaml Co-authored-by: Celene * PR review updates 2 * Update charts/datadog/values.yaml Co-authored-by: Celene * doc generate * Set chart version to 3.59.1 --------- Co-authored-by: Celene --- .github/workflows/go-test.yaml | 4 +- charts/datadog/CHANGELOG.md | 4 + charts/datadog/Chart.yaml | 2 +- charts/datadog/README.md | 10 +- .../templates/_ac-agent-sidecar-env.yaml | 50 + .../templates/cluster-agent-deployment.yaml | 1 + charts/datadog/values.yaml | 50 + test/common/common.go | 8 +- ...gent-clusterchecks-deployment_default.yaml | 181 ++ .../cluster-agent-deployment_default.yaml | 239 +++ ...loyment_default_advanced_AC_injection.yaml | 253 +++ ...ployment_default_minimal_AC_injection.yaml | 249 +++ test/datadog/baseline/daemonset_default.yaml | 475 +++++ test/datadog/baseline/other_default.yaml | 1674 +++++++++++++++++ test/datadog/baseline_test.go | 195 ++ test/datadog/dca_AC_sidecar_test.go | 162 ++ .../manifests/dca_AC_sidecar_advanced.yaml | 31 + .../dca_AC_sidecar_fargateMinimal.yaml | 8 + test/datadog/testmain_test.go | 13 + 19 files changed, 3604 insertions(+), 5 deletions(-) create mode 100644 charts/datadog/templates/_ac-agent-sidecar-env.yaml create mode 100644 test/datadog/baseline/agent-clusterchecks-deployment_default.yaml create mode 100644 test/datadog/baseline/cluster-agent-deployment_default.yaml create mode 100644 test/datadog/baseline/cluster-agent-deployment_default_advanced_AC_injection.yaml create mode 100644 test/datadog/baseline/cluster-agent-deployment_default_minimal_AC_injection.yaml create mode 100644 test/datadog/baseline/daemonset_default.yaml create mode 100644 test/datadog/baseline/other_default.yaml create mode 100644 test/datadog/baseline_test.go create mode 100644 test/datadog/dca_AC_sidecar_test.go create mode 100644 test/datadog/manifests/dca_AC_sidecar_advanced.yaml create mode 100644 test/datadog/manifests/dca_AC_sidecar_fargateMinimal.yaml create mode 100644 test/datadog/testmain_test.go diff --git a/.github/workflows/go-test.yaml b/.github/workflows/go-test.yaml index 544c57902..37f4f9816 100644 --- a/.github/workflows/go-test.yaml +++ b/.github/workflows/go-test.yaml @@ -2,11 +2,11 @@ name: Go Test on: push: paths: - - 'test/**' + - 'test/datadog-operator/**' - 'charts/datadog-operator/**' pull_request: paths: - - 'test/**' + - 'test/datadog-operator/**' - 'charts/datadog-operator/**' env: GO111MODULE: "on" diff --git a/charts/datadog/CHANGELOG.md b/charts/datadog/CHANGELOG.md index d0c62e05f..4932323ff 100644 --- a/charts/datadog/CHANGELOG.md +++ b/charts/datadog/CHANGELOG.md @@ -1,5 +1,9 @@ # Datadog changelog +## 3.59.1 + +* Add support for configuring Agent sidecar injection using Admission Controller. + ## 3.59.0 * Set default `Agent` and `Cluster-Agent` version to `7.52.0`. diff --git a/charts/datadog/Chart.yaml b/charts/datadog/Chart.yaml index 7a24a76b4..b5c5789de 100644 --- a/charts/datadog/Chart.yaml +++ b/charts/datadog/Chart.yaml @@ -1,6 +1,6 @@ apiVersion: v1 name: datadog -version: 3.59.0 +version: 3.59.1 appVersion: "7" description: Datadog Agent keywords: diff --git a/charts/datadog/README.md b/charts/datadog/README.md index 30e41dc28..68efd72a5 100644 --- a/charts/datadog/README.md +++ b/charts/datadog/README.md @@ -1,6 +1,6 @@ # Datadog -![Version: 3.59.0](https://img.shields.io/badge/Version-3.59.0-informational?style=flat-square) ![AppVersion: 7](https://img.shields.io/badge/AppVersion-7-informational?style=flat-square) +![Version: 3.59.1](https://img.shields.io/badge/Version-3.59.1-informational?style=flat-square) ![AppVersion: 7](https://img.shields.io/badge/AppVersion-7-informational?style=flat-square) [Datadog](https://www.datadoghq.com/) is a hosted infrastructure monitoring platform. This chart adds the Datadog Agent to all nodes in your cluster via a DaemonSet. It also optionally depends on the [kube-state-metrics chart](https://github.com/prometheus-community/helm-charts/tree/main/charts/kube-state-metrics). For more information about monitoring Kubernetes with Datadog, please refer to the [Datadog documentation website](https://docs.datadoghq.com/agent/basic_agent_usage/kubernetes/). @@ -544,6 +544,14 @@ helm install \ | agents.volumeMounts | list | `[]` | Specify additional volumes to mount in all containers of the agent pod | | agents.volumes | list | `[]` | Specify additional volumes to mount in the dd-agent container | | clusterAgent.additionalLabels | object | `{}` | Adds labels to the Cluster Agent deployment and pods | +| clusterAgent.admissionController.agentSidecarInjection.clusterAgentCommunicationEnabled | bool | `true` | Enable communication between Agent sidecars and the Cluster Agent. | +| clusterAgent.admissionController.agentSidecarInjection.containerRegistry | string | `nil` | | +| clusterAgent.admissionController.agentSidecarInjection.enabled | bool | `false` | Enables Datadog Agent sidecar injection. | +| clusterAgent.admissionController.agentSidecarInjection.imageName | string | `nil` | | +| clusterAgent.admissionController.agentSidecarInjection.imageTag | string | `nil` | | +| clusterAgent.admissionController.agentSidecarInjection.profiles | list | `[]` | Defines the sidecar configuration override, currently only one profile is supported. | +| clusterAgent.admissionController.agentSidecarInjection.provider | string | `nil` | Used by the admission controller to add infrastructure provider-specific configurations to the Agent sidecar. | +| clusterAgent.admissionController.agentSidecarInjection.selectors | list | `[]` | Defines the pod selector for sidecar injection, currently only one rule is supported. | | clusterAgent.admissionController.configMode | string | `nil` | The kind of configuration to be injected, it can be "hostip", "service", or "socket". | | clusterAgent.admissionController.enabled | bool | `true` | Enable the admissionController to be able to inject APM/Dogstatsd config and standard tags (env, service, version) automatically into your pods | | clusterAgent.admissionController.failurePolicy | string | `"Ignore"` | Set the failure policy for dynamic admission control.' | diff --git a/charts/datadog/templates/_ac-agent-sidecar-env.yaml b/charts/datadog/templates/_ac-agent-sidecar-env.yaml new file mode 100644 index 000000000..a2791003d --- /dev/null +++ b/charts/datadog/templates/_ac-agent-sidecar-env.yaml @@ -0,0 +1,50 @@ +{{- define "ac-agent-sidecar-env" -}} +{{- if and .Values.clusterAgent.admissionController.enabled .Values.clusterAgent.admissionController.agentSidecarInjection.enabled }} +- name: DD_ADMISSION_CONTROLLER_AGENT_SIDECAR_ENABLED + value: "true" +{{- if .Values.clusterAgent.admissionController.agentSidecarInjection.clusterAgentCommunicationEnabled }} +- name: DD_ADMISSION_CONTROLLER_AGENT_SIDECAR_CLUSTER_AGENT_ENABLED + value: "true" +{{- else }} +- name: DD_ADMISSION_CONTROLLER_AGENT_SIDECAR_CLUSTER_AGENT_ENABLED + value: "false" +{{- end }} +{{- if .Values.clusterAgent.admissionController.agentSidecarInjection.provider }} +- name: DD_ADMISSION_CONTROLLER_AGENT_SIDECAR_PROVIDER + value: {{ .Values.clusterAgent.admissionController.agentSidecarInjection.provider }} +{{- end }} + +{{- if .Values.clusterAgent.admissionController.agentSidecarInjection.containerRegistry }} +- name: DD_ADMISSION_CONTROLLER_AGENT_SIDECAR_CONTAINER_REGISTRY + value: {{ .Values.clusterAgent.admissionController.agentSidecarInjection.containerRegistry }} +{{- else if .Values.registry }} +- name: DD_ADMISSION_CONTROLLER_AGENT_SIDECAR_CONTAINER_REGISTRY + value: {{ .Values.registry }} +{{- end }} + +{{- if .Values.clusterAgent.admissionController.agentSidecarInjection.imageName }} +- name: DD_ADMISSION_CONTROLLER_AGENT_SIDECAR_IMAGE_NAME + value: {{ .Values.clusterAgent.admissionController.agentSidecarInjection.imageName }} +{{- else if .Values.agents.image.name}} +- name: DD_ADMISSION_CONTROLLER_AGENT_SIDECAR_IMAGE_NAME + value: {{ .Values.agents.image.name }} +{{- end }} + +{{- if .Values.clusterAgent.admissionController.agentSidecarInjection.imageTag }} +- name: DD_ADMISSION_CONTROLLER_AGENT_SIDECAR_IMAGE_TAG + value: {{ .Values.clusterAgent.admissionController.agentSidecarInjection.imageTag }} +{{- else if .Values.agents.image.tag}} +- name: DD_ADMISSION_CONTROLLER_AGENT_SIDECAR_IMAGE_TAG + value: {{ .Values.agents.image.tag }} +{{- end }} + +{{- if .Values.clusterAgent.admissionController.agentSidecarInjection.selectors }} +- name: DD_ADMISSION_CONTROLLER_AGENT_SIDECAR_SELECTORS + value: '{{ toJson .Values.clusterAgent.admissionController.agentSidecarInjection.selectors }}' +{{- end }} +{{- if .Values.clusterAgent.admissionController.agentSidecarInjection.profiles }} +- name: DD_ADMISSION_CONTROLLER_AGENT_SIDECAR_PROFILES + value: '{{ toJson .Values.clusterAgent.admissionController.agentSidecarInjection.profiles }}' +{{- end }} +{{- end }} +{{- end }} diff --git a/charts/datadog/templates/cluster-agent-deployment.yaml b/charts/datadog/templates/cluster-agent-deployment.yaml index c86d8bf45..cd7bd026f 100644 --- a/charts/datadog/templates/cluster-agent-deployment.yaml +++ b/charts/datadog/templates/cluster-agent-deployment.yaml @@ -235,6 +235,7 @@ spec: - name: DD_ADMISSION_CONTROLLER_AUTO_INSTRUMENTATION_PATCHER_ENABLED value: "true" {{- end }} + {{ include "ac-agent-sidecar-env" . | nindent 10 }} - name: DD_REMOTE_CONFIGURATION_ENABLED value: {{ include "clusterAgent-remoteConfiguration-enabled" . | quote }} {{- if .Values.datadog.apm.instrumentation.enabled }} diff --git a/charts/datadog/values.yaml b/charts/datadog/values.yaml index 748be61c2..f39b58904 100644 --- a/charts/datadog/values.yaml +++ b/charts/datadog/values.yaml @@ -1061,6 +1061,56 @@ clusterAgent: # clusterAgent.admissionController.port -- Set port of cluster-agent admission controller service port: 8000 + agentSidecarInjection: + # clusterAgent.admissionController.agentSidecarInjection.enabled -- Enables Datadog Agent sidecar injection. + + ## When enabled, the admission controller mutating webhook will inject an Agent sidecar with minimal configuration in every pod meeting the configured criteria. + enabled: false + + # clusterAgent.admissionController.agentSidecarInjection.provider -- Used by the admission controller to add infrastructure provider-specific configurations to the Agent sidecar. + + ## Currently only "fargate" is supported. To use the feature in other environments (including local testing) omit the config. + ## ref: https://docs.datadoghq.com/integrations/eks_fargate + provider: + + # clusterAgent.admissionController.agentSidecarInjection.clusterAgentCommunicationEnabled -- Enable communication between Agent sidecars and the Cluster Agent. + clusterAgentCommunicationEnabled: true + + # clusterAgent.admissionController.containerRegistry -- Override the default registry for the sidecar Agent. + containerRegistry: + + # clusterAgent.admissionController.imageName -- Override the default agents.image.name for the Agent sidecar. + imageName: + + # clusterAgent.admissionController.imageTag -- Override the default agents.image.tag for the Agent sidecar. + imageTag: + + # clusterAgent.admissionController.agentSidecarInjection.selectors -- Defines the pod selector for sidecar injection, currently only one rule is supported. + selectors: [] + # - objectSelector: + # matchLabels: + # "podlabelKey1": podlabelValue1 + # "podlabelKey2": podlabelValue2 + # namespaceSelector: + # matchLabels: + # "nsLabelKey1": nsLabelValue1 + # "nsLabelKey2": nsLabelValue2 + + # clusterAgent.admissionController.agentSidecarInjection.profiles -- Defines the sidecar configuration override, currently only one profile is supported. + + ## This setting allows overriding the sidecar Agent configuration by adding environment variables and providing resource settings. + profiles: [] + # - env: + # - name: DD_ORCHESTRATOR_EXPLORER_ENABLED + # value: "true" + # resources: + # requests: + # cpu: "1" + # memory: "512Mi" + # limits: + # cpu: "2" + # memory: "1024Mi" + # clusterAgent.confd -- Provide additional cluster check configurations. Each key will become a file in /conf.d. ## ref: https://docs.datadoghq.com/agent/autodiscovery/ diff --git a/test/common/common.go b/test/common/common.go index 07d25354d..c060ae173 100644 --- a/test/common/common.go +++ b/test/common/common.go @@ -37,7 +37,7 @@ func RenderChart(t *testing.T, cmd HelmCommand) (string, error) { ValuesFiles: cmd.Values, } - output, err := helm.RenderTemplateE(t, options, chartPath, cmd.ReleaseName, cmd.ShowOnly) + output, err := helm.RenderTemplateE(t, options, chartPath, cmd.ReleaseName, cmd.ShowOnly, "--debug") return output, err } @@ -80,6 +80,12 @@ func CreateSecretFromEnv(t *testing.T, kubectlOptions *k8s.KubectlOptions, apiKe } } +func ReadFile(t *testing.T, filepath string) string { + fileContent, err := os.ReadFile(filepath) + require.NoError(t, err, "can't load manifest from file", "path", filepath) + return string(fileContent) +} + func LoadFromFile[T any](t *testing.T, filepath string, destObj *T) string { fileContent, err := os.ReadFile(filepath) require.NoError(t, err, "can't load manifest from file", "path", filepath) diff --git a/test/datadog/baseline/agent-clusterchecks-deployment_default.yaml b/test/datadog/baseline/agent-clusterchecks-deployment_default.yaml new file mode 100644 index 000000000..7aa229602 --- /dev/null +++ b/test/datadog/baseline/agent-clusterchecks-deployment_default.yaml @@ -0,0 +1,181 @@ +--- +# Source: datadog/templates/agent-clusterchecks-deployment.yaml +apiVersion: apps/v1 +kind: Deployment +metadata: + name: datadog-clusterchecks + namespace: datadog-agent + labels: + helm.sh/chart: 'datadog-3.58.2' + app.kubernetes.io/name: "datadog" + app.kubernetes.io/instance: "datadog" + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/version: "7" + app.kubernetes.io/component: clusterchecks-agent + +spec: + replicas: 2 + revisionHistoryLimit: 10 + strategy: + rollingUpdate: + maxSurge: 1 + maxUnavailable: 0 + type: RollingUpdate + selector: + matchLabels: + app: datadog-clusterchecks + template: + metadata: + labels: + app.kubernetes.io/name: "datadog" + app.kubernetes.io/instance: "datadog" + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/component: clusterchecks-agent + admission.datadoghq.com/enabled: "false" + app: datadog-clusterchecks + + name: datadog-clusterchecks + annotations: + checksum/clusteragent_token: 999b326e98e9596150bcbfd45becfdc4695634b0d8198c59d43ce7043ac9a611 + checksum/install_info: 3c5d7a2732f453d72b241f37b74f59319bcbf51e387a8fc35dc47bc4a1a7a390 + spec: + serviceAccountName: datadog-cluster-checks + automountServiceAccountToken: true + imagePullSecrets: + [] + initContainers: + - name: init-volume + image: "gcr.io/datadoghq/agent:7.51.0" + imagePullPolicy: IfNotPresent + command: ["bash", "-c"] + args: + - cp -r /etc/datadog-agent /opt + volumeMounts: + - name: config + mountPath: /opt/datadog-agent + readOnly: false # Need RW for writing agent config files + resources: + {} + - name: init-config + image: "gcr.io/datadoghq/agent:7.51.0" + imagePullPolicy: IfNotPresent + command: ["bash", "-c"] + args: + - for script in $(find /etc/cont-init.d/ -type f -name '*.sh' | sort) ; do bash $script ; done + volumeMounts: + - name: config + mountPath: /etc/datadog-agent + readOnly: false # Need RW for writing datadog.yaml config file + resources: + {} + containers: + - name: agent + image: "gcr.io/datadoghq/agent:7.51.0" + command: ["bash", "-c"] + args: + - rm -rf /etc/datadog-agent/conf.d && touch /etc/datadog-agent/datadog.yaml && exec agent run + imagePullPolicy: IfNotPresent + env: + - name: DD_API_KEY + valueFrom: + secretKeyRef: + name: "datadog-secret" + key: api-key + - name: KUBERNETES + value: "yes" + - name: DD_LOG_LEVEL + value: "INFO" + - name: DD_EXTRA_CONFIG_PROVIDERS + value: "clusterchecks" + - name: DD_HEALTH_PORT + value: "5557" + # Cluster checks (cluster-agent communication) + - name: DD_CLUSTER_AGENT_ENABLED + value: "true" + - name: DD_CLUSTER_AGENT_KUBERNETES_SERVICE_NAME + value: datadog-cluster-agent + - name: DD_CLUSTER_AGENT_AUTH_TOKEN + valueFrom: + secretKeyRef: + name: datadog-cluster-agent + key: token + # Safely run alongside the daemonset + - name: DD_ENABLE_METADATA_COLLECTION + value: "false" + # Expose CLC stats + - name: DD_CLC_RUNNER_ENABLED + value: "true" + - name: DD_CLC_RUNNER_HOST + valueFrom: + fieldRef: + fieldPath: status.podIP + - name: DD_CLC_RUNNER_ID + valueFrom: + fieldRef: + fieldPath: metadata.name + # Remove unused features + - name: DD_USE_DOGSTATSD + value: "false" + - name: DD_PROCESS_AGENT_ENABLED + value: "false" + - name: DD_LOGS_ENABLED + value: "false" + - name: DD_APM_ENABLED + value: "false" + - name: DD_REMOTE_CONFIGURATION_ENABLED + value: "false" + - name: DD_HOSTNAME + valueFrom: + fieldRef: + fieldPath: spec.nodeName + + + resources: + {} + volumeMounts: + - name: installinfo + subPath: install_info + mountPath: /etc/datadog-agent/install_info + readOnly: true + - name: config + mountPath: /etc/datadog-agent + readOnly: false # Need RW for config path + livenessProbe: + failureThreshold: 6 + httpGet: + path: /live + port: 5557 + scheme: HTTP + initialDelaySeconds: 15 + periodSeconds: 15 + successThreshold: 1 + timeoutSeconds: 5 + readinessProbe: + failureThreshold: 6 + httpGet: + path: /ready + port: 5557 + scheme: HTTP + initialDelaySeconds: 15 + periodSeconds: 15 + successThreshold: 1 + timeoutSeconds: 5 + volumes: + - name: installinfo + configMap: + name: datadog-installinfo + - name: config + emptyDir: {} + affinity: + # Prefer scheduling the runners on different nodes if possible + # for better checks stability in case of node failure. + podAntiAffinity: + preferredDuringSchedulingIgnoredDuringExecution: + - weight: 50 + podAffinityTerm: + labelSelector: + matchLabels: + app: datadog-clusterchecks + topologyKey: kubernetes.io/hostname + nodeSelector: + kubernetes.io/os: linux \ No newline at end of file diff --git a/test/datadog/baseline/cluster-agent-deployment_default.yaml b/test/datadog/baseline/cluster-agent-deployment_default.yaml new file mode 100644 index 000000000..7668108cb --- /dev/null +++ b/test/datadog/baseline/cluster-agent-deployment_default.yaml @@ -0,0 +1,239 @@ +--- +# Source: datadog/templates/cluster-agent-deployment.yaml +apiVersion: apps/v1 +kind: Deployment +metadata: + name: datadog-cluster-agent + namespace: datadog-agent + labels: + helm.sh/chart: 'datadog-3.58.2' + app.kubernetes.io/name: "datadog" + app.kubernetes.io/instance: "datadog" + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/version: "7" + app.kubernetes.io/component: cluster-agent + +spec: + replicas: 1 + revisionHistoryLimit: 10 + strategy: + rollingUpdate: + maxSurge: 1 + maxUnavailable: 0 + type: RollingUpdate + selector: + matchLabels: + app: datadog-cluster-agent + template: + metadata: + labels: + app.kubernetes.io/name: "datadog" + app.kubernetes.io/instance: "datadog" + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/component: cluster-agent + admission.datadoghq.com/enabled: "false" + app: datadog-cluster-agent + + name: datadog-cluster-agent + annotations: + checksum/clusteragent_token: cb4b859f7f7c7e495dcca4e6471a201cf8c7eb77134fbcaaf27e5a5b5ef1b9b8 + checksum/clusteragent-configmap: c4ebd3c35d77ac0260f47e1ec10c9733cd76488f4232f76f26466174b922b430 + checksum/api_key: 3c042e07978640da60c9adc10c03acb2e68c176d8f5ecc4c1c8d216051f476a5 + checksum/application_key: 01ba4719c80b6fe911b091a7c05124b64eeece964e09c058ef8f9805daca546b + checksum/install_info: 3c5d7a2732f453d72b241f37b74f59319bcbf51e387a8fc35dc47bc4a1a7a390 + spec: + serviceAccountName: datadog-cluster-agent + automountServiceAccountToken: true + initContainers: + - name: init-volume + image: "gcr.io/datadoghq/cluster-agent:7.51.0" + imagePullPolicy: IfNotPresent + command: + - cp + - -r + args: + - /etc/datadog-agent + - /opt + volumeMounts: + - name: config + mountPath: /opt/datadog-agent + containers: + - name: cluster-agent + image: "gcr.io/datadoghq/cluster-agent:7.51.0" + imagePullPolicy: IfNotPresent + resources: + {} + ports: + - containerPort: 5005 + name: agentport + protocol: TCP + - containerPort: 5000 + name: agentmetrics + protocol: TCP + - containerPort: 8000 + name: datadog-webhook + protocol: TCP + env: + - name: DD_POD_NAME + valueFrom: + fieldRef: + fieldPath: metadata.name + - name: DD_HEALTH_PORT + value: "5556" + - name: DD_API_KEY + valueFrom: + secretKeyRef: + name: "datadog" + key: api-key + optional: true + + - name: KUBERNETES + value: "yes" + - name: DD_ADMISSION_CONTROLLER_ENABLED + value: "true" + - name: DD_ADMISSION_CONTROLLER_WEBHOOK_NAME + value: "datadog-webhook" + - name: DD_ADMISSION_CONTROLLER_MUTATE_UNLABELLED + value: "false" + - name: DD_ADMISSION_CONTROLLER_SERVICE_NAME + value: datadog-cluster-agent-admission-controller + - name: DD_ADMISSION_CONTROLLER_INJECT_CONFIG_MODE + value: socket + - name: DD_ADMISSION_CONTROLLER_INJECT_CONFIG_LOCAL_SERVICE_NAME + value: datadog + - name: DD_ADMISSION_CONTROLLER_FAILURE_POLICY + value: "Ignore" + - name: DD_ADMISSION_CONTROLLER_PORT + value: "8000" + + + - name: DD_REMOTE_CONFIGURATION_ENABLED + value: "false" + - name: DD_CLUSTER_CHECKS_ENABLED + value: "true" + - name: DD_EXTRA_CONFIG_PROVIDERS + value: "kube_endpoints kube_services" + - name: DD_EXTRA_LISTENERS + value: "kube_endpoints kube_services" + - name: DD_LOG_LEVEL + value: "INFO" + - name: DD_LEADER_ELECTION + value: "true" + - name: DD_LEADER_ELECTION_DEFAULT_RESOURCE + value: "configmap" + - name: DD_LEADER_LEASE_NAME + value: datadog-leader-election + - name: DD_CLUSTER_AGENT_TOKEN_NAME + value: datadogtoken + - name: DD_COLLECT_KUBERNETES_EVENTS + value: "true" + - name: DD_CLUSTER_AGENT_KUBERNETES_SERVICE_NAME + value: datadog-cluster-agent + - name: DD_CLUSTER_AGENT_AUTH_TOKEN + valueFrom: + secretKeyRef: + name: datadog-cluster-agent + key: token + - name: DD_CLUSTER_AGENT_COLLECT_KUBERNETES_TAGS + value: "false" + - name: DD_KUBE_RESOURCES_NAMESPACE + value: datadog-agent + - name: CHART_RELEASE_NAME + value: "datadog" + - name: AGENT_DAEMONSET + value: datadog + - name: CLUSTER_AGENT_DEPLOYMENT + value: datadog-cluster-agent + - name: DD_ORCHESTRATOR_EXPLORER_ENABLED + value: "true" + - name: DD_ORCHESTRATOR_EXPLORER_CONTAINER_SCRUBBING_ENABLED + value: "true" + - name: DD_INSTRUMENTATION_INSTALL_TIME + valueFrom: + configMapKeyRef: + name: datadog-kpi-telemetry-configmap + key: install_time + - name: DD_INSTRUMENTATION_INSTALL_ID + valueFrom: + configMapKeyRef: + name: datadog-kpi-telemetry-configmap + key: install_id + - name: DD_INSTRUMENTATION_INSTALL_TYPE + valueFrom: + configMapKeyRef: + name: datadog-kpi-telemetry-configmap + key: install_type + + livenessProbe: + failureThreshold: 6 + httpGet: + path: /live + port: 5556 + scheme: HTTP + initialDelaySeconds: 15 + periodSeconds: 15 + successThreshold: 1 + timeoutSeconds: 5 + readinessProbe: + failureThreshold: 6 + httpGet: + path: /ready + port: 5556 + scheme: HTTP + initialDelaySeconds: 15 + periodSeconds: 15 + successThreshold: 1 + timeoutSeconds: 5 + securityContext: + allowPrivilegeEscalation: false + readOnlyRootFilesystem: true + volumeMounts: + - name: datadogrun + mountPath: /opt/datadog-agent/run + readOnly: false + - name: varlog + mountPath: /var/log/datadog + readOnly: false + - name: tmpdir + mountPath: /tmp + readOnly: false + - name: installinfo + subPath: install_info + mountPath: /etc/datadog-agent/install_info + readOnly: true + - name: confd + mountPath: /conf.d + readOnly: true + - name: config + mountPath: /etc/datadog-agent + volumes: + - name: datadogrun + emptyDir: {} + - name: varlog + emptyDir: {} + - name: tmpdir + emptyDir: {} + - name: installinfo + configMap: + name: datadog-installinfo + - name: confd + configMap: + name: datadog-cluster-agent-confd + items: + - key: kubernetes_state_core.yaml.default + path: kubernetes_state_core.yaml.default + - name: config + emptyDir: {} + affinity: + # Prefer scheduling the cluster agents on different nodes + # to guarantee that the standby instance can immediately take the lead from a leader running of a faulty node. + podAntiAffinity: + preferredDuringSchedulingIgnoredDuringExecution: + - weight: 50 + podAffinityTerm: + labelSelector: + matchLabels: + app: datadog-cluster-agent + topologyKey: kubernetes.io/hostname + nodeSelector: + kubernetes.io/os: linux \ No newline at end of file diff --git a/test/datadog/baseline/cluster-agent-deployment_default_advanced_AC_injection.yaml b/test/datadog/baseline/cluster-agent-deployment_default_advanced_AC_injection.yaml new file mode 100644 index 000000000..80702f39b --- /dev/null +++ b/test/datadog/baseline/cluster-agent-deployment_default_advanced_AC_injection.yaml @@ -0,0 +1,253 @@ +--- +# Source: datadog/templates/cluster-agent-deployment.yaml +apiVersion: apps/v1 +kind: Deployment +metadata: + name: datadog-cluster-agent + namespace: datadog-agent + labels: + helm.sh/chart: 'datadog-3.58.2' + app.kubernetes.io/name: "datadog" + app.kubernetes.io/instance: "datadog" + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/version: "7" + app.kubernetes.io/component: cluster-agent + +spec: + replicas: 1 + revisionHistoryLimit: 10 + strategy: + rollingUpdate: + maxSurge: 1 + maxUnavailable: 0 + type: RollingUpdate + selector: + matchLabels: + app: datadog-cluster-agent + template: + metadata: + labels: + app.kubernetes.io/name: "datadog" + app.kubernetes.io/instance: "datadog" + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/component: cluster-agent + admission.datadoghq.com/enabled: "false" + app: datadog-cluster-agent + + name: datadog-cluster-agent + annotations: + checksum/clusteragent_token: cc4689bbc5f524d4080b164c621500d7f830d0aeef415c86a3535e76883577a3 + checksum/clusteragent-configmap: c4ebd3c35d77ac0260f47e1ec10c9733cd76488f4232f76f26466174b922b430 + checksum/api_key: 3c042e07978640da60c9adc10c03acb2e68c176d8f5ecc4c1c8d216051f476a5 + checksum/application_key: 01ba4719c80b6fe911b091a7c05124b64eeece964e09c058ef8f9805daca546b + checksum/install_info: 3c5d7a2732f453d72b241f37b74f59319bcbf51e387a8fc35dc47bc4a1a7a390 + spec: + serviceAccountName: datadog-cluster-agent + automountServiceAccountToken: true + initContainers: + - name: init-volume + image: "gcr.io/datadoghq/cluster-agent:7.51.0" + imagePullPolicy: IfNotPresent + command: + - cp + - -r + args: + - /etc/datadog-agent + - /opt + volumeMounts: + - name: config + mountPath: /opt/datadog-agent + containers: + - name: cluster-agent + image: "gcr.io/datadoghq/cluster-agent:7.51.0" + imagePullPolicy: IfNotPresent + resources: + {} + ports: + - containerPort: 5005 + name: agentport + protocol: TCP + - containerPort: 5000 + name: agentmetrics + protocol: TCP + - containerPort: 8000 + name: datadog-webhook + protocol: TCP + env: + - name: DD_POD_NAME + valueFrom: + fieldRef: + fieldPath: metadata.name + - name: DD_HEALTH_PORT + value: "5556" + - name: DD_API_KEY + valueFrom: + secretKeyRef: + name: "datadog" + key: api-key + optional: true + + - name: KUBERNETES + value: "yes" + - name: DD_ADMISSION_CONTROLLER_ENABLED + value: "true" + - name: DD_ADMISSION_CONTROLLER_WEBHOOK_NAME + value: "datadog-webhook" + - name: DD_ADMISSION_CONTROLLER_MUTATE_UNLABELLED + value: "false" + - name: DD_ADMISSION_CONTROLLER_SERVICE_NAME + value: datadog-cluster-agent-admission-controller + - name: DD_ADMISSION_CONTROLLER_INJECT_CONFIG_MODE + value: socket + - name: DD_ADMISSION_CONTROLLER_INJECT_CONFIG_LOCAL_SERVICE_NAME + value: datadog + - name: DD_ADMISSION_CONTROLLER_FAILURE_POLICY + value: "Ignore" + - name: DD_ADMISSION_CONTROLLER_PORT + value: "8000" + + + - name: DD_ADMISSION_CONTROLLER_AGENT_SIDECAR_ENABLED + value: "true" + - name: DD_ADMISSION_CONTROLLER_AGENT_SIDECAR_CLUSTER_AGENT_ENABLED + value: "false" + - name: DD_ADMISSION_CONTROLLER_AGENT_SIDECAR_CONTAINER_REGISTRY + value: gcr.io/datadoghq + - name: DD_ADMISSION_CONTROLLER_AGENT_SIDECAR_IMAGE_NAME + value: agent + - name: DD_ADMISSION_CONTROLLER_AGENT_SIDECAR_IMAGE_TAG + value: 7.52.0 + - name: DD_ADMISSION_CONTROLLER_AGENT_SIDECAR_SELECTORS + value: '[{"namespaceSelector":{"matchLabels":{"agentSidecars":"true"}},"objectSelector":{"matchLabels":{"app":"nginx","runsOn":"nodeless"}}}]' + - name: DD_ADMISSION_CONTROLLER_AGENT_SIDECAR_PROFILES + value: '[{"env":[{"name":"DD_ORCHESTRATOR_EXPLORER_ENABLED","value":"false"},{"name":"DD_TAGS","value":"key1:value1 key2:value2"}],"resources":{"limits":{"cpu":"2","memory":"1024Mi"},"requests":{"cpu":"1","memory":"512Mi"}}}]' + - name: DD_REMOTE_CONFIGURATION_ENABLED + value: "false" + - name: DD_CLUSTER_CHECKS_ENABLED + value: "true" + - name: DD_EXTRA_CONFIG_PROVIDERS + value: "kube_endpoints kube_services" + - name: DD_EXTRA_LISTENERS + value: "kube_endpoints kube_services" + - name: DD_LOG_LEVEL + value: "INFO" + - name: DD_LEADER_ELECTION + value: "true" + - name: DD_LEADER_ELECTION_DEFAULT_RESOURCE + value: "configmap" + - name: DD_LEADER_LEASE_NAME + value: datadog-leader-election + - name: DD_CLUSTER_AGENT_TOKEN_NAME + value: datadogtoken + - name: DD_COLLECT_KUBERNETES_EVENTS + value: "true" + - name: DD_CLUSTER_AGENT_KUBERNETES_SERVICE_NAME + value: datadog-cluster-agent + - name: DD_CLUSTER_AGENT_AUTH_TOKEN + valueFrom: + secretKeyRef: + name: datadog-cluster-agent + key: token + - name: DD_CLUSTER_AGENT_COLLECT_KUBERNETES_TAGS + value: "false" + - name: DD_KUBE_RESOURCES_NAMESPACE + value: datadog-agent + - name: CHART_RELEASE_NAME + value: "datadog" + - name: AGENT_DAEMONSET + value: datadog + - name: CLUSTER_AGENT_DEPLOYMENT + value: datadog-cluster-agent + - name: DD_ORCHESTRATOR_EXPLORER_ENABLED + value: "true" + - name: DD_ORCHESTRATOR_EXPLORER_CONTAINER_SCRUBBING_ENABLED + value: "true" + - name: DD_INSTRUMENTATION_INSTALL_TIME + valueFrom: + configMapKeyRef: + name: datadog-kpi-telemetry-configmap + key: install_time + - name: DD_INSTRUMENTATION_INSTALL_ID + valueFrom: + configMapKeyRef: + name: datadog-kpi-telemetry-configmap + key: install_id + - name: DD_INSTRUMENTATION_INSTALL_TYPE + valueFrom: + configMapKeyRef: + name: datadog-kpi-telemetry-configmap + key: install_type + + livenessProbe: + failureThreshold: 6 + httpGet: + path: /live + port: 5556 + scheme: HTTP + initialDelaySeconds: 15 + periodSeconds: 15 + successThreshold: 1 + timeoutSeconds: 5 + readinessProbe: + failureThreshold: 6 + httpGet: + path: /ready + port: 5556 + scheme: HTTP + initialDelaySeconds: 15 + periodSeconds: 15 + successThreshold: 1 + timeoutSeconds: 5 + securityContext: + allowPrivilegeEscalation: false + readOnlyRootFilesystem: true + volumeMounts: + - name: datadogrun + mountPath: /opt/datadog-agent/run + readOnly: false + - name: varlog + mountPath: /var/log/datadog + readOnly: false + - name: tmpdir + mountPath: /tmp + readOnly: false + - name: installinfo + subPath: install_info + mountPath: /etc/datadog-agent/install_info + readOnly: true + - name: confd + mountPath: /conf.d + readOnly: true + - name: config + mountPath: /etc/datadog-agent + volumes: + - name: datadogrun + emptyDir: {} + - name: varlog + emptyDir: {} + - name: tmpdir + emptyDir: {} + - name: installinfo + configMap: + name: datadog-installinfo + - name: confd + configMap: + name: datadog-cluster-agent-confd + items: + - key: kubernetes_state_core.yaml.default + path: kubernetes_state_core.yaml.default + - name: config + emptyDir: {} + affinity: + # Prefer scheduling the cluster agents on different nodes + # to guarantee that the standby instance can immediately take the lead from a leader running of a faulty node. + podAntiAffinity: + preferredDuringSchedulingIgnoredDuringExecution: + - weight: 50 + podAffinityTerm: + labelSelector: + matchLabels: + app: datadog-cluster-agent + topologyKey: kubernetes.io/hostname + nodeSelector: + kubernetes.io/os: linux \ No newline at end of file diff --git a/test/datadog/baseline/cluster-agent-deployment_default_minimal_AC_injection.yaml b/test/datadog/baseline/cluster-agent-deployment_default_minimal_AC_injection.yaml new file mode 100644 index 000000000..c6d81039a --- /dev/null +++ b/test/datadog/baseline/cluster-agent-deployment_default_minimal_AC_injection.yaml @@ -0,0 +1,249 @@ +--- +# Source: datadog/templates/cluster-agent-deployment.yaml +apiVersion: apps/v1 +kind: Deployment +metadata: + name: datadog-cluster-agent + namespace: datadog-agent + labels: + helm.sh/chart: 'datadog-3.58.2' + app.kubernetes.io/name: "datadog" + app.kubernetes.io/instance: "datadog" + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/version: "7" + app.kubernetes.io/component: cluster-agent + +spec: + replicas: 1 + revisionHistoryLimit: 10 + strategy: + rollingUpdate: + maxSurge: 1 + maxUnavailable: 0 + type: RollingUpdate + selector: + matchLabels: + app: datadog-cluster-agent + template: + metadata: + labels: + app.kubernetes.io/name: "datadog" + app.kubernetes.io/instance: "datadog" + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/component: cluster-agent + admission.datadoghq.com/enabled: "false" + app: datadog-cluster-agent + + name: datadog-cluster-agent + annotations: + checksum/clusteragent_token: 20307ad626ccec1c8abc4b8c42089120fea2bcbc8d51ad48f052fc9d7f1ac62e + checksum/clusteragent-configmap: c4ebd3c35d77ac0260f47e1ec10c9733cd76488f4232f76f26466174b922b430 + checksum/api_key: 3c042e07978640da60c9adc10c03acb2e68c176d8f5ecc4c1c8d216051f476a5 + checksum/application_key: 01ba4719c80b6fe911b091a7c05124b64eeece964e09c058ef8f9805daca546b + checksum/install_info: 3c5d7a2732f453d72b241f37b74f59319bcbf51e387a8fc35dc47bc4a1a7a390 + spec: + serviceAccountName: datadog-cluster-agent + automountServiceAccountToken: true + initContainers: + - name: init-volume + image: "gcr.io/datadoghq/cluster-agent:7.51.0" + imagePullPolicy: IfNotPresent + command: + - cp + - -r + args: + - /etc/datadog-agent + - /opt + volumeMounts: + - name: config + mountPath: /opt/datadog-agent + containers: + - name: cluster-agent + image: "gcr.io/datadoghq/cluster-agent:7.51.0" + imagePullPolicy: IfNotPresent + resources: + {} + ports: + - containerPort: 5005 + name: agentport + protocol: TCP + - containerPort: 5000 + name: agentmetrics + protocol: TCP + - containerPort: 8000 + name: datadog-webhook + protocol: TCP + env: + - name: DD_POD_NAME + valueFrom: + fieldRef: + fieldPath: metadata.name + - name: DD_HEALTH_PORT + value: "5556" + - name: DD_API_KEY + valueFrom: + secretKeyRef: + name: "datadog" + key: api-key + optional: true + + - name: KUBERNETES + value: "yes" + - name: DD_ADMISSION_CONTROLLER_ENABLED + value: "true" + - name: DD_ADMISSION_CONTROLLER_WEBHOOK_NAME + value: "datadog-webhook" + - name: DD_ADMISSION_CONTROLLER_MUTATE_UNLABELLED + value: "false" + - name: DD_ADMISSION_CONTROLLER_SERVICE_NAME + value: datadog-cluster-agent-admission-controller + - name: DD_ADMISSION_CONTROLLER_INJECT_CONFIG_MODE + value: socket + - name: DD_ADMISSION_CONTROLLER_INJECT_CONFIG_LOCAL_SERVICE_NAME + value: datadog + - name: DD_ADMISSION_CONTROLLER_FAILURE_POLICY + value: "Ignore" + - name: DD_ADMISSION_CONTROLLER_PORT + value: "8000" + + + - name: DD_ADMISSION_CONTROLLER_AGENT_SIDECAR_ENABLED + value: "true" + - name: DD_ADMISSION_CONTROLLER_AGENT_SIDECAR_CLUSTER_AGENT_ENABLED + value: "true" + - name: DD_ADMISSION_CONTROLLER_AGENT_SIDECAR_PROVIDER + value: fargate + - name: DD_ADMISSION_CONTROLLER_AGENT_SIDECAR_IMAGE_NAME + value: agent + - name: DD_ADMISSION_CONTROLLER_AGENT_SIDECAR_IMAGE_TAG + value: 7.51.0 + - name: DD_REMOTE_CONFIGURATION_ENABLED + value: "false" + - name: DD_CLUSTER_CHECKS_ENABLED + value: "true" + - name: DD_EXTRA_CONFIG_PROVIDERS + value: "kube_endpoints kube_services" + - name: DD_EXTRA_LISTENERS + value: "kube_endpoints kube_services" + - name: DD_LOG_LEVEL + value: "INFO" + - name: DD_LEADER_ELECTION + value: "true" + - name: DD_LEADER_ELECTION_DEFAULT_RESOURCE + value: "configmap" + - name: DD_LEADER_LEASE_NAME + value: datadog-leader-election + - name: DD_CLUSTER_AGENT_TOKEN_NAME + value: datadogtoken + - name: DD_COLLECT_KUBERNETES_EVENTS + value: "true" + - name: DD_CLUSTER_AGENT_KUBERNETES_SERVICE_NAME + value: datadog-cluster-agent + - name: DD_CLUSTER_AGENT_AUTH_TOKEN + valueFrom: + secretKeyRef: + name: datadog-cluster-agent + key: token + - name: DD_CLUSTER_AGENT_COLLECT_KUBERNETES_TAGS + value: "false" + - name: DD_KUBE_RESOURCES_NAMESPACE + value: datadog-agent + - name: CHART_RELEASE_NAME + value: "datadog" + - name: AGENT_DAEMONSET + value: datadog + - name: CLUSTER_AGENT_DEPLOYMENT + value: datadog-cluster-agent + - name: DD_ORCHESTRATOR_EXPLORER_ENABLED + value: "true" + - name: DD_ORCHESTRATOR_EXPLORER_CONTAINER_SCRUBBING_ENABLED + value: "true" + - name: DD_INSTRUMENTATION_INSTALL_TIME + valueFrom: + configMapKeyRef: + name: datadog-kpi-telemetry-configmap + key: install_time + - name: DD_INSTRUMENTATION_INSTALL_ID + valueFrom: + configMapKeyRef: + name: datadog-kpi-telemetry-configmap + key: install_id + - name: DD_INSTRUMENTATION_INSTALL_TYPE + valueFrom: + configMapKeyRef: + name: datadog-kpi-telemetry-configmap + key: install_type + + livenessProbe: + failureThreshold: 6 + httpGet: + path: /live + port: 5556 + scheme: HTTP + initialDelaySeconds: 15 + periodSeconds: 15 + successThreshold: 1 + timeoutSeconds: 5 + readinessProbe: + failureThreshold: 6 + httpGet: + path: /ready + port: 5556 + scheme: HTTP + initialDelaySeconds: 15 + periodSeconds: 15 + successThreshold: 1 + timeoutSeconds: 5 + securityContext: + allowPrivilegeEscalation: false + readOnlyRootFilesystem: true + volumeMounts: + - name: datadogrun + mountPath: /opt/datadog-agent/run + readOnly: false + - name: varlog + mountPath: /var/log/datadog + readOnly: false + - name: tmpdir + mountPath: /tmp + readOnly: false + - name: installinfo + subPath: install_info + mountPath: /etc/datadog-agent/install_info + readOnly: true + - name: confd + mountPath: /conf.d + readOnly: true + - name: config + mountPath: /etc/datadog-agent + volumes: + - name: datadogrun + emptyDir: {} + - name: varlog + emptyDir: {} + - name: tmpdir + emptyDir: {} + - name: installinfo + configMap: + name: datadog-installinfo + - name: confd + configMap: + name: datadog-cluster-agent-confd + items: + - key: kubernetes_state_core.yaml.default + path: kubernetes_state_core.yaml.default + - name: config + emptyDir: {} + affinity: + # Prefer scheduling the cluster agents on different nodes + # to guarantee that the standby instance can immediately take the lead from a leader running of a faulty node. + podAntiAffinity: + preferredDuringSchedulingIgnoredDuringExecution: + - weight: 50 + podAffinityTerm: + labelSelector: + matchLabels: + app: datadog-cluster-agent + topologyKey: kubernetes.io/hostname + nodeSelector: + kubernetes.io/os: linux \ No newline at end of file diff --git a/test/datadog/baseline/daemonset_default.yaml b/test/datadog/baseline/daemonset_default.yaml new file mode 100644 index 000000000..7a7c56497 --- /dev/null +++ b/test/datadog/baseline/daemonset_default.yaml @@ -0,0 +1,475 @@ +--- +# Source: datadog/templates/daemonset.yaml +apiVersion: apps/v1 +kind: DaemonSet +metadata: + name: datadog + namespace: datadog-agent + labels: + helm.sh/chart: 'datadog-3.58.2' + app.kubernetes.io/name: "datadog" + app.kubernetes.io/instance: "datadog" + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/version: "7" + app.kubernetes.io/component: agent + +spec: + revisionHistoryLimit: 10 + selector: + matchLabels: + app: datadog + template: + metadata: + labels: + app.kubernetes.io/name: "datadog" + app.kubernetes.io/instance: "datadog" + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/component: agent + admission.datadoghq.com/enabled: "false" + app: datadog + + name: datadog + annotations: + checksum/clusteragent_token: de10bbc694d3c44c7863afc67c2921c921466f00bae249eddfd43d06f0e40e83 + checksum/install_info: 3c5d7a2732f453d72b241f37b74f59319bcbf51e387a8fc35dc47bc4a1a7a390 + checksum/autoconf-config: 74234e98afe7498fb5daf1f36ac2d78acc339464f950703b8c019892f982b90b + checksum/confd-config: 44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a + checksum/checksd-config: 44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a + spec: + + securityContext: + runAsUser: 0 + hostPID: true + containers: + - name: agent + image: "gcr.io/datadoghq/agent:7.51.0" + imagePullPolicy: IfNotPresent + command: ["agent", "run"] + + resources: + {} + ports: + - containerPort: 8125 + name: dogstatsdport + protocol: UDP + env: + - name: DD_API_KEY + valueFrom: + secretKeyRef: + name: "datadog-secret" + key: api-key + - name: DD_REMOTE_CONFIGURATION_ENABLED + value: "true" + - name: DD_AUTH_TOKEN_FILE_PATH + value: /etc/datadog-agent/auth/token + + - name: KUBERNETES + value: "yes" + - name: DD_KUBERNETES_KUBELET_HOST + valueFrom: + fieldRef: + fieldPath: status.hostIP + - name: DD_OTLP_CONFIG_LOGS_ENABLED + value: "false" + + + - name: DD_LOG_LEVEL + value: "INFO" + - name: DD_DOGSTATSD_PORT + value: "8125" + - name: DD_DOGSTATSD_NON_LOCAL_TRAFFIC + value: "true" + - name: DD_DOGSTATSD_TAG_CARDINALITY + value: "low" + - name: DD_CLUSTER_AGENT_ENABLED + value: "true" + - name: DD_CLUSTER_AGENT_KUBERNETES_SERVICE_NAME + value: datadog-cluster-agent + - name: DD_CLUSTER_AGENT_AUTH_TOKEN + valueFrom: + secretKeyRef: + name: datadog-cluster-agent + key: token + - name: DD_APM_ENABLED + value: "true" + - name: DD_LOGS_ENABLED + value: "false" + - name: DD_LOGS_CONFIG_CONTAINER_COLLECT_ALL + value: "false" + - name: DD_LOGS_CONFIG_K8S_CONTAINER_USE_FILE + value: "true" + - name: DD_LOGS_CONFIG_AUTO_MULTI_LINE_DETECTION + value: "false" + - name: DD_HEALTH_PORT + value: "5555" + - name: DD_DOGSTATSD_SOCKET + value: "/var/run/datadog/dsd.socket" + - name: DD_EXTRA_CONFIG_PROVIDERS + value: "clusterchecks endpointschecks" + - name: DD_IGNORE_AUTOCONF + value: "kubernetes_state" + - name: DD_CONTAINER_LIFECYCLE_ENABLED + value: "true" + - name: DD_ORCHESTRATOR_EXPLORER_ENABLED + value: "true" + - name: DD_EXPVAR_PORT + value: "6000" + - name: DD_COMPLIANCE_CONFIG_ENABLED + value: "false" + - name: DD_CONTAINER_IMAGE_ENABLED + value: "true" + volumeMounts: + - name: logdatadog + mountPath: /var/log/datadog + readOnly: false # Need RW to write logs + - name: installinfo + subPath: install_info + mountPath: /etc/datadog-agent/install_info + readOnly: true + - name: tmpdir + mountPath: /tmp + readOnly: false # Need RW to write to /tmp directory + + - name: os-release-file + mountPath: /host/etc/os-release + readOnly: true + - name: config + mountPath: /etc/datadog-agent + readOnly: false # Need RW to mount to config path + - name: auth-token + mountPath: /etc/datadog-agent/auth + readOnly: false # Need RW to write auth token + + - name: runtimesocketdir + mountPath: /host/var/run + mountPropagation: None + readOnly: true + + - name: dsdsocket + mountPath: /var/run/datadog + readOnly: false + - name: procdir + mountPath: /host/proc + mountPropagation: None + readOnly: true + - name: cgroups + mountPath: /host/sys/fs/cgroup + mountPropagation: None + readOnly: true + livenessProbe: + failureThreshold: 6 + httpGet: + path: /live + port: 5555 + scheme: HTTP + initialDelaySeconds: 15 + periodSeconds: 15 + successThreshold: 1 + timeoutSeconds: 5 + readinessProbe: + failureThreshold: 6 + httpGet: + path: /ready + port: 5555 + scheme: HTTP + initialDelaySeconds: 15 + periodSeconds: 15 + successThreshold: 1 + timeoutSeconds: 5 + - name: trace-agent + image: "gcr.io/datadoghq/agent:7.51.0" + imagePullPolicy: IfNotPresent + command: ["trace-agent", "-config=/etc/datadog-agent/datadog.yaml"] + resources: + {} + ports: + - containerPort: 8126 + name: traceport + protocol: TCP + env: + - name: DD_API_KEY + valueFrom: + secretKeyRef: + name: "datadog-secret" + key: api-key + - name: DD_REMOTE_CONFIGURATION_ENABLED + value: "true" + - name: DD_AUTH_TOKEN_FILE_PATH + value: /etc/datadog-agent/auth/token + + - name: KUBERNETES + value: "yes" + - name: DD_KUBERNETES_KUBELET_HOST + valueFrom: + fieldRef: + fieldPath: status.hostIP + - name: DD_OTLP_CONFIG_LOGS_ENABLED + value: "false" + + - name: DD_CLUSTER_AGENT_ENABLED + value: "true" + - name: DD_CLUSTER_AGENT_KUBERNETES_SERVICE_NAME + value: datadog-cluster-agent + - name: DD_CLUSTER_AGENT_AUTH_TOKEN + valueFrom: + secretKeyRef: + name: datadog-cluster-agent + key: token + + - name: DD_LOG_LEVEL + value: "INFO" + - name: DD_APM_ENABLED + value: "true" + - name: DD_APM_NON_LOCAL_TRAFFIC + value: "true" + - name: DD_APM_RECEIVER_PORT + value: "8126" + - name: DD_APM_RECEIVER_SOCKET + value: "/var/run/datadog/apm.socket" + - name: DD_DOGSTATSD_SOCKET + value: "/var/run/datadog/dsd.socket" + - name: DD_INSTRUMENTATION_INSTALL_TIME + valueFrom: + configMapKeyRef: + name: datadog-kpi-telemetry-configmap + key: install_time + - name: DD_INSTRUMENTATION_INSTALL_ID + valueFrom: + configMapKeyRef: + name: datadog-kpi-telemetry-configmap + key: install_id + - name: DD_INSTRUMENTATION_INSTALL_TYPE + valueFrom: + configMapKeyRef: + name: datadog-kpi-telemetry-configmap + key: install_type + volumeMounts: + - name: config + mountPath: /etc/datadog-agent + readOnly: true + - name: logdatadog + mountPath: /var/log/datadog + readOnly: false # Need RW to write logs + - name: auth-token + mountPath: /etc/datadog-agent/auth + readOnly: true + - name: procdir + mountPath: /host/proc + mountPropagation: None + readOnly: true + - name: cgroups + mountPath: /host/sys/fs/cgroup + mountPropagation: None + readOnly: true + - name: tmpdir + mountPath: /tmp + readOnly: false # Need RW for tmp directory + - name: dsdsocket + mountPath: /var/run/datadog + readOnly: false # Need RW for UDS DSD socket + + - name: runtimesocketdir + mountPath: /host/var/run + mountPropagation: None + readOnly: true + + livenessProbe: + initialDelaySeconds: 15 + periodSeconds: 15 + tcpSocket: + port: 8126 + timeoutSeconds: 5 + - name: process-agent + image: "gcr.io/datadoghq/agent:7.51.0" + imagePullPolicy: IfNotPresent + command: ["process-agent", "--cfgpath=/etc/datadog-agent/datadog.yaml"] + resources: + {} + env: + - name: DD_API_KEY + valueFrom: + secretKeyRef: + name: "datadog-secret" + key: api-key + - name: DD_REMOTE_CONFIGURATION_ENABLED + value: "true" + - name: DD_AUTH_TOKEN_FILE_PATH + value: /etc/datadog-agent/auth/token + + - name: KUBERNETES + value: "yes" + - name: DD_KUBERNETES_KUBELET_HOST + valueFrom: + fieldRef: + fieldPath: status.hostIP + - name: DD_OTLP_CONFIG_LOGS_ENABLED + value: "false" + + - name: DD_CLUSTER_AGENT_ENABLED + value: "true" + - name: DD_CLUSTER_AGENT_KUBERNETES_SERVICE_NAME + value: datadog-cluster-agent + - name: DD_CLUSTER_AGENT_AUTH_TOKEN + valueFrom: + secretKeyRef: + name: datadog-cluster-agent + key: token + + - name: DD_PROCESS_AGENT_DISCOVERY_ENABLED + value: "true" + - name: DD_LOG_LEVEL + value: "INFO" + - name: DD_SYSTEM_PROBE_ENABLED + value: "false" + - name: DD_DOGSTATSD_SOCKET + value: "/var/run/datadog/dsd.socket" + - name: DD_ORCHESTRATOR_EXPLORER_ENABLED + value: "true" + volumeMounts: + - name: config + mountPath: /etc/datadog-agent + readOnly: true + - name: logdatadog + mountPath: /var/log/datadog + readOnly: false # Need RW to write logs + - name: auth-token + mountPath: /etc/datadog-agent/auth + readOnly: true + - name: dsdsocket + mountPath: /var/run/datadog + readOnly: false # Need RW for UDS DSD socket + - name: tmpdir + mountPath: /tmp + readOnly: false # Need RW to write to tmp directory + + - name: os-release-file + mountPath: /host/etc/os-release + readOnly: true + + - name: runtimesocketdir + mountPath: /host/var/run + mountPropagation: None + readOnly: true + + - name: cgroups + mountPath: /host/sys/fs/cgroup + mountPropagation: None + readOnly: true + - name: passwd + mountPath: /etc/passwd + readOnly: true + - name: procdir + mountPath: /host/proc + mountPropagation: None + readOnly: true + initContainers: + + - name: init-volume + + image: "gcr.io/datadoghq/agent:7.51.0" + imagePullPolicy: IfNotPresent + command: ["bash", "-c"] + args: + - cp -r /etc/datadog-agent /opt + volumeMounts: + - name: config + mountPath: /opt/datadog-agent + readOnly: false # Need RW for config path + resources: + {} + - name: init-config + + image: "gcr.io/datadoghq/agent:7.51.0" + imagePullPolicy: IfNotPresent + command: + - bash + - -c + args: + - for script in $(find /etc/cont-init.d/ -type f -name '*.sh' | sort) ; do bash $script ; done + volumeMounts: + - name: logdatadog + mountPath: /var/log/datadog + readOnly: false # Need RW to write logs + - name: config + mountPath: /etc/datadog-agent + readOnly: false # Need RW for config path + - name: procdir + mountPath: /host/proc + mountPropagation: None + readOnly: true + + - name: runtimesocketdir + mountPath: /host/var/run + mountPropagation: None + readOnly: true + env: + - name: DD_API_KEY + valueFrom: + secretKeyRef: + name: "datadog-secret" + key: api-key + - name: DD_REMOTE_CONFIGURATION_ENABLED + value: "true" + - name: DD_AUTH_TOKEN_FILE_PATH + value: /etc/datadog-agent/auth/token + + - name: KUBERNETES + value: "yes" + - name: DD_KUBERNETES_KUBELET_HOST + valueFrom: + fieldRef: + fieldPath: status.hostIP + - name: DD_OTLP_CONFIG_LOGS_ENABLED + value: "false" + + resources: + {} + volumes: + - name: auth-token + emptyDir: {} + - name: installinfo + configMap: + name: datadog-installinfo + - name: config + emptyDir: {} + + - name: logdatadog + emptyDir: {} + - name: tmpdir + emptyDir: {} + - hostPath: + path: /proc + name: procdir + - hostPath: + path: /sys/fs/cgroup + name: cgroups + - hostPath: + path: /etc/os-release + name: os-release-file + - hostPath: + path: /var/run/datadog/ + type: DirectoryOrCreate + name: dsdsocket + - hostPath: + path: /var/run/datadog/ + type: DirectoryOrCreate + name: apmsocket + - name: s6-run + emptyDir: {} + - hostPath: + path: /etc/passwd + name: passwd + - hostPath: + path: /var/run + name: runtimesocketdir + tolerations: + affinity: + {} + serviceAccountName: "datadog" + automountServiceAccountToken: true + nodeSelector: + kubernetes.io/os: linux + updateStrategy: + rollingUpdate: + maxUnavailable: 10% + type: RollingUpdate \ No newline at end of file diff --git a/test/datadog/baseline/other_default.yaml b/test/datadog/baseline/other_default.yaml new file mode 100644 index 000000000..b78f8c31b --- /dev/null +++ b/test/datadog/baseline/other_default.yaml @@ -0,0 +1,1674 @@ +--- +# Source: datadog/templates/agent-clusterchecks-pdb.yaml +apiVersion: "policy/v1" +kind: PodDisruptionBudget +metadata: + name: datadog-clusterchecks + namespace: datadog-agent + labels: + helm.sh/chart: 'datadog-3.58.2' + app.kubernetes.io/name: "datadog" + app.kubernetes.io/instance: "datadog" + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/version: "7" +spec: + maxUnavailable: 1 + selector: + matchLabels: + app: datadog-clusterchecks +--- +# Source: datadog/templates/cluster-agent-pdb.yaml +apiVersion: "policy/v1" +kind: PodDisruptionBudget +metadata: + name: datadog-cluster-agent + namespace: datadog-agent + labels: + helm.sh/chart: 'datadog-3.58.2' + app.kubernetes.io/name: "datadog" + app.kubernetes.io/instance: "datadog" + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/version: "7" +spec: + minAvailable: 1 + selector: + matchLabels: + app: datadog-cluster-agent +--- +# Source: datadog/templates/agent-clusterchecks-rbac.yaml +apiVersion: v1 +kind: ServiceAccount +automountServiceAccountToken: true +metadata: + labels: + helm.sh/chart: 'datadog-3.58.2' + app.kubernetes.io/name: "datadog" + app.kubernetes.io/instance: "datadog" + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/version: "7" + app: "datadog" + chart: "datadog-3.58.2" + heritage: "Helm" + release: "datadog" + name: datadog-cluster-checks + namespace: datadog-agent +--- +# Source: datadog/templates/cluster-agent-rbac.yaml +apiVersion: v1 +kind: ServiceAccount +automountServiceAccountToken: true +metadata: + labels: + app: "datadog" + chart: "datadog-3.58.2" + heritage: "Helm" + release: "datadog" + helm.sh/chart: 'datadog-3.58.2' + app.kubernetes.io/name: "datadog" + app.kubernetes.io/instance: "datadog" + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/version: "7" + name: datadog-cluster-agent + namespace: datadog-agent +--- +# Source: datadog/templates/rbac.yaml +apiVersion: v1 +kind: ServiceAccount +automountServiceAccountToken: true +metadata: + name: datadog + namespace: datadog-agent + labels: + helm.sh/chart: 'datadog-3.58.2' + app.kubernetes.io/name: "datadog" + app.kubernetes.io/instance: "datadog" + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/version: "7" # end range $role := .Values.datadog.secretBackend.roles +--- +# Source: datadog/templates/secret-cluster-agent-token.yaml +apiVersion: v1 +kind: Secret +metadata: + name: datadog-cluster-agent + namespace: datadog-agent + labels: + helm.sh/chart: 'datadog-3.58.2' + app.kubernetes.io/name: "datadog" + app.kubernetes.io/instance: "datadog" + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/version: "7" +type: Opaque +data: + token: "TkNSTkV5UlJqdjhHV0NWcmduMmRBaWdqTUw2WmdsV2g=" +--- +# Source: datadog/templates/cluster-agent-confd-configmap.yaml +apiVersion: v1 +kind: ConfigMap +metadata: + name: datadog-cluster-agent-confd + namespace: datadog-agent + labels: + helm.sh/chart: 'datadog-3.58.2' + app.kubernetes.io/name: "datadog" + app.kubernetes.io/instance: "datadog" + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/version: "7" + annotations: + checksum/confd-config: 44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a +data: + kubernetes_state_core.yaml.default: |- + cluster_check: true + init_config: + instances: + - collectors: + - secrets + - configmaps + - nodes + - pods + - services + - resourcequotas + - replicationcontrollers + - limitranges + - persistentvolumeclaims + - persistentvolumes + - namespaces + - endpoints + - daemonsets + - deployments + - replicasets + - statefulsets + - cronjobs + - jobs + - horizontalpodautoscalers + - poddisruptionbudgets + - storageclasses + - volumeattachments + - ingresses + skip_leader_election: true + labels_as_tags: + {} + annotations_as_tags: + {} +--- +# Source: datadog/templates/install_info-configmap.yaml +apiVersion: v1 +kind: ConfigMap +metadata: + name: datadog-installinfo + namespace: datadog-agent + labels: + helm.sh/chart: 'datadog-3.58.2' + app.kubernetes.io/name: "datadog" + app.kubernetes.io/instance: "datadog" + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/version: "7" + annotations: + checksum/install_info: 3c5d7a2732f453d72b241f37b74f59319bcbf51e387a8fc35dc47bc4a1a7a390 +data: + install_info: | + --- + install_method: + tool: helm + tool_version: Helm + installer_version: datadog-3.58.2 +--- +# Source: datadog/templates/kpi-telemetry-configmap.yaml +apiVersion: v1 +kind: ConfigMap +metadata: + name: datadog-kpi-telemetry-configmap + namespace: datadog-agent + labels: + helm.sh/chart: 'datadog-3.58.2' + app.kubernetes.io/name: "datadog" + app.kubernetes.io/instance: "datadog" + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/version: "7" +data: + install_id: "fd55046d-8dfc-47a6-9fb7-20088a93ea58" + install_type: k8s_manual + install_time: "1710950775" +--- +# Source: datadog/templates/cluster-agent-rbac.yaml +apiVersion: "rbac.authorization.k8s.io/v1" +kind: ClusterRole +metadata: + labels: + helm.sh/chart: 'datadog-3.58.2' + app.kubernetes.io/name: "datadog" + app.kubernetes.io/instance: "datadog" + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/version: "7" + name: datadog-cluster-agent +rules: +- apiGroups: + - "" + resources: + - services + - endpoints + - pods + - nodes + - namespaces + - componentstatuses + verbs: + - get + - list + - watch +- apiGroups: + - "" + resources: + - events + verbs: + - get + - list + - watch + - create +- apiGroups: ["quota.openshift.io"] + resources: + - clusterresourcequotas + verbs: + - get + - list +- apiGroups: + - "autoscaling" + resources: + - horizontalpodautoscalers + verbs: + - list + - watch +- apiGroups: + - "" + resources: + - configmaps + resourceNames: + - datadogtoken # Kubernetes event collection state + - datadogtoken # Kept for backward compatibility with agent <7.37.0 + verbs: + - get + - update +- apiGroups: + - "" + resources: + - configmaps + resourceNames: + - datadog-leader-election # Leader election token + - datadog-leader-election # Kept for backward compatibility with agent <7.37.0 + verbs: + - get + - update +- apiGroups: + - "coordination.k8s.io" + resources: + - leases + resourceNames: + - datadog-leader-election # Leader election token + verbs: + - get + - update +- apiGroups: + - "coordination.k8s.io" + resources: + - leases + verbs: + - create +- apiGroups: # To create the leader election token and hpa events + - "" + resources: + - configmaps + - events + verbs: + - create +- nonResourceURLs: + - "/version" + - "/healthz" + verbs: + - get +- apiGroups: # to get the kube-system namespace UID and generate a cluster ID + - "" + resources: + - namespaces + resourceNames: + - "kube-system" + verbs: + - get +- apiGroups: # To create the cluster-id configmap + - "" + resources: + - configmaps + resourceNames: + - "datadog-cluster-id" + verbs: + - create + - get + - update +- apiGroups: + - "" + resources: + - persistentvolumes + - persistentvolumeclaims + - serviceaccounts + verbs: + - list + - get + - watch +- apiGroups: + - "apps" + resources: + - deployments + - replicasets + - daemonsets + - statefulsets + verbs: + - list + - get + - watch +- apiGroups: + - "batch" + resources: + - cronjobs + - jobs + verbs: + - list + - get + - watch +- apiGroups: + - networking.k8s.io + resources: + - ingresses + - networkpolicies + verbs: + - list + - get + - watch +- apiGroups: + - "rbac.authorization.k8s.io" + resources: + - roles + - rolebindings + - clusterroles + - clusterrolebindings + verbs: + - list + - get + - watch +- apiGroups: + - autoscaling.k8s.io + resources: + - verticalpodautoscalers + verbs: + - list + - get + - watch +- apiGroups: + - apiextensions.k8s.io + resources: + - customresourcedefinitions + verbs: + - list + - get + - watch +- apiGroups: + - admissionregistration.k8s.io + resources: + - mutatingwebhookconfigurations + resourceNames: + - "datadog-webhook" + verbs: ["get", "list", "watch", "update"] +- apiGroups: + - admissionregistration.k8s.io + resources: + - mutatingwebhookconfigurations + verbs: ["create"] +- apiGroups: ["batch"] + resources: ["jobs", "cronjobs"] + verbs: ["get"] +- apiGroups: ["apps"] + resources: ["statefulsets", "replicasets", "deployments", "daemonsets"] + verbs: ["get"] +- apiGroups: + - "security.openshift.io" + resources: + - securitycontextconstraints + verbs: + - use + resourceNames: + - datadog-cluster-agent + - hostnetwork +--- +# Source: datadog/templates/kube-state-metrics-core-rbac.yaml +apiVersion: "rbac.authorization.k8s.io/v1" +kind: ClusterRole +metadata: + labels: + helm.sh/chart: 'datadog-3.58.2' + app.kubernetes.io/name: "datadog" + app.kubernetes.io/instance: "datadog" + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/version: "7" + name: datadog-ksm-core +rules: +- apiGroups: + - "" + resources: + - secrets + - configmaps + - nodes + - pods + - services + - resourcequotas + - replicationcontrollers + - limitranges + - persistentvolumeclaims + - persistentvolumes + - namespaces + - endpoints + - events + verbs: + - list + - watch +- apiGroups: + - extensions + resources: + - daemonsets + - deployments + - replicasets + verbs: + - list + - watch +- apiGroups: + - apps + resources: + - statefulsets + - daemonsets + - deployments + - replicasets + verbs: + - list + - watch +- apiGroups: + - batch + resources: + - cronjobs + - jobs + verbs: + - list + - watch +- apiGroups: + - autoscaling + resources: + - horizontalpodautoscalers + verbs: + - list + - watch +- apiGroups: + - policy + resources: + - poddisruptionbudgets + verbs: + - list + - watch +- apiGroups: + - storage.k8s.io + resources: + - storageclasses + - volumeattachments + verbs: + - list + - watch +- apiGroups: + - networking.k8s.io + resources: + - ingresses + verbs: + - list + - watch +- apiGroups: + - apiextensions.k8s.io + resources: + - customresourcedefinitions + verbs: + - list + - watch +--- +# Source: datadog/templates/rbac.yaml +apiVersion: "rbac.authorization.k8s.io/v1" +kind: ClusterRole +metadata: + name: datadog + labels: + helm.sh/chart: 'datadog-3.58.2' + app.kubernetes.io/name: "datadog" + app.kubernetes.io/instance: "datadog" + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/version: "7" +rules: +- nonResourceURLs: + - "/metrics" + - "/metrics/slis" + verbs: + - get +- apiGroups: # Kubelet connectivity + - "" + resources: + - nodes/metrics + - nodes/spec + - nodes/proxy + - nodes/stats + verbs: + - get +- apiGroups: # leader election check + - "" + resources: + - endpoints + verbs: + - get +- apiGroups: + - "security.openshift.io" + resources: + - securitycontextconstraints + verbs: + - use + resourceNames: + - datadog + - hostaccess + - privileged +- apiGroups: # leader election check + - "coordination.k8s.io" + resources: + - leases + verbs: + - get +--- +# Source: datadog/templates/agent-clusterchecks-rbac.yaml +apiVersion: "rbac.authorization.k8s.io/v1" +kind: ClusterRoleBinding +metadata: + labels: + helm.sh/chart: 'datadog-3.58.2' + app.kubernetes.io/name: "datadog" + app.kubernetes.io/instance: "datadog" + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/version: "7" + name: datadog-cluster-checks +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: datadog +subjects: + - kind: ServiceAccount + name: datadog-cluster-checks + namespace: datadog-agent +--- +# Source: datadog/templates/cluster-agent-rbac.yaml +apiVersion: "rbac.authorization.k8s.io/v1" +kind: ClusterRoleBinding +metadata: + labels: + helm.sh/chart: 'datadog-3.58.2' + app.kubernetes.io/name: "datadog" + app.kubernetes.io/instance: "datadog" + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/version: "7" + name: datadog-cluster-agent +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: datadog-cluster-agent +subjects: + - kind: ServiceAccount + name: datadog-cluster-agent + namespace: datadog-agent +--- +# Source: datadog/templates/kube-state-metrics-core-rbac.yaml +apiVersion: "rbac.authorization.k8s.io/v1" +kind: ClusterRoleBinding +metadata: + labels: + helm.sh/chart: 'datadog-3.58.2' + app.kubernetes.io/name: "datadog" + app.kubernetes.io/instance: "datadog" + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/version: "7" + name: datadog-ksm-core +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: datadog-ksm-core +subjects: + - kind: ServiceAccount + name: datadog-cluster-checks + namespace: datadog-agent +--- +# Source: datadog/templates/rbac.yaml +apiVersion: "rbac.authorization.k8s.io/v1" +kind: ClusterRoleBinding +metadata: + name: datadog + labels: + helm.sh/chart: 'datadog-3.58.2' + app.kubernetes.io/name: "datadog" + app.kubernetes.io/instance: "datadog" + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/version: "7" +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: datadog +subjects: + - kind: ServiceAccount + name: datadog + namespace: datadog-agent +--- +# Source: datadog/templates/cluster-agent-rbac.yaml +apiVersion: "rbac.authorization.k8s.io/v1" +kind: Role +metadata: + labels: + helm.sh/chart: 'datadog-3.58.2' + app.kubernetes.io/name: "datadog" + app.kubernetes.io/instance: "datadog" + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/version: "7" + name: datadog-cluster-agent-main + namespace: datadog-agent +rules: +- apiGroups: [""] + resources: ["secrets"] + verbs: ["get", "list", "watch", "update", "create"] +--- +# Source: datadog/templates/dca-helm-values-rbac.yaml +apiVersion: "rbac.authorization.k8s.io/v1" +kind: Role +metadata: + labels: + helm.sh/chart: 'datadog-3.58.2' + app.kubernetes.io/name: "datadog" + app.kubernetes.io/instance: "datadog" + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/version: "7" + name: datadog-dca-flare + namespace: datadog-agent +rules: +- apiGroups: + - "" + resources: + - secrets + - configmaps + verbs: + - get + - list +--- +# Source: datadog/templates/cluster-agent-rbac.yaml +apiVersion: "rbac.authorization.k8s.io/v1" +kind: RoleBinding +metadata: + labels: + helm.sh/chart: 'datadog-3.58.2' + app.kubernetes.io/name: "datadog" + app.kubernetes.io/instance: "datadog" + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/version: "7" + name: "datadog-cluster-agent-main" + namespace: datadog-agent +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: datadog-cluster-agent-main +subjects: + - kind: ServiceAccount + name: datadog-cluster-agent + namespace: datadog-agent +--- +# Source: datadog/templates/dca-helm-values-rbac.yaml +apiVersion: "rbac.authorization.k8s.io/v1" +kind: RoleBinding +metadata: + labels: + helm.sh/chart: 'datadog-3.58.2' + app.kubernetes.io/name: "datadog" + app.kubernetes.io/instance: "datadog" + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/version: "7" + name: datadog-dca-flare + namespace: datadog-agent +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: datadog-dca-flare +subjects: + - kind: ServiceAccount + name: datadog-cluster-agent + namespace: datadog-agent +--- +# Source: datadog/templates/agent-services.yaml +apiVersion: v1 +kind: Service +metadata: + name: datadog-cluster-agent + namespace: datadog-agent + labels: + helm.sh/chart: 'datadog-3.58.2' + app.kubernetes.io/name: "datadog" + app.kubernetes.io/instance: "datadog" + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/version: "7" +spec: + type: ClusterIP + selector: + app: datadog-cluster-agent + ports: + - port: 5005 + name: agentport + protocol: TCP +--- +# Source: datadog/templates/agent-services.yaml +apiVersion: v1 +kind: Service +metadata: + name: datadog-cluster-agent-admission-controller + namespace: datadog-agent + labels: + app: "datadog" + chart: "datadog-3.58.2" + release: "datadog" + heritage: "Helm" + helm.sh/chart: 'datadog-3.58.2' + app.kubernetes.io/name: "datadog" + app.kubernetes.io/instance: "datadog" + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/version: "7" +spec: + selector: + app: datadog-cluster-agent + ports: + - port: 443 + targetPort: 8000 + name: datadog-webhook + protocol: TCP +--- +# Source: datadog/templates/agent-services.yaml +apiVersion: v1 +kind: Service + +metadata: + name: datadog + namespace: datadog-agent + labels: + app: "datadog" + chart: "datadog-3.58.2" + release: "datadog" + heritage: "Helm" + helm.sh/chart: 'datadog-3.58.2' + app.kubernetes.io/name: "datadog" + app.kubernetes.io/instance: "datadog" + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/version: "7" +spec: + selector: + app: datadog + ports: + - protocol: UDP + port: 8125 + targetPort: 8125 + name: dogstatsdport + - protocol: TCP + port: 8126 + targetPort: 8126 + name: traceport + internalTrafficPolicy: Local +--- +# Source: datadog/templates/daemonset.yaml +apiVersion: apps/v1 +kind: DaemonSet +metadata: + name: datadog + namespace: datadog-agent + labels: + helm.sh/chart: 'datadog-3.58.2' + app.kubernetes.io/name: "datadog" + app.kubernetes.io/instance: "datadog" + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/version: "7" + app.kubernetes.io/component: agent + +spec: + revisionHistoryLimit: 10 + selector: + matchLabels: + app: datadog + template: + metadata: + labels: + app.kubernetes.io/name: "datadog" + app.kubernetes.io/instance: "datadog" + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/component: agent + admission.datadoghq.com/enabled: "false" + app: datadog + + name: datadog + annotations: + checksum/clusteragent_token: d1284848a462e5feb13cfbc55a8d3eb48c477b6916832a592867cb5a4a9e4969 + checksum/install_info: 3c5d7a2732f453d72b241f37b74f59319bcbf51e387a8fc35dc47bc4a1a7a390 + checksum/autoconf-config: 74234e98afe7498fb5daf1f36ac2d78acc339464f950703b8c019892f982b90b + checksum/confd-config: 44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a + checksum/checksd-config: 44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a + spec: + + securityContext: + runAsUser: 0 + hostPID: true + containers: + - name: agent + image: "gcr.io/datadoghq/agent:7.51.0" + imagePullPolicy: IfNotPresent + command: ["agent", "run"] + + resources: + {} + ports: + - containerPort: 8125 + name: dogstatsdport + protocol: UDP + env: + - name: DD_API_KEY + valueFrom: + secretKeyRef: + name: "datadog-secret" + key: api-key + - name: DD_REMOTE_CONFIGURATION_ENABLED + value: "true" + - name: DD_AUTH_TOKEN_FILE_PATH + value: /etc/datadog-agent/auth/token + + - name: KUBERNETES + value: "yes" + - name: DD_KUBERNETES_KUBELET_HOST + valueFrom: + fieldRef: + fieldPath: status.hostIP + - name: DD_OTLP_CONFIG_LOGS_ENABLED + value: "false" + + + - name: DD_LOG_LEVEL + value: "INFO" + - name: DD_DOGSTATSD_PORT + value: "8125" + - name: DD_DOGSTATSD_NON_LOCAL_TRAFFIC + value: "true" + - name: DD_DOGSTATSD_TAG_CARDINALITY + value: "low" + - name: DD_CLUSTER_AGENT_ENABLED + value: "true" + - name: DD_CLUSTER_AGENT_KUBERNETES_SERVICE_NAME + value: datadog-cluster-agent + - name: DD_CLUSTER_AGENT_AUTH_TOKEN + valueFrom: + secretKeyRef: + name: datadog-cluster-agent + key: token + - name: DD_APM_ENABLED + value: "true" + - name: DD_LOGS_ENABLED + value: "false" + - name: DD_LOGS_CONFIG_CONTAINER_COLLECT_ALL + value: "false" + - name: DD_LOGS_CONFIG_K8S_CONTAINER_USE_FILE + value: "true" + - name: DD_LOGS_CONFIG_AUTO_MULTI_LINE_DETECTION + value: "false" + - name: DD_HEALTH_PORT + value: "5555" + - name: DD_DOGSTATSD_SOCKET + value: "/var/run/datadog/dsd.socket" + - name: DD_EXTRA_CONFIG_PROVIDERS + value: "endpointschecks" + + - name: DD_IGNORE_AUTOCONF + value: "kubernetes_state" + - name: DD_CONTAINER_LIFECYCLE_ENABLED + value: "true" + - name: DD_ORCHESTRATOR_EXPLORER_ENABLED + value: "true" + - name: DD_EXPVAR_PORT + value: "6000" + - name: DD_COMPLIANCE_CONFIG_ENABLED + value: "false" + - name: DD_CONTAINER_IMAGE_ENABLED + value: "true" + volumeMounts: + - name: logdatadog + mountPath: /var/log/datadog + readOnly: false # Need RW to write logs + - name: installinfo + subPath: install_info + mountPath: /etc/datadog-agent/install_info + readOnly: true + - name: tmpdir + mountPath: /tmp + readOnly: false # Need RW to write to /tmp directory + + - name: os-release-file + mountPath: /host/etc/os-release + readOnly: true + - name: config + mountPath: /etc/datadog-agent + readOnly: false # Need RW to mount to config path + - name: auth-token + mountPath: /etc/datadog-agent/auth + readOnly: false # Need RW to write auth token + + - name: runtimesocketdir + mountPath: /host/var/run + mountPropagation: None + readOnly: true + + - name: dsdsocket + mountPath: /var/run/datadog + readOnly: false + - name: procdir + mountPath: /host/proc + mountPropagation: None + readOnly: true + - name: cgroups + mountPath: /host/sys/fs/cgroup + mountPropagation: None + readOnly: true + livenessProbe: + failureThreshold: 6 + httpGet: + path: /live + port: 5555 + scheme: HTTP + initialDelaySeconds: 15 + periodSeconds: 15 + successThreshold: 1 + timeoutSeconds: 5 + readinessProbe: + failureThreshold: 6 + httpGet: + path: /ready + port: 5555 + scheme: HTTP + initialDelaySeconds: 15 + periodSeconds: 15 + successThreshold: 1 + timeoutSeconds: 5 + - name: trace-agent + image: "gcr.io/datadoghq/agent:7.51.0" + imagePullPolicy: IfNotPresent + command: ["trace-agent", "-config=/etc/datadog-agent/datadog.yaml"] + resources: + {} + ports: + - containerPort: 8126 + name: traceport + protocol: TCP + env: + - name: DD_API_KEY + valueFrom: + secretKeyRef: + name: "datadog-secret" + key: api-key + - name: DD_REMOTE_CONFIGURATION_ENABLED + value: "true" + - name: DD_AUTH_TOKEN_FILE_PATH + value: /etc/datadog-agent/auth/token + + - name: KUBERNETES + value: "yes" + - name: DD_KUBERNETES_KUBELET_HOST + valueFrom: + fieldRef: + fieldPath: status.hostIP + - name: DD_OTLP_CONFIG_LOGS_ENABLED + value: "false" + + - name: DD_CLUSTER_AGENT_ENABLED + value: "true" + - name: DD_CLUSTER_AGENT_KUBERNETES_SERVICE_NAME + value: datadog-cluster-agent + - name: DD_CLUSTER_AGENT_AUTH_TOKEN + valueFrom: + secretKeyRef: + name: datadog-cluster-agent + key: token + + - name: DD_LOG_LEVEL + value: "INFO" + - name: DD_APM_ENABLED + value: "true" + - name: DD_APM_NON_LOCAL_TRAFFIC + value: "true" + - name: DD_APM_RECEIVER_PORT + value: "8126" + - name: DD_APM_RECEIVER_SOCKET + value: "/var/run/datadog/apm.socket" + - name: DD_DOGSTATSD_SOCKET + value: "/var/run/datadog/dsd.socket" + - name: DD_INSTRUMENTATION_INSTALL_TIME + valueFrom: + configMapKeyRef: + name: datadog-kpi-telemetry-configmap + key: install_time + - name: DD_INSTRUMENTATION_INSTALL_ID + valueFrom: + configMapKeyRef: + name: datadog-kpi-telemetry-configmap + key: install_id + - name: DD_INSTRUMENTATION_INSTALL_TYPE + valueFrom: + configMapKeyRef: + name: datadog-kpi-telemetry-configmap + key: install_type + volumeMounts: + - name: config + mountPath: /etc/datadog-agent + readOnly: true + - name: logdatadog + mountPath: /var/log/datadog + readOnly: false # Need RW to write logs + - name: auth-token + mountPath: /etc/datadog-agent/auth + readOnly: true + - name: procdir + mountPath: /host/proc + mountPropagation: None + readOnly: true + - name: cgroups + mountPath: /host/sys/fs/cgroup + mountPropagation: None + readOnly: true + - name: tmpdir + mountPath: /tmp + readOnly: false # Need RW for tmp directory + - name: dsdsocket + mountPath: /var/run/datadog + readOnly: false # Need RW for UDS DSD socket + + - name: runtimesocketdir + mountPath: /host/var/run + mountPropagation: None + readOnly: true + + livenessProbe: + initialDelaySeconds: 15 + periodSeconds: 15 + tcpSocket: + port: 8126 + timeoutSeconds: 5 + - name: process-agent + image: "gcr.io/datadoghq/agent:7.51.0" + imagePullPolicy: IfNotPresent + command: ["process-agent", "--cfgpath=/etc/datadog-agent/datadog.yaml"] + resources: + {} + env: + - name: DD_API_KEY + valueFrom: + secretKeyRef: + name: "datadog-secret" + key: api-key + - name: DD_REMOTE_CONFIGURATION_ENABLED + value: "true" + - name: DD_AUTH_TOKEN_FILE_PATH + value: /etc/datadog-agent/auth/token + + - name: KUBERNETES + value: "yes" + - name: DD_KUBERNETES_KUBELET_HOST + valueFrom: + fieldRef: + fieldPath: status.hostIP + - name: DD_OTLP_CONFIG_LOGS_ENABLED + value: "false" + + - name: DD_CLUSTER_AGENT_ENABLED + value: "true" + - name: DD_CLUSTER_AGENT_KUBERNETES_SERVICE_NAME + value: datadog-cluster-agent + - name: DD_CLUSTER_AGENT_AUTH_TOKEN + valueFrom: + secretKeyRef: + name: datadog-cluster-agent + key: token + + - name: DD_PROCESS_AGENT_DISCOVERY_ENABLED + value: "true" + - name: DD_LOG_LEVEL + value: "INFO" + - name: DD_SYSTEM_PROBE_ENABLED + value: "false" + - name: DD_DOGSTATSD_SOCKET + value: "/var/run/datadog/dsd.socket" + - name: DD_ORCHESTRATOR_EXPLORER_ENABLED + value: "true" + volumeMounts: + - name: config + mountPath: /etc/datadog-agent + readOnly: true + - name: logdatadog + mountPath: /var/log/datadog + readOnly: false # Need RW to write logs + - name: auth-token + mountPath: /etc/datadog-agent/auth + readOnly: true + - name: dsdsocket + mountPath: /var/run/datadog + readOnly: false # Need RW for UDS DSD socket + - name: tmpdir + mountPath: /tmp + readOnly: false # Need RW to write to tmp directory + + - name: os-release-file + mountPath: /host/etc/os-release + readOnly: true + + - name: runtimesocketdir + mountPath: /host/var/run + mountPropagation: None + readOnly: true + + - name: cgroups + mountPath: /host/sys/fs/cgroup + mountPropagation: None + readOnly: true + - name: passwd + mountPath: /etc/passwd + readOnly: true + - name: procdir + mountPath: /host/proc + mountPropagation: None + readOnly: true + initContainers: + + - name: init-volume + + image: "gcr.io/datadoghq/agent:7.51.0" + imagePullPolicy: IfNotPresent + command: ["bash", "-c"] + args: + - cp -r /etc/datadog-agent /opt + volumeMounts: + - name: config + mountPath: /opt/datadog-agent + readOnly: false # Need RW for config path + resources: + {} + - name: init-config + + image: "gcr.io/datadoghq/agent:7.51.0" + imagePullPolicy: IfNotPresent + command: + - bash + - -c + args: + - for script in $(find /etc/cont-init.d/ -type f -name '*.sh' | sort) ; do bash $script ; done + volumeMounts: + - name: logdatadog + mountPath: /var/log/datadog + readOnly: false # Need RW to write logs + - name: config + mountPath: /etc/datadog-agent + readOnly: false # Need RW for config path + - name: procdir + mountPath: /host/proc + mountPropagation: None + readOnly: true + + - name: runtimesocketdir + mountPath: /host/var/run + mountPropagation: None + readOnly: true + env: + - name: DD_API_KEY + valueFrom: + secretKeyRef: + name: "datadog-secret" + key: api-key + - name: DD_REMOTE_CONFIGURATION_ENABLED + value: "true" + - name: DD_AUTH_TOKEN_FILE_PATH + value: /etc/datadog-agent/auth/token + + - name: KUBERNETES + value: "yes" + - name: DD_KUBERNETES_KUBELET_HOST + valueFrom: + fieldRef: + fieldPath: status.hostIP + - name: DD_OTLP_CONFIG_LOGS_ENABLED + value: "false" + + resources: + {} + volumes: + - name: auth-token + emptyDir: {} + - name: installinfo + configMap: + name: datadog-installinfo + - name: config + emptyDir: {} + + - name: logdatadog + emptyDir: {} + - name: tmpdir + emptyDir: {} + - hostPath: + path: /proc + name: procdir + - hostPath: + path: /sys/fs/cgroup + name: cgroups + - hostPath: + path: /etc/os-release + name: os-release-file + - hostPath: + path: /var/run/datadog/ + type: DirectoryOrCreate + name: dsdsocket + - hostPath: + path: /var/run/datadog/ + type: DirectoryOrCreate + name: apmsocket + - name: s6-run + emptyDir: {} + - hostPath: + path: /etc/passwd + name: passwd + - hostPath: + path: /var/run + name: runtimesocketdir + tolerations: + affinity: + {} + serviceAccountName: "datadog" + automountServiceAccountToken: true + nodeSelector: + kubernetes.io/os: linux + updateStrategy: + rollingUpdate: + maxUnavailable: 10% + type: RollingUpdate +--- +# Source: datadog/templates/agent-clusterchecks-deployment.yaml +apiVersion: apps/v1 +kind: Deployment +metadata: + name: datadog-clusterchecks + namespace: datadog-agent + labels: + helm.sh/chart: 'datadog-3.58.2' + app.kubernetes.io/name: "datadog" + app.kubernetes.io/instance: "datadog" + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/version: "7" + app.kubernetes.io/component: clusterchecks-agent + +spec: + replicas: 2 + revisionHistoryLimit: 10 + strategy: + rollingUpdate: + maxSurge: 1 + maxUnavailable: 0 + type: RollingUpdate + selector: + matchLabels: + app: datadog-clusterchecks + template: + metadata: + labels: + app.kubernetes.io/name: "datadog" + app.kubernetes.io/instance: "datadog" + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/component: clusterchecks-agent + admission.datadoghq.com/enabled: "false" + app: datadog-clusterchecks + + name: datadog-clusterchecks + annotations: + checksum/clusteragent_token: d56cd35d2ed589e9817382c6d02cf18a1d24772863e156f83e78a038ee24b51d + checksum/install_info: 3c5d7a2732f453d72b241f37b74f59319bcbf51e387a8fc35dc47bc4a1a7a390 + spec: + serviceAccountName: datadog-cluster-checks + automountServiceAccountToken: true + imagePullSecrets: + [] + initContainers: + - name: init-volume + image: "gcr.io/datadoghq/agent:7.51.0" + imagePullPolicy: IfNotPresent + command: ["bash", "-c"] + args: + - cp -r /etc/datadog-agent /opt + volumeMounts: + - name: config + mountPath: /opt/datadog-agent + readOnly: false # Need RW for writing agent config files + resources: + {} + - name: init-config + image: "gcr.io/datadoghq/agent:7.51.0" + imagePullPolicy: IfNotPresent + command: ["bash", "-c"] + args: + - for script in $(find /etc/cont-init.d/ -type f -name '*.sh' | sort) ; do bash $script ; done + volumeMounts: + - name: config + mountPath: /etc/datadog-agent + readOnly: false # Need RW for writing datadog.yaml config file + resources: + {} + containers: + - name: agent + image: "gcr.io/datadoghq/agent:7.51.0" + command: ["bash", "-c"] + args: + - rm -rf /etc/datadog-agent/conf.d && touch /etc/datadog-agent/datadog.yaml && exec agent run + imagePullPolicy: IfNotPresent + env: + - name: DD_API_KEY + valueFrom: + secretKeyRef: + name: "datadog-secret" + key: api-key + - name: KUBERNETES + value: "yes" + - name: DD_LOG_LEVEL + value: "INFO" + - name: DD_EXTRA_CONFIG_PROVIDERS + value: "clusterchecks" + - name: DD_HEALTH_PORT + value: "5557" + # Cluster checks (cluster-agent communication) + - name: DD_CLUSTER_AGENT_ENABLED + value: "true" + - name: DD_CLUSTER_AGENT_KUBERNETES_SERVICE_NAME + value: datadog-cluster-agent + - name: DD_CLUSTER_AGENT_AUTH_TOKEN + valueFrom: + secretKeyRef: + name: datadog-cluster-agent + key: token + # Safely run alongside the daemonset + - name: DD_ENABLE_METADATA_COLLECTION + value: "false" + # Expose CLC stats + - name: DD_CLC_RUNNER_ENABLED + value: "true" + - name: DD_CLC_RUNNER_HOST + valueFrom: + fieldRef: + fieldPath: status.podIP + - name: DD_CLC_RUNNER_ID + valueFrom: + fieldRef: + fieldPath: metadata.name + # Remove unused features + - name: DD_USE_DOGSTATSD + value: "false" + - name: DD_PROCESS_AGENT_ENABLED + value: "false" + - name: DD_LOGS_ENABLED + value: "false" + - name: DD_APM_ENABLED + value: "false" + - name: DD_REMOTE_CONFIGURATION_ENABLED + value: "false" + - name: DD_HOSTNAME + valueFrom: + fieldRef: + fieldPath: spec.nodeName + + + resources: + {} + volumeMounts: + - name: installinfo + subPath: install_info + mountPath: /etc/datadog-agent/install_info + readOnly: true + - name: config + mountPath: /etc/datadog-agent + readOnly: false # Need RW for config path + livenessProbe: + failureThreshold: 6 + httpGet: + path: /live + port: 5557 + scheme: HTTP + initialDelaySeconds: 15 + periodSeconds: 15 + successThreshold: 1 + timeoutSeconds: 5 + readinessProbe: + failureThreshold: 6 + httpGet: + path: /ready + port: 5557 + scheme: HTTP + initialDelaySeconds: 15 + periodSeconds: 15 + successThreshold: 1 + timeoutSeconds: 5 + volumes: + - name: installinfo + configMap: + name: datadog-installinfo + - name: config + emptyDir: {} + affinity: + # Prefer scheduling the runners on different nodes if possible + # for better checks stability in case of node failure. + podAntiAffinity: + preferredDuringSchedulingIgnoredDuringExecution: + - weight: 50 + podAffinityTerm: + labelSelector: + matchLabels: + app: datadog-clusterchecks + topologyKey: kubernetes.io/hostname + nodeSelector: + kubernetes.io/os: linux +--- +# Source: datadog/templates/cluster-agent-deployment.yaml +apiVersion: apps/v1 +kind: Deployment +metadata: + name: datadog-cluster-agent + namespace: datadog-agent + labels: + helm.sh/chart: 'datadog-3.58.2' + app.kubernetes.io/name: "datadog" + app.kubernetes.io/instance: "datadog" + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/version: "7" + app.kubernetes.io/component: cluster-agent + +spec: + replicas: 1 + revisionHistoryLimit: 10 + strategy: + rollingUpdate: + maxSurge: 1 + maxUnavailable: 0 + type: RollingUpdate + selector: + matchLabels: + app: datadog-cluster-agent + template: + metadata: + labels: + app.kubernetes.io/name: "datadog" + app.kubernetes.io/instance: "datadog" + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/component: cluster-agent + admission.datadoghq.com/enabled: "false" + app: datadog-cluster-agent + + name: datadog-cluster-agent + annotations: + checksum/clusteragent_token: 9f86485d7f07627ccbd29f3ad3996ceb1fa57403f055c1b15e7c6919f944a2c1 + checksum/clusteragent-configmap: 4bd988547c8c6cc1f177d466bee234b3d51f96bd8f1177244bd0cca5cdea8082 + checksum/install_info: 3c5d7a2732f453d72b241f37b74f59319bcbf51e387a8fc35dc47bc4a1a7a390 + spec: + serviceAccountName: datadog-cluster-agent + automountServiceAccountToken: true + initContainers: + - name: init-volume + image: "gcr.io/datadoghq/cluster-agent:7.51.0" + imagePullPolicy: IfNotPresent + command: + - cp + - -r + args: + - /etc/datadog-agent + - /opt + volumeMounts: + - name: config + mountPath: /opt/datadog-agent + containers: + - name: cluster-agent + image: "gcr.io/datadoghq/cluster-agent:7.51.0" + imagePullPolicy: IfNotPresent + resources: + {} + ports: + - containerPort: 5005 + name: agentport + protocol: TCP + - containerPort: 5000 + name: agentmetrics + protocol: TCP + - containerPort: 8000 + name: datadog-webhook + protocol: TCP + env: + - name: DD_POD_NAME + valueFrom: + fieldRef: + fieldPath: metadata.name + - name: DD_HEALTH_PORT + value: "5556" + - name: DD_API_KEY + valueFrom: + secretKeyRef: + name: "datadog-secret" + key: api-key + optional: true + + - name: KUBERNETES + value: "yes" + - name: DD_ADMISSION_CONTROLLER_ENABLED + value: "true" + - name: DD_ADMISSION_CONTROLLER_WEBHOOK_NAME + value: "datadog-webhook" + - name: DD_ADMISSION_CONTROLLER_MUTATE_UNLABELLED + value: "false" + - name: DD_ADMISSION_CONTROLLER_SERVICE_NAME + value: datadog-cluster-agent-admission-controller + - name: DD_ADMISSION_CONTROLLER_INJECT_CONFIG_MODE + value: socket + - name: DD_ADMISSION_CONTROLLER_INJECT_CONFIG_LOCAL_SERVICE_NAME + value: datadog + - name: DD_ADMISSION_CONTROLLER_FAILURE_POLICY + value: "Ignore" + - name: DD_ADMISSION_CONTROLLER_PORT + value: "8000" + + + - name: DD_REMOTE_CONFIGURATION_ENABLED + value: "false" + - name: DD_CLUSTER_CHECKS_ENABLED + value: "true" + - name: DD_EXTRA_CONFIG_PROVIDERS + value: "kube_endpoints kube_services" + - name: DD_EXTRA_LISTENERS + value: "kube_endpoints kube_services" + - name: DD_LOG_LEVEL + value: "INFO" + - name: DD_LEADER_ELECTION + value: "true" + - name: DD_LEADER_ELECTION_DEFAULT_RESOURCE + value: "configmap" + - name: DD_LEADER_LEASE_DURATION + value: "15" + - name: DD_LEADER_LEASE_NAME + value: datadog-leader-election + - name: DD_CLUSTER_AGENT_TOKEN_NAME + value: datadogtoken + - name: DD_COLLECT_KUBERNETES_EVENTS + value: "true" + - name: DD_CLUSTER_AGENT_KUBERNETES_SERVICE_NAME + value: datadog-cluster-agent + - name: DD_CLUSTER_AGENT_AUTH_TOKEN + valueFrom: + secretKeyRef: + name: datadog-cluster-agent + key: token + - name: DD_CLUSTER_AGENT_COLLECT_KUBERNETES_TAGS + value: "false" + - name: DD_KUBE_RESOURCES_NAMESPACE + value: datadog-agent + - name: CHART_RELEASE_NAME + value: "datadog" + - name: AGENT_DAEMONSET + value: datadog + - name: CLUSTER_AGENT_DEPLOYMENT + value: datadog-cluster-agent + - name: DD_ORCHESTRATOR_EXPLORER_ENABLED + value: "true" + - name: DD_ORCHESTRATOR_EXPLORER_CONTAINER_SCRUBBING_ENABLED + value: "true" + - name: DD_INSTRUMENTATION_INSTALL_TIME + valueFrom: + configMapKeyRef: + name: datadog-kpi-telemetry-configmap + key: install_time + - name: DD_INSTRUMENTATION_INSTALL_ID + valueFrom: + configMapKeyRef: + name: datadog-kpi-telemetry-configmap + key: install_id + - name: DD_INSTRUMENTATION_INSTALL_TYPE + valueFrom: + configMapKeyRef: + name: datadog-kpi-telemetry-configmap + key: install_type + + livenessProbe: + failureThreshold: 6 + httpGet: + path: /live + port: 5556 + scheme: HTTP + initialDelaySeconds: 15 + periodSeconds: 15 + successThreshold: 1 + timeoutSeconds: 5 + readinessProbe: + failureThreshold: 6 + httpGet: + path: /ready + port: 5556 + scheme: HTTP + initialDelaySeconds: 15 + periodSeconds: 15 + successThreshold: 1 + timeoutSeconds: 5 + securityContext: + allowPrivilegeEscalation: false + readOnlyRootFilesystem: true + volumeMounts: + - name: datadogrun + mountPath: /opt/datadog-agent/run + readOnly: false + - name: varlog + mountPath: /var/log/datadog + readOnly: false + - name: tmpdir + mountPath: /tmp + readOnly: false + - name: installinfo + subPath: install_info + mountPath: /etc/datadog-agent/install_info + readOnly: true + - name: confd + mountPath: /conf.d + readOnly: true + - name: config + mountPath: /etc/datadog-agent + volumes: + - name: datadogrun + emptyDir: {} + - name: varlog + emptyDir: {} + - name: tmpdir + emptyDir: {} + - name: installinfo + configMap: + name: datadog-installinfo + - name: confd + configMap: + name: datadog-cluster-agent-confd + items: + - key: kubernetes_state_core.yaml.default + path: kubernetes_state_core.yaml.default + - name: config + emptyDir: {} + affinity: + # Prefer scheduling the cluster agents on different nodes + # to guarantee that the standby instance can immediately take the lead from a leader running of a faulty node. + podAntiAffinity: + preferredDuringSchedulingIgnoredDuringExecution: + - weight: 50 + podAffinityTerm: + labelSelector: + matchLabels: + app: datadog-cluster-agent + topologyKey: kubernetes.io/hostname + nodeSelector: + kubernetes.io/os: linux \ No newline at end of file diff --git a/test/datadog/baseline_test.go b/test/datadog/baseline_test.go new file mode 100644 index 000000000..8118d5128 --- /dev/null +++ b/test/datadog/baseline_test.go @@ -0,0 +1,195 @@ +package datadog + +import ( + "bufio" + "io" + "strings" + "testing" + + "github.com/DataDog/helm-charts/test/common" + "github.com/google/go-cmp/cmp" + "github.com/google/go-cmp/cmp/cmpopts" + "github.com/stretchr/testify/assert" + "github.com/stretchr/testify/require" + appsv1 "k8s.io/api/apps/v1" + corev1 "k8s.io/api/core/v1" + "k8s.io/apimachinery/pkg/util/yaml" +) + +func Test_baseline_manifests(t *testing.T) { + tests := []struct { + name string + command common.HelmCommand + baselineManifestPath string + assertions func(t *testing.T, baselineManifestPath, manifest string) + }{ + { + name: "Daemonset default", + command: common.HelmCommand{ + ReleaseName: "datadog", + ChartPath: "../../charts/datadog", + ShowOnly: []string{"templates/daemonset.yaml"}, + Values: []string{"../../charts/datadog/values.yaml"}, + Overrides: map[string]string{ + "datadog.apiKeyExistingSecret": "datadog-secret", + "datadog.appKeyExistingSecret": "datadog-secret", + }, + }, + baselineManifestPath: "./baseline/daemonset_default.yaml", + assertions: verifyDaemonset, + }, + { + name: "DCA Deployment default", + command: common.HelmCommand{ + ReleaseName: "datadog", + ChartPath: "../../charts/datadog", + ShowOnly: []string{"templates/cluster-agent-deployment.yaml"}, + Values: []string{"../../charts/datadog/values.yaml"}, + Overrides: map[string]string{}, + }, + baselineManifestPath: "./baseline/cluster-agent-deployment_default.yaml", + assertions: verifyDeployment, + }, + { + name: "DCA Deployment default with minimal AC sidecar injection", + command: common.HelmCommand{ + ReleaseName: "datadog", + ChartPath: "../../charts/datadog", + ShowOnly: []string{"templates/cluster-agent-deployment.yaml"}, + Values: []string{"../../charts/datadog/values.yaml", + "./manifests/dca_AC_sidecar_fargateMinimal.yaml"}, + Overrides: map[string]string{}, + }, + baselineManifestPath: "./baseline/cluster-agent-deployment_default_minimal_AC_injection.yaml", + assertions: verifyDeployment, + }, + { + name: "DCA Deployment default with advanced AC sidecar injection", + command: common.HelmCommand{ + ReleaseName: "datadog", + ChartPath: "../../charts/datadog", + ShowOnly: []string{"templates/cluster-agent-deployment.yaml"}, + Values: []string{"../../charts/datadog/values.yaml", + "./manifests/dca_AC_sidecar_advanced.yaml"}, + Overrides: map[string]string{}, + }, + baselineManifestPath: "./baseline/cluster-agent-deployment_default_advanced_AC_injection.yaml", + assertions: verifyDeployment, + }, + { + name: "CLC Deployment default", + command: common.HelmCommand{ + ReleaseName: "datadog", + ChartPath: "../../charts/datadog", + ShowOnly: []string{"templates/agent-clusterchecks-deployment.yaml"}, + Values: []string{"../../charts/datadog/values.yaml"}, + Overrides: map[string]string{ + "datadog.apiKeyExistingSecret": "datadog-secret", + "datadog.appKeyExistingSecret": "datadog-secret", + "datadog.kubeStateMetricsCore.useClusterCheckRunners": "true", + "datadog.clusterChecks.enabled": "true", + "clusterChecksRunner.enabled": "true", + }}, + baselineManifestPath: "./baseline/agent-clusterchecks-deployment_default.yaml", + assertions: verifyDeployment, + }, + { + name: "Other resources, skips Deployment, DaemonSet, Secret; creates PDBs", + command: common.HelmCommand{ + ReleaseName: "datadog", + ChartPath: "../../charts/datadog", + ShowOnly: []string{}, + Values: []string{"../../charts/datadog/values.yaml"}, + Overrides: map[string]string{ + "datadog.apiKeyExistingSecret": "datadog-secret", + "datadog.appKeyExistingSecret": "datadog-secret", + "datadog.kubeStateMetricsCore.useClusterCheckRunners": "true", + "datadog.clusterChecks.enabled": "true", + "clusterChecksRunner.enabled": "true", + // Create PDB for DCA and CLC + "clusterAgent.createPodDisruptionBudget": "true", + "clusterChecksRunner.createPodDisruptionBudget": "true", + }}, + baselineManifestPath: "./baseline/other_default.yaml", + assertions: verifyUntypedResources, + }, + } + + for _, tt := range tests { + t.Run(tt.name, func(t *testing.T) { + manifest, err := common.RenderChart(t, tt.command) + assert.Nil(t, err, "couldn't render template") + t.Log("update baselines", common.UpdateBaselines) + if common.UpdateBaselines { + common.WriteToFile(t, tt.baselineManifestPath, manifest) + } + tt.assertions(t, tt.baselineManifestPath, manifest) + }) + } +} + +func verifyDaemonset(t *testing.T, baselineManifestPath, manifest string) { + verifyBaseline(t, baselineManifestPath, manifest, appsv1.DaemonSet{}, appsv1.DaemonSet{}) +} + +func verifyDeployment(t *testing.T, baselineManifestPath, manifest string) { + verifyBaseline(t, baselineManifestPath, manifest, appsv1.Deployment{}, appsv1.Deployment{}) +} + +func verifyBaseline[T any](t *testing.T, baselineManifestPath, manifest string, baseline, actual T) { + common.Unmarshal(t, manifest, &actual) + common.LoadFromFile(t, baselineManifestPath, &baseline) + + // Exclude + // - "helm.sh/chart" label + // - checksum annotations + // - Image + // to avoid frequent baseline update and CI failures. + ops := make(cmp.Options, 0) + ops = append(ops, cmpopts.IgnoreMapEntries(func(k, v string) bool { + return k == "helm.sh/chart" || k == "checksum/clusteragent_token" || strings.Contains(k, "checksum") + })) + ops = append(ops, cmpopts.IgnoreFields(corev1.Container{}, "Image")) + + assert.True(t, cmp.Equal(baseline, actual, ops), cmp.Diff(baseline, actual)) +} + +func verifyUntypedResources(t *testing.T, baselineManifestPath, actual string) { + baselineManifest := common.ReadFile(t, baselineManifestPath) + + rB := bufio.NewReader(strings.NewReader(baselineManifest)) + baselineReader := yaml.NewYAMLReader(rB) + rA := bufio.NewReader(strings.NewReader(actual)) + expectedReader := yaml.NewYAMLReader(rA) + + for { + baselineResource, errB := baselineReader.Read() + actualResource, errA := expectedReader.Read() + if errB == io.EOF || errA == io.EOF { + break + } + require.NoError(t, errB, "couldn't read resource from manifest", baselineManifest) + require.NoError(t, errA, "couldn't read resource from manifest", actual) + + // unmarshal as map since this can be any resource + var expected, actual map[string]interface{} + yaml.Unmarshal(baselineResource, &expected) + yaml.Unmarshal(actualResource, &actual) + + assert.Equal(t, expected["kind"], actual["kind"]) + kind := expected["kind"] + if kind == "Deployment" || kind == "DaemonSet" || kind == "Secret" { + continue + } + + ops := make(cmp.Options, 0) + ops = append(ops, cmpopts.IgnoreMapEntries(func(k string, v any) bool { + // skip these as these change frequently + t.Log(k, v) + return k == "helm.sh/chart" || k == "token" || strings.Contains(k, "checksum") || + k == "Image" || k == "install_id" || k == "install_time" + })) + + assert.True(t, cmp.Equal(expected, actual, ops), cmp.Diff(expected, actual)) + } +} diff --git a/test/datadog/dca_AC_sidecar_test.go b/test/datadog/dca_AC_sidecar_test.go new file mode 100644 index 000000000..91fda3b03 --- /dev/null +++ b/test/datadog/dca_AC_sidecar_test.go @@ -0,0 +1,162 @@ +package datadog + +import ( + "encoding/json" + "testing" + + "github.com/DataDog/helm-charts/test/common" + "github.com/stretchr/testify/assert" + appsv1 "k8s.io/api/apps/v1" + corev1 "k8s.io/api/core/v1" + metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" +) + +const ( + DDSidecarEnabled = "DD_ADMISSION_CONTROLLER_AGENT_SIDECAR_ENABLED" + DDSidecarClusterAgentEnabled = "DD_ADMISSION_CONTROLLER_AGENT_SIDECAR_CLUSTER_AGENT_ENABLED" + DDSidecarProvider = "DD_ADMISSION_CONTROLLER_AGENT_SIDECAR_PROVIDER" + DDSidecarRegistry = "DD_ADMISSION_CONTROLLER_AGENT_SIDECAR_CONTAINER_REGISTRY" + DDSidecarImageName = "DD_ADMISSION_CONTROLLER_AGENT_SIDECAR_IMAGE_NAME" + DDSidecarImageTag = "DD_ADMISSION_CONTROLLER_AGENT_SIDECAR_IMAGE_TAG" + DDSidecarSelectors = "DD_ADMISSION_CONTROLLER_AGENT_SIDECAR_SELECTORS" + DDSidecarProfiles = "DD_ADMISSION_CONTROLLER_AGENT_SIDECAR_PROFILES" +) + +func Test_admissionControllerConfig(t *testing.T) { + tests := []struct { + name string + command common.HelmCommand + assertions func(t *testing.T, manifest string) + }{ + { + name: "AC sidecar injection, minimal Fargate config", + command: common.HelmCommand{ + ReleaseName: "datadog", + ChartPath: "../../charts/datadog", + ShowOnly: []string{"templates/cluster-agent-deployment.yaml"}, + Values: []string{"../../charts/datadog/values.yaml", + "./manifests/dca_AC_sidecar_fargateMinimal.yaml"}, + Overrides: map[string]string{ + // "clusterAgent.admissionController.enabled": "true", + // "clusterAgent.admissionController.agentSidecarInjection.enabled": "true", + }, + }, + assertions: verifyDeploymentFargateMinimal, + }, + { + name: "AC sidecar injection, advanced config", + command: common.HelmCommand{ + ReleaseName: "datadog", + ChartPath: "../../charts/datadog", + ShowOnly: []string{"templates/cluster-agent-deployment.yaml"}, + Values: []string{"../../charts/datadog/values.yaml", + "./manifests/dca_AC_sidecar_advanced.yaml"}, + Overrides: map[string]string{}, + }, + assertions: verifyDeploymentAdvancedConfig, + }, + } + + for _, tt := range tests { + t.Run(tt.name, func(t *testing.T) { + manifest, err := common.RenderChart(t, tt.command) + assert.Nil(t, err, "couldn't render template") + tt.assertions(t, manifest) + }) + } +} + +// V1 structs are for the current scope +type Selector struct { + ObjectSelector metav1.LabelSelector `json:"objectSelector,omitempty"` + NamespaceSelector metav1.LabelSelector `json:"namespaceSelector,omitempty"` +} + +type ProfileOverride struct { + EnvVars []corev1.EnvVar `json:"env,omitempty"` + ResourceRequirements corev1.ResourceRequirements `json:"resources,omitempty"` +} + +func verifyDeploymentFargateMinimal(t *testing.T, manifest string) { + var deployment appsv1.Deployment + common.Unmarshal(t, manifest, &deployment) + dcaContainer := deployment.Spec.Template.Spec.Containers[0] + + acConfigEnv := selectEnvVars(dcaContainer.Env) + + assert.Equal(t, "true", acConfigEnv[DDSidecarEnabled]) + assert.Equal(t, "true", acConfigEnv[DDSidecarClusterAgentEnabled]) + assert.Equal(t, "fargate", acConfigEnv[DDSidecarProvider]) + // Default will be set by DCA + assert.Empty(t, acConfigEnv[DDSidecarRegistry]) + assert.Equal(t, "agent", acConfigEnv[DDSidecarImageName]) + assert.Equal(t, "7.51.0", acConfigEnv[DDSidecarImageTag]) + assert.Empty(t, acConfigEnv[DDSidecarSelectors]) + assert.Empty(t, acConfigEnv[DDSidecarProfiles]) +} + +func verifyDeploymentAdvancedConfig(t *testing.T, manifest string) { + var deployment appsv1.Deployment + common.Unmarshal(t, manifest, &deployment) + dcaContainer := deployment.Spec.Template.Spec.Containers[0] + + acConfigEnv := selectEnvVars(dcaContainer.Env) + + assert.Equal(t, "true", acConfigEnv[DDSidecarEnabled]) + assert.Equal(t, "false", acConfigEnv[DDSidecarClusterAgentEnabled]) + assert.Empty(t, acConfigEnv[DDSidecarProvider]) + assert.Equal(t, "gcr.io/datadoghq", acConfigEnv[DDSidecarRegistry]) + assert.Equal(t, "agent", acConfigEnv[DDSidecarImageName]) + assert.Equal(t, "7.52.0", acConfigEnv[DDSidecarImageTag]) + assert.NotEmpty(t, acConfigEnv[DDSidecarSelectors]) + assert.NotEmpty(t, acConfigEnv[DDSidecarProfiles]) + + selectorsAsString := acConfigEnv[DDSidecarSelectors] + profilesAsString := acConfigEnv[DDSidecarProfiles] + + var selectors []Selector + err := json.Unmarshal([]byte(selectorsAsString), &selectors) + assert.Nil(t, err) + selector := selectors[0] + assert.Equal(t, "nodeless", selector.ObjectSelector.MatchLabels["runsOn"]) + assert.Equal(t, "nginx", selector.ObjectSelector.MatchLabels["app"]) + assert.Equal(t, "true", selector.NamespaceSelector.MatchLabels["agentSidecars"]) + + var profiles []ProfileOverride + err = json.Unmarshal([]byte(profilesAsString), &profiles) + assert.Nil(t, err) + profile := profiles[0] + assert.Equal(t, "DD_ORCHESTRATOR_EXPLORER_ENABLED", profile.EnvVars[0].Name) + assert.Equal(t, "false", profile.EnvVars[0].Value) + assert.Equal(t, "DD_TAGS", profile.EnvVars[1].Name) + // Agent expects space-separated pairs + assert.Equal(t, "key1:value1 key2:value2", profile.EnvVars[1].Value) + assert.Equal(t, "1", profile.ResourceRequirements.Requests.Cpu().String()) + assert.Equal(t, "512Mi", profile.ResourceRequirements.Requests.Memory().String()) + assert.Equal(t, "2", profile.ResourceRequirements.Limits.Cpu().String()) + assert.Equal(t, "1Gi", profile.ResourceRequirements.Limits.Memory().String()) +} + +func selectEnvVars(envVars []corev1.EnvVar) map[string]string { + acConfoigNames := []string{ + DDSidecarEnabled, + DDSidecarClusterAgentEnabled, + DDSidecarProvider, + DDSidecarRegistry, + DDSidecarImageName, + DDSidecarImageTag, + DDSidecarSelectors, + DDSidecarProfiles, + } + + selection := map[string]string{} + + for _, envVar := range envVars { + for _, name := range acConfoigNames { + if envVar.Name == name { + selection[name] = envVar.Value + } + } + } + return selection +} diff --git a/test/datadog/manifests/dca_AC_sidecar_advanced.yaml b/test/datadog/manifests/dca_AC_sidecar_advanced.yaml new file mode 100644 index 000000000..10404420b --- /dev/null +++ b/test/datadog/manifests/dca_AC_sidecar_advanced.yaml @@ -0,0 +1,31 @@ +clusterAgent: + enabled: true + admissionController: + enabled: true + agentSidecarInjection: + enabled: true + clusterAgentCommunicationEnabled: false + containerRegistry: gcr.io/datadoghq + imageName: agent + imageTag: 7.52.0 + selectors: + - objectSelector: + matchLabels: + "runsOn": nodeless + "app": nginx + namespaceSelector: + matchLabels: + agentSidecars: "true" + profiles: + - env: + - name: DD_ORCHESTRATOR_EXPLORER_ENABLED + value: "false" + - name: DD_TAGS + value: "key1:value1 key2:value2" + resources: + requests: + cpu: "1" + memory: "512Mi" + limits: + cpu: "2" + memory: "1024Mi" \ No newline at end of file diff --git a/test/datadog/manifests/dca_AC_sidecar_fargateMinimal.yaml b/test/datadog/manifests/dca_AC_sidecar_fargateMinimal.yaml new file mode 100644 index 000000000..9dbd3a20a --- /dev/null +++ b/test/datadog/manifests/dca_AC_sidecar_fargateMinimal.yaml @@ -0,0 +1,8 @@ +clusterAgent: + enabled: true + admissionController: + enabled: true + clusterAgentCommunicationEnabled: false + agentSidecarInjection: + enabled: true + provider: fargate diff --git a/test/datadog/testmain_test.go b/test/datadog/testmain_test.go new file mode 100644 index 000000000..8610597a8 --- /dev/null +++ b/test/datadog/testmain_test.go @@ -0,0 +1,13 @@ +package datadog + +import ( + "os" + "testing" + + "github.com/DataDog/helm-charts/test/common" +) + +func TestMain(m *testing.M) { + common.ParseArgs() + os.Exit(m.Run()) +} From 8efd7d0abfa539a42c3326229472653ca70bb4ce Mon Sep 17 00:00:00 2001 From: Vincent Boulineau <58430298+vboulineau@users.noreply.github.com> Date: Thu, 21 Mar 2024 18:58:41 +0100 Subject: [PATCH 026/209] Disable language detection reporting by default (#1353) --- charts/datadog/CHANGELOG.md | 4 ++++ charts/datadog/Chart.yaml | 2 +- charts/datadog/README.md | 2 +- charts/datadog/templates/_components-common-env.yaml | 3 +++ 4 files changed, 9 insertions(+), 2 deletions(-) diff --git a/charts/datadog/CHANGELOG.md b/charts/datadog/CHANGELOG.md index 4932323ff..b0010380d 100644 --- a/charts/datadog/CHANGELOG.md +++ b/charts/datadog/CHANGELOG.md @@ -1,5 +1,9 @@ # Datadog changelog +## 3.59.2 + +* Disable language detection reporting by default in Cluster Agent with Agent 7.52+. + ## 3.59.1 * Add support for configuring Agent sidecar injection using Admission Controller. diff --git a/charts/datadog/Chart.yaml b/charts/datadog/Chart.yaml index b5c5789de..c873e7476 100644 --- a/charts/datadog/Chart.yaml +++ b/charts/datadog/Chart.yaml @@ -1,6 +1,6 @@ apiVersion: v1 name: datadog -version: 3.59.1 +version: 3.59.2 appVersion: "7" description: Datadog Agent keywords: diff --git a/charts/datadog/README.md b/charts/datadog/README.md index 68efd72a5..a2f793cea 100644 --- a/charts/datadog/README.md +++ b/charts/datadog/README.md @@ -1,6 +1,6 @@ # Datadog -![Version: 3.59.1](https://img.shields.io/badge/Version-3.59.1-informational?style=flat-square) ![AppVersion: 7](https://img.shields.io/badge/AppVersion-7-informational?style=flat-square) +![Version: 3.59.2](https://img.shields.io/badge/Version-3.59.2-informational?style=flat-square) ![AppVersion: 7](https://img.shields.io/badge/AppVersion-7-informational?style=flat-square) [Datadog](https://www.datadoghq.com/) is a hosted infrastructure monitoring platform. This chart adds the Datadog Agent to all nodes in your cluster via a DaemonSet. It also optionally depends on the [kube-state-metrics chart](https://github.com/prometheus-community/helm-charts/tree/main/charts/kube-state-metrics). For more information about monitoring Kubernetes with Datadog, please refer to the [Datadog documentation website](https://docs.datadoghq.com/agent/basic_agent_usage/kubernetes/). diff --git a/charts/datadog/templates/_components-common-env.yaml b/charts/datadog/templates/_components-common-env.yaml index cfd5dc580..3c67bd01c 100644 --- a/charts/datadog/templates/_components-common-env.yaml +++ b/charts/datadog/templates/_components-common-env.yaml @@ -1,6 +1,9 @@ # The purpose of this template is to define a minimal set of environment # variables shared between components: agent, cluster-agent {{- define "components-common-env" -}} +# Workaround for issue in `7.52.0` default activating language detection +- name: DD_LANGUAGE_DETECTION_REPORTING_ENABLED + value: "false" {{- if .Values.datadog.secretBackend.command }} - name: DD_SECRET_BACKEND_COMMAND value: {{ .Values.datadog.secretBackend.command | quote }} From 2d46d28e6e598153793a475f3324343caf258395 Mon Sep 17 00:00:00 2001 From: Katia SHANG <59337250+SKYWy@users.noreply.github.com> Date: Tue, 26 Mar 2024 15:09:50 +0100 Subject: [PATCH 027/209] Update PL version to 1.46.0 (#1356) Signed-off-by: Katia SHANG --- charts/synthetics-private-location/CHANGELOG.md | 4 ++++ charts/synthetics-private-location/Chart.yaml | 4 ++-- charts/synthetics-private-location/README.md | 4 ++-- charts/synthetics-private-location/values.yaml | 2 +- 4 files changed, 9 insertions(+), 5 deletions(-) diff --git a/charts/synthetics-private-location/CHANGELOG.md b/charts/synthetics-private-location/CHANGELOG.md index dfc1852b8..08874938c 100644 --- a/charts/synthetics-private-location/CHANGELOG.md +++ b/charts/synthetics-private-location/CHANGELOG.md @@ -1,5 +1,9 @@ # Datadog changelog +## 0.15.28 + +* Update private location image version to `1.46.0`. + ## 0.15.27 * Update private location image version to `1.45.0`. diff --git a/charts/synthetics-private-location/Chart.yaml b/charts/synthetics-private-location/Chart.yaml index 28ae39435..0624190b8 100644 --- a/charts/synthetics-private-location/Chart.yaml +++ b/charts/synthetics-private-location/Chart.yaml @@ -1,7 +1,7 @@ apiVersion: v2 name: synthetics-private-location -version: 0.15.27 -appVersion: 1.45.0 +version: 0.15.28 +appVersion: 1.46.0 description: Datadog Synthetics Private Location keywords: - monitoring diff --git a/charts/synthetics-private-location/README.md b/charts/synthetics-private-location/README.md index 0fdcf183f..b27a9cbae 100644 --- a/charts/synthetics-private-location/README.md +++ b/charts/synthetics-private-location/README.md @@ -1,6 +1,6 @@ # Datadog Synthetics Private Location -![Version: 0.15.27](https://img.shields.io/badge/Version-0.15.27-informational?style=flat-square) ![AppVersion: 1.45.0](https://img.shields.io/badge/AppVersion-1.45.0-informational?style=flat-square) +![Version: 0.15.28](https://img.shields.io/badge/Version-0.15.28-informational?style=flat-square) ![AppVersion: 1.46.0](https://img.shields.io/badge/AppVersion-1.46.0-informational?style=flat-square) [Datadog](https://www.datadoghq.com/) is a hosted infrastructure monitoring platform. This chart adds a Datadog Synthetics Private Location Deployment. For more information about synthetics monitoring with Datadog, please refer to the [Datadog documentation website](https://docs.datadoghq.com/synthetics/private_locations). @@ -40,7 +40,7 @@ helm install datadog/synthetics-private-location --set-file confi | hostAliases | list | `[]` | Add entries to Datadog Synthetics Private Location PODs' /etc/hosts | | image.pullPolicy | string | `"IfNotPresent"` | Define the pullPolicy for Datadog Synthetics Private Location image | | image.repository | string | `"gcr.io/datadoghq/synthetics-private-location-worker"` | Repository to use for Datadog Synthetics Private Location image | -| image.tag | string | `"1.45.0"` | Define the Datadog Synthetics Private Location version to use | +| image.tag | string | `"1.46.0"` | Define the Datadog Synthetics Private Location version to use | | imagePullSecrets | list | `[]` | Datadog Synthetics Private Location repository pullSecret (ex: specify docker registry credentials) | | nameOverride | string | `""` | Override name of app | | nodeSelector | object | `{}` | Allows to schedule Datadog Synthetics Private Location on specific nodes | diff --git a/charts/synthetics-private-location/values.yaml b/charts/synthetics-private-location/values.yaml index cbc1b2869..48d0e8ca3 100644 --- a/charts/synthetics-private-location/values.yaml +++ b/charts/synthetics-private-location/values.yaml @@ -15,7 +15,7 @@ image: # image.pullPolicy -- Define the pullPolicy for Datadog Synthetics Private Location image pullPolicy: IfNotPresent # image.tag -- Define the Datadog Synthetics Private Location version to use - tag: 1.45.0 + tag: 1.46.0 # dnsPolicy -- DNS Policy to set to the Datadog Synthetics Private Location PODs dnsPolicy: ClusterFirst From 9cdfcd3665104e9a1169ffeaf1a36b1c38759696 Mon Sep 17 00:00:00 2001 From: Benoit Ruiz Date: Wed, 27 Mar 2024 14:02:49 +0100 Subject: [PATCH 028/209] [synthetics] Auto set env var when enableStatusProbes is true (#1354) * [synthetics] Auto set env var when enableStatusProbes is true * [synthetics] Add missing quotes --- .../synthetics-private-location/CHANGELOG.md | 4 ++++ charts/synthetics-private-location/Chart.yaml | 2 +- charts/synthetics-private-location/README.md | 2 +- .../templates/deployment.yaml | 18 ++++++++++++------ 4 files changed, 18 insertions(+), 8 deletions(-) diff --git a/charts/synthetics-private-location/CHANGELOG.md b/charts/synthetics-private-location/CHANGELOG.md index 08874938c..4a81e4e0d 100644 --- a/charts/synthetics-private-location/CHANGELOG.md +++ b/charts/synthetics-private-location/CHANGELOG.md @@ -1,5 +1,9 @@ # Datadog changelog +## 0.15.29 + +* Update Kubernetes deployment template to set `DATADOG_WORKER_ENABLE_STATUS_PROBES` environment variable when `enableStatusProbes` value is defined. + ## 0.15.28 * Update private location image version to `1.46.0`. diff --git a/charts/synthetics-private-location/Chart.yaml b/charts/synthetics-private-location/Chart.yaml index 0624190b8..56d140de5 100644 --- a/charts/synthetics-private-location/Chart.yaml +++ b/charts/synthetics-private-location/Chart.yaml @@ -1,6 +1,6 @@ apiVersion: v2 name: synthetics-private-location -version: 0.15.28 +version: 0.15.29 appVersion: 1.46.0 description: Datadog Synthetics Private Location keywords: diff --git a/charts/synthetics-private-location/README.md b/charts/synthetics-private-location/README.md index b27a9cbae..e5416c54d 100644 --- a/charts/synthetics-private-location/README.md +++ b/charts/synthetics-private-location/README.md @@ -1,6 +1,6 @@ # Datadog Synthetics Private Location -![Version: 0.15.28](https://img.shields.io/badge/Version-0.15.28-informational?style=flat-square) ![AppVersion: 1.46.0](https://img.shields.io/badge/AppVersion-1.46.0-informational?style=flat-square) +![Version: 0.15.29](https://img.shields.io/badge/Version-0.15.29-informational?style=flat-square) ![AppVersion: 1.46.0](https://img.shields.io/badge/AppVersion-1.46.0-informational?style=flat-square) [Datadog](https://www.datadoghq.com/) is a hosted infrastructure monitoring platform. This chart adds a Datadog Synthetics Private Location Deployment. For more information about synthetics monitoring with Datadog, please refer to the [Datadog documentation website](https://docs.datadoghq.com/synthetics/private_locations). diff --git a/charts/synthetics-private-location/templates/deployment.yaml b/charts/synthetics-private-location/templates/deployment.yaml index 0926e953c..99c0614a9 100644 --- a/charts/synthetics-private-location/templates/deployment.yaml +++ b/charts/synthetics-private-location/templates/deployment.yaml @@ -65,14 +65,20 @@ spec: {{- end }} resources: {{- toYaml .Values.resources | nindent 12 }} -{{- if .Values.envFrom }} + {{- if .Values.envFrom }} envFrom: -{{ toYaml .Values.envFrom | indent 12 }} -{{- end }} -{{- if .Values.env }} + {{ toYaml .Values.envFrom | indent 12 }} + {{- end }} + {{- if or (.Values.env) (.Values.enableStatusProbes) }} env: -{{ toYaml .Values.env | indent 12 }} -{{- end }} + {{- if .Values.enableStatusProbes }} + - name: DATADOG_WORKER_ENABLE_STATUS_PROBES + value: {{ .Values.enableStatusProbes | quote }} + {{- end }} + {{- if .Values.env }} + {{ toYaml .Values.env | indent 12 }} + {{- end }} + {{- end }} {{- with .Values.nodeSelector }} nodeSelector: {{- toYaml . | nindent 8 }} From 3edb1599d4243fccb73630c52a8a4e9a0f0139b0 Mon Sep 17 00:00:00 2001 From: khewonc <39867936+khewonc@users.noreply.github.com> Date: Wed, 27 Mar 2024 17:23:56 -0400 Subject: [PATCH 029/209] Add crds for operator 1.5.0 (#1359) --- charts/datadog-crds/CHANGELOG.md | 3 + charts/datadog-crds/Chart.yaml | 2 +- charts/datadog-crds/README.md | 3 +- ...datadoghq.com_datadogagentprofiles_v1.yaml | 116 ++++++++++ ...oghq.com_datadogagentprofiles_v1beta1.yaml | 117 ++++++++++ .../datadoghq.com_datadogagents_v1.yaml | 110 ++++++++++ .../datadoghq.com_datadogagents_v1beta1.yaml | 110 ++++++++++ .../datadoghq.com_datadogmonitors_v1.yaml | 3 + ...datadoghq.com_datadogmonitors_v1beta1.yaml | 3 + .../datadoghq.com_datadogslos_v1beta1.yaml | 206 ++++++++++++++++++ charts/datadog-crds/update-crds.sh | 3 + charts/datadog-crds/values.yaml | 2 + crds/datadoghq.com_datadogagentprofiles.yaml | 109 +++++++++ crds/datadoghq.com_datadogagents.yaml | 110 ++++++++++ crds/datadoghq.com_datadogmonitors.yaml | 3 + 15 files changed, 898 insertions(+), 2 deletions(-) create mode 100644 charts/datadog-crds/templates/datadoghq.com_datadogagentprofiles_v1.yaml create mode 100644 charts/datadog-crds/templates/datadoghq.com_datadogagentprofiles_v1beta1.yaml create mode 100644 charts/datadog-crds/templates/datadoghq.com_datadogslos_v1beta1.yaml create mode 100644 crds/datadoghq.com_datadogagentprofiles.yaml diff --git a/charts/datadog-crds/CHANGELOG.md b/charts/datadog-crds/CHANGELOG.md index 4df1b2ae0..06fc73759 100644 --- a/charts/datadog-crds/CHANGELOG.md +++ b/charts/datadog-crds/CHANGELOG.md @@ -1,5 +1,8 @@ # Changelog +## 1.5.0 +* Update CRDs from Datadog Operator v1.5.0 tag. + ## 1.4.0 * Update CRDs from Datadog Operator v1.4.0 tag. diff --git a/charts/datadog-crds/Chart.yaml b/charts/datadog-crds/Chart.yaml index 366d72bb1..498e65d47 100644 --- a/charts/datadog-crds/Chart.yaml +++ b/charts/datadog-crds/Chart.yaml @@ -1,7 +1,7 @@ apiVersion: v1 name: datadog-crds description: Datadog Kubernetes CRDs chart -version: 1.4.0 +version: 1.5.0 appVersion: "1" keywords: - monitoring diff --git a/charts/datadog-crds/README.md b/charts/datadog-crds/README.md index 8cf2d9663..d139c5c01 100644 --- a/charts/datadog-crds/README.md +++ b/charts/datadog-crds/README.md @@ -1,6 +1,6 @@ # Datadog CRDs -![Version: 1.4.0](https://img.shields.io/badge/Version-1.4.0-informational?style=flat-square) ![AppVersion: 1](https://img.shields.io/badge/AppVersion-1-informational?style=flat-square) +![Version: 1.5.0](https://img.shields.io/badge/Version-1.5.0-informational?style=flat-square) ![AppVersion: 1](https://img.shields.io/badge/AppVersion-1-informational?style=flat-square) This chart was designed to allow other "datadog" charts to share `CustomResourceDefinitions` such as the `DatadogMetric`. @@ -22,6 +22,7 @@ But the recommended Kubernetes versions are `1.16+`. | Key | Type | Default | Description | |-----|------|---------|-------------| +| crds.datadogAgentProfiles | bool | `false` | Set to true to deploy the DatadogAgentProfiles CRD | | crds.datadogAgents | bool | `false` | Set to true to deploy the DatadogAgents CRD | | crds.datadogMetrics | bool | `false` | Set to true to deploy the DatadogMetrics CRD | | crds.datadogMonitors | bool | `false` | Set to true to deploy the DatadogMonitors CRD | diff --git a/charts/datadog-crds/templates/datadoghq.com_datadogagentprofiles_v1.yaml b/charts/datadog-crds/templates/datadoghq.com_datadogagentprofiles_v1.yaml new file mode 100644 index 000000000..b8d5cb075 --- /dev/null +++ b/charts/datadog-crds/templates/datadoghq.com_datadogagentprofiles_v1.yaml @@ -0,0 +1,116 @@ +{{- if and .Values.crds.datadogAgentProfiles (semverCompare ">1.21-0" .Capabilities.KubeVersion.GitVersion ) }} + +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.6.1 + creationTimestamp: null + name: datadogagentprofiles.datadoghq.com + labels: + helm.sh/chart: '{{ include "datadog-crds.chart" . }}' + app.kubernetes.io/managed-by: '{{ .Release.Service }}' + app.kubernetes.io/name: '{{ include "datadog-crds.name" . }}' + app.kubernetes.io/instance: '{{ .Release.Name }}' +spec: + group: datadoghq.com + names: + kind: DatadogAgentProfile + listKind: DatadogAgentProfileList + plural: datadogagentprofiles + shortNames: + - dap + singular: datadogagentprofile + scope: Namespaced + versions: + - name: v1alpha1 + schema: + openAPIV3Schema: + description: DatadogAgentProfile is the Schema for the datadogagentprofiles API + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: DatadogAgentProfileSpec defines the desired state of DatadogAgentProfile + properties: + config: + properties: + override: + additionalProperties: + properties: + containers: + additionalProperties: + properties: + resources: + description: ResourceRequirements describes the compute resource requirements. + properties: + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: 'Limits describes the maximum amount of compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: 'Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + type: object + type: object + type: object + type: object + type: object + type: object + type: object + profileAffinity: + properties: + profileNodeAffinity: + items: + description: A node selector requirement is a selector that contains values, a key, and an operator that relates the key and values. + properties: + key: + description: The label key that the selector applies to. + type: string + operator: + description: Represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. + type: string + values: + description: An array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. If the operator is Gt or Lt, the values array must have a single element, which will be interpreted as an integer. This array is replaced during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + type: object + type: object + status: + description: DatadogAgentProfileStatus defines the observed state of DatadogAgentProfile + type: object + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +{{- end }} diff --git a/charts/datadog-crds/templates/datadoghq.com_datadogagentprofiles_v1beta1.yaml b/charts/datadog-crds/templates/datadoghq.com_datadogagentprofiles_v1beta1.yaml new file mode 100644 index 000000000..435cde5bd --- /dev/null +++ b/charts/datadog-crds/templates/datadoghq.com_datadogagentprofiles_v1beta1.yaml @@ -0,0 +1,117 @@ +{{- if and .Values.crds.datadogAgentProfiles (semverCompare "<=1.21-0" .Capabilities.KubeVersion.GitVersion ) }} + +--- +apiVersion: apiextensions.k8s.io/v1beta1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.6.1 + creationTimestamp: null + name: datadogagentprofiles.datadoghq.com + labels: + helm.sh/chart: '{{ include "datadog-crds.chart" . }}' + app.kubernetes.io/managed-by: '{{ .Release.Service }}' + app.kubernetes.io/name: '{{ include "datadog-crds.name" . }}' + app.kubernetes.io/instance: '{{ .Release.Name }}' +spec: + group: datadoghq.com + names: + kind: DatadogAgentProfile + listKind: DatadogAgentProfileList + plural: datadogagentprofiles + shortNames: + - dap + singular: datadogagentprofile + scope: Namespaced + subresources: + status: {} + validation: + openAPIV3Schema: + description: DatadogAgentProfile is the Schema for the datadogagentprofiles API + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: DatadogAgentProfileSpec defines the desired state of DatadogAgentProfile + properties: + config: + properties: + override: + additionalProperties: + properties: + containers: + additionalProperties: + properties: + resources: + description: ResourceRequirements describes the compute resource requirements. + properties: + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: 'Limits describes the maximum amount of compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: 'Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + type: object + type: object + type: object + type: object + type: object + type: object + type: object + profileAffinity: + properties: + profileNodeAffinity: + items: + description: A node selector requirement is a selector that contains values, a key, and an operator that relates the key and values. + properties: + key: + description: The label key that the selector applies to. + type: string + operator: + description: Represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. + type: string + values: + description: An array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. If the operator is Gt or Lt, the values array must have a single element, which will be interpreted as an integer. This array is replaced during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + type: object + type: object + status: + description: DatadogAgentProfileStatus defines the observed state of DatadogAgentProfile + type: object + type: object + version: v1alpha1 + versions: + - name: v1alpha1 + served: true + storage: true +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +{{- end }} diff --git a/charts/datadog-crds/templates/datadoghq.com_datadogagents_v1.yaml b/charts/datadog-crds/templates/datadoghq.com_datadogagents_v1.yaml index a9195ca47..25a240bd9 100644 --- a/charts/datadog-crds/templates/datadoghq.com_datadogagents_v1.yaml +++ b/charts/datadog-crds/templates/datadoghq.com_datadogagents_v1.yaml @@ -5919,6 +5919,25 @@ spec: format: int32 type: integer type: object + instrumentation: + properties: + disabledNamespaces: + items: + type: string + type: array + x-kubernetes-list-type: set + enabled: + type: boolean + enabledNamespaces: + items: + type: string + type: array + x-kubernetes-list-type: set + libVersions: + additionalProperties: + type: string + type: object + type: object unixDomainSocketConfig: properties: enabled: @@ -6128,6 +6147,17 @@ spec: wpaController: type: boolean type: object + helmCheck: + properties: + collectEvents: + type: boolean + enabled: + type: boolean + valuesAsTags: + additionalProperties: + type: string + type: object + type: object kubeStateMetricsCore: properties: conf: @@ -6414,6 +6444,86 @@ spec: url: type: string type: object + fips: + properties: + customFIPSConfig: + properties: + configData: + type: string + configMap: + properties: + items: + items: + properties: + key: + type: string + mode: + format: int32 + type: integer + path: + type: string + required: + - key + - path + type: object + type: array + x-kubernetes-list-map-keys: + - key + x-kubernetes-list-type: map + name: + type: string + type: object + type: object + enabled: + type: boolean + image: + properties: + jmxEnabled: + type: boolean + name: + type: string + pullPolicy: + type: string + pullSecrets: + items: + properties: + name: + type: string + type: object + type: array + tag: + type: string + type: object + localAddress: + type: string + port: + format: int32 + type: integer + portRange: + format: int32 + type: integer + resources: + properties: + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + type: object + useHTTPS: + type: boolean + type: object kubelet: properties: agentCAPath: diff --git a/charts/datadog-crds/templates/datadoghq.com_datadogagents_v1beta1.yaml b/charts/datadog-crds/templates/datadoghq.com_datadogagents_v1beta1.yaml index a27df90f4..15bf1efd0 100644 --- a/charts/datadog-crds/templates/datadoghq.com_datadogagents_v1beta1.yaml +++ b/charts/datadog-crds/templates/datadoghq.com_datadogagents_v1beta1.yaml @@ -5908,6 +5908,25 @@ spec: format: int32 type: integer type: object + instrumentation: + properties: + disabledNamespaces: + items: + type: string + type: array + x-kubernetes-list-type: set + enabled: + type: boolean + enabledNamespaces: + items: + type: string + type: array + x-kubernetes-list-type: set + libVersions: + additionalProperties: + type: string + type: object + type: object unixDomainSocketConfig: properties: enabled: @@ -6117,6 +6136,17 @@ spec: wpaController: type: boolean type: object + helmCheck: + properties: + collectEvents: + type: boolean + enabled: + type: boolean + valuesAsTags: + additionalProperties: + type: string + type: object + type: object kubeStateMetricsCore: properties: conf: @@ -6403,6 +6433,86 @@ spec: url: type: string type: object + fips: + properties: + customFIPSConfig: + properties: + configData: + type: string + configMap: + properties: + items: + items: + properties: + key: + type: string + mode: + format: int32 + type: integer + path: + type: string + required: + - key + - path + type: object + type: array + x-kubernetes-list-map-keys: + - key + x-kubernetes-list-type: map + name: + type: string + type: object + type: object + enabled: + type: boolean + image: + properties: + jmxEnabled: + type: boolean + name: + type: string + pullPolicy: + type: string + pullSecrets: + items: + properties: + name: + type: string + type: object + type: array + tag: + type: string + type: object + localAddress: + type: string + port: + format: int32 + type: integer + portRange: + format: int32 + type: integer + resources: + properties: + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + type: object + useHTTPS: + type: boolean + type: object kubelet: properties: agentCAPath: diff --git a/charts/datadog-crds/templates/datadoghq.com_datadogmonitors_v1.yaml b/charts/datadog-crds/templates/datadoghq.com_datadogmonitors_v1.yaml index be9c6e3f4..3b7f85b5d 100644 --- a/charts/datadog-crds/templates/datadoghq.com_datadogmonitors_v1.yaml +++ b/charts/datadog-crds/templates/datadoghq.com_datadogmonitors_v1.yaml @@ -107,6 +107,9 @@ spec: notifyNoData: description: A Boolean indicating whether this monitor notifies when data stops reporting. type: boolean + onMissingData: + description: An enum that controls how groups or monitors are treated if an evaluation does not return data points. The default option results in different behavior depending on the monitor query type. For monitors using Count queries, an empty monitor evaluation is treated as 0 and is compared to the threshold conditions. For monitors using any query type other than Count, for example Gauge, Measure, or Rate, the monitor shows the last known status. This option is only available for APM Trace Analytics, Audit Trail, CI, Error Tracking, Event, Logs, and RUM monitors + type: string renotifyInterval: description: The number of minutes after the last notification before a monitor re-notifies on the current status. It only re-notifies if it’s not resolved. format: int64 diff --git a/charts/datadog-crds/templates/datadoghq.com_datadogmonitors_v1beta1.yaml b/charts/datadog-crds/templates/datadoghq.com_datadogmonitors_v1beta1.yaml index 0f483ae1a..e432c53d9 100644 --- a/charts/datadog-crds/templates/datadoghq.com_datadogmonitors_v1beta1.yaml +++ b/charts/datadog-crds/templates/datadoghq.com_datadogmonitors_v1beta1.yaml @@ -107,6 +107,9 @@ spec: notifyNoData: description: A Boolean indicating whether this monitor notifies when data stops reporting. type: boolean + onMissingData: + description: An enum that controls how groups or monitors are treated if an evaluation does not return data points. The default option results in different behavior depending on the monitor query type. For monitors using Count queries, an empty monitor evaluation is treated as 0 and is compared to the threshold conditions. For monitors using any query type other than Count, for example Gauge, Measure, or Rate, the monitor shows the last known status. This option is only available for APM Trace Analytics, Audit Trail, CI, Error Tracking, Event, Logs, and RUM monitors + type: string renotifyInterval: description: The number of minutes after the last notification before a monitor re-notifies on the current status. It only re-notifies if it’s not resolved. format: int64 diff --git a/charts/datadog-crds/templates/datadoghq.com_datadogslos_v1beta1.yaml b/charts/datadog-crds/templates/datadoghq.com_datadogslos_v1beta1.yaml new file mode 100644 index 000000000..b8c23d948 --- /dev/null +++ b/charts/datadog-crds/templates/datadoghq.com_datadogslos_v1beta1.yaml @@ -0,0 +1,206 @@ +{{- if and .Values.crds.datadogSLOs (semverCompare "<=1.21-0" .Capabilities.KubeVersion.GitVersion ) }} + +--- +apiVersion: apiextensions.k8s.io/v1beta1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.6.1 + creationTimestamp: null + name: datadogslos.datadoghq.com + labels: + helm.sh/chart: '{{ include "datadog-crds.chart" . }}' + app.kubernetes.io/managed-by: '{{ .Release.Service }}' + app.kubernetes.io/name: '{{ include "datadog-crds.name" . }}' + app.kubernetes.io/instance: '{{ .Release.Name }}' +spec: + additionalPrinterColumns: + - JSONPath: .status.id + name: id + type: string + - JSONPath: .status.syncStatus + name: sync status + type: string + - JSONPath: .metadata.creationTimestamp + name: age + type: date + group: datadoghq.com + names: + kind: DatadogSLO + listKind: DatadogSLOList + plural: datadogslos + shortNames: + - ddslo + singular: datadogslo + scope: Namespaced + subresources: + status: {} + validation: + openAPIV3Schema: + description: DatadogSLO allows a user to define and manage datadog SLOs from Kubernetes cluster. + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + controllerOptions: + description: ControllerOptions are the optional parameters in the DatadogSLO controller + properties: + disableRequiredTags: + description: DisableRequiredTags disables the automatic addition of required tags to SLOs. + type: boolean + type: object + description: + description: Description is a user-defined description of the service level objective. Always included in service level objective responses (but may be null). Optional in create/update requests. + type: string + groups: + description: Groups is a list of (up to 100) monitor groups that narrow the scope of a monitor service level objective. Included in service level objective responses if it is not empty. Optional in create/update requests for monitor service level objectives, but may only be used when the length of the monitor_ids field is one. + items: + type: string + type: array + x-kubernetes-list-type: set + monitorIDs: + description: MonitorIDs is a list of monitor IDs that defines the scope of a monitor service level objective. Required if type is monitor. + items: + format: int64 + type: integer + type: array + x-kubernetes-list-type: set + name: + description: Name is the name of the service level objective. + type: string + query: + description: Query is the query for a metric-based SLO. Required if type is metric. Note that only the `sum by` aggregator is allowed, which sums all request counts. `Average`, `max`, nor `min` request aggregators are not supported. + properties: + denominator: + description: Denominator is a Datadog metric query for total (valid) events. + type: string + numerator: + description: Numerator is a Datadog metric query for good events. + type: string + required: + - denominator + - numerator + type: object + tags: + description: 'Tags is a list of tags to associate with your service level objective. This can help you categorize and filter service level objectives in the service level objectives page of the UI. Note: it''s not currently possible to filter by these tags when querying via the API.' + items: + type: string + type: array + x-kubernetes-list-type: set + targetThreshold: + anyOf: + - type: integer + - type: string + description: TargetThreshold is the target threshold such that when the service level indicator is above this threshold over the given timeframe, the objective is being met. + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + timeframe: + description: The SLO time window options. + type: string + type: + description: Type is the type of the service level objective. + type: string + warningThreshold: + anyOf: + - type: integer + - type: string + description: WarningThreshold is a optional warning threshold such that when the service level indicator is below this value for the given threshold, but above the target threshold, the objective appears in a "warning" state. This value must be greater than the target threshold. + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + required: + - name + - targetThreshold + - timeframe + - type + type: object + status: + description: DatadogSLOStatus defines the observed state of a DatadogSLO. + properties: + conditions: + description: Conditions represents the latest available observations of the state of a DatadogSLO. + items: + description: "Condition contains details for one aspect of the current state of this API Resource. --- This struct is intended for direct use as an array at the field path .status.conditions. For example, type FooStatus struct{ // Represents the observations of a foo's current state. // Known .status.conditions.type are: \"Available\", \"Progressing\", and \"Degraded\" // +patchMergeKey=type // +patchStrategy=merge // +listType=map // +listMapKey=type Conditions []metav1.Condition `json:\"conditions,omitempty\" patchStrategy:\"merge\" patchMergeKey:\"type\" protobuf:\"bytes,1,rep,name=conditions\"` \n // other fields }" + properties: + lastTransitionTime: + description: lastTransitionTime is the last time the condition transitioned from one status to another. This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable. + format: date-time + type: string + message: + description: message is a human readable message indicating details about the transition. This may be an empty string. + maxLength: 32768 + type: string + observedGeneration: + description: observedGeneration represents the .metadata.generation that the condition was set based upon. For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date with respect to the current state of the instance. + format: int64 + minimum: 0 + type: integer + reason: + description: reason contains a programmatic identifier indicating the reason for the condition's last transition. Producers of specific condition types may define expected values and meanings for this field, and whether the values are considered a guaranteed API. The value should be a CamelCase string. This field may not be empty. + maxLength: 1024 + minLength: 1 + pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$ + type: string + status: + description: status of the condition, one of True, False, Unknown. + enum: + - "True" + - "False" + - Unknown + type: string + type: + description: type of condition in CamelCase or in foo.example.com/CamelCase. --- Many .condition.type values are consistent across resources like Available, but because arbitrary conditions can be useful (see .node.status.conditions), the ability to deconflict is important. The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt) + maxLength: 316 + pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ + type: string + required: + - lastTransitionTime + - message + - reason + - status + - type + type: object + type: array + x-kubernetes-list-map-keys: + - type + x-kubernetes-list-type: map + created: + description: Created is the time the SLO was created. + format: date-time + type: string + creator: + description: Creator is the identity of the SLO creator. + type: string + currentHash: + description: CurrentHash tracks the hash of the current DatadogSLOSpec to know if the Spec has changed and needs an update. + type: string + id: + description: ID is the SLO ID generated in Datadog. + type: string + lastForceSyncTime: + description: LastForceSyncTime is the last time the API SLO was last force synced with the DatadogSLO resource. + format: date-time + type: string + syncStatus: + description: SyncStatus shows the health of syncing the SLO state to Datadog. + type: string + type: object + type: object + version: v1alpha1 + versions: + - name: v1alpha1 + served: true + storage: true +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +{{- end }} diff --git a/charts/datadog-crds/update-crds.sh b/charts/datadog-crds/update-crds.sh index c1ff364ce..a0f5be4e9 100755 --- a/charts/datadog-crds/update-crds.sh +++ b/charts/datadog-crds/update-crds.sh @@ -59,4 +59,7 @@ download_crd "$DATADOG_OPERATOR_REPO" "$DATADOG_OPERATOR_TAG" datadogagents data download_crd "$DATADOG_OPERATOR_REPO" "$DATADOG_OPERATOR_TAG" datadogagents datadogAgents v1 download_crd "$DATADOG_OPERATOR_REPO" "$DATADOG_OPERATOR_TAG" datadogmonitors datadogMonitors v1beta1 download_crd "$DATADOG_OPERATOR_REPO" "$DATADOG_OPERATOR_TAG" datadogmonitors datadogMonitors v1 +download_crd "$DATADOG_OPERATOR_REPO" "$DATADOG_OPERATOR_TAG" datadogslos datadogSLOs v1beta1 download_crd "$DATADOG_OPERATOR_REPO" "$DATADOG_OPERATOR_TAG" datadogslos datadogSLOs v1 +download_crd "$DATADOG_OPERATOR_REPO" "$DATADOG_OPERATOR_TAG" datadogagentprofiles datadogAgentProfiles v1beta1 +download_crd "$DATADOG_OPERATOR_REPO" "$DATADOG_OPERATOR_TAG" datadogagentprofiles datadogAgentProfiles v1 diff --git a/charts/datadog-crds/values.yaml b/charts/datadog-crds/values.yaml index 696f33411..3151e3d94 100644 --- a/charts/datadog-crds/values.yaml +++ b/charts/datadog-crds/values.yaml @@ -11,6 +11,8 @@ crds: datadogMonitors: false # crds.datadogSLOs -- Set to true to deploy the DatadogSLO CRD datadogSLOs: false + # crds.datadogAgentProfiles -- Set to true to deploy the DatadogAgentProfiles CRD + datadogAgentProfiles: false migration: datadogAgents: diff --git a/crds/datadoghq.com_datadogagentprofiles.yaml b/crds/datadoghq.com_datadogagentprofiles.yaml new file mode 100644 index 000000000..b0e817ecf --- /dev/null +++ b/crds/datadoghq.com_datadogagentprofiles.yaml @@ -0,0 +1,109 @@ + +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.6.1 + creationTimestamp: null + name: datadogagentprofiles.datadoghq.com +spec: + group: datadoghq.com + names: + kind: DatadogAgentProfile + listKind: DatadogAgentProfileList + plural: datadogagentprofiles + shortNames: + - dap + singular: datadogagentprofile + scope: Namespaced + versions: + - name: v1alpha1 + schema: + openAPIV3Schema: + description: DatadogAgentProfile is the Schema for the datadogagentprofiles API + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: DatadogAgentProfileSpec defines the desired state of DatadogAgentProfile + properties: + config: + properties: + override: + additionalProperties: + properties: + containers: + additionalProperties: + properties: + resources: + description: ResourceRequirements describes the compute resource requirements. + properties: + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: 'Limits describes the maximum amount of compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: 'Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + type: object + type: object + type: object + type: object + type: object + type: object + type: object + profileAffinity: + properties: + profileNodeAffinity: + items: + description: A node selector requirement is a selector that contains values, a key, and an operator that relates the key and values. + properties: + key: + description: The label key that the selector applies to. + type: string + operator: + description: Represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. + type: string + values: + description: An array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. If the operator is Gt or Lt, the values array must have a single element, which will be interpreted as an integer. This array is replaced during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + type: object + type: object + status: + description: DatadogAgentProfileStatus defines the observed state of DatadogAgentProfile + type: object + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] diff --git a/crds/datadoghq.com_datadogagents.yaml b/crds/datadoghq.com_datadogagents.yaml index 81a1e415b..9307755ff 100644 --- a/crds/datadoghq.com_datadogagents.yaml +++ b/crds/datadoghq.com_datadogagents.yaml @@ -5893,6 +5893,25 @@ spec: format: int32 type: integer type: object + instrumentation: + properties: + disabledNamespaces: + items: + type: string + type: array + x-kubernetes-list-type: set + enabled: + type: boolean + enabledNamespaces: + items: + type: string + type: array + x-kubernetes-list-type: set + libVersions: + additionalProperties: + type: string + type: object + type: object unixDomainSocketConfig: properties: enabled: @@ -6102,6 +6121,17 @@ spec: wpaController: type: boolean type: object + helmCheck: + properties: + collectEvents: + type: boolean + enabled: + type: boolean + valuesAsTags: + additionalProperties: + type: string + type: object + type: object kubeStateMetricsCore: properties: conf: @@ -6388,6 +6418,86 @@ spec: url: type: string type: object + fips: + properties: + customFIPSConfig: + properties: + configData: + type: string + configMap: + properties: + items: + items: + properties: + key: + type: string + mode: + format: int32 + type: integer + path: + type: string + required: + - key + - path + type: object + type: array + x-kubernetes-list-map-keys: + - key + x-kubernetes-list-type: map + name: + type: string + type: object + type: object + enabled: + type: boolean + image: + properties: + jmxEnabled: + type: boolean + name: + type: string + pullPolicy: + type: string + pullSecrets: + items: + properties: + name: + type: string + type: object + type: array + tag: + type: string + type: object + localAddress: + type: string + port: + format: int32 + type: integer + portRange: + format: int32 + type: integer + resources: + properties: + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + type: object + useHTTPS: + type: boolean + type: object kubelet: properties: agentCAPath: diff --git a/crds/datadoghq.com_datadogmonitors.yaml b/crds/datadoghq.com_datadogmonitors.yaml index 682ab8d51..7aa61c60d 100644 --- a/crds/datadoghq.com_datadogmonitors.yaml +++ b/crds/datadoghq.com_datadogmonitors.yaml @@ -101,6 +101,9 @@ spec: notifyNoData: description: A Boolean indicating whether this monitor notifies when data stops reporting. type: boolean + onMissingData: + description: An enum that controls how groups or monitors are treated if an evaluation does not return data points. The default option results in different behavior depending on the monitor query type. For monitors using Count queries, an empty monitor evaluation is treated as 0 and is compared to the threshold conditions. For monitors using any query type other than Count, for example Gauge, Measure, or Rate, the monitor shows the last known status. This option is only available for APM Trace Analytics, Audit Trail, CI, Error Tracking, Event, Logs, and RUM monitors + type: string renotifyInterval: description: The number of minutes after the last notification before a monitor re-notifies on the current status. It only re-notifies if it’s not resolved. format: int64 From baf5c684ffb36e0226bd247ed510d4c063b40eb5 Mon Sep 17 00:00:00 2001 From: Daniel Tafoya <63120739+daniel-taf@users.noreply.github.com> Date: Thu, 28 Mar 2024 14:40:26 -0400 Subject: [PATCH 030/209] [PROCS-3871] Add contimage and contlcycle endpoints to Cilium network policy (#1355) * Add contimage and contlcycle endpoints * Update chart version and changelog * Update CHANGELOG.md --------- Co-authored-by: khewonc <39867936+khewonc@users.noreply.github.com> --- charts/datadog/CHANGELOG.md | 3 +++ charts/datadog/Chart.yaml | 2 +- charts/datadog/README.md | 2 +- charts/datadog/templates/agent-cilium-network-policy.yaml | 4 ++++ 4 files changed, 9 insertions(+), 2 deletions(-) diff --git a/charts/datadog/CHANGELOG.md b/charts/datadog/CHANGELOG.md index b0010380d..246948338 100644 --- a/charts/datadog/CHANGELOG.md +++ b/charts/datadog/CHANGELOG.md @@ -1,5 +1,8 @@ # Datadog changelog +## 3.59.3 +* Add `contimage-intake.datadoghq.com` & `contlcycle-intake.datadoghq.com` endpoints to the `Agent` cilium network policy. + ## 3.59.2 * Disable language detection reporting by default in Cluster Agent with Agent 7.52+. diff --git a/charts/datadog/Chart.yaml b/charts/datadog/Chart.yaml index c873e7476..05955a62f 100644 --- a/charts/datadog/Chart.yaml +++ b/charts/datadog/Chart.yaml @@ -1,6 +1,6 @@ apiVersion: v1 name: datadog -version: 3.59.2 +version: 3.59.3 appVersion: "7" description: Datadog Agent keywords: diff --git a/charts/datadog/README.md b/charts/datadog/README.md index a2f793cea..868acbf94 100644 --- a/charts/datadog/README.md +++ b/charts/datadog/README.md @@ -1,6 +1,6 @@ # Datadog -![Version: 3.59.2](https://img.shields.io/badge/Version-3.59.2-informational?style=flat-square) ![AppVersion: 7](https://img.shields.io/badge/AppVersion-7-informational?style=flat-square) +![Version: 3.59.3](https://img.shields.io/badge/Version-3.59.3-informational?style=flat-square) ![AppVersion: 7](https://img.shields.io/badge/AppVersion-7-informational?style=flat-square) [Datadog](https://www.datadoghq.com/) is a hosted infrastructure monitoring platform. This chart adds the Datadog Agent to all nodes in your cluster via a DaemonSet. It also optionally depends on the [kube-state-metrics chart](https://github.com/prometheus-community/helm-charts/tree/main/charts/kube-state-metrics). For more information about monitoring Kubernetes with Datadog, please refer to the [Datadog documentation website](https://docs.datadoghq.com/agent/basic_agent_usage/kubernetes/). diff --git a/charts/datadog/templates/agent-cilium-network-policy.yaml b/charts/datadog/templates/agent-cilium-network-policy.yaml index 7e7a4c09a..480ac0a7e 100644 --- a/charts/datadog/templates/agent-cilium-network-policy.yaml +++ b/charts/datadog/templates/agent-cilium-network-policy.yaml @@ -89,6 +89,8 @@ specs: - matchName: "api.{{ $.Values.datadog.site }}" - matchName: "agent-intake.logs.{{ $.Values.datadog.site }}" - matchName: "agent-http-intake.logs.{{ $.Values.datadog.site }}" + - matchName: "contimage-intake.{{ $.Values.datadog.site }}" + - matchName: "contlcycle-intake.{{ $.Values.datadog.site }}" - matchName: "process.{{ $.Values.datadog.site }}" - matchName: "orchestrator.{{ $.Values.datadog.site }}" - matchName: "instrumentation-telemetry-intake.{{ $.Values.datadog.site }}" @@ -105,6 +107,8 @@ specs: - matchName: "api.datadoghq.com" - matchName: "agent-intake.logs.datadoghq.com" - matchName: "agent-http-intake.logs.datadoghq.com" + - matchName: "contimage-intake.datadoghq.com" + - matchName: "contlcycle-intake.datadoghq.com" - matchName: "process.datadoghq.com" - matchName: "orchestrator.datadoghq.com" - matchName: "instrumentation-telemetry-intake.datadoghq.com" From fb82af4ef67821c84a25300c9344365ebc859ad4 Mon Sep 17 00:00:00 2001 From: khewonc <39867936+khewonc@users.noreply.github.com> Date: Thu, 28 Mar 2024 16:12:07 -0400 Subject: [PATCH 031/209] Add Operator 1.5.0 (#1360) * Operator 1.5.0 * Only run operator tests when modifying operator chart --- .github/workflows/go-test.yaml | 2 +- Makefile | 8 ++ charts/datadog-operator/CHANGELOG.md | 4 + charts/datadog-operator/Chart.lock | 6 +- charts/datadog-operator/Chart.yaml | 6 +- charts/datadog-operator/README.md | 7 +- charts/datadog-operator/README.md.gotmpl | 2 +- .../templates/clusterrole.yaml | 34 ++++++ .../templates/deployment.yaml | 3 + charts/datadog-operator/values.yaml | 5 +- .../baseline/DatadogAgent_CRD_default.yaml | 112 +++++++++++++++++- .../DatadogAgent_CRD_with_certManager.yaml | 112 +++++++++++++++++- .../baseline/Operator_Deployment_default.yaml | 7 +- .../Operator_Deployment_with_certManager.yaml | 7 +- .../operator_deployment_test.go | 2 +- 15 files changed, 296 insertions(+), 21 deletions(-) diff --git a/.github/workflows/go-test.yaml b/.github/workflows/go-test.yaml index 37f4f9816..28dbbd836 100644 --- a/.github/workflows/go-test.yaml +++ b/.github/workflows/go-test.yaml @@ -31,7 +31,7 @@ jobs: - name: run Go tests run: | helm dependency build ./charts/datadog-operator - make unit-test + make unit-test-operator integ-tests: if: ${{github.event.pull_request.head.repo.full_name == github.repository }} diff --git a/Makefile b/Makefile index 4c6a14b4d..ed8bc8441 100644 --- a/Makefile +++ b/Makefile @@ -48,10 +48,18 @@ vet: unit-test: go test -C test ./... -count=1 +.PHONY: unit-test-operator +unit-test-operator: + go test -C test ./datadog-operator -count=1 + .PHONY: update-test-baselines update-test-baselines: go test -C test ./... -count=1 -args -updateBaselines=true +.PHONY: update-test-baselines-operator +update-test-baselines-operator: + go test -C test ./datadog-operator -count=1 -args -updateBaselines=true + .PHONY: integration-test integration-test: go test -C test/integ --tags=integration -count=1 -v diff --git a/charts/datadog-operator/CHANGELOG.md b/charts/datadog-operator/CHANGELOG.md index eb566f658..53cf3c005 100644 --- a/charts/datadog-operator/CHANGELOG.md +++ b/charts/datadog-operator/CHANGELOG.md @@ -1,5 +1,9 @@ # Changelog +## 1.6.0 + +* Update Datadog Operator version to 1.5.0. + ## 1.5.2 * Add deprecation warning for `DatadogAgent` `v1alpha1` CRD version. diff --git a/charts/datadog-operator/Chart.lock b/charts/datadog-operator/Chart.lock index 6632b4a31..be00d4f6a 100644 --- a/charts/datadog-operator/Chart.lock +++ b/charts/datadog-operator/Chart.lock @@ -1,6 +1,6 @@ dependencies: - name: datadog-crds repository: https://helm.datadoghq.com - version: 1.4.0 -digest: sha256:051b894b6d03a9a78919a1549b891592cb1aa82e59386c237b93241bdba7054c -generated: "2024-02-15T15:04:10.736131-05:00" + version: 1.5.0 +digest: sha256:0d4930313af68e7bb8e9074b782b5e09fd47201343f25f5bf0c01a3e0d920a47 +generated: "2024-03-28T13:57:10.146369-04:00" diff --git a/charts/datadog-operator/Chart.yaml b/charts/datadog-operator/Chart.yaml index b61be3b7f..5b9e088fd 100644 --- a/charts/datadog-operator/Chart.yaml +++ b/charts/datadog-operator/Chart.yaml @@ -1,7 +1,7 @@ apiVersion: v2 name: datadog-operator -version: 1.5.2 -appVersion: 1.4.0 +version: 1.6.0 +appVersion: 1.5.0 description: Datadog Operator keywords: - monitoring @@ -17,7 +17,7 @@ maintainers: email: support@datadoghq.com dependencies: - name: datadog-crds - version: "=1.4.0" + version: "=1.5.0" alias: datadogCRDs repository: https://helm.datadoghq.com condition: installCRDs diff --git a/charts/datadog-operator/README.md b/charts/datadog-operator/README.md index 6343ff3e0..1bca7e62d 100644 --- a/charts/datadog-operator/README.md +++ b/charts/datadog-operator/README.md @@ -1,6 +1,6 @@ # Datadog Operator -![Version: 1.5.2](https://img.shields.io/badge/Version-1.5.2-informational?style=flat-square) ![AppVersion: 1.4.0](https://img.shields.io/badge/AppVersion-1.4.0-informational?style=flat-square) +![Version: 1.6.0](https://img.shields.io/badge/Version-1.6.0-informational?style=flat-square) ![AppVersion: 1.5.0](https://img.shields.io/badge/AppVersion-1.5.0-informational?style=flat-square) ## Values @@ -14,6 +14,7 @@ | collectOperatorMetrics | bool | `true` | Configures an openmetrics check to collect operator metrics | | containerSecurityContext | object | `{}` | A security context defines privileges and access control settings for a container. | | datadogAgent.enabled | bool | `true` | Enables Datadog Agent controller | +| datadogAgentProfile.enabled | bool | `false` | If true, enables DatadogAgentProfile controller (beta). Requires v1.5.0+ | | datadogCRDs.crds.datadogAgents | bool | `true` | Set to true to deploy the DatadogAgents CRD | | datadogCRDs.crds.datadogMetrics | bool | `true` | Set to true to deploy the DatadogMetrics CRD | | datadogCRDs.crds.datadogMonitors | bool | `true` | Set to true to deploy the DatadogMonitors CRD | @@ -30,7 +31,7 @@ | fullnameOverride | string | `""` | | | image.pullPolicy | string | `"IfNotPresent"` | Define the pullPolicy for Datadog Operator image | | image.repository | string | `"gcr.io/datadoghq/operator"` | Repository to use for Datadog Operator image | -| image.tag | string | `"1.4.0"` | Define the Datadog Operator version to use | +| image.tag | string | `"1.5.0"` | Define the Datadog Operator version to use | | imagePullSecrets | list | `[]` | Datadog Operator repository pullSecret (ex: specify docker registry credentials) | | installCRDs | bool | `true` | Set to true to deploy the Datadog's CRDs | | introspection.enabled | bool | `false` | If true, enables introspection feature (beta). Requires v1.4.0+ | @@ -121,7 +122,7 @@ You can update with the following: ``` helm upgrade \ datadog-operator datadog/datadog-operator \ - --set image.tag=1.4.0 \ + --set image.tag=1.5.0 \ --set datadogCRDs.migration.datadogAgents.version=v2alpha1 \ --set datadogCRDs.migration.datadogAgents.useCertManager=true \ --set datadogCRDs.migration.datadogAgents.conversionWebhook.enabled=true diff --git a/charts/datadog-operator/README.md.gotmpl b/charts/datadog-operator/README.md.gotmpl index 1a869be84..e7c017ca9 100644 --- a/charts/datadog-operator/README.md.gotmpl +++ b/charts/datadog-operator/README.md.gotmpl @@ -68,7 +68,7 @@ You can update with the following: ``` helm upgrade \ datadog-operator datadog/datadog-operator \ - --set image.tag=1.4.0 \ + --set image.tag=1.5.0 \ --set datadogCRDs.migration.datadogAgents.version=v2alpha1 \ --set datadogCRDs.migration.datadogAgents.useCertManager=true \ --set datadogCRDs.migration.datadogAgents.conversionWebhook.enabled=true diff --git a/charts/datadog-operator/templates/clusterrole.yaml b/charts/datadog-operator/templates/clusterrole.yaml index 2699c37c7..15bbfb51b 100644 --- a/charts/datadog-operator/templates/clusterrole.yaml +++ b/charts/datadog-operator/templates/clusterrole.yaml @@ -696,4 +696,38 @@ rules: verbs: - list - watch +{{- if .Values.enableDatadogAgentProfile }} +- apiGroups: + - "" + resources: + - nodes + verbs: + - patch +- apiGroups: + - datadoghq.com + resources: + - datadogagentprofiles + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - datadoghq.com + resources: + - datadogagentprofiles/status + verbs: + - get + - patch + - update +- apiGroups: + - datadoghq.com + resources: + - datadogagentprofiles/finalizers + verbs: + - update +{{- end }} {{- end -}} diff --git a/charts/datadog-operator/templates/deployment.yaml b/charts/datadog-operator/templates/deployment.yaml index 0c2b45f7f..e8908b26f 100644 --- a/charts/datadog-operator/templates/deployment.yaml +++ b/charts/datadog-operator/templates/deployment.yaml @@ -110,6 +110,9 @@ spec: {{- end }} {{- if (semverCompare ">=1.4.0" .Values.image.tag) }} - "-introspectionEnabled={{ .Values.introspection.enabled }}" + {{- end }} + {{- if (semverCompare ">=1.5.0" .Values.image.tag) }} + - "-datadogAgentProfileEnabled={{ .Values.datadogAgentProfile.enabled }}" {{- end }} - "-datadogMonitorEnabled={{ .Values.datadogMonitor.enabled }}" {{- if (semverCompare ">=1.0.0-rc.13" .Values.image.tag) }} diff --git a/charts/datadog-operator/values.yaml b/charts/datadog-operator/values.yaml index af9863a35..415edfacd 100644 --- a/charts/datadog-operator/values.yaml +++ b/charts/datadog-operator/values.yaml @@ -43,7 +43,7 @@ image: # image.repository -- Repository to use for Datadog Operator image repository: gcr.io/datadoghq/operator # image.tag -- Define the Datadog Operator version to use - tag: 1.4.0 + tag: 1.5.0 # image.pullPolicy -- Define the pullPolicy for Datadog Operator image pullPolicy: IfNotPresent # imagePullSecrets -- Datadog Operator repository pullSecret (ex: specify docker registry credentials) @@ -61,6 +61,9 @@ maximumGoroutines: introspection: # introspection.enabled -- If true, enables introspection feature (beta). Requires v1.4.0+ enabled: false +datadogAgentProfile: +# datadogAgentProfile.enabled -- If true, enables DatadogAgentProfile controller (beta). Requires v1.5.0+ + enabled: false # supportExtendedDaemonset -- If true, supports using ExtendedDaemonSet CRD supportExtendedDaemonset: "false" # operatorMetricsEnabled -- Enable forwarding of Datadog Operator metrics and events to Datadog. diff --git a/test/datadog-operator/baseline/DatadogAgent_CRD_default.yaml b/test/datadog-operator/baseline/DatadogAgent_CRD_default.yaml index 5ffe8dc97..ea788ad08 100644 --- a/test/datadog-operator/baseline/DatadogAgent_CRD_default.yaml +++ b/test/datadog-operator/baseline/DatadogAgent_CRD_default.yaml @@ -8,7 +8,7 @@ metadata: creationTimestamp: null name: datadogagents.datadoghq.com labels: - helm.sh/chart: 'datadogCRDs-1.4.0' + helm.sh/chart: 'datadogCRDs-1.5.0' app.kubernetes.io/managed-by: 'Helm' app.kubernetes.io/name: 'datadogCRDs' app.kubernetes.io/instance: 'datadog-operator' @@ -5898,6 +5898,25 @@ spec: format: int32 type: integer type: object + instrumentation: + properties: + disabledNamespaces: + items: + type: string + type: array + x-kubernetes-list-type: set + enabled: + type: boolean + enabledNamespaces: + items: + type: string + type: array + x-kubernetes-list-type: set + libVersions: + additionalProperties: + type: string + type: object + type: object unixDomainSocketConfig: properties: enabled: @@ -6107,6 +6126,17 @@ spec: wpaController: type: boolean type: object + helmCheck: + properties: + collectEvents: + type: boolean + enabled: + type: boolean + valuesAsTags: + additionalProperties: + type: string + type: object + type: object kubeStateMetricsCore: properties: conf: @@ -6393,6 +6423,86 @@ spec: url: type: string type: object + fips: + properties: + customFIPSConfig: + properties: + configData: + type: string + configMap: + properties: + items: + items: + properties: + key: + type: string + mode: + format: int32 + type: integer + path: + type: string + required: + - key + - path + type: object + type: array + x-kubernetes-list-map-keys: + - key + x-kubernetes-list-type: map + name: + type: string + type: object + type: object + enabled: + type: boolean + image: + properties: + jmxEnabled: + type: boolean + name: + type: string + pullPolicy: + type: string + pullSecrets: + items: + properties: + name: + type: string + type: object + type: array + tag: + type: string + type: object + localAddress: + type: string + port: + format: int32 + type: integer + portRange: + format: int32 + type: integer + resources: + properties: + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + type: object + useHTTPS: + type: boolean + type: object kubelet: properties: agentCAPath: diff --git a/test/datadog-operator/baseline/DatadogAgent_CRD_with_certManager.yaml b/test/datadog-operator/baseline/DatadogAgent_CRD_with_certManager.yaml index f068d8f7c..d3baadaec 100644 --- a/test/datadog-operator/baseline/DatadogAgent_CRD_with_certManager.yaml +++ b/test/datadog-operator/baseline/DatadogAgent_CRD_with_certManager.yaml @@ -9,7 +9,7 @@ metadata: creationTimestamp: null name: datadogagents.datadoghq.com labels: - helm.sh/chart: 'datadogCRDs-1.4.0' + helm.sh/chart: 'datadogCRDs-1.5.0' app.kubernetes.io/managed-by: 'Helm' app.kubernetes.io/name: 'datadogCRDs' app.kubernetes.io/instance: 'datadog-operator' @@ -5909,6 +5909,25 @@ spec: format: int32 type: integer type: object + instrumentation: + properties: + disabledNamespaces: + items: + type: string + type: array + x-kubernetes-list-type: set + enabled: + type: boolean + enabledNamespaces: + items: + type: string + type: array + x-kubernetes-list-type: set + libVersions: + additionalProperties: + type: string + type: object + type: object unixDomainSocketConfig: properties: enabled: @@ -6118,6 +6137,17 @@ spec: wpaController: type: boolean type: object + helmCheck: + properties: + collectEvents: + type: boolean + enabled: + type: boolean + valuesAsTags: + additionalProperties: + type: string + type: object + type: object kubeStateMetricsCore: properties: conf: @@ -6404,6 +6434,86 @@ spec: url: type: string type: object + fips: + properties: + customFIPSConfig: + properties: + configData: + type: string + configMap: + properties: + items: + items: + properties: + key: + type: string + mode: + format: int32 + type: integer + path: + type: string + required: + - key + - path + type: object + type: array + x-kubernetes-list-map-keys: + - key + x-kubernetes-list-type: map + name: + type: string + type: object + type: object + enabled: + type: boolean + image: + properties: + jmxEnabled: + type: boolean + name: + type: string + pullPolicy: + type: string + pullSecrets: + items: + properties: + name: + type: string + type: object + type: array + tag: + type: string + type: object + localAddress: + type: string + port: + format: int32 + type: integer + portRange: + format: int32 + type: integer + resources: + properties: + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + type: object + useHTTPS: + type: boolean + type: object kubelet: properties: agentCAPath: diff --git a/test/datadog-operator/baseline/Operator_Deployment_default.yaml b/test/datadog-operator/baseline/Operator_Deployment_default.yaml index ce97f5c1b..cd87f7825 100644 --- a/test/datadog-operator/baseline/Operator_Deployment_default.yaml +++ b/test/datadog-operator/baseline/Operator_Deployment_default.yaml @@ -7,9 +7,9 @@ metadata: namespace: datadog-agent labels: app.kubernetes.io/name: datadog-operator - helm.sh/chart: datadog-operator-1.5.2 + helm.sh/chart: datadog-operator-1.6.0 app.kubernetes.io/instance: datadog-operator - app.kubernetes.io/version: "1.4.0" + app.kubernetes.io/version: "1.5.0" app.kubernetes.io/managed-by: Helm spec: replicas: 1 @@ -35,7 +35,7 @@ spec: serviceAccountName: datadog-operator containers: - name: datadog-operator - image: "gcr.io/datadoghq/operator:1.4.0" + image: "gcr.io/datadoghq/operator:1.5.0" imagePullPolicy: IfNotPresent env: - name: WATCH_NAMESPACE @@ -54,6 +54,7 @@ spec: - "-operatorMetricsEnabled=true" - "-webhookEnabled=false" - "-introspectionEnabled=false" + - "-datadogAgentProfileEnabled=false" - "-datadogMonitorEnabled=false" - "-datadogAgentEnabled=true" - "-datadogSLOEnabled=false" diff --git a/test/datadog-operator/baseline/Operator_Deployment_with_certManager.yaml b/test/datadog-operator/baseline/Operator_Deployment_with_certManager.yaml index 4c159d5ef..00c01a31b 100644 --- a/test/datadog-operator/baseline/Operator_Deployment_with_certManager.yaml +++ b/test/datadog-operator/baseline/Operator_Deployment_with_certManager.yaml @@ -7,9 +7,9 @@ metadata: namespace: datadog-agent labels: app.kubernetes.io/name: datadog-operator - helm.sh/chart: datadog-operator-1.5.2 + helm.sh/chart: datadog-operator-1.6.0 app.kubernetes.io/instance: datadog-operator - app.kubernetes.io/version: "1.4.0" + app.kubernetes.io/version: "1.5.0" app.kubernetes.io/managed-by: Helm spec: replicas: 1 @@ -35,7 +35,7 @@ spec: serviceAccountName: datadog-operator containers: - name: datadog-operator - image: "gcr.io/datadoghq/operator:1.4.0" + image: "gcr.io/datadoghq/operator:1.5.0" imagePullPolicy: IfNotPresent env: - name: WATCH_NAMESPACE @@ -54,6 +54,7 @@ spec: - "-operatorMetricsEnabled=true" - "-webhookEnabled=true" - "-introspectionEnabled=false" + - "-datadogAgentProfileEnabled=false" - "-datadogMonitorEnabled=false" - "-datadogAgentEnabled=true" - "-datadogSLOEnabled=false" diff --git a/test/datadog-operator/operator_deployment_test.go b/test/datadog-operator/operator_deployment_test.go index 9de730c85..d63271e42 100644 --- a/test/datadog-operator/operator_deployment_test.go +++ b/test/datadog-operator/operator_deployment_test.go @@ -130,7 +130,7 @@ func verifyDeployment(t *testing.T, manifest string) { assert.Equal(t, 1, len(deployment.Spec.Template.Spec.Containers)) operatorContainer := deployment.Spec.Template.Spec.Containers[0] assert.Equal(t, v1.PullPolicy("IfNotPresent"), operatorContainer.ImagePullPolicy) - assert.Equal(t, "gcr.io/datadoghq/operator:1.4.0", operatorContainer.Image) + assert.Equal(t, "gcr.io/datadoghq/operator:1.5.0", operatorContainer.Image) assert.Contains(t, operatorContainer.Args, "-webhookEnabled=false") } From 8ff35e37a5e9ba6e9fbe076a6955343e8a890bde Mon Sep 17 00:00:00 2001 From: Adel Haj Hassan <41540817+adel121@users.noreply.github.com> Date: Wed, 3 Apr 2024 13:58:28 +0200 Subject: [PATCH 032/209] add language detection apm config (#1338) * add language detection apm config * use helper function to know if language detection should be enabled or not --- charts/datadog/CHANGELOG.md | 4 ++++ charts/datadog/Chart.yaml | 2 +- charts/datadog/README.md | 3 ++- charts/datadog/templates/_components-common-env.yaml | 5 +++-- .../datadog/templates/_container-process-agent.yaml | 2 ++ charts/datadog/templates/_helpers.tpl | 11 +++++++++++ .../datadog/templates/cluster-agent-deployment.yaml | 2 ++ charts/datadog/templates/cluster-agent-rbac.yaml | 11 +++++++++++ charts/datadog/values.yaml | 7 +++++++ 9 files changed, 43 insertions(+), 4 deletions(-) diff --git a/charts/datadog/CHANGELOG.md b/charts/datadog/CHANGELOG.md index 246948338..03a2449cf 100644 --- a/charts/datadog/CHANGELOG.md +++ b/charts/datadog/CHANGELOG.md @@ -1,5 +1,9 @@ # Datadog changelog +## 3.59.4 + +* Add language detection enable option for `APM` instrumentation. + ## 3.59.3 * Add `contimage-intake.datadoghq.com` & `contlcycle-intake.datadoghq.com` endpoints to the `Agent` cilium network policy. diff --git a/charts/datadog/Chart.yaml b/charts/datadog/Chart.yaml index 05955a62f..90b281394 100644 --- a/charts/datadog/Chart.yaml +++ b/charts/datadog/Chart.yaml @@ -1,6 +1,6 @@ apiVersion: v1 name: datadog -version: 3.59.3 +version: 3.59.4 appVersion: "7" description: Datadog Agent keywords: diff --git a/charts/datadog/README.md b/charts/datadog/README.md index 868acbf94..9089d89dd 100644 --- a/charts/datadog/README.md +++ b/charts/datadog/README.md @@ -1,6 +1,6 @@ # Datadog -![Version: 3.59.3](https://img.shields.io/badge/Version-3.59.3-informational?style=flat-square) ![AppVersion: 7](https://img.shields.io/badge/AppVersion-7-informational?style=flat-square) +![Version: 3.59.4](https://img.shields.io/badge/Version-3.59.4-informational?style=flat-square) ![AppVersion: 7](https://img.shields.io/badge/AppVersion-7-informational?style=flat-square) [Datadog](https://www.datadoghq.com/) is a hosted infrastructure monitoring platform. This chart adds the Datadog Agent to all nodes in your cluster via a DaemonSet. It also optionally depends on the [kube-state-metrics chart](https://github.com/prometheus-community/helm-charts/tree/main/charts/kube-state-metrics). For more information about monitoring Kubernetes with Datadog, please refer to the [Datadog documentation website](https://docs.datadoghq.com/agent/basic_agent_usage/kubernetes/). @@ -665,6 +665,7 @@ helm install \ | datadog.apm.instrumentation.disabledNamespaces | list | `[]` | Disable injecting the Datadog APM libraries into pods in specific namespaces (beta). | | datadog.apm.instrumentation.enabled | bool | `false` | Enable injecting the Datadog APM libraries into all pods in the cluster (beta). | | datadog.apm.instrumentation.enabledNamespaces | list | `[]` | Enable injecting the Datadog APM libraries into pods in specific namespaces (beta). | +| datadog.apm.instrumentation.language_detection.enabled | bool | `true` | Run language detection to automatically detect languages of user workloads (beta). | | datadog.apm.instrumentation.libVersions | object | `{}` | Inject specific version of tracing libraries with Single Step Instrumentation (beta). | | datadog.apm.port | int | `8126` | Override the trace Agent port | | datadog.apm.portEnabled | bool | `false` | Enable APM over TCP communication (hostPort 8126 by default) | diff --git a/charts/datadog/templates/_components-common-env.yaml b/charts/datadog/templates/_components-common-env.yaml index 3c67bd01c..6d6394895 100644 --- a/charts/datadog/templates/_components-common-env.yaml +++ b/charts/datadog/templates/_components-common-env.yaml @@ -1,9 +1,10 @@ # The purpose of this template is to define a minimal set of environment # variables shared between components: agent, cluster-agent {{- define "components-common-env" -}} -# Workaround for issue in `7.52.0` default activating language detection +- name: DD_LANGUAGE_DETECTION_ENABLED + value: {{ include "language-detection-enabled" . | quote }} - name: DD_LANGUAGE_DETECTION_REPORTING_ENABLED - value: "false" + value: {{ include "language-detection-enabled" . | quote }} {{- if .Values.datadog.secretBackend.command }} - name: DD_SECRET_BACKEND_COMMAND value: {{ .Values.datadog.secretBackend.command | quote }} diff --git a/charts/datadog/templates/_container-process-agent.yaml b/charts/datadog/templates/_container-process-agent.yaml index b69179bbc..1fd312c5c 100644 --- a/charts/datadog/templates/_container-process-agent.yaml +++ b/charts/datadog/templates/_container-process-agent.yaml @@ -52,6 +52,8 @@ {{- end }} - name: DD_ORCHESTRATOR_EXPLORER_ENABLED value: {{ (include "should-enable-k8s-resource-monitoring" .) | quote }} + - name: DD_PROCESS_AGENT_PROCESS_COLLECTION_ENABLED + value: {{ include "language-detection-enabled" . | quote }} {{- include "additional-env-entries" .Values.agents.containers.processAgent.env | indent 4 }} {{- include "additional-env-dict-entries" .Values.agents.containers.processAgent.envDict | indent 4 }} volumeMounts: diff --git a/charts/datadog/templates/_helpers.tpl b/charts/datadog/templates/_helpers.tpl index 86fc75c98..78d6298f9 100644 --- a/charts/datadog/templates/_helpers.tpl +++ b/charts/datadog/templates/_helpers.tpl @@ -903,4 +903,15 @@ Create RBACs for custom resources {{- end -}} {{- end -}} +{{/* + Return true if language detection feature is enabled +*/}} +{{- define "language-detection-enabled" -}} + {{- if and .Values.datadog.apm.instrumentation.enabled .Values.datadog.apm.instrumentation.language_detection.enabled -}} + true + {{- else -}} + false + {{- end -}} +{{- end -}} + diff --git a/charts/datadog/templates/cluster-agent-deployment.yaml b/charts/datadog/templates/cluster-agent-deployment.yaml index cd7bd026f..e40075932 100644 --- a/charts/datadog/templates/cluster-agent-deployment.yaml +++ b/charts/datadog/templates/cluster-agent-deployment.yaml @@ -308,6 +308,8 @@ spec: - name: DD_ORCHESTRATOR_EXPLORER_CONTAINER_SCRUBBING_ENABLED value: {{ .Values.datadog.orchestratorExplorer.container_scrubbing.enabled | quote }} {{- end }} + - name: DD_CLUSTER_AGENT_LANGUAGE_DETECTION_PATCHER_ENABLED + value: {{ include "language-detection-enabled" . | quote }} {{- if eq (include "should-enable-security-agent" .) "true" }} - name: DD_COMPLIANCE_CONFIG_ENABLED value: {{ .Values.datadog.securityAgent.compliance.enabled | quote }} diff --git a/charts/datadog/templates/cluster-agent-rbac.yaml b/charts/datadog/templates/cluster-agent-rbac.yaml index a414f640f..d9e87ff5b 100644 --- a/charts/datadog/templates/cluster-agent-rbac.yaml +++ b/charts/datadog/templates/cluster-agent-rbac.yaml @@ -115,6 +115,17 @@ rules: - "get" - "watch" {{- end }} +{{- if and .Values.datadog.apm.instrumentation.enabled .Values.datadog.apm.instrumentation.language_detection.enabled }} +- apiGroups: + - "apps" + resources: + - deployments + verbs: + - list + - get + - watch + - patch +{{- end }} {{- if eq (include "should-enable-k8s-resource-monitoring" .) "true" }} - apiGroups: # to get the kube-system namespace UID and generate a cluster ID - "" diff --git a/charts/datadog/values.yaml b/charts/datadog/values.yaml index f39b58904..9fad54d16 100644 --- a/charts/datadog/values.yaml +++ b/charts/datadog/values.yaml @@ -479,6 +479,13 @@ datadog: # datadog.apm.instrumentation.libVersions -- Inject specific version of tracing libraries with Single Step Instrumentation (beta). libVersions: {} + + # Language detection currently only detects languages and adds them as annotations on deployments, but doesn't use these languages for injecting libraries to applicative pods. + # It requires Agent 7.52+ and Cluster Agent 7.52+ + language_detection: + # datadog.apm.instrumentation.language_detection.enabled -- Run language detection to automatically detect languages of user workloads (beta). + enabled: true + ## OTLP ingest related configuration otlp: receiver: From 070c861829b08f2e11c30a6c64944572823afc2d Mon Sep 17 00:00:00 2001 From: Thomas McGinniss <60713608+tmcg-gusto@users.noreply.github.com> Date: Thu, 4 Apr 2024 01:54:54 -0600 Subject: [PATCH 033/209] [synthetics] Fix envFrom indentation in private location chart (#1361) Co-authored-by: Benoit Ruiz --- charts/synthetics-private-location/CHANGELOG.md | 4 ++++ charts/synthetics-private-location/Chart.yaml | 2 +- charts/synthetics-private-location/README.md | 2 +- charts/synthetics-private-location/templates/deployment.yaml | 2 +- 4 files changed, 7 insertions(+), 3 deletions(-) diff --git a/charts/synthetics-private-location/CHANGELOG.md b/charts/synthetics-private-location/CHANGELOG.md index 4a81e4e0d..71fb0cf72 100644 --- a/charts/synthetics-private-location/CHANGELOG.md +++ b/charts/synthetics-private-location/CHANGELOG.md @@ -1,5 +1,9 @@ # Datadog changelog +## 0.15.30 + +* Fix `envFrom` indentation in Deployment template. + ## 0.15.29 * Update Kubernetes deployment template to set `DATADOG_WORKER_ENABLE_STATUS_PROBES` environment variable when `enableStatusProbes` value is defined. diff --git a/charts/synthetics-private-location/Chart.yaml b/charts/synthetics-private-location/Chart.yaml index 56d140de5..8b8c9c70c 100644 --- a/charts/synthetics-private-location/Chart.yaml +++ b/charts/synthetics-private-location/Chart.yaml @@ -1,6 +1,6 @@ apiVersion: v2 name: synthetics-private-location -version: 0.15.29 +version: 0.15.30 appVersion: 1.46.0 description: Datadog Synthetics Private Location keywords: diff --git a/charts/synthetics-private-location/README.md b/charts/synthetics-private-location/README.md index e5416c54d..2e95e719b 100644 --- a/charts/synthetics-private-location/README.md +++ b/charts/synthetics-private-location/README.md @@ -1,6 +1,6 @@ # Datadog Synthetics Private Location -![Version: 0.15.29](https://img.shields.io/badge/Version-0.15.29-informational?style=flat-square) ![AppVersion: 1.46.0](https://img.shields.io/badge/AppVersion-1.46.0-informational?style=flat-square) +![Version: 0.15.30](https://img.shields.io/badge/Version-0.15.30-informational?style=flat-square) ![AppVersion: 1.46.0](https://img.shields.io/badge/AppVersion-1.46.0-informational?style=flat-square) [Datadog](https://www.datadoghq.com/) is a hosted infrastructure monitoring platform. This chart adds a Datadog Synthetics Private Location Deployment. For more information about synthetics monitoring with Datadog, please refer to the [Datadog documentation website](https://docs.datadoghq.com/synthetics/private_locations). diff --git a/charts/synthetics-private-location/templates/deployment.yaml b/charts/synthetics-private-location/templates/deployment.yaml index 99c0614a9..c8e729788 100644 --- a/charts/synthetics-private-location/templates/deployment.yaml +++ b/charts/synthetics-private-location/templates/deployment.yaml @@ -67,7 +67,7 @@ spec: {{- toYaml .Values.resources | nindent 12 }} {{- if .Values.envFrom }} envFrom: - {{ toYaml .Values.envFrom | indent 12 }} + {{- toYaml .Values.envFrom | nindent 12 }} {{- end }} {{- if or (.Values.env) (.Values.enableStatusProbes) }} env: From 61736e9132b9a44a268ae266bc45c99f78a7491e Mon Sep 17 00:00:00 2001 From: Benoit Ruiz Date: Thu, 4 Apr 2024 12:03:33 +0200 Subject: [PATCH 034/209] [synthetics] Fix indent for env in private location chart (#1363) --- charts/synthetics-private-location/CHANGELOG.md | 4 ++++ charts/synthetics-private-location/Chart.yaml | 2 +- charts/synthetics-private-location/README.md | 2 +- charts/synthetics-private-location/templates/deployment.yaml | 2 +- 4 files changed, 7 insertions(+), 3 deletions(-) diff --git a/charts/synthetics-private-location/CHANGELOG.md b/charts/synthetics-private-location/CHANGELOG.md index 71fb0cf72..1cb26101d 100644 --- a/charts/synthetics-private-location/CHANGELOG.md +++ b/charts/synthetics-private-location/CHANGELOG.md @@ -1,5 +1,9 @@ # Datadog changelog +## 0.15.31 + +* Fix `env` indentation in Deployment template. + ## 0.15.30 * Fix `envFrom` indentation in Deployment template. diff --git a/charts/synthetics-private-location/Chart.yaml b/charts/synthetics-private-location/Chart.yaml index 8b8c9c70c..3df6dcd83 100644 --- a/charts/synthetics-private-location/Chart.yaml +++ b/charts/synthetics-private-location/Chart.yaml @@ -1,6 +1,6 @@ apiVersion: v2 name: synthetics-private-location -version: 0.15.30 +version: 0.15.31 appVersion: 1.46.0 description: Datadog Synthetics Private Location keywords: diff --git a/charts/synthetics-private-location/README.md b/charts/synthetics-private-location/README.md index 2e95e719b..d333eb7f8 100644 --- a/charts/synthetics-private-location/README.md +++ b/charts/synthetics-private-location/README.md @@ -1,6 +1,6 @@ # Datadog Synthetics Private Location -![Version: 0.15.30](https://img.shields.io/badge/Version-0.15.30-informational?style=flat-square) ![AppVersion: 1.46.0](https://img.shields.io/badge/AppVersion-1.46.0-informational?style=flat-square) +![Version: 0.15.31](https://img.shields.io/badge/Version-0.15.31-informational?style=flat-square) ![AppVersion: 1.46.0](https://img.shields.io/badge/AppVersion-1.46.0-informational?style=flat-square) [Datadog](https://www.datadoghq.com/) is a hosted infrastructure monitoring platform. This chart adds a Datadog Synthetics Private Location Deployment. For more information about synthetics monitoring with Datadog, please refer to the [Datadog documentation website](https://docs.datadoghq.com/synthetics/private_locations). diff --git a/charts/synthetics-private-location/templates/deployment.yaml b/charts/synthetics-private-location/templates/deployment.yaml index c8e729788..7e9d85d9e 100644 --- a/charts/synthetics-private-location/templates/deployment.yaml +++ b/charts/synthetics-private-location/templates/deployment.yaml @@ -76,7 +76,7 @@ spec: value: {{ .Values.enableStatusProbes | quote }} {{- end }} {{- if .Values.env }} - {{ toYaml .Values.env | indent 12 }} + {{- toYaml .Values.env | nindent 12 }} {{- end }} {{- end }} {{- with .Values.nodeSelector }} From 6b53175f695a5842e7649593e0c30bb77a1a1ce0 Mon Sep 17 00:00:00 2001 From: "D. McDaniel" <82239163+dmcdii@users.noreply.github.com> Date: Fri, 5 Apr 2024 08:12:24 -0400 Subject: [PATCH 035/209] Add `podLabels` value to allow setting labels that only appear on the pods managed by the deployment. (#1358) --- charts/synthetics-private-location/CHANGELOG.md | 4 ++++ charts/synthetics-private-location/Chart.yaml | 2 +- charts/synthetics-private-location/README.md | 3 ++- charts/synthetics-private-location/templates/deployment.yaml | 3 +++ charts/synthetics-private-location/values.yaml | 3 +++ 5 files changed, 13 insertions(+), 2 deletions(-) diff --git a/charts/synthetics-private-location/CHANGELOG.md b/charts/synthetics-private-location/CHANGELOG.md index 1cb26101d..55d3c24f0 100644 --- a/charts/synthetics-private-location/CHANGELOG.md +++ b/charts/synthetics-private-location/CHANGELOG.md @@ -1,5 +1,9 @@ # Datadog changelog +## 0.16.0 + +* Add `podLabels` value to allow setting labels that only appear on the pods managed by the deployment. + ## 0.15.31 * Fix `env` indentation in Deployment template. diff --git a/charts/synthetics-private-location/Chart.yaml b/charts/synthetics-private-location/Chart.yaml index 3df6dcd83..738b9d8bd 100644 --- a/charts/synthetics-private-location/Chart.yaml +++ b/charts/synthetics-private-location/Chart.yaml @@ -1,6 +1,6 @@ apiVersion: v2 name: synthetics-private-location -version: 0.15.31 +version: 0.16.0 appVersion: 1.46.0 description: Datadog Synthetics Private Location keywords: diff --git a/charts/synthetics-private-location/README.md b/charts/synthetics-private-location/README.md index d333eb7f8..91cc816ac 100644 --- a/charts/synthetics-private-location/README.md +++ b/charts/synthetics-private-location/README.md @@ -1,6 +1,6 @@ # Datadog Synthetics Private Location -![Version: 0.15.31](https://img.shields.io/badge/Version-0.15.31-informational?style=flat-square) ![AppVersion: 1.46.0](https://img.shields.io/badge/AppVersion-1.46.0-informational?style=flat-square) +![Version: 0.16.0](https://img.shields.io/badge/Version-0.16.0-informational?style=flat-square) ![AppVersion: 1.46.0](https://img.shields.io/badge/AppVersion-1.46.0-informational?style=flat-square) [Datadog](https://www.datadoghq.com/) is a hosted infrastructure monitoring platform. This chart adds a Datadog Synthetics Private Location Deployment. For more information about synthetics monitoring with Datadog, please refer to the [Datadog documentation website](https://docs.datadoghq.com/synthetics/private_locations). @@ -45,6 +45,7 @@ helm install datadog/synthetics-private-location --set-file confi | nameOverride | string | `""` | Override name of app | | nodeSelector | object | `{}` | Allows to schedule Datadog Synthetics Private Location on specific nodes | | podAnnotations | object | `{}` | Annotations to set to Datadog Synthetics Private Location PODs | +| podLabels | object | `{}` | Labels to be placed on pods managed by the deployment | | podSecurityContext | object | `{}` | Security context to set to Datadog Synthetics Private Location PODs | | priorityClassName | string | `""` | Allows to specify PriorityClass for Datadog Synthetics Private Location PODs | | replicaCount | int | `1` | Number of instances of Datadog Synthetics Private Location | diff --git a/charts/synthetics-private-location/templates/deployment.yaml b/charts/synthetics-private-location/templates/deployment.yaml index 7e9d85d9e..131754cb8 100644 --- a/charts/synthetics-private-location/templates/deployment.yaml +++ b/charts/synthetics-private-location/templates/deployment.yaml @@ -17,6 +17,9 @@ spec: {{- end }} labels: {{- include "synthetics-private-location.selectorLabels" . | nindent 8 }} + {{- with .Values.podLabels }} + {{- toYaml . | nindent 8 }} + {{- end }} spec: {{ if .Values.dnsPolicy }} dnsPolicy: {{ .Values.dnsPolicy}} diff --git a/charts/synthetics-private-location/values.yaml b/charts/synthetics-private-location/values.yaml index 48d0e8ca3..8b3d8186b 100644 --- a/charts/synthetics-private-location/values.yaml +++ b/charts/synthetics-private-location/values.yaml @@ -52,6 +52,9 @@ extraVolumeMounts: [] # podAnnotations -- Annotations to set to Datadog Synthetics Private Location PODs podAnnotations: {} +# podLabels -- Labels to be placed on pods managed by the deployment +podLabels: {} + # podSecurityContext -- Security context to set to Datadog Synthetics Private Location PODs podSecurityContext: {} # fsGroup: 2000 From 4dc0e872e7286ca0d7b10c5c4dfa9a7517bfc1f2 Mon Sep 17 00:00:00 2001 From: khewonc <39867936+khewonc@users.noreply.github.com> Date: Wed, 10 Apr 2024 15:20:39 -0400 Subject: [PATCH 036/209] [datadog] Update agents to 7.52.1 (#1366) --- charts/datadog/CHANGELOG.md | 5 + charts/datadog/Chart.yaml | 2 +- charts/datadog/README.md | 8 +- charts/datadog/values.yaml | 6 +- ...gent-clusterchecks-deployment_default.yaml | 12 +- .../cluster-agent-deployment_default.yaml | 21 +-- ...loyment_default_advanced_AC_injection.yaml | 21 +-- ...ployment_default_minimal_AC_injection.yaml | 23 +-- test/datadog/baseline/daemonset_default.yaml | 40 ++++-- test/datadog/baseline/other_default.yaml | 135 ++++++++++-------- test/datadog/dca_AC_sidecar_test.go | 2 +- 11 files changed, 164 insertions(+), 111 deletions(-) diff --git a/charts/datadog/CHANGELOG.md b/charts/datadog/CHANGELOG.md index 03a2449cf..95bde5cd8 100644 --- a/charts/datadog/CHANGELOG.md +++ b/charts/datadog/CHANGELOG.md @@ -1,10 +1,15 @@ # Datadog changelog +## 3.59.5 + +* Set default `Agent` and `Cluster-Agent` version to `7.52.1`. + ## 3.59.4 * Add language detection enable option for `APM` instrumentation. ## 3.59.3 + * Add `contimage-intake.datadoghq.com` & `contlcycle-intake.datadoghq.com` endpoints to the `Agent` cilium network policy. ## 3.59.2 diff --git a/charts/datadog/Chart.yaml b/charts/datadog/Chart.yaml index 90b281394..7e7a1e9d2 100644 --- a/charts/datadog/Chart.yaml +++ b/charts/datadog/Chart.yaml @@ -1,6 +1,6 @@ apiVersion: v1 name: datadog -version: 3.59.4 +version: 3.59.5 appVersion: "7" description: Datadog Agent keywords: diff --git a/charts/datadog/README.md b/charts/datadog/README.md index 9089d89dd..21233d4b6 100644 --- a/charts/datadog/README.md +++ b/charts/datadog/README.md @@ -1,6 +1,6 @@ # Datadog -![Version: 3.59.4](https://img.shields.io/badge/Version-3.59.4-informational?style=flat-square) ![AppVersion: 7](https://img.shields.io/badge/AppVersion-7-informational?style=flat-square) +![Version: 3.59.5](https://img.shields.io/badge/Version-3.59.5-informational?style=flat-square) ![AppVersion: 7](https://img.shields.io/badge/AppVersion-7-informational?style=flat-square) [Datadog](https://www.datadoghq.com/) is a hosted infrastructure monitoring platform. This chart adds the Datadog Agent to all nodes in your cluster via a DaemonSet. It also optionally depends on the [kube-state-metrics chart](https://github.com/prometheus-community/helm-charts/tree/main/charts/kube-state-metrics). For more information about monitoring Kubernetes with Datadog, please refer to the [Datadog documentation website](https://docs.datadoghq.com/agent/basic_agent_usage/kubernetes/). @@ -508,7 +508,7 @@ helm install \ | agents.image.pullPolicy | string | `"IfNotPresent"` | Datadog Agent image pull policy | | agents.image.pullSecrets | list | `[]` | Datadog Agent repository pullSecret (ex: specify docker registry credentials) | | agents.image.repository | string | `nil` | Override default registry + image.name for Agent | -| agents.image.tag | string | `"7.52.0"` | Define the Agent version to use | +| agents.image.tag | string | `"7.52.1"` | Define the Agent version to use | | agents.image.tagSuffix | string | `""` | Suffix to append to Agent tag | | agents.localService.forceLocalServiceEnabled | bool | `false` | Force the creation of the internal traffic policy service to target the agent running on the local node. By default, the internal traffic service is created only on Kubernetes 1.22+ where the feature became beta and enabled by default. This option allows to force the creation of the internal traffic service on kubernetes 1.21 where the feature was alpha and required a feature gate to be explicitly enabled. | | agents.localService.overrideName | string | `""` | Name of the internal traffic service to target the agent running on the local node | @@ -582,7 +582,7 @@ helm install \ | clusterAgent.image.pullPolicy | string | `"IfNotPresent"` | Cluster Agent image pullPolicy | | clusterAgent.image.pullSecrets | list | `[]` | Cluster Agent repository pullSecret (ex: specify docker registry credentials) | | clusterAgent.image.repository | string | `nil` | Override default registry + image.name for Cluster Agent | -| clusterAgent.image.tag | string | `"7.52.0"` | Cluster Agent image tag to use | +| clusterAgent.image.tag | string | `"7.52.1"` | Cluster Agent image tag to use | | clusterAgent.livenessProbe | object | Every 15s / 6 KO / 1 OK | Override default Cluster Agent liveness probe settings | | clusterAgent.metricsProvider.aggregator | string | `"avg"` | Define the aggregator the cluster agent will use to process the metrics. The options are (avg, min, max, sum) | | clusterAgent.metricsProvider.createReaderRbac | bool | `true` | Create `external-metrics-reader` RBAC automatically (to allow HPA to read data from Cluster Agent) | @@ -633,7 +633,7 @@ helm install \ | clusterChecksRunner.image.pullPolicy | string | `"IfNotPresent"` | Datadog Agent image pull policy | | clusterChecksRunner.image.pullSecrets | list | `[]` | Datadog Agent repository pullSecret (ex: specify docker registry credentials) | | clusterChecksRunner.image.repository | string | `nil` | Override default registry + image.name for Cluster Check Runners | -| clusterChecksRunner.image.tag | string | `"7.52.0"` | Define the Agent version to use | +| clusterChecksRunner.image.tag | string | `"7.52.1"` | Define the Agent version to use | | clusterChecksRunner.image.tagSuffix | string | `""` | Suffix to append to Agent tag | | clusterChecksRunner.livenessProbe | object | Every 15s / 6 KO / 1 OK | Override default agent liveness probe settings | | clusterChecksRunner.networkPolicy.create | bool | `false` | If true, create a NetworkPolicy for the cluster checks runners. DEPRECATED. Use datadog.networkPolicy.create instead | diff --git a/charts/datadog/values.yaml b/charts/datadog/values.yaml index 9fad54d16..a42163717 100644 --- a/charts/datadog/values.yaml +++ b/charts/datadog/values.yaml @@ -898,7 +898,7 @@ clusterAgent: name: cluster-agent # clusterAgent.image.tag -- Cluster Agent image tag to use - tag: 7.52.0 + tag: 7.52.1 # clusterAgent.image.digest -- Cluster Agent image digest to use, takes precedence over tag if specified digest: "" @@ -1376,7 +1376,7 @@ agents: name: agent # agents.image.tag -- Define the Agent version to use - tag: 7.52.0 + tag: 7.52.1 # agents.image.digest -- Define Agent image digest to use, takes precedence over tag if specified digest: "" @@ -1844,7 +1844,7 @@ clusterChecksRunner: name: agent # clusterChecksRunner.image.tag -- Define the Agent version to use - tag: 7.52.0 + tag: 7.52.1 # clusterChecksRunner.image.digest -- Define Agent image digest to use, takes precedence over tag if specified digest: "" diff --git a/test/datadog/baseline/agent-clusterchecks-deployment_default.yaml b/test/datadog/baseline/agent-clusterchecks-deployment_default.yaml index 7aa229602..ab5cdf9f0 100644 --- a/test/datadog/baseline/agent-clusterchecks-deployment_default.yaml +++ b/test/datadog/baseline/agent-clusterchecks-deployment_default.yaml @@ -6,7 +6,7 @@ metadata: name: datadog-clusterchecks namespace: datadog-agent labels: - helm.sh/chart: 'datadog-3.58.2' + helm.sh/chart: 'datadog-3.59.5' app.kubernetes.io/name: "datadog" app.kubernetes.io/instance: "datadog" app.kubernetes.io/managed-by: Helm @@ -36,8 +36,8 @@ spec: name: datadog-clusterchecks annotations: - checksum/clusteragent_token: 999b326e98e9596150bcbfd45becfdc4695634b0d8198c59d43ce7043ac9a611 - checksum/install_info: 3c5d7a2732f453d72b241f37b74f59319bcbf51e387a8fc35dc47bc4a1a7a390 + checksum/clusteragent_token: 70ee659df0e52871e8d378fcc43eaf4c28f5740fcf630c044aa05ab172fff59e + checksum/install_info: ff7899c74b353510429944625eb16f8e592229bb5787e83e275316fa810fb729 spec: serviceAccountName: datadog-cluster-checks automountServiceAccountToken: true @@ -45,7 +45,7 @@ spec: [] initContainers: - name: init-volume - image: "gcr.io/datadoghq/agent:7.51.0" + image: "gcr.io/datadoghq/agent:7.52.1" imagePullPolicy: IfNotPresent command: ["bash", "-c"] args: @@ -57,7 +57,7 @@ spec: resources: {} - name: init-config - image: "gcr.io/datadoghq/agent:7.51.0" + image: "gcr.io/datadoghq/agent:7.52.1" imagePullPolicy: IfNotPresent command: ["bash", "-c"] args: @@ -70,7 +70,7 @@ spec: {} containers: - name: agent - image: "gcr.io/datadoghq/agent:7.51.0" + image: "gcr.io/datadoghq/agent:7.52.1" command: ["bash", "-c"] args: - rm -rf /etc/datadog-agent/conf.d && touch /etc/datadog-agent/datadog.yaml && exec agent run diff --git a/test/datadog/baseline/cluster-agent-deployment_default.yaml b/test/datadog/baseline/cluster-agent-deployment_default.yaml index 7668108cb..15805c69e 100644 --- a/test/datadog/baseline/cluster-agent-deployment_default.yaml +++ b/test/datadog/baseline/cluster-agent-deployment_default.yaml @@ -6,7 +6,7 @@ metadata: name: datadog-cluster-agent namespace: datadog-agent labels: - helm.sh/chart: 'datadog-3.58.2' + helm.sh/chart: 'datadog-3.59.5' app.kubernetes.io/name: "datadog" app.kubernetes.io/instance: "datadog" app.kubernetes.io/managed-by: Helm @@ -36,17 +36,17 @@ spec: name: datadog-cluster-agent annotations: - checksum/clusteragent_token: cb4b859f7f7c7e495dcca4e6471a201cf8c7eb77134fbcaaf27e5a5b5ef1b9b8 - checksum/clusteragent-configmap: c4ebd3c35d77ac0260f47e1ec10c9733cd76488f4232f76f26466174b922b430 - checksum/api_key: 3c042e07978640da60c9adc10c03acb2e68c176d8f5ecc4c1c8d216051f476a5 + checksum/clusteragent_token: 5aef8764f6b4aeb3bd45082ad9876bb29166947c57686982e07a831d07ec5c53 + checksum/clusteragent-configmap: e76c6e387906993bf00147d7686dc3c64be7714d069bb1a2cbf88240ef996268 + checksum/api_key: 285e50be97a9ee27ecdd3466635dcedc8b3d08f9db978c1d427bf3bc39d2de0c checksum/application_key: 01ba4719c80b6fe911b091a7c05124b64eeece964e09c058ef8f9805daca546b - checksum/install_info: 3c5d7a2732f453d72b241f37b74f59319bcbf51e387a8fc35dc47bc4a1a7a390 + checksum/install_info: ff7899c74b353510429944625eb16f8e592229bb5787e83e275316fa810fb729 spec: serviceAccountName: datadog-cluster-agent automountServiceAccountToken: true initContainers: - name: init-volume - image: "gcr.io/datadoghq/cluster-agent:7.51.0" + image: "gcr.io/datadoghq/cluster-agent:7.52.1" imagePullPolicy: IfNotPresent command: - cp @@ -59,7 +59,7 @@ spec: mountPath: /opt/datadog-agent containers: - name: cluster-agent - image: "gcr.io/datadoghq/cluster-agent:7.51.0" + image: "gcr.io/datadoghq/cluster-agent:7.52.1" imagePullPolicy: IfNotPresent resources: {} @@ -86,7 +86,10 @@ spec: name: "datadog" key: api-key optional: true - + - name: DD_LANGUAGE_DETECTION_ENABLED + value: "false" + - name: DD_LANGUAGE_DETECTION_REPORTING_ENABLED + value: "false" - name: KUBERNETES value: "yes" - name: DD_ADMISSION_CONTROLLER_ENABLED @@ -148,6 +151,8 @@ spec: value: "true" - name: DD_ORCHESTRATOR_EXPLORER_CONTAINER_SCRUBBING_ENABLED value: "true" + - name: DD_CLUSTER_AGENT_LANGUAGE_DETECTION_PATCHER_ENABLED + value: "false" - name: DD_INSTRUMENTATION_INSTALL_TIME valueFrom: configMapKeyRef: diff --git a/test/datadog/baseline/cluster-agent-deployment_default_advanced_AC_injection.yaml b/test/datadog/baseline/cluster-agent-deployment_default_advanced_AC_injection.yaml index 80702f39b..f365f4b8d 100644 --- a/test/datadog/baseline/cluster-agent-deployment_default_advanced_AC_injection.yaml +++ b/test/datadog/baseline/cluster-agent-deployment_default_advanced_AC_injection.yaml @@ -6,7 +6,7 @@ metadata: name: datadog-cluster-agent namespace: datadog-agent labels: - helm.sh/chart: 'datadog-3.58.2' + helm.sh/chart: 'datadog-3.59.5' app.kubernetes.io/name: "datadog" app.kubernetes.io/instance: "datadog" app.kubernetes.io/managed-by: Helm @@ -36,17 +36,17 @@ spec: name: datadog-cluster-agent annotations: - checksum/clusteragent_token: cc4689bbc5f524d4080b164c621500d7f830d0aeef415c86a3535e76883577a3 - checksum/clusteragent-configmap: c4ebd3c35d77ac0260f47e1ec10c9733cd76488f4232f76f26466174b922b430 - checksum/api_key: 3c042e07978640da60c9adc10c03acb2e68c176d8f5ecc4c1c8d216051f476a5 + checksum/clusteragent_token: 181ecf39c46a1dd44547d1584e61a5ab984fcfadc01b1a9951511de7be33b4ff + checksum/clusteragent-configmap: e76c6e387906993bf00147d7686dc3c64be7714d069bb1a2cbf88240ef996268 + checksum/api_key: 285e50be97a9ee27ecdd3466635dcedc8b3d08f9db978c1d427bf3bc39d2de0c checksum/application_key: 01ba4719c80b6fe911b091a7c05124b64eeece964e09c058ef8f9805daca546b - checksum/install_info: 3c5d7a2732f453d72b241f37b74f59319bcbf51e387a8fc35dc47bc4a1a7a390 + checksum/install_info: ff7899c74b353510429944625eb16f8e592229bb5787e83e275316fa810fb729 spec: serviceAccountName: datadog-cluster-agent automountServiceAccountToken: true initContainers: - name: init-volume - image: "gcr.io/datadoghq/cluster-agent:7.51.0" + image: "gcr.io/datadoghq/cluster-agent:7.52.1" imagePullPolicy: IfNotPresent command: - cp @@ -59,7 +59,7 @@ spec: mountPath: /opt/datadog-agent containers: - name: cluster-agent - image: "gcr.io/datadoghq/cluster-agent:7.51.0" + image: "gcr.io/datadoghq/cluster-agent:7.52.1" imagePullPolicy: IfNotPresent resources: {} @@ -86,7 +86,10 @@ spec: name: "datadog" key: api-key optional: true - + - name: DD_LANGUAGE_DETECTION_ENABLED + value: "false" + - name: DD_LANGUAGE_DETECTION_REPORTING_ENABLED + value: "false" - name: KUBERNETES value: "yes" - name: DD_ADMISSION_CONTROLLER_ENABLED @@ -162,6 +165,8 @@ spec: value: "true" - name: DD_ORCHESTRATOR_EXPLORER_CONTAINER_SCRUBBING_ENABLED value: "true" + - name: DD_CLUSTER_AGENT_LANGUAGE_DETECTION_PATCHER_ENABLED + value: "false" - name: DD_INSTRUMENTATION_INSTALL_TIME valueFrom: configMapKeyRef: diff --git a/test/datadog/baseline/cluster-agent-deployment_default_minimal_AC_injection.yaml b/test/datadog/baseline/cluster-agent-deployment_default_minimal_AC_injection.yaml index c6d81039a..4efc71b97 100644 --- a/test/datadog/baseline/cluster-agent-deployment_default_minimal_AC_injection.yaml +++ b/test/datadog/baseline/cluster-agent-deployment_default_minimal_AC_injection.yaml @@ -6,7 +6,7 @@ metadata: name: datadog-cluster-agent namespace: datadog-agent labels: - helm.sh/chart: 'datadog-3.58.2' + helm.sh/chart: 'datadog-3.59.5' app.kubernetes.io/name: "datadog" app.kubernetes.io/instance: "datadog" app.kubernetes.io/managed-by: Helm @@ -36,17 +36,17 @@ spec: name: datadog-cluster-agent annotations: - checksum/clusteragent_token: 20307ad626ccec1c8abc4b8c42089120fea2bcbc8d51ad48f052fc9d7f1ac62e - checksum/clusteragent-configmap: c4ebd3c35d77ac0260f47e1ec10c9733cd76488f4232f76f26466174b922b430 - checksum/api_key: 3c042e07978640da60c9adc10c03acb2e68c176d8f5ecc4c1c8d216051f476a5 + checksum/clusteragent_token: 2fa601d9e096c193a20fc2206befc84edbdb2d0734a436ba8756f1810ea38757 + checksum/clusteragent-configmap: e76c6e387906993bf00147d7686dc3c64be7714d069bb1a2cbf88240ef996268 + checksum/api_key: 285e50be97a9ee27ecdd3466635dcedc8b3d08f9db978c1d427bf3bc39d2de0c checksum/application_key: 01ba4719c80b6fe911b091a7c05124b64eeece964e09c058ef8f9805daca546b - checksum/install_info: 3c5d7a2732f453d72b241f37b74f59319bcbf51e387a8fc35dc47bc4a1a7a390 + checksum/install_info: ff7899c74b353510429944625eb16f8e592229bb5787e83e275316fa810fb729 spec: serviceAccountName: datadog-cluster-agent automountServiceAccountToken: true initContainers: - name: init-volume - image: "gcr.io/datadoghq/cluster-agent:7.51.0" + image: "gcr.io/datadoghq/cluster-agent:7.52.1" imagePullPolicy: IfNotPresent command: - cp @@ -59,7 +59,7 @@ spec: mountPath: /opt/datadog-agent containers: - name: cluster-agent - image: "gcr.io/datadoghq/cluster-agent:7.51.0" + image: "gcr.io/datadoghq/cluster-agent:7.52.1" imagePullPolicy: IfNotPresent resources: {} @@ -86,7 +86,10 @@ spec: name: "datadog" key: api-key optional: true - + - name: DD_LANGUAGE_DETECTION_ENABLED + value: "false" + - name: DD_LANGUAGE_DETECTION_REPORTING_ENABLED + value: "false" - name: KUBERNETES value: "yes" - name: DD_ADMISSION_CONTROLLER_ENABLED @@ -116,7 +119,7 @@ spec: - name: DD_ADMISSION_CONTROLLER_AGENT_SIDECAR_IMAGE_NAME value: agent - name: DD_ADMISSION_CONTROLLER_AGENT_SIDECAR_IMAGE_TAG - value: 7.51.0 + value: 7.52.1 - name: DD_REMOTE_CONFIGURATION_ENABLED value: "false" - name: DD_CLUSTER_CHECKS_ENABLED @@ -158,6 +161,8 @@ spec: value: "true" - name: DD_ORCHESTRATOR_EXPLORER_CONTAINER_SCRUBBING_ENABLED value: "true" + - name: DD_CLUSTER_AGENT_LANGUAGE_DETECTION_PATCHER_ENABLED + value: "false" - name: DD_INSTRUMENTATION_INSTALL_TIME valueFrom: configMapKeyRef: diff --git a/test/datadog/baseline/daemonset_default.yaml b/test/datadog/baseline/daemonset_default.yaml index 7a7c56497..93ef7a2db 100644 --- a/test/datadog/baseline/daemonset_default.yaml +++ b/test/datadog/baseline/daemonset_default.yaml @@ -6,7 +6,7 @@ metadata: name: datadog namespace: datadog-agent labels: - helm.sh/chart: 'datadog-3.58.2' + helm.sh/chart: 'datadog-3.59.5' app.kubernetes.io/name: "datadog" app.kubernetes.io/instance: "datadog" app.kubernetes.io/managed-by: Helm @@ -30,8 +30,8 @@ spec: name: datadog annotations: - checksum/clusteragent_token: de10bbc694d3c44c7863afc67c2921c921466f00bae249eddfd43d06f0e40e83 - checksum/install_info: 3c5d7a2732f453d72b241f37b74f59319bcbf51e387a8fc35dc47bc4a1a7a390 + checksum/clusteragent_token: cdc95023f8d20e02cbfbe7fccf9e3ace103429d80685b51e2c23f7ac155c3737 + checksum/install_info: ff7899c74b353510429944625eb16f8e592229bb5787e83e275316fa810fb729 checksum/autoconf-config: 74234e98afe7498fb5daf1f36ac2d78acc339464f950703b8c019892f982b90b checksum/confd-config: 44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a checksum/checksd-config: 44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a @@ -42,7 +42,7 @@ spec: hostPID: true containers: - name: agent - image: "gcr.io/datadoghq/agent:7.51.0" + image: "gcr.io/datadoghq/agent:7.52.1" imagePullPolicy: IfNotPresent command: ["agent", "run"] @@ -62,7 +62,10 @@ spec: value: "true" - name: DD_AUTH_TOKEN_FILE_PATH value: /etc/datadog-agent/auth/token - + - name: DD_LANGUAGE_DETECTION_ENABLED + value: "false" + - name: DD_LANGUAGE_DETECTION_REPORTING_ENABLED + value: "false" - name: KUBERNETES value: "yes" - name: DD_KUBERNETES_KUBELET_HOST @@ -177,7 +180,7 @@ spec: successThreshold: 1 timeoutSeconds: 5 - name: trace-agent - image: "gcr.io/datadoghq/agent:7.51.0" + image: "gcr.io/datadoghq/agent:7.52.1" imagePullPolicy: IfNotPresent command: ["trace-agent", "-config=/etc/datadog-agent/datadog.yaml"] resources: @@ -196,7 +199,10 @@ spec: value: "true" - name: DD_AUTH_TOKEN_FILE_PATH value: /etc/datadog-agent/auth/token - + - name: DD_LANGUAGE_DETECTION_ENABLED + value: "false" + - name: DD_LANGUAGE_DETECTION_REPORTING_ENABLED + value: "false" - name: KUBERNETES value: "yes" - name: DD_KUBERNETES_KUBELET_HOST @@ -280,7 +286,7 @@ spec: port: 8126 timeoutSeconds: 5 - name: process-agent - image: "gcr.io/datadoghq/agent:7.51.0" + image: "gcr.io/datadoghq/agent:7.52.1" imagePullPolicy: IfNotPresent command: ["process-agent", "--cfgpath=/etc/datadog-agent/datadog.yaml"] resources: @@ -295,7 +301,10 @@ spec: value: "true" - name: DD_AUTH_TOKEN_FILE_PATH value: /etc/datadog-agent/auth/token - + - name: DD_LANGUAGE_DETECTION_ENABLED + value: "false" + - name: DD_LANGUAGE_DETECTION_REPORTING_ENABLED + value: "false" - name: KUBERNETES value: "yes" - name: DD_KUBERNETES_KUBELET_HOST @@ -324,7 +333,9 @@ spec: - name: DD_DOGSTATSD_SOCKET value: "/var/run/datadog/dsd.socket" - name: DD_ORCHESTRATOR_EXPLORER_ENABLED - value: "true" + value: "true" + - name: DD_PROCESS_AGENT_PROCESS_COLLECTION_ENABLED + value: "false" volumeMounts: - name: config mountPath: /etc/datadog-agent @@ -366,7 +377,7 @@ spec: - name: init-volume - image: "gcr.io/datadoghq/agent:7.51.0" + image: "gcr.io/datadoghq/agent:7.52.1" imagePullPolicy: IfNotPresent command: ["bash", "-c"] args: @@ -379,7 +390,7 @@ spec: {} - name: init-config - image: "gcr.io/datadoghq/agent:7.51.0" + image: "gcr.io/datadoghq/agent:7.52.1" imagePullPolicy: IfNotPresent command: - bash @@ -412,7 +423,10 @@ spec: value: "true" - name: DD_AUTH_TOKEN_FILE_PATH value: /etc/datadog-agent/auth/token - + - name: DD_LANGUAGE_DETECTION_ENABLED + value: "false" + - name: DD_LANGUAGE_DETECTION_REPORTING_ENABLED + value: "false" - name: KUBERNETES value: "yes" - name: DD_KUBERNETES_KUBELET_HOST diff --git a/test/datadog/baseline/other_default.yaml b/test/datadog/baseline/other_default.yaml index b78f8c31b..c3d65437c 100644 --- a/test/datadog/baseline/other_default.yaml +++ b/test/datadog/baseline/other_default.yaml @@ -6,7 +6,7 @@ metadata: name: datadog-clusterchecks namespace: datadog-agent labels: - helm.sh/chart: 'datadog-3.58.2' + helm.sh/chart: 'datadog-3.59.5' app.kubernetes.io/name: "datadog" app.kubernetes.io/instance: "datadog" app.kubernetes.io/managed-by: Helm @@ -24,7 +24,7 @@ metadata: name: datadog-cluster-agent namespace: datadog-agent labels: - helm.sh/chart: 'datadog-3.58.2' + helm.sh/chart: 'datadog-3.59.5' app.kubernetes.io/name: "datadog" app.kubernetes.io/instance: "datadog" app.kubernetes.io/managed-by: Helm @@ -41,13 +41,13 @@ kind: ServiceAccount automountServiceAccountToken: true metadata: labels: - helm.sh/chart: 'datadog-3.58.2' + helm.sh/chart: 'datadog-3.59.5' app.kubernetes.io/name: "datadog" app.kubernetes.io/instance: "datadog" app.kubernetes.io/managed-by: Helm app.kubernetes.io/version: "7" app: "datadog" - chart: "datadog-3.58.2" + chart: "datadog-3.59.5" heritage: "Helm" release: "datadog" name: datadog-cluster-checks @@ -60,10 +60,10 @@ automountServiceAccountToken: true metadata: labels: app: "datadog" - chart: "datadog-3.58.2" + chart: "datadog-3.59.5" heritage: "Helm" release: "datadog" - helm.sh/chart: 'datadog-3.58.2' + helm.sh/chart: 'datadog-3.59.5' app.kubernetes.io/name: "datadog" app.kubernetes.io/instance: "datadog" app.kubernetes.io/managed-by: Helm @@ -79,7 +79,7 @@ metadata: name: datadog namespace: datadog-agent labels: - helm.sh/chart: 'datadog-3.58.2' + helm.sh/chart: 'datadog-3.59.5' app.kubernetes.io/name: "datadog" app.kubernetes.io/instance: "datadog" app.kubernetes.io/managed-by: Helm @@ -92,14 +92,14 @@ metadata: name: datadog-cluster-agent namespace: datadog-agent labels: - helm.sh/chart: 'datadog-3.58.2' + helm.sh/chart: 'datadog-3.59.5' app.kubernetes.io/name: "datadog" app.kubernetes.io/instance: "datadog" app.kubernetes.io/managed-by: Helm app.kubernetes.io/version: "7" type: Opaque data: - token: "TkNSTkV5UlJqdjhHV0NWcmduMmRBaWdqTUw2WmdsV2g=" + token: "dXY0UUNGYUswcGNMQnpHb1lRMDh0R2txOXlpZEdrVnc=" --- # Source: datadog/templates/cluster-agent-confd-configmap.yaml apiVersion: v1 @@ -108,7 +108,7 @@ metadata: name: datadog-cluster-agent-confd namespace: datadog-agent labels: - helm.sh/chart: 'datadog-3.58.2' + helm.sh/chart: 'datadog-3.59.5' app.kubernetes.io/name: "datadog" app.kubernetes.io/instance: "datadog" app.kubernetes.io/managed-by: Helm @@ -157,20 +157,20 @@ metadata: name: datadog-installinfo namespace: datadog-agent labels: - helm.sh/chart: 'datadog-3.58.2' + helm.sh/chart: 'datadog-3.59.5' app.kubernetes.io/name: "datadog" app.kubernetes.io/instance: "datadog" app.kubernetes.io/managed-by: Helm app.kubernetes.io/version: "7" annotations: - checksum/install_info: 3c5d7a2732f453d72b241f37b74f59319bcbf51e387a8fc35dc47bc4a1a7a390 + checksum/install_info: ff7899c74b353510429944625eb16f8e592229bb5787e83e275316fa810fb729 data: install_info: | --- install_method: tool: helm tool_version: Helm - installer_version: datadog-3.58.2 + installer_version: datadog-3.59.5 --- # Source: datadog/templates/kpi-telemetry-configmap.yaml apiVersion: v1 @@ -179,22 +179,22 @@ metadata: name: datadog-kpi-telemetry-configmap namespace: datadog-agent labels: - helm.sh/chart: 'datadog-3.58.2' + helm.sh/chart: 'datadog-3.59.5' app.kubernetes.io/name: "datadog" app.kubernetes.io/instance: "datadog" app.kubernetes.io/managed-by: Helm app.kubernetes.io/version: "7" data: - install_id: "fd55046d-8dfc-47a6-9fb7-20088a93ea58" + install_id: "dc5846eb-4b2c-4335-9991-87c478de108d" install_type: k8s_manual - install_time: "1710950775" + install_time: "1712612300" --- # Source: datadog/templates/cluster-agent-rbac.yaml apiVersion: "rbac.authorization.k8s.io/v1" kind: ClusterRole metadata: labels: - helm.sh/chart: 'datadog-3.58.2' + helm.sh/chart: 'datadog-3.59.5' app.kubernetes.io/name: "datadog" app.kubernetes.io/instance: "datadog" app.kubernetes.io/managed-by: Helm @@ -400,7 +400,7 @@ apiVersion: "rbac.authorization.k8s.io/v1" kind: ClusterRole metadata: labels: - helm.sh/chart: 'datadog-3.58.2' + helm.sh/chart: 'datadog-3.59.5' app.kubernetes.io/name: "datadog" app.kubernetes.io/instance: "datadog" app.kubernetes.io/managed-by: Helm @@ -496,7 +496,7 @@ kind: ClusterRole metadata: name: datadog labels: - helm.sh/chart: 'datadog-3.58.2' + helm.sh/chart: 'datadog-3.59.5' app.kubernetes.io/name: "datadog" app.kubernetes.io/instance: "datadog" app.kubernetes.io/managed-by: Helm @@ -544,7 +544,7 @@ apiVersion: "rbac.authorization.k8s.io/v1" kind: ClusterRoleBinding metadata: labels: - helm.sh/chart: 'datadog-3.58.2' + helm.sh/chart: 'datadog-3.59.5' app.kubernetes.io/name: "datadog" app.kubernetes.io/instance: "datadog" app.kubernetes.io/managed-by: Helm @@ -564,7 +564,7 @@ apiVersion: "rbac.authorization.k8s.io/v1" kind: ClusterRoleBinding metadata: labels: - helm.sh/chart: 'datadog-3.58.2' + helm.sh/chart: 'datadog-3.59.5' app.kubernetes.io/name: "datadog" app.kubernetes.io/instance: "datadog" app.kubernetes.io/managed-by: Helm @@ -584,7 +584,7 @@ apiVersion: "rbac.authorization.k8s.io/v1" kind: ClusterRoleBinding metadata: labels: - helm.sh/chart: 'datadog-3.58.2' + helm.sh/chart: 'datadog-3.59.5' app.kubernetes.io/name: "datadog" app.kubernetes.io/instance: "datadog" app.kubernetes.io/managed-by: Helm @@ -605,7 +605,7 @@ kind: ClusterRoleBinding metadata: name: datadog labels: - helm.sh/chart: 'datadog-3.58.2' + helm.sh/chart: 'datadog-3.59.5' app.kubernetes.io/name: "datadog" app.kubernetes.io/instance: "datadog" app.kubernetes.io/managed-by: Helm @@ -624,7 +624,7 @@ apiVersion: "rbac.authorization.k8s.io/v1" kind: Role metadata: labels: - helm.sh/chart: 'datadog-3.58.2' + helm.sh/chart: 'datadog-3.59.5' app.kubernetes.io/name: "datadog" app.kubernetes.io/instance: "datadog" app.kubernetes.io/managed-by: Helm @@ -641,7 +641,7 @@ apiVersion: "rbac.authorization.k8s.io/v1" kind: Role metadata: labels: - helm.sh/chart: 'datadog-3.58.2' + helm.sh/chart: 'datadog-3.59.5' app.kubernetes.io/name: "datadog" app.kubernetes.io/instance: "datadog" app.kubernetes.io/managed-by: Helm @@ -663,7 +663,7 @@ apiVersion: "rbac.authorization.k8s.io/v1" kind: RoleBinding metadata: labels: - helm.sh/chart: 'datadog-3.58.2' + helm.sh/chart: 'datadog-3.59.5' app.kubernetes.io/name: "datadog" app.kubernetes.io/instance: "datadog" app.kubernetes.io/managed-by: Helm @@ -684,7 +684,7 @@ apiVersion: "rbac.authorization.k8s.io/v1" kind: RoleBinding metadata: labels: - helm.sh/chart: 'datadog-3.58.2' + helm.sh/chart: 'datadog-3.59.5' app.kubernetes.io/name: "datadog" app.kubernetes.io/instance: "datadog" app.kubernetes.io/managed-by: Helm @@ -707,7 +707,7 @@ metadata: name: datadog-cluster-agent namespace: datadog-agent labels: - helm.sh/chart: 'datadog-3.58.2' + helm.sh/chart: 'datadog-3.59.5' app.kubernetes.io/name: "datadog" app.kubernetes.io/instance: "datadog" app.kubernetes.io/managed-by: Helm @@ -729,10 +729,10 @@ metadata: namespace: datadog-agent labels: app: "datadog" - chart: "datadog-3.58.2" + chart: "datadog-3.59.5" release: "datadog" heritage: "Helm" - helm.sh/chart: 'datadog-3.58.2' + helm.sh/chart: 'datadog-3.59.5' app.kubernetes.io/name: "datadog" app.kubernetes.io/instance: "datadog" app.kubernetes.io/managed-by: Helm @@ -755,10 +755,10 @@ metadata: namespace: datadog-agent labels: app: "datadog" - chart: "datadog-3.58.2" + chart: "datadog-3.59.5" release: "datadog" heritage: "Helm" - helm.sh/chart: 'datadog-3.58.2' + helm.sh/chart: 'datadog-3.59.5' app.kubernetes.io/name: "datadog" app.kubernetes.io/instance: "datadog" app.kubernetes.io/managed-by: Helm @@ -784,7 +784,7 @@ metadata: name: datadog namespace: datadog-agent labels: - helm.sh/chart: 'datadog-3.58.2' + helm.sh/chart: 'datadog-3.59.5' app.kubernetes.io/name: "datadog" app.kubernetes.io/instance: "datadog" app.kubernetes.io/managed-by: Helm @@ -808,8 +808,8 @@ spec: name: datadog annotations: - checksum/clusteragent_token: d1284848a462e5feb13cfbc55a8d3eb48c477b6916832a592867cb5a4a9e4969 - checksum/install_info: 3c5d7a2732f453d72b241f37b74f59319bcbf51e387a8fc35dc47bc4a1a7a390 + checksum/clusteragent_token: 2eca1fa995f5cdf71fd464aa84a3b0376f3f7ecd1d6731b8fa18eeb9694b4579 + checksum/install_info: ff7899c74b353510429944625eb16f8e592229bb5787e83e275316fa810fb729 checksum/autoconf-config: 74234e98afe7498fb5daf1f36ac2d78acc339464f950703b8c019892f982b90b checksum/confd-config: 44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a checksum/checksd-config: 44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a @@ -820,7 +820,7 @@ spec: hostPID: true containers: - name: agent - image: "gcr.io/datadoghq/agent:7.51.0" + image: "gcr.io/datadoghq/agent:7.52.1" imagePullPolicy: IfNotPresent command: ["agent", "run"] @@ -840,7 +840,10 @@ spec: value: "true" - name: DD_AUTH_TOKEN_FILE_PATH value: /etc/datadog-agent/auth/token - + - name: DD_LANGUAGE_DETECTION_ENABLED + value: "false" + - name: DD_LANGUAGE_DETECTION_REPORTING_ENABLED + value: "false" - name: KUBERNETES value: "yes" - name: DD_KUBERNETES_KUBELET_HOST @@ -956,7 +959,7 @@ spec: successThreshold: 1 timeoutSeconds: 5 - name: trace-agent - image: "gcr.io/datadoghq/agent:7.51.0" + image: "gcr.io/datadoghq/agent:7.52.1" imagePullPolicy: IfNotPresent command: ["trace-agent", "-config=/etc/datadog-agent/datadog.yaml"] resources: @@ -975,7 +978,10 @@ spec: value: "true" - name: DD_AUTH_TOKEN_FILE_PATH value: /etc/datadog-agent/auth/token - + - name: DD_LANGUAGE_DETECTION_ENABLED + value: "false" + - name: DD_LANGUAGE_DETECTION_REPORTING_ENABLED + value: "false" - name: KUBERNETES value: "yes" - name: DD_KUBERNETES_KUBELET_HOST @@ -1059,7 +1065,7 @@ spec: port: 8126 timeoutSeconds: 5 - name: process-agent - image: "gcr.io/datadoghq/agent:7.51.0" + image: "gcr.io/datadoghq/agent:7.52.1" imagePullPolicy: IfNotPresent command: ["process-agent", "--cfgpath=/etc/datadog-agent/datadog.yaml"] resources: @@ -1074,7 +1080,10 @@ spec: value: "true" - name: DD_AUTH_TOKEN_FILE_PATH value: /etc/datadog-agent/auth/token - + - name: DD_LANGUAGE_DETECTION_ENABLED + value: "false" + - name: DD_LANGUAGE_DETECTION_REPORTING_ENABLED + value: "false" - name: KUBERNETES value: "yes" - name: DD_KUBERNETES_KUBELET_HOST @@ -1103,7 +1112,9 @@ spec: - name: DD_DOGSTATSD_SOCKET value: "/var/run/datadog/dsd.socket" - name: DD_ORCHESTRATOR_EXPLORER_ENABLED - value: "true" + value: "true" + - name: DD_PROCESS_AGENT_PROCESS_COLLECTION_ENABLED + value: "false" volumeMounts: - name: config mountPath: /etc/datadog-agent @@ -1145,7 +1156,7 @@ spec: - name: init-volume - image: "gcr.io/datadoghq/agent:7.51.0" + image: "gcr.io/datadoghq/agent:7.52.1" imagePullPolicy: IfNotPresent command: ["bash", "-c"] args: @@ -1158,7 +1169,7 @@ spec: {} - name: init-config - image: "gcr.io/datadoghq/agent:7.51.0" + image: "gcr.io/datadoghq/agent:7.52.1" imagePullPolicy: IfNotPresent command: - bash @@ -1191,7 +1202,10 @@ spec: value: "true" - name: DD_AUTH_TOKEN_FILE_PATH value: /etc/datadog-agent/auth/token - + - name: DD_LANGUAGE_DETECTION_ENABLED + value: "false" + - name: DD_LANGUAGE_DETECTION_REPORTING_ENABLED + value: "false" - name: KUBERNETES value: "yes" - name: DD_KUBERNETES_KUBELET_HOST @@ -1260,7 +1274,7 @@ metadata: name: datadog-clusterchecks namespace: datadog-agent labels: - helm.sh/chart: 'datadog-3.58.2' + helm.sh/chart: 'datadog-3.59.5' app.kubernetes.io/name: "datadog" app.kubernetes.io/instance: "datadog" app.kubernetes.io/managed-by: Helm @@ -1290,8 +1304,8 @@ spec: name: datadog-clusterchecks annotations: - checksum/clusteragent_token: d56cd35d2ed589e9817382c6d02cf18a1d24772863e156f83e78a038ee24b51d - checksum/install_info: 3c5d7a2732f453d72b241f37b74f59319bcbf51e387a8fc35dc47bc4a1a7a390 + checksum/clusteragent_token: 0f5813b5b82cfb158b2ce63357f1f87771c9c64cc9dec0ce8163eb3f86f1ed2b + checksum/install_info: ff7899c74b353510429944625eb16f8e592229bb5787e83e275316fa810fb729 spec: serviceAccountName: datadog-cluster-checks automountServiceAccountToken: true @@ -1299,7 +1313,7 @@ spec: [] initContainers: - name: init-volume - image: "gcr.io/datadoghq/agent:7.51.0" + image: "gcr.io/datadoghq/agent:7.52.1" imagePullPolicy: IfNotPresent command: ["bash", "-c"] args: @@ -1311,7 +1325,7 @@ spec: resources: {} - name: init-config - image: "gcr.io/datadoghq/agent:7.51.0" + image: "gcr.io/datadoghq/agent:7.52.1" imagePullPolicy: IfNotPresent command: ["bash", "-c"] args: @@ -1324,7 +1338,7 @@ spec: {} containers: - name: agent - image: "gcr.io/datadoghq/agent:7.51.0" + image: "gcr.io/datadoghq/agent:7.52.1" command: ["bash", "-c"] args: - rm -rf /etc/datadog-agent/conf.d && touch /etc/datadog-agent/datadog.yaml && exec agent run @@ -1441,7 +1455,7 @@ metadata: name: datadog-cluster-agent namespace: datadog-agent labels: - helm.sh/chart: 'datadog-3.58.2' + helm.sh/chart: 'datadog-3.59.5' app.kubernetes.io/name: "datadog" app.kubernetes.io/instance: "datadog" app.kubernetes.io/managed-by: Helm @@ -1471,15 +1485,15 @@ spec: name: datadog-cluster-agent annotations: - checksum/clusteragent_token: 9f86485d7f07627ccbd29f3ad3996ceb1fa57403f055c1b15e7c6919f944a2c1 - checksum/clusteragent-configmap: 4bd988547c8c6cc1f177d466bee234b3d51f96bd8f1177244bd0cca5cdea8082 - checksum/install_info: 3c5d7a2732f453d72b241f37b74f59319bcbf51e387a8fc35dc47bc4a1a7a390 + checksum/clusteragent_token: 97694b10aa1860763a995809539a1dd0913868bc7eb396772d43907e3b577f53 + checksum/clusteragent-configmap: c3898339b22cb80ce6654e95096d254c8b01d95a7daebf0dd43d8bedb1a8e7da + checksum/install_info: ff7899c74b353510429944625eb16f8e592229bb5787e83e275316fa810fb729 spec: serviceAccountName: datadog-cluster-agent automountServiceAccountToken: true initContainers: - name: init-volume - image: "gcr.io/datadoghq/cluster-agent:7.51.0" + image: "gcr.io/datadoghq/cluster-agent:7.52.1" imagePullPolicy: IfNotPresent command: - cp @@ -1492,7 +1506,7 @@ spec: mountPath: /opt/datadog-agent containers: - name: cluster-agent - image: "gcr.io/datadoghq/cluster-agent:7.51.0" + image: "gcr.io/datadoghq/cluster-agent:7.52.1" imagePullPolicy: IfNotPresent resources: {} @@ -1519,7 +1533,10 @@ spec: name: "datadog-secret" key: api-key optional: true - + - name: DD_LANGUAGE_DETECTION_ENABLED + value: "false" + - name: DD_LANGUAGE_DETECTION_REPORTING_ENABLED + value: "false" - name: KUBERNETES value: "yes" - name: DD_ADMISSION_CONTROLLER_ENABLED @@ -1583,6 +1600,8 @@ spec: value: "true" - name: DD_ORCHESTRATOR_EXPLORER_CONTAINER_SCRUBBING_ENABLED value: "true" + - name: DD_CLUSTER_AGENT_LANGUAGE_DETECTION_PATCHER_ENABLED + value: "false" - name: DD_INSTRUMENTATION_INSTALL_TIME valueFrom: configMapKeyRef: diff --git a/test/datadog/dca_AC_sidecar_test.go b/test/datadog/dca_AC_sidecar_test.go index 91fda3b03..07f63199f 100644 --- a/test/datadog/dca_AC_sidecar_test.go +++ b/test/datadog/dca_AC_sidecar_test.go @@ -90,7 +90,7 @@ func verifyDeploymentFargateMinimal(t *testing.T, manifest string) { // Default will be set by DCA assert.Empty(t, acConfigEnv[DDSidecarRegistry]) assert.Equal(t, "agent", acConfigEnv[DDSidecarImageName]) - assert.Equal(t, "7.51.0", acConfigEnv[DDSidecarImageTag]) + assert.Equal(t, "7.52.1", acConfigEnv[DDSidecarImageTag]) assert.Empty(t, acConfigEnv[DDSidecarSelectors]) assert.Empty(t, acConfigEnv[DDSidecarProfiles]) } From 85d3e6902870392c73ad0042ea4ceca7f080c9a8 Mon Sep 17 00:00:00 2001 From: Liliya Belaus <59583867+liliyadd@users.noreply.github.com> Date: Thu, 11 Apr 2024 14:40:56 -0400 Subject: [PATCH 037/209] [APM Telemetry] Allow skipping creating Configmap with parameters needed for APM KPIs (#1328) * [APM Telemetry] Allow skipping creating Configmap with parameters needed for APM KPIs * Update default values for KPI env vars * Represent int as a string to fix unmarshalling error --- charts/datadog/CHANGELOG.md | 6 +++++- charts/datadog/Chart.yaml | 2 +- charts/datadog/README.md | 3 ++- charts/datadog/templates/kpi-telemetry-configmap.yaml | 7 ++++++- charts/datadog/values.yaml | 3 +++ 5 files changed, 17 insertions(+), 4 deletions(-) diff --git a/charts/datadog/CHANGELOG.md b/charts/datadog/CHANGELOG.md index 95bde5cd8..8b370b337 100644 --- a/charts/datadog/CHANGELOG.md +++ b/charts/datadog/CHANGELOG.md @@ -1,8 +1,12 @@ # Datadog changelog +## 3.59.6 + +* Add configuration option datadog.apm.instrumentation.skipKPITelemetry. + ## 3.59.5 -* Set default `Agent` and `Cluster-Agent` version to `7.52.1`. +* Add configuration option datadog.apm.instrumentation.skipKPITelemetry. ## 3.59.4 diff --git a/charts/datadog/Chart.yaml b/charts/datadog/Chart.yaml index 7e7a1e9d2..50b75ef10 100644 --- a/charts/datadog/Chart.yaml +++ b/charts/datadog/Chart.yaml @@ -1,6 +1,6 @@ apiVersion: v1 name: datadog -version: 3.59.5 +version: 3.59.6 appVersion: "7" description: Datadog Agent keywords: diff --git a/charts/datadog/README.md b/charts/datadog/README.md index 21233d4b6..189fac4ab 100644 --- a/charts/datadog/README.md +++ b/charts/datadog/README.md @@ -1,6 +1,6 @@ # Datadog -![Version: 3.59.5](https://img.shields.io/badge/Version-3.59.5-informational?style=flat-square) ![AppVersion: 7](https://img.shields.io/badge/AppVersion-7-informational?style=flat-square) +![Version: 3.59.6](https://img.shields.io/badge/Version-3.59.6-informational?style=flat-square) ![AppVersion: 7](https://img.shields.io/badge/AppVersion-7-informational?style=flat-square) [Datadog](https://www.datadoghq.com/) is a hosted infrastructure monitoring platform. This chart adds the Datadog Agent to all nodes in your cluster via a DaemonSet. It also optionally depends on the [kube-state-metrics chart](https://github.com/prometheus-community/helm-charts/tree/main/charts/kube-state-metrics). For more information about monitoring Kubernetes with Datadog, please refer to the [Datadog documentation website](https://docs.datadoghq.com/agent/basic_agent_usage/kubernetes/). @@ -667,6 +667,7 @@ helm install \ | datadog.apm.instrumentation.enabledNamespaces | list | `[]` | Enable injecting the Datadog APM libraries into pods in specific namespaces (beta). | | datadog.apm.instrumentation.language_detection.enabled | bool | `true` | Run language detection to automatically detect languages of user workloads (beta). | | datadog.apm.instrumentation.libVersions | object | `{}` | Inject specific version of tracing libraries with Single Step Instrumentation (beta). | +| datadog.apm.instrumentation.skipKPITelemetry | bool | `false` | Disable generating Configmap for APM Instrumentation KPIs | | datadog.apm.port | int | `8126` | Override the trace Agent port | | datadog.apm.portEnabled | bool | `false` | Enable APM over TCP communication (hostPort 8126 by default) | | datadog.apm.socketEnabled | bool | `true` | Enable APM over Socket (Unix Socket or windows named pipe) | diff --git a/charts/datadog/templates/kpi-telemetry-configmap.yaml b/charts/datadog/templates/kpi-telemetry-configmap.yaml index 1ab531945..fe46598dc 100644 --- a/charts/datadog/templates/kpi-telemetry-configmap.yaml +++ b/charts/datadog/templates/kpi-telemetry-configmap.yaml @@ -6,6 +6,11 @@ metadata: labels: {{ include "datadog.labels" . | indent 4 }} data: - install_id: {{ uuidv4 | quote }} install_type: k8s_manual + {{- if .Values.datadog.apm.instrumentation.skipKPITelemetry }} + install_id: "00000000-0000-0000-0000-000000000000" + install_time: "0" + {{- else }} + install_id: {{ uuidv4 | quote }} install_time: {{ now | unixEpoch | quote }} + {{- end }} diff --git a/charts/datadog/values.yaml b/charts/datadog/values.yaml index a42163717..348a1a93e 100644 --- a/charts/datadog/values.yaml +++ b/charts/datadog/values.yaml @@ -480,6 +480,9 @@ datadog: # datadog.apm.instrumentation.libVersions -- Inject specific version of tracing libraries with Single Step Instrumentation (beta). libVersions: {} + # datadog.apm.instrumentation.skipKPITelemetry -- Disable generating Configmap for APM Instrumentation KPIs + skipKPITelemetry: false + # Language detection currently only detects languages and adds them as annotations on deployments, but doesn't use these languages for injecting libraries to applicative pods. # It requires Agent 7.52+ and Cluster Agent 7.52+ language_detection: From f0bb7f56eb6cff79c31dfe28bdcae141ee5180d6 Mon Sep 17 00:00:00 2001 From: Derek Gaffney <17263955+gaffneyd4@users.noreply.github.com> Date: Tue, 16 Apr 2024 03:57:44 -0400 Subject: [PATCH 038/209] Fix CHANGELOG for 3.59.5 (#1374) Adding back changelog message accidentally removed in pull #1328 --- charts/datadog/CHANGELOG.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/charts/datadog/CHANGELOG.md b/charts/datadog/CHANGELOG.md index 8b370b337..829c04507 100644 --- a/charts/datadog/CHANGELOG.md +++ b/charts/datadog/CHANGELOG.md @@ -6,7 +6,7 @@ ## 3.59.5 -* Add configuration option datadog.apm.instrumentation.skipKPITelemetry. +* Set default `Agent` and `Cluster-Agent` version to `7.52.1`. ## 3.59.4 From c4a3fac91154b2dc085a9ce5cabcebeb1f3e6a1f Mon Sep 17 00:00:00 2001 From: Etienne Lefebvre Date: Tue, 16 Apr 2024 10:22:34 +0200 Subject: [PATCH 039/209] [s8s] Private Location 1.47.0 (#1372) --- charts/synthetics-private-location/CHANGELOG.md | 4 ++++ charts/synthetics-private-location/Chart.yaml | 4 ++-- charts/synthetics-private-location/README.md | 4 ++-- charts/synthetics-private-location/values.yaml | 2 +- 4 files changed, 9 insertions(+), 5 deletions(-) diff --git a/charts/synthetics-private-location/CHANGELOG.md b/charts/synthetics-private-location/CHANGELOG.md index 55d3c24f0..2651f5475 100644 --- a/charts/synthetics-private-location/CHANGELOG.md +++ b/charts/synthetics-private-location/CHANGELOG.md @@ -1,5 +1,9 @@ # Datadog changelog +## 0.16.1 + +* Update private location image version to `1.47.0`. + ## 0.16.0 * Add `podLabels` value to allow setting labels that only appear on the pods managed by the deployment. diff --git a/charts/synthetics-private-location/Chart.yaml b/charts/synthetics-private-location/Chart.yaml index 738b9d8bd..6af29097b 100644 --- a/charts/synthetics-private-location/Chart.yaml +++ b/charts/synthetics-private-location/Chart.yaml @@ -1,7 +1,7 @@ apiVersion: v2 name: synthetics-private-location -version: 0.16.0 -appVersion: 1.46.0 +version: 0.16.1 +appVersion: 1.47.0 description: Datadog Synthetics Private Location keywords: - monitoring diff --git a/charts/synthetics-private-location/README.md b/charts/synthetics-private-location/README.md index 91cc816ac..6aee94058 100644 --- a/charts/synthetics-private-location/README.md +++ b/charts/synthetics-private-location/README.md @@ -1,6 +1,6 @@ # Datadog Synthetics Private Location -![Version: 0.16.0](https://img.shields.io/badge/Version-0.16.0-informational?style=flat-square) ![AppVersion: 1.46.0](https://img.shields.io/badge/AppVersion-1.46.0-informational?style=flat-square) +![Version: 0.16.1](https://img.shields.io/badge/Version-0.16.1-informational?style=flat-square) ![AppVersion: 1.47.0](https://img.shields.io/badge/AppVersion-1.47.0-informational?style=flat-square) [Datadog](https://www.datadoghq.com/) is a hosted infrastructure monitoring platform. This chart adds a Datadog Synthetics Private Location Deployment. For more information about synthetics monitoring with Datadog, please refer to the [Datadog documentation website](https://docs.datadoghq.com/synthetics/private_locations). @@ -40,7 +40,7 @@ helm install datadog/synthetics-private-location --set-file confi | hostAliases | list | `[]` | Add entries to Datadog Synthetics Private Location PODs' /etc/hosts | | image.pullPolicy | string | `"IfNotPresent"` | Define the pullPolicy for Datadog Synthetics Private Location image | | image.repository | string | `"gcr.io/datadoghq/synthetics-private-location-worker"` | Repository to use for Datadog Synthetics Private Location image | -| image.tag | string | `"1.46.0"` | Define the Datadog Synthetics Private Location version to use | +| image.tag | string | `"1.47.0"` | Define the Datadog Synthetics Private Location version to use | | imagePullSecrets | list | `[]` | Datadog Synthetics Private Location repository pullSecret (ex: specify docker registry credentials) | | nameOverride | string | `""` | Override name of app | | nodeSelector | object | `{}` | Allows to schedule Datadog Synthetics Private Location on specific nodes | diff --git a/charts/synthetics-private-location/values.yaml b/charts/synthetics-private-location/values.yaml index 8b3d8186b..8e20c42f1 100644 --- a/charts/synthetics-private-location/values.yaml +++ b/charts/synthetics-private-location/values.yaml @@ -15,7 +15,7 @@ image: # image.pullPolicy -- Define the pullPolicy for Datadog Synthetics Private Location image pullPolicy: IfNotPresent # image.tag -- Define the Datadog Synthetics Private Location version to use - tag: 1.46.0 + tag: 1.47.0 # dnsPolicy -- DNS Policy to set to the Datadog Synthetics Private Location PODs dnsPolicy: ClusterFirst From 2d55bab9b505086772164ec80ae9dbec98fdad53 Mon Sep 17 00:00:00 2001 From: Etienne Lefebvre Date: Thu, 18 Apr 2024 12:05:41 +0200 Subject: [PATCH 040/209] [release] Add `CR_SKIP_EXISTING` flag to release job (#1378) If some chart changes are detected but the version was not bumped, ignore it (mostly for documentation only updates) --- .github/workflows/release.yaml | 1 + 1 file changed, 1 insertion(+) diff --git a/.github/workflows/release.yaml b/.github/workflows/release.yaml index bcb3892c5..bb531756f 100644 --- a/.github/workflows/release.yaml +++ b/.github/workflows/release.yaml @@ -27,3 +27,4 @@ jobs: uses: helm/chart-releaser-action@v1.5.0 env: CR_TOKEN: '${{ secrets.GITHUB_TOKEN }}' + CR_SKIP_EXISTING: true # Ignore chart changes when version was not updated (documentation) From bc1b5bb922e68106f1b6e222bd2b7e90a90d351b Mon Sep 17 00:00:00 2001 From: Etienne Lefebvre Date: Thu, 18 Apr 2024 14:09:14 +0200 Subject: [PATCH 041/209] [doc] Update PL documentation link (#1379) --- charts/synthetics-private-location/README.md | 2 +- charts/synthetics-private-location/README.md.gotmpl | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/charts/synthetics-private-location/README.md b/charts/synthetics-private-location/README.md index 6aee94058..8e7841a13 100644 --- a/charts/synthetics-private-location/README.md +++ b/charts/synthetics-private-location/README.md @@ -2,7 +2,7 @@ ![Version: 0.16.1](https://img.shields.io/badge/Version-0.16.1-informational?style=flat-square) ![AppVersion: 1.47.0](https://img.shields.io/badge/AppVersion-1.47.0-informational?style=flat-square) -[Datadog](https://www.datadoghq.com/) is a hosted infrastructure monitoring platform. This chart adds a Datadog Synthetics Private Location Deployment. For more information about synthetics monitoring with Datadog, please refer to the [Datadog documentation website](https://docs.datadoghq.com/synthetics/private_locations). +[Datadog](https://www.datadoghq.com/) is a hosted infrastructure monitoring platform. This chart adds a Datadog Synthetics Private Location Deployment. For more information about synthetics monitoring with Datadog, please refer to the [Datadog documentation website](https://docs.datadoghq.com/synthetics/private_locations/?tab=helmchart). ## How to use Datadog Helm repository diff --git a/charts/synthetics-private-location/README.md.gotmpl b/charts/synthetics-private-location/README.md.gotmpl index b828a93d4..d24fee838 100644 --- a/charts/synthetics-private-location/README.md.gotmpl +++ b/charts/synthetics-private-location/README.md.gotmpl @@ -2,7 +2,7 @@ {{ template "chart.versionBadge" . }}{{ template "chart.typeBadge" . }}{{ template "chart.appVersionBadge" . }} -[Datadog](https://www.datadoghq.com/) is a hosted infrastructure monitoring platform. This chart adds a Datadog Synthetics Private Location Deployment. For more information about synthetics monitoring with Datadog, please refer to the [Datadog documentation website](https://docs.datadoghq.com/synthetics/private_locations). +[Datadog](https://www.datadoghq.com/) is a hosted infrastructure monitoring platform. This chart adds a Datadog Synthetics Private Location Deployment. For more information about synthetics monitoring with Datadog, please refer to the [Datadog documentation website](https://docs.datadoghq.com/synthetics/private_locations/?tab=helmchart). ## How to use Datadog Helm repository From fa091ca3aa353b8b55459a2fd47c94cb5923e08c Mon Sep 17 00:00:00 2001 From: eugene kirillov <3404064+krlv@users.noreply.github.com> Date: Thu, 18 Apr 2024 09:16:06 -0700 Subject: [PATCH 042/209] DO NOT MERGE [PRODUCTSA-1093] Update OPW chart for v2 release (#1329) * [PRODUCTSA-1093] Update OPW chart for v2 release * Remove remoteConfigurationEnabled and pipelineConfig values: OPW2.0 is RC only * Bump version and appVersion to 2.0.0 * fixup! [PRODUCTSA-1093] Update OPW chart for v2 release * fixup! [PRODUCTSA-1093] Update OPW chart for v2 release * fixup! [PRODUCTSA-1093] Update OPW chart for v2 release * fixup! [PRODUCTSA-1093] Update OPW chart for v2 release * fixup! [PRODUCTSA-1093] Update OPW chart for v2 release * temp: Run CI --- .../CHANGELOG.md | 5 +++ .../observability-pipelines-worker/Chart.yaml | 4 +-- .../observability-pipelines-worker/README.md | 6 ++-- .../ci/all-values.yaml | 24 ------------- .../ci/api-values.yaml | 28 +-------------- .../ci/dupe-ports-values.yaml | 25 -------------- ...ntainers-and-extraVolumeMounts-values.yaml | 23 ------------- .../ci/ingress-values.yaml | 23 ------------- .../ci/initContainers-values.yaml | 23 ------------- .../ci/kubeconform-values.yaml | 28 +-------------- .../ci/manual-port-values.yaml | 23 ------------- .../ci/remote-config.yaml | 6 ---- .../ci/serviceHeadless-disabled.yaml | 23 ------------- .../ci/templated-config-values.yaml | 21 ------------ .../templates/_pod.tpl | 16 --------- .../templates/configmap.yaml | 16 --------- .../templates/statefulset.yaml | 1 - .../values.yaml | 34 +------------------ 18 files changed, 12 insertions(+), 317 deletions(-) delete mode 100644 charts/observability-pipelines-worker/ci/dupe-ports-values.yaml delete mode 100644 charts/observability-pipelines-worker/ci/remote-config.yaml delete mode 100644 charts/observability-pipelines-worker/ci/templated-config-values.yaml delete mode 100644 charts/observability-pipelines-worker/templates/configmap.yaml diff --git a/charts/observability-pipelines-worker/CHANGELOG.md b/charts/observability-pipelines-worker/CHANGELOG.md index ea0c2d35a..c643a7417 100644 --- a/charts/observability-pipelines-worker/CHANGELOG.md +++ b/charts/observability-pipelines-worker/CHANGELOG.md @@ -1,5 +1,10 @@ # Changelog +## 2.0.0 + +* GA release of Observability Pipelines Worker v2 +* Removed `datadog.remoteConfigurationEnabled` and `pipelineConfig` values + ## 1.8.1 * Migrate from `kubeval` to `kubeconform` for ci chart validation. diff --git a/charts/observability-pipelines-worker/Chart.yaml b/charts/observability-pipelines-worker/Chart.yaml index 592df157c..047bbd8d9 100644 --- a/charts/observability-pipelines-worker/Chart.yaml +++ b/charts/observability-pipelines-worker/Chart.yaml @@ -1,6 +1,6 @@ apiVersion: v2 name: observability-pipelines-worker -version: "1.8.1" +version: "2.0.0" description: Observability Pipelines Worker type: application keywords: @@ -13,7 +13,7 @@ icon: https://datadog-live.imgix.net/img/dd_logo_70x75.png maintainers: - name: Datadog email: support@datadoghq.com -appVersion: "1.8.0" +appVersion: "2.0.0" annotations: artifacthub.io/links: | - name: Chart Source diff --git a/charts/observability-pipelines-worker/README.md b/charts/observability-pipelines-worker/README.md index cc45ada43..d6e96edeb 100644 --- a/charts/observability-pipelines-worker/README.md +++ b/charts/observability-pipelines-worker/README.md @@ -1,6 +1,6 @@ # Observability Pipelines Worker -![Version: 1.8.1](https://img.shields.io/badge/Version-1.8.1-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 1.8.0](https://img.shields.io/badge/AppVersion-1.8.0-informational?style=flat-square) +![Version: 2.0.0](https://img.shields.io/badge/Version-2.0.0-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 2.0.0](https://img.shields.io/badge/AppVersion-2.0.0-informational?style=flat-square) ## How to use Datadog Helm repository @@ -93,7 +93,6 @@ The command removes all the Kubernetes components associated with the chart and | datadog.apiKeyExistingSecret | string | `""` | Specify a preexisting Secret that has your API key instead of creating a new one. The value must be stored under the `api-key`. | | datadog.dataDir | string | `"/var/lib/observability-pipelines-worker"` | The data directory for OPW to store runtime data in. | | datadog.pipelineId | string | `nil` | Specify your Datadog Observability Pipelines pipeline ID | -| datadog.remoteConfigurationEnabled | bool | `false` | Whether to allow remote configuration of the worker from Datadog. | | datadog.site | string | `"datadoghq.com"` | The [site](https://docs.datadoghq.com/getting_started/site/) of the Datadog intake to send data to. | | datadog.workerAPI.address | string | `"127.0.0.1:8686"` | Local address to bind the Worker's API to. | | datadog.workerAPI.enabled | bool | `false` | Whether to enable the Worker's API. | @@ -111,7 +110,7 @@ The command removes all the Kubernetes components associated with the chart and | image.pullPolicy | string | `"IfNotPresent"` | Specify the [pullPolicy](https://kubernetes.io/docs/concepts/containers/images/#image-pull-policy). | | image.pullSecrets | list | `[]` | Specify the [imagePullSecrets](https://kubernetes.io/docs/concepts/containers/images/#specifying-imagepullsecrets-on-a-pod). | | image.repository | string | `"gcr.io/datadoghq"` | Specify the image repository to use. | -| image.tag | string | `"1.8.0"` | Specify the image tag to use. | +| image.tag | string | `"2.0.0"` | Specify the image tag to use. | | ingress.annotations | object | `{}` | Specify annotations for the Ingress. | | ingress.className | string | `""` | Specify the [ingressClassName](https://kubernetes.io/blog/2020/04/02/improvements-to-the-ingress-api-in-kubernetes-1.18/#specifying-the-class-of-an-ingress), requires Kubernetes >= 1.18. | | ingress.enabled | bool | `false` | If **true**, create an Ingress resource. | @@ -129,7 +128,6 @@ The command removes all the Kubernetes components associated with the chart and | persistence.selector | object | `{}` | Specify the selectors for PersistentVolumeClaims. | | persistence.size | string | `"10Gi"` | Specify the size of PersistentVolumeClaims. | | persistence.storageClassName | string | `nil` | Specify the storageClassName for PersistentVolumeClaims. | -| pipelineConfig | object | `{}` | This section supports using Helm templates to populate dynamic values. See Observability Pipelines' [configuration documentation](https://docs.datadoghq.com/observability_pipelines/reference/) for all options. | | podAnnotations | object | `{}` | Set annotations on Pods. | | podDisruptionBudget.enabled | bool | `false` | If **true**, create a [PodDisruptionBudget](https://kubernetes.io/docs/tasks/run-application/configure-pdb/). | | podDisruptionBudget.maxUnavailable | int | `nil` | Specify the number of Pods that can be unavailable after an eviction. | diff --git a/charts/observability-pipelines-worker/ci/all-values.yaml b/charts/observability-pipelines-worker/ci/all-values.yaml index b1591870f..6da629a1c 100644 --- a/charts/observability-pipelines-worker/ci/all-values.yaml +++ b/charts/observability-pipelines-worker/ci/all-values.yaml @@ -57,30 +57,6 @@ topologySpreadConstraints: topologyKey: topology.kubernetes.io/zone whenUnsatisfiable: ScheduleAnyway -pipelineConfig: - sources: - datadog_agents: - address: 0.0.0.0:8282 - type: datadog_agent - multiple_outputs: true - sinks: - datadog_logs: - type: datadog_logs - inputs: - - datadog_agents.logs - default_api_key: ${DD_API_KEY} - compression: gzip - datadog_metrics: - type: datadog_metrics - inputs: - - datadog_agents.metrics - default_api_key: ${DD_API_KEY} - datadog_traces: - type: datadog_traces - inputs: - - datadog_agents.traces - default_api_key: ${DD_API_KEY} - persistence: enabled: true storageClassName: standard diff --git a/charts/observability-pipelines-worker/ci/api-values.yaml b/charts/observability-pipelines-worker/ci/api-values.yaml index 78c613a4c..0c1af1c16 100644 --- a/charts/observability-pipelines-worker/ci/api-values.yaml +++ b/charts/observability-pipelines-worker/ci/api-values.yaml @@ -4,33 +4,7 @@ datadog: enabled: true playground: false address: "127.0.0.1:1010" -pipelineConfig: - sources: - datadog_agents: - type: datadog_agent - address: 0.0.0.0:8282 - multiple_outputs: true - store_api_key: false - sinks: - datadog_logs: - type: datadog_logs - inputs: - - datadog_agents.logs - compression: gzip - default_api_key: ${DD_API_KEY} - site: ${DD_SITE} - datadog_metrics: - type: datadog_metrics - inputs: - - datadog_agents.metrics - default_api_key: ${DD_API_KEY} - site: ${DD_SITE} - datadog_traces: - type: datadog_traces - inputs: - - datadog_agents.traces - default_api_key: ${DD_API_KEY} - site: ${DD_SITE} + args: - run - --skip-key-validation diff --git a/charts/observability-pipelines-worker/ci/dupe-ports-values.yaml b/charts/observability-pipelines-worker/ci/dupe-ports-values.yaml deleted file mode 100644 index 3d9671856..000000000 --- a/charts/observability-pipelines-worker/ci/dupe-ports-values.yaml +++ /dev/null @@ -1,25 +0,0 @@ -datadog: - pipelineId: "8799b5cc-c2c9-4be5-9660-f97a4eede7f7" -args: - - run - - --skip-key-validation -pipelineConfig: - sources: - syslog-tcp: - type: syslog - address: 0.0.0.0:514 - max_length: 102400 - mode: tcp - shutdown_timeout_secs: 30 - syslog-udp: - type: syslog - address: 0.0.0.0:514 - max_length: 102400 - mode: udp - shutdown_timeout_secs: 30 - sinks: - stdout: - type: console - inputs: ["syslog-*"] - encoding: - codec: json diff --git a/charts/observability-pipelines-worker/ci/extraContainers-and-extraVolumeMounts-values.yaml b/charts/observability-pipelines-worker/ci/extraContainers-and-extraVolumeMounts-values.yaml index ebc3898b8..fb25fa8a2 100644 --- a/charts/observability-pipelines-worker/ci/extraContainers-and-extraVolumeMounts-values.yaml +++ b/charts/observability-pipelines-worker/ci/extraContainers-and-extraVolumeMounts-values.yaml @@ -1,28 +1,5 @@ datadog: pipelineId: "8799b5cc-c2c9-4be5-9660-f97a4eede7f7" -pipelineConfig: - sources: - datadog_agents: - address: 0.0.0.0:8282 - type: datadog_agent - multiple_outputs: true - sinks: - datadog_logs: - type: datadog_logs - inputs: - - datadog_agents.logs - default_api_key: ${DD_API_KEY} - compression: gzip - datadog_metrics: - type: datadog_metrics - inputs: - - datadog_agents.metrics - default_api_key: ${DD_API_KEY} - datadog_traces: - type: datadog_traces - inputs: - - datadog_agents.traces - default_api_key: ${DD_API_KEY} args: - run - --skip-key-validation diff --git a/charts/observability-pipelines-worker/ci/ingress-values.yaml b/charts/observability-pipelines-worker/ci/ingress-values.yaml index cc629f3e1..238e2a82f 100644 --- a/charts/observability-pipelines-worker/ci/ingress-values.yaml +++ b/charts/observability-pipelines-worker/ci/ingress-values.yaml @@ -1,28 +1,5 @@ datadog: pipelineId: "8799b5cc-c2c9-4be5-9660-f97a4eede7f7" -pipelineConfig: - sources: - datadog_agents: - address: 0.0.0.0:8282 - type: datadog_agent - multiple_outputs: true - sinks: - datadog_logs: - type: datadog_logs - inputs: - - datadog_agents.logs - default_api_key: ${DD_API_KEY} - compression: gzip - datadog_metrics: - type: datadog_metrics - inputs: - - datadog_agents.metrics - default_api_key: ${DD_API_KEY} - datadog_traces: - type: datadog_traces - inputs: - - datadog_agents.traces - default_api_key: ${DD_API_KEY} args: - run - --skip-key-validation diff --git a/charts/observability-pipelines-worker/ci/initContainers-values.yaml b/charts/observability-pipelines-worker/ci/initContainers-values.yaml index fe16db03f..4d035ef83 100644 --- a/charts/observability-pipelines-worker/ci/initContainers-values.yaml +++ b/charts/observability-pipelines-worker/ci/initContainers-values.yaml @@ -1,28 +1,5 @@ datadog: pipelineId: "8799b5cc-c2c9-4be5-9660-f97a4eede7f7" -pipelineConfig: - sources: - datadog_agents: - address: 0.0.0.0:8282 - type: datadog_agent - multiple_outputs: true - sinks: - datadog_logs: - type: datadog_logs - inputs: - - datadog_agents.logs - default_api_key: ${DD_API_KEY} - compression: gzip - datadog_metrics: - type: datadog_metrics - inputs: - - datadog_agents.metrics - default_api_key: ${DD_API_KEY} - datadog_traces: - type: datadog_traces - inputs: - - datadog_agents.traces - default_api_key: ${DD_API_KEY} args: - run - --skip-key-validation diff --git a/charts/observability-pipelines-worker/ci/kubeconform-values.yaml b/charts/observability-pipelines-worker/ci/kubeconform-values.yaml index 01af0509b..0c510ecac 100644 --- a/charts/observability-pipelines-worker/ci/kubeconform-values.yaml +++ b/charts/observability-pipelines-worker/ci/kubeconform-values.yaml @@ -1,32 +1,6 @@ datadog: pipelineId: "8799b5cc-c2c9-4be5-9660-f97a4eede7f7" -pipelineConfig: - sources: - datadog_agents: - type: datadog_agent - address: 0.0.0.0:8282 - multiple_outputs: true - store_api_key: false - sinks: - datadog_logs: - type: datadog_logs - inputs: - - datadog_agents.logs - compression: gzip - default_api_key: ${DD_API_KEY} - site: ${DD_SITE} - datadog_metrics: - type: datadog_metrics - inputs: - - datadog_agents.metrics - default_api_key: ${DD_API_KEY} - site: ${DD_SITE} - datadog_traces: - type: datadog_traces - inputs: - - datadog_agents.traces - default_api_key: ${DD_API_KEY} - site: ${DD_SITE} + args: - run - --skip-key-validation diff --git a/charts/observability-pipelines-worker/ci/manual-port-values.yaml b/charts/observability-pipelines-worker/ci/manual-port-values.yaml index 3d7db0a49..9225e54c9 100644 --- a/charts/observability-pipelines-worker/ci/manual-port-values.yaml +++ b/charts/observability-pipelines-worker/ci/manual-port-values.yaml @@ -1,28 +1,5 @@ datadog: pipelineId: "8799b5cc-c2c9-4be5-9660-f97a4eede7f7" -pipelineConfig: - sources: - datadog_agents: - address: 0.0.0.0:8282 - type: datadog_agent - multiple_outputs: true - sinks: - datadog_logs: - type: datadog_logs - inputs: - - datadog_agents.logs - default_api_key: ${DD_API_KEY} - compression: gzip - datadog_metrics: - type: datadog_metrics - inputs: - - datadog_agents.metrics - default_api_key: ${DD_API_KEY} - datadog_traces: - type: datadog_traces - inputs: - - datadog_agents.traces - default_api_key: ${DD_API_KEY} args: - run - --skip-key-validation diff --git a/charts/observability-pipelines-worker/ci/remote-config.yaml b/charts/observability-pipelines-worker/ci/remote-config.yaml deleted file mode 100644 index 98c5c8342..000000000 --- a/charts/observability-pipelines-worker/ci/remote-config.yaml +++ /dev/null @@ -1,6 +0,0 @@ -args: - - run - - --skip-key-validation -datadog: - remoteConfigurationEnabled: true - pipelineId: "8799b5cc-c2c9-4be5-9660-f97a4eede7f7" diff --git a/charts/observability-pipelines-worker/ci/serviceHeadless-disabled.yaml b/charts/observability-pipelines-worker/ci/serviceHeadless-disabled.yaml index e6804456f..333ef8b63 100644 --- a/charts/observability-pipelines-worker/ci/serviceHeadless-disabled.yaml +++ b/charts/observability-pipelines-worker/ci/serviceHeadless-disabled.yaml @@ -3,29 +3,6 @@ datadog: args: - run - --skip-key-validation -pipelineConfig: - sources: - datadog_agents: - address: 0.0.0.0:8282 - type: datadog_agent - multiple_outputs: true - sinks: - datadog_logs: - type: datadog_logs - inputs: - - datadog_agents.logs - default_api_key: ${DD_API_KEY} - compression: gzip - datadog_metrics: - type: datadog_metrics - inputs: - - datadog_agents.metrics - default_api_key: ${DD_API_KEY} - datadog_traces: - type: datadog_traces - inputs: - - datadog_agents.traces - default_api_key: ${DD_API_KEY} service: enabled: true serviceHeadless: diff --git a/charts/observability-pipelines-worker/ci/templated-config-values.yaml b/charts/observability-pipelines-worker/ci/templated-config-values.yaml deleted file mode 100644 index 32061d163..000000000 --- a/charts/observability-pipelines-worker/ci/templated-config-values.yaml +++ /dev/null @@ -1,21 +0,0 @@ -datadog: - pipelineId: "8799b5cc-c2c9-4be5-9660-f97a4eede7f7" -args: - - run - - --skip-key-validation -pipelineConfig: - sources: - demo_logs: - type: demo_logs - format: json - sinks: - s3: - type: aws_s3 - inputs: [demo_logs] - bucket: logs-archive - key_prefix: >- - {{ print "{{kubernetes.pod_labels.\"app.kubernetes.io/client-id\"}}/%Y/%m/%d/{{kubernetes.pod_name}}/" }} - compression: gzip - encoding: - codec: json - region: us-east-1 diff --git a/charts/observability-pipelines-worker/templates/_pod.tpl b/charts/observability-pipelines-worker/templates/_pod.tpl index 31b0ba0a7..a646f7553 100644 --- a/charts/observability-pipelines-worker/templates/_pod.tpl +++ b/charts/observability-pipelines-worker/templates/_pod.tpl @@ -57,8 +57,6 @@ containers: - name: DD_OP_DATA_DIR value: {{ . | quote }} {{- end }} - - name: DD_OP_REMOTE_CONFIGURATION_ENABLED - value: {{ .Values.datadog.remoteConfigurationEnabled | quote }} - name: DD_OP_API_ENABLED value: {{ .Values.datadog.workerAPI.enabled | quote }} - name: DD_OP_API_PLAYGROUND @@ -74,8 +72,6 @@ containers: ports: {{- if .Values.containerPorts }} {{ toYaml .Values.containerPorts | indent 6 }} -{{- else if .Values.pipelineConfig }} -{{- include "opw.containerPorts" . | indent 6 }} {{- end }} {{- if .Values.datadog.workerAPI.enabled }} {{ include "opw.api.containerPort" . | indent 6 }} @@ -95,11 +91,6 @@ containers: volumeMounts: - name: data mountPath: "{{ .Values.datadog.dataDir | default "/var/lib/observability-pipelines-worker" }}" - {{- if not .Values.datadog.remoteConfigurationEnabled }} - - name: config - mountPath: "/etc/observability-pipelines-worker/" - readOnly: true - {{- end }} {{- if .Values.extraVolumeMounts }} {{ toYaml .Values.extraVolumeMounts | indent 6 }} {{- end }} @@ -130,13 +121,6 @@ volumes: - name: data emptyDir: {} {{- end }} -{{- if not .Values.datadog.remoteConfigurationEnabled }} - - name: config - projected: - sources: - - configMap: - name: {{ template "opw.fullname" . }} -{{- end }} {{- if .Values.extraVolumes }} {{ toYaml .Values.extraVolumes | indent 2 }} {{- end }} diff --git a/charts/observability-pipelines-worker/templates/configmap.yaml b/charts/observability-pipelines-worker/templates/configmap.yaml deleted file mode 100644 index ea70044c5..000000000 --- a/charts/observability-pipelines-worker/templates/configmap.yaml +++ /dev/null @@ -1,16 +0,0 @@ -{{- if not .Values.datadog.remoteConfigurationEnabled }} -apiVersion: v1 -kind: ConfigMap -metadata: - name: {{ include "opw.fullname" . }} - namespace: {{ .Release.Namespace }} - labels: {{ include "opw.labels" . | nindent 4 }} - annotations: - checksum/config: {{ tpl (toYaml .Values.pipelineConfig) . | sha256sum }} -data: - {{- if .Values.pipelineConfig }} - pipeline.yaml: | {{ tpl (toYaml .Values.pipelineConfig) . | nindent 4 }} - {{- else }} -{{ fail "A `pipelineConfig` must be specified, see https://docs.datadoghq.com/observability_pipelines/reference for all options" }} - {{- end -}} -{{- end }} diff --git a/charts/observability-pipelines-worker/templates/statefulset.yaml b/charts/observability-pipelines-worker/templates/statefulset.yaml index 1d7ebea5b..34d765a3a 100644 --- a/charts/observability-pipelines-worker/templates/statefulset.yaml +++ b/charts/observability-pipelines-worker/templates/statefulset.yaml @@ -22,7 +22,6 @@ spec: {{ toYaml .Values.podLabels | indent 8 }} {{- end }} annotations: - checksum/config: {{ tpl (toYaml .Values.pipelineConfig) . | sha256sum }} {{- if .Values.podAnnotations }} {{ tpl (toYaml .Values.podAnnotations) . | indent 8 }} {{- end }} diff --git a/charts/observability-pipelines-worker/values.yaml b/charts/observability-pipelines-worker/values.yaml index b882888d1..e0d212d48 100644 --- a/charts/observability-pipelines-worker/values.yaml +++ b/charts/observability-pipelines-worker/values.yaml @@ -30,8 +30,6 @@ datadog: site: datadoghq.com # datadog.dataDir -- The data directory for OPW to store runtime data in. dataDir: "/var/lib/observability-pipelines-worker" - # datadog.remoteConfigurationEnabled -- Whether to allow remote configuration of the worker from Datadog. - remoteConfigurationEnabled: false workerAPI: # datadog.workerAPI.enabled -- Whether to enable the Worker's API. enabled: false @@ -44,7 +42,7 @@ image: # image.name -- Specify the image name to use (relative to `image.repository`). name: observability-pipelines-worker # image.tag -- Specify the image tag to use. - tag: 1.8.0 + tag: 2.0.0 # image.digest -- (string) Specify the image digest to use; takes precedence over `image.tag`. digest: ## Currently, we offer images at: @@ -254,36 +252,6 @@ ingress: # hosts: # - chart-example.local -# pipelineConfig -- This section supports using Helm templates to populate dynamic values. See Observability Pipelines' -# [configuration documentation](https://docs.datadoghq.com/observability_pipelines/reference/) for all options. -pipelineConfig: {} -# sources: -# datadog_agents: -# type: datadog_agent -# address: 0.0.0.0:8282 -# multiple_outputs: true -# store_api_key: false -# sinks: -# datadog_logs: -# type: datadog_logs -# inputs: -# - datadog_agents.logs -# compression: gzip -# default_api_key: ${DD_API_KEY} -# site: ${DD_SITE} -# datadog_metrics: -# type: datadog_metrics -# inputs: -# - datadog_agents.metrics -# default_api_key: ${DD_API_KEY} -# site: ${DD_SITE} -# datadog_traces: -# type: datadog_traces -# inputs: -# - datadog_agents.traces -# default_api_key: ${DD_API_KEY} -# site: ${DD_SITE} - # extraVolumes -- Specify additional Volumes to use. extraVolumes: [] From ea26a30a806dc12bf9fb3b068836c0e2a06a051b Mon Sep 17 00:00:00 2001 From: Etienne Lefebvre Date: Fri, 19 Apr 2024 12:33:10 +0200 Subject: [PATCH 043/209] [doc] Update charts listed in README (#1377) --- README.md | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) diff --git a/README.md b/README.md index af3522e32..b141b71ca 100644 --- a/README.md +++ b/README.md @@ -3,8 +3,11 @@ [![Artifact HUB](https://img.shields.io/endpoint?url=https://artifacthub.io/badge/repository/datadog)](https://artifacthub.io/packages/search?repo=datadog) Official Helm charts for Datadog products. Currently supported: -- [Datadog Agents](charts/datadog/README.md) (datadog/datadog) -- [Observability Pipelines Worker](charts/observability-pipelines-worker/README.md) (datadog/observability-pipelines-worker) +- [Datadog Agents](charts/datadog/README.md) (`datadog/datadog`) +- [Datadog Operator](charts/datadog-operator/README.md) (`datadog/datadog-operator`) +- [Extended DaemonSet](charts/extended-daemon-set/README.md) (`datadog/extendeddaemonset`) +- [Observability Pipelines Worker](charts/observability-pipelines-worker/README.md) (`datadog/observability-pipelines-worker`) +- [Synthetics Private Location](charts/synthetics-private-location/README.md) (`datadog/synthetics-private-location`) ## How to use Datadog Helm repository From 117265677dd4d8af9c56f2fab6695e09fa66bbc9 Mon Sep 17 00:00:00 2001 From: Stan Rozenraukh Date: Tue, 30 Apr 2024 11:07:40 -0400 Subject: [PATCH 044/209] feat(datadog): support for registry overrrides (#1376) (1) Adds support for setting the container registry at the `admissionController` level, which is the [default checked by the datadog-agent](https://github.com/DataDog/datadog-agent/blob/e7aacda40982105c0d9a411f618f268e8d0e9dfd/pkg/clusteragent/admission/mutate/common/common.go#L185-L194). (2) Removes the setting of DD_ADMISSION_CONTROLLER_AGENT_SIDECAR_CONTAINER_REGISTRY to registry becauset that behavior is implied by (1). --- charts/datadog/CHANGELOG.md | 6 ++++++ charts/datadog/Chart.yaml | 2 +- charts/datadog/README.md | 5 +++-- charts/datadog/templates/_ac-agent-sidecar-env.yaml | 11 ++++++++--- charts/datadog/values.yaml | 8 +++++++- 5 files changed, 25 insertions(+), 7 deletions(-) diff --git a/charts/datadog/CHANGELOG.md b/charts/datadog/CHANGELOG.md index 829c04507..310fc90d6 100644 --- a/charts/datadog/CHANGELOG.md +++ b/charts/datadog/CHANGELOG.md @@ -1,5 +1,11 @@ # Datadog changelog +## 3.59.7 + +* Add configuration option to specify clusterAgent.admissionController.containerRegistry, which defaults to registry +* No longer set `DD_ADMISSION_CONTROLLER_AGENT_SIDECAR_CONTAINER_REGISTRY` to registry as a fallback, + that option is implicit from us now setting the higher level `clusterAgent.admissionController.containerRegistry`. + ## 3.59.6 * Add configuration option datadog.apm.instrumentation.skipKPITelemetry. diff --git a/charts/datadog/Chart.yaml b/charts/datadog/Chart.yaml index 50b75ef10..b113113f6 100644 --- a/charts/datadog/Chart.yaml +++ b/charts/datadog/Chart.yaml @@ -1,6 +1,6 @@ apiVersion: v1 name: datadog -version: 3.59.6 +version: 3.59.7 appVersion: "7" description: Datadog Agent keywords: diff --git a/charts/datadog/README.md b/charts/datadog/README.md index 189fac4ab..e55e269cf 100644 --- a/charts/datadog/README.md +++ b/charts/datadog/README.md @@ -1,6 +1,6 @@ # Datadog -![Version: 3.59.6](https://img.shields.io/badge/Version-3.59.6-informational?style=flat-square) ![AppVersion: 7](https://img.shields.io/badge/AppVersion-7-informational?style=flat-square) +![Version: 3.59.7](https://img.shields.io/badge/Version-3.59.7-informational?style=flat-square) ![AppVersion: 7](https://img.shields.io/badge/AppVersion-7-informational?style=flat-square) [Datadog](https://www.datadoghq.com/) is a hosted infrastructure monitoring platform. This chart adds the Datadog Agent to all nodes in your cluster via a DaemonSet. It also optionally depends on the [kube-state-metrics chart](https://github.com/prometheus-community/helm-charts/tree/main/charts/kube-state-metrics). For more information about monitoring Kubernetes with Datadog, please refer to the [Datadog documentation website](https://docs.datadoghq.com/agent/basic_agent_usage/kubernetes/). @@ -545,7 +545,7 @@ helm install \ | agents.volumes | list | `[]` | Specify additional volumes to mount in the dd-agent container | | clusterAgent.additionalLabels | object | `{}` | Adds labels to the Cluster Agent deployment and pods | | clusterAgent.admissionController.agentSidecarInjection.clusterAgentCommunicationEnabled | bool | `true` | Enable communication between Agent sidecars and the Cluster Agent. | -| clusterAgent.admissionController.agentSidecarInjection.containerRegistry | string | `nil` | | +| clusterAgent.admissionController.agentSidecarInjection.containerRegistry | string | `nil` | Override the default registry for the sidecar Agent. | | clusterAgent.admissionController.agentSidecarInjection.enabled | bool | `false` | Enables Datadog Agent sidecar injection. | | clusterAgent.admissionController.agentSidecarInjection.imageName | string | `nil` | | | clusterAgent.admissionController.agentSidecarInjection.imageTag | string | `nil` | | @@ -553,6 +553,7 @@ helm install \ | clusterAgent.admissionController.agentSidecarInjection.provider | string | `nil` | Used by the admission controller to add infrastructure provider-specific configurations to the Agent sidecar. | | clusterAgent.admissionController.agentSidecarInjection.selectors | list | `[]` | Defines the pod selector for sidecar injection, currently only one rule is supported. | | clusterAgent.admissionController.configMode | string | `nil` | The kind of configuration to be injected, it can be "hostip", "service", or "socket". | +| clusterAgent.admissionController.containerRegistry | string | `nil` | Override the default registry for the admission controller. | | clusterAgent.admissionController.enabled | bool | `true` | Enable the admissionController to be able to inject APM/Dogstatsd config and standard tags (env, service, version) automatically into your pods | | clusterAgent.admissionController.failurePolicy | string | `"Ignore"` | Set the failure policy for dynamic admission control.' | | clusterAgent.admissionController.mutateUnlabelled | bool | `false` | Enable injecting config without having the pod label 'admission.datadoghq.com/enabled="true"' | diff --git a/charts/datadog/templates/_ac-agent-sidecar-env.yaml b/charts/datadog/templates/_ac-agent-sidecar-env.yaml index a2791003d..c25e783d7 100644 --- a/charts/datadog/templates/_ac-agent-sidecar-env.yaml +++ b/charts/datadog/templates/_ac-agent-sidecar-env.yaml @@ -14,12 +14,17 @@ value: {{ .Values.clusterAgent.admissionController.agentSidecarInjection.provider }} {{- end }} +{{- if .Values.clusterAgent.admissionController.containerRegistry }} +- name: DD_ADMISSION_CONTROLLER_CONTAINER_REGISTRY + value: {{ .Values.clusterAgent.admissionController.containerRegistry }} +{{- else if .Values.registry }} +- name: DD_ADMISSION_CONTROLLER_CONTAINER_REGISTRY + value: {{ .Values.registry }} +{{- end }} + {{- if .Values.clusterAgent.admissionController.agentSidecarInjection.containerRegistry }} - name: DD_ADMISSION_CONTROLLER_AGENT_SIDECAR_CONTAINER_REGISTRY value: {{ .Values.clusterAgent.admissionController.agentSidecarInjection.containerRegistry }} -{{- else if .Values.registry }} -- name: DD_ADMISSION_CONTROLLER_AGENT_SIDECAR_CONTAINER_REGISTRY - value: {{ .Values.registry }} {{- end }} {{- if .Values.clusterAgent.admissionController.agentSidecarInjection.imageName }} diff --git a/charts/datadog/values.yaml b/charts/datadog/values.yaml index 348a1a93e..a1de92445 100644 --- a/charts/datadog/values.yaml +++ b/charts/datadog/values.yaml @@ -1062,6 +1062,12 @@ clusterAgent: ## Setting to Fail will require the admission controller to be present and pods to be injected before they are allowed to run. failurePolicy: Ignore + # clusterAgent.admissionController.containerRegistry -- Override the default registry for the admission controller. + + ## The clusterAgent uses this configuration for apm.instrumentation, agentSidecar, and cwsInstrumentation, if + ## not otherwise specified. + containerRegistry: + remoteInstrumentation: # clusterAgent.admissionController.remoteInstrumentation.enabled -- Enable polling and applying library injection using Remote Config. ## This feature is in beta, and enables Remote Config in the Cluster Agent. It also requires Cluster Agent version 7.43+. @@ -1086,7 +1092,7 @@ clusterAgent: # clusterAgent.admissionController.agentSidecarInjection.clusterAgentCommunicationEnabled -- Enable communication between Agent sidecars and the Cluster Agent. clusterAgentCommunicationEnabled: true - # clusterAgent.admissionController.containerRegistry -- Override the default registry for the sidecar Agent. + # clusterAgent.admissionController.agentSidecarInjection.containerRegistry -- Override the default registry for the sidecar Agent. containerRegistry: # clusterAgent.admissionController.imageName -- Override the default agents.image.name for the Agent sidecar. From 5868f4de234318f1d235719d885fe8ed9a263821 Mon Sep 17 00:00:00 2001 From: Jennifer Chen <32009013+jennchenn@users.noreply.github.com> Date: Tue, 30 Apr 2024 16:37:21 -0400 Subject: [PATCH 045/209] Set default agent/cluster agent version to 7.53.0 (#1388) --- charts/datadog/CHANGELOG.md | 4 ++++ charts/datadog/Chart.yaml | 2 +- charts/datadog/README.md | 8 ++++---- charts/datadog/values.yaml | 6 +++--- 4 files changed, 12 insertions(+), 8 deletions(-) diff --git a/charts/datadog/CHANGELOG.md b/charts/datadog/CHANGELOG.md index 310fc90d6..80dff479a 100644 --- a/charts/datadog/CHANGELOG.md +++ b/charts/datadog/CHANGELOG.md @@ -1,5 +1,9 @@ # Datadog changelog +## 3.60.0 + +* Set default `Agent` and `Cluster-Agent` version to `7.53.0` + ## 3.59.7 * Add configuration option to specify clusterAgent.admissionController.containerRegistry, which defaults to registry diff --git a/charts/datadog/Chart.yaml b/charts/datadog/Chart.yaml index b113113f6..9864ccae1 100644 --- a/charts/datadog/Chart.yaml +++ b/charts/datadog/Chart.yaml @@ -1,6 +1,6 @@ apiVersion: v1 name: datadog -version: 3.59.7 +version: 3.60.0 appVersion: "7" description: Datadog Agent keywords: diff --git a/charts/datadog/README.md b/charts/datadog/README.md index e55e269cf..48f8eadbd 100644 --- a/charts/datadog/README.md +++ b/charts/datadog/README.md @@ -1,6 +1,6 @@ # Datadog -![Version: 3.59.7](https://img.shields.io/badge/Version-3.59.7-informational?style=flat-square) ![AppVersion: 7](https://img.shields.io/badge/AppVersion-7-informational?style=flat-square) +![Version: 3.60.0](https://img.shields.io/badge/Version-3.60.0-informational?style=flat-square) ![AppVersion: 7](https://img.shields.io/badge/AppVersion-7-informational?style=flat-square) [Datadog](https://www.datadoghq.com/) is a hosted infrastructure monitoring platform. This chart adds the Datadog Agent to all nodes in your cluster via a DaemonSet. It also optionally depends on the [kube-state-metrics chart](https://github.com/prometheus-community/helm-charts/tree/main/charts/kube-state-metrics). For more information about monitoring Kubernetes with Datadog, please refer to the [Datadog documentation website](https://docs.datadoghq.com/agent/basic_agent_usage/kubernetes/). @@ -508,7 +508,7 @@ helm install \ | agents.image.pullPolicy | string | `"IfNotPresent"` | Datadog Agent image pull policy | | agents.image.pullSecrets | list | `[]` | Datadog Agent repository pullSecret (ex: specify docker registry credentials) | | agents.image.repository | string | `nil` | Override default registry + image.name for Agent | -| agents.image.tag | string | `"7.52.1"` | Define the Agent version to use | +| agents.image.tag | string | `"7.53.0"` | Define the Agent version to use | | agents.image.tagSuffix | string | `""` | Suffix to append to Agent tag | | agents.localService.forceLocalServiceEnabled | bool | `false` | Force the creation of the internal traffic policy service to target the agent running on the local node. By default, the internal traffic service is created only on Kubernetes 1.22+ where the feature became beta and enabled by default. This option allows to force the creation of the internal traffic service on kubernetes 1.21 where the feature was alpha and required a feature gate to be explicitly enabled. | | agents.localService.overrideName | string | `""` | Name of the internal traffic service to target the agent running on the local node | @@ -583,7 +583,7 @@ helm install \ | clusterAgent.image.pullPolicy | string | `"IfNotPresent"` | Cluster Agent image pullPolicy | | clusterAgent.image.pullSecrets | list | `[]` | Cluster Agent repository pullSecret (ex: specify docker registry credentials) | | clusterAgent.image.repository | string | `nil` | Override default registry + image.name for Cluster Agent | -| clusterAgent.image.tag | string | `"7.52.1"` | Cluster Agent image tag to use | +| clusterAgent.image.tag | string | `"7.53.0"` | Cluster Agent image tag to use | | clusterAgent.livenessProbe | object | Every 15s / 6 KO / 1 OK | Override default Cluster Agent liveness probe settings | | clusterAgent.metricsProvider.aggregator | string | `"avg"` | Define the aggregator the cluster agent will use to process the metrics. The options are (avg, min, max, sum) | | clusterAgent.metricsProvider.createReaderRbac | bool | `true` | Create `external-metrics-reader` RBAC automatically (to allow HPA to read data from Cluster Agent) | @@ -634,7 +634,7 @@ helm install \ | clusterChecksRunner.image.pullPolicy | string | `"IfNotPresent"` | Datadog Agent image pull policy | | clusterChecksRunner.image.pullSecrets | list | `[]` | Datadog Agent repository pullSecret (ex: specify docker registry credentials) | | clusterChecksRunner.image.repository | string | `nil` | Override default registry + image.name for Cluster Check Runners | -| clusterChecksRunner.image.tag | string | `"7.52.1"` | Define the Agent version to use | +| clusterChecksRunner.image.tag | string | `"7.53.0"` | Define the Agent version to use | | clusterChecksRunner.image.tagSuffix | string | `""` | Suffix to append to Agent tag | | clusterChecksRunner.livenessProbe | object | Every 15s / 6 KO / 1 OK | Override default agent liveness probe settings | | clusterChecksRunner.networkPolicy.create | bool | `false` | If true, create a NetworkPolicy for the cluster checks runners. DEPRECATED. Use datadog.networkPolicy.create instead | diff --git a/charts/datadog/values.yaml b/charts/datadog/values.yaml index a1de92445..44bce2db6 100644 --- a/charts/datadog/values.yaml +++ b/charts/datadog/values.yaml @@ -901,7 +901,7 @@ clusterAgent: name: cluster-agent # clusterAgent.image.tag -- Cluster Agent image tag to use - tag: 7.52.1 + tag: 7.53.0 # clusterAgent.image.digest -- Cluster Agent image digest to use, takes precedence over tag if specified digest: "" @@ -1385,7 +1385,7 @@ agents: name: agent # agents.image.tag -- Define the Agent version to use - tag: 7.52.1 + tag: 7.53.0 # agents.image.digest -- Define Agent image digest to use, takes precedence over tag if specified digest: "" @@ -1853,7 +1853,7 @@ clusterChecksRunner: name: agent # clusterChecksRunner.image.tag -- Define the Agent version to use - tag: 7.52.1 + tag: 7.53.0 # clusterChecksRunner.image.digest -- Define Agent image digest to use, takes precedence over tag if specified digest: "" From fc74ba6e34c5b36f3e9afbc163a3a3692b10a17c Mon Sep 17 00:00:00 2001 From: Jennifer Chen <32009013+jennchenn@users.noreply.github.com> Date: Tue, 30 Apr 2024 17:16:02 -0400 Subject: [PATCH 046/209] Add config variable to toggle using kubelet core check (#1319) * Add config variable to toggle using kubelet core check * Move kubelet core check env var to agent specific chart * Use camel case for config variable * Update helm docs * Append enabled to core check config --- charts/datadog/CHANGELOG.md | 5 +++++ charts/datadog/Chart.yaml | 2 +- charts/datadog/README.md | 3 ++- charts/datadog/ci/kubeconform-values.yaml | 1 + charts/datadog/templates/_container-agent.yaml | 4 ++++ charts/datadog/values.yaml | 3 +++ 6 files changed, 16 insertions(+), 2 deletions(-) diff --git a/charts/datadog/CHANGELOG.md b/charts/datadog/CHANGELOG.md index 80dff479a..e4c11ea61 100644 --- a/charts/datadog/CHANGELOG.md +++ b/charts/datadog/CHANGELOG.md @@ -1,5 +1,10 @@ # Datadog changelog +## 3.61.0 + +* Add `datadog.kubelet.core_check` option to configure whether the kubelet core check should be used + Note: this requires agent/cluster agent version 7.53.0+ + ## 3.60.0 * Set default `Agent` and `Cluster-Agent` version to `7.53.0` diff --git a/charts/datadog/Chart.yaml b/charts/datadog/Chart.yaml index 9864ccae1..24bce23ff 100644 --- a/charts/datadog/Chart.yaml +++ b/charts/datadog/Chart.yaml @@ -1,6 +1,6 @@ apiVersion: v1 name: datadog -version: 3.60.0 +version: 3.61.0 appVersion: "7" description: Datadog Agent keywords: diff --git a/charts/datadog/README.md b/charts/datadog/README.md index 48f8eadbd..73e11db0a 100644 --- a/charts/datadog/README.md +++ b/charts/datadog/README.md @@ -1,6 +1,6 @@ # Datadog -![Version: 3.60.0](https://img.shields.io/badge/Version-3.60.0-informational?style=flat-square) ![AppVersion: 7](https://img.shields.io/badge/AppVersion-7-informational?style=flat-square) +![Version: 3.61.0](https://img.shields.io/badge/Version-3.61.0-informational?style=flat-square) ![AppVersion: 7](https://img.shields.io/badge/AppVersion-7-informational?style=flat-square) [Datadog](https://www.datadoghq.com/) is a hosted infrastructure monitoring platform. This chart adds the Datadog Agent to all nodes in your cluster via a DaemonSet. It also optionally depends on the [kube-state-metrics chart](https://github.com/prometheus-community/helm-charts/tree/main/charts/kube-state-metrics). For more information about monitoring Kubernetes with Datadog, please refer to the [Datadog documentation website](https://docs.datadoghq.com/agent/basic_agent_usage/kubernetes/). @@ -730,6 +730,7 @@ helm install \ | datadog.kubeStateMetricsEnabled | bool | `false` | If true, deploys the kube-state-metrics deployment | | datadog.kubeStateMetricsNetworkPolicy.create | bool | `false` | If true, create a NetworkPolicy for kube state metrics | | datadog.kubelet.agentCAPath | string | /var/run/host-kubelet-ca.crt if hostCAPath else /var/run/secrets/kubernetes.io/serviceaccount/ca.crt | Path (inside Agent containers) where the Kubelet CA certificate is stored | +| datadog.kubelet.coreCheckEnabled | bool | `false` | | | datadog.kubelet.host | object | `{"valueFrom":{"fieldRef":{"fieldPath":"status.hostIP"}}}` | Override kubelet IP | | datadog.kubelet.hostCAPath | string | None (no mount from host) | Path (on host) where the Kubelet CA certificate is stored | | datadog.kubelet.podLogsPath | string | /var/log/pods on Linux, C:\var\log\pods on Windows | Path (on host) where the PODs logs are located | diff --git a/charts/datadog/ci/kubeconform-values.yaml b/charts/datadog/ci/kubeconform-values.yaml index 5fb292aef..5494bd6c4 100644 --- a/charts/datadog/ci/kubeconform-values.yaml +++ b/charts/datadog/ci/kubeconform-values.yaml @@ -4,6 +4,7 @@ datadog: kubelet: hostCAPath: /foo/bar/cert.ca agentCAPath: /bar/foo/cert.ca + coreCheckEnabled: true env: - name: "DD_KUBELET_TLS_VERIFY" value: "false" diff --git a/charts/datadog/templates/_container-agent.yaml b/charts/datadog/templates/_container-agent.yaml index aa17c0cd5..4aae1021d 100644 --- a/charts/datadog/templates/_container-agent.yaml +++ b/charts/datadog/templates/_container-agent.yaml @@ -184,6 +184,10 @@ value: /host {{- end }} {{- end }} + {{- if .Values.datadog.kubelet.coreCheckEnabled }} + - name: DD_KUBELET_CORE_CHECK_ENABLED + value: {{ .Values.datadog.kubelet.coreCheckEnabled | quote }} + {{- end }} {{- include "additional-env-entries" .Values.agents.containers.agent.env | indent 4 }} {{- include "additional-env-dict-entries" .Values.agents.containers.agent.envDict | indent 4 }} volumeMounts: diff --git a/charts/datadog/values.yaml b/charts/datadog/values.yaml index 44bce2db6..57a39310b 100644 --- a/charts/datadog/values.yaml +++ b/charts/datadog/values.yaml @@ -280,6 +280,9 @@ datadog: # datadog.kubelet.podLogsPath -- Path (on host) where the PODs logs are located # @default -- /var/log/pods on Linux, C:\var\log\pods on Windows podLogsPath: + # datadog.kubelet.coreCheck -- Toggle if kubelet core check should be used instead of Python check. (Requires Agent/Cluster Agent 7.53.0+) + # @default -- false + coreCheckEnabled: false # datadog.expvarPort -- Specify the port to expose pprof and expvar to not interfere with the agent metrics port from the cluster-agent, which defaults to 5000 expvarPort: 6000 From f1555657a05a4f52f9534166c10ba56498b96e84 Mon Sep 17 00:00:00 2001 From: levan-m <116471169+levan-m@users.noreply.github.com> Date: Thu, 2 May 2024 16:28:57 -0400 Subject: [PATCH 047/209] rework ASM features activation following DataDog/datadog-agent#23618 (#1389) Signed-off-by: Eliott Bouhana fix CI & docs Signed-off-by: Eliott Bouhana Minor doc fix Co-authored-by: Eliott Bouhana --- charts/datadog/CHANGELOG.md | 4 ++++ charts/datadog/Chart.yaml | 2 +- charts/datadog/README.md | 5 ++++- .../templates/cluster-agent-deployment.yaml | 12 ++++++++++++ charts/datadog/values.yaml | 19 +++++++++++++++++++ 5 files changed, 40 insertions(+), 2 deletions(-) diff --git a/charts/datadog/CHANGELOG.md b/charts/datadog/CHANGELOG.md index e4c11ea61..15b852bc5 100644 --- a/charts/datadog/CHANGELOG.md +++ b/charts/datadog/CHANGELOG.md @@ -1,5 +1,9 @@ # Datadog changelog +## 3.62.0 + +* Add `datadog.asm` section to configure various features of the ASM Security Product. Disabled by default + ## 3.61.0 * Add `datadog.kubelet.core_check` option to configure whether the kubelet core check should be used diff --git a/charts/datadog/Chart.yaml b/charts/datadog/Chart.yaml index 24bce23ff..cdc87ba2f 100644 --- a/charts/datadog/Chart.yaml +++ b/charts/datadog/Chart.yaml @@ -1,6 +1,6 @@ apiVersion: v1 name: datadog -version: 3.61.0 +version: 3.62.0 appVersion: "7" description: Datadog Agent keywords: diff --git a/charts/datadog/README.md b/charts/datadog/README.md index 73e11db0a..85acfae29 100644 --- a/charts/datadog/README.md +++ b/charts/datadog/README.md @@ -1,6 +1,6 @@ # Datadog -![Version: 3.61.0](https://img.shields.io/badge/Version-3.61.0-informational?style=flat-square) ![AppVersion: 7](https://img.shields.io/badge/AppVersion-7-informational?style=flat-square) +![Version: 3.62.0](https://img.shields.io/badge/Version-3.62.0-informational?style=flat-square) ![AppVersion: 7](https://img.shields.io/badge/AppVersion-7-informational?style=flat-square) [Datadog](https://www.datadoghq.com/) is a hosted infrastructure monitoring platform. This chart adds the Datadog Agent to all nodes in your cluster via a DaemonSet. It also optionally depends on the [kube-state-metrics chart](https://github.com/prometheus-community/helm-charts/tree/main/charts/kube-state-metrics). For more information about monitoring Kubernetes with Datadog, please refer to the [Datadog documentation website](https://docs.datadoghq.com/agent/basic_agent_usage/kubernetes/). @@ -676,6 +676,9 @@ helm install \ | datadog.apm.useSocketVolume | bool | `false` | Enable APM over Unix Domain Socket DEPRECATED. Use datadog.apm.socketEnabled instead | | datadog.appKey | string | `nil` | Datadog APP key required to use metricsProvider | | datadog.appKeyExistingSecret | string | `nil` | Use existing Secret which stores APP key instead of creating a new one. The value should be set with the `app-key` key inside the secret. | +| datadog.asm.iast.enabled | bool | `false` | Enable Application Security Management Interactive Application Security Testing by injecting `DD_IAST_ENABLED=true` environment variable to all pods in the cluster | +| datadog.asm.sca.enabled | bool | `false` | Enable Application Security Management Software Composition Analysis by injecting `DD_APPSEC_SCA_ENABLED=true` environment variable to all pods in the cluster | +| datadog.asm.threats.enabled | bool | `false` | Enable Application Security Management Threats App & API Protection by injecting `DD_APPSEC_ENABLED=true` environment variable to all pods in the cluster | | datadog.checksCardinality | string | `nil` | Sets the tag cardinality for the checks run by the Agent. | | datadog.checksd | object | `{}` | Provide additional custom checks as python code | | datadog.clusterChecks.enabled | bool | `true` | Enable the Cluster Checks feature on both the cluster-agents and the daemonset | diff --git a/charts/datadog/templates/cluster-agent-deployment.yaml b/charts/datadog/templates/cluster-agent-deployment.yaml index e40075932..5bca5c2de 100644 --- a/charts/datadog/templates/cluster-agent-deployment.yaml +++ b/charts/datadog/templates/cluster-agent-deployment.yaml @@ -254,6 +254,18 @@ spec: - name: DD_APM_INSTRUMENTATION_LIB_VERSIONS value: {{ .Values.datadog.apm.instrumentation.libVersions | toJson | quote }} {{- end }} + {{- if .Values.datadog.asm.threats.enabled }} + - name: DD_ADMISSION_CONTROLLER_AUTO_INSTRUMENTATION_APPSEC_ENABLED + value: "true" + {{- end }} + {{- if .Values.datadog.asm.sca.enabled }} + - name: DD_ADMISSION_CONTROLLER_AUTO_INSTRUMENTATION_APPSEC_SCA_ENABLED + value: "true" + {{- end }} + {{- if .Values.datadog.asm.iast.enabled }} + - name: DD_ADMISSION_CONTROLLER_AUTO_INSTRUMENTATION_IAST_ENABLED + value: "true" + {{- end }} {{- if .Values.datadog.clusterChecks.enabled }} - name: DD_CLUSTER_CHECKS_ENABLED value: {{ .Values.datadog.clusterChecks.enabled | quote }} diff --git a/charts/datadog/values.yaml b/charts/datadog/values.yaml index 57a39310b..4c1107e58 100644 --- a/charts/datadog/values.yaml +++ b/charts/datadog/values.yaml @@ -492,6 +492,25 @@ datadog: # datadog.apm.instrumentation.language_detection.enabled -- Run language detection to automatically detect languages of user workloads (beta). enabled: true + ## Application Security Managment (ASM) configuration + ## + ## ASM is disabled by default and can be enabled by setting the various `enabled` fields to `true` under the `datadog.asm` section. + ## Manually adding the various environment variables to a pod will take precedence over the ones in the Helm chart. + ## These will only have an effect on containers that have Datadog client libraries installed, either manually or via Single Step Instrumentation (under the `datadog.apm.instrumentation` section). + ## It requires Datadog Cluster Agent 7.53.0+. + asm: + threats: + # datadog.asm.threats.enabled -- Enable Application Security Management Threats App & API Protection by injecting `DD_APPSEC_ENABLED=true` environment variable to all pods in the cluster + enabled: false + + sca: + # datadog.asm.sca.enabled -- Enable Application Security Management Software Composition Analysis by injecting `DD_APPSEC_SCA_ENABLED=true` environment variable to all pods in the cluster + enabled: false + + iast: + # datadog.asm.iast.enabled -- Enable Application Security Management Interactive Application Security Testing by injecting `DD_IAST_ENABLED=true` environment variable to all pods in the cluster + enabled: false + ## OTLP ingest related configuration otlp: receiver: From 0a95180615010416ec50b6274504ffae46722919 Mon Sep 17 00:00:00 2001 From: khewonc <39867936+khewonc@users.noreply.github.com> Date: Tue, 7 May 2024 12:57:42 -0400 Subject: [PATCH 048/209] Fix clusterrole for dap (#1386) --- charts/datadog-operator/CHANGELOG.md | 4 ++++ charts/datadog-operator/Chart.yaml | 2 +- charts/datadog-operator/README.md | 2 +- charts/datadog-operator/templates/clusterrole.yaml | 2 +- .../baseline/Operator_Deployment_default.yaml | 2 +- .../baseline/Operator_Deployment_with_certManager.yaml | 2 +- 6 files changed, 9 insertions(+), 5 deletions(-) diff --git a/charts/datadog-operator/CHANGELOG.md b/charts/datadog-operator/CHANGELOG.md index 53cf3c005..0626cf7e0 100644 --- a/charts/datadog-operator/CHANGELOG.md +++ b/charts/datadog-operator/CHANGELOG.md @@ -1,5 +1,9 @@ # Changelog +## 1.6.1 + +* Fix clusterRole when DatadogAgentProfiles are enabled. + ## 1.6.0 * Update Datadog Operator version to 1.5.0. diff --git a/charts/datadog-operator/Chart.yaml b/charts/datadog-operator/Chart.yaml index 5b9e088fd..0ed41ed95 100644 --- a/charts/datadog-operator/Chart.yaml +++ b/charts/datadog-operator/Chart.yaml @@ -1,6 +1,6 @@ apiVersion: v2 name: datadog-operator -version: 1.6.0 +version: 1.6.1 appVersion: 1.5.0 description: Datadog Operator keywords: diff --git a/charts/datadog-operator/README.md b/charts/datadog-operator/README.md index 1bca7e62d..17cb42a76 100644 --- a/charts/datadog-operator/README.md +++ b/charts/datadog-operator/README.md @@ -1,6 +1,6 @@ # Datadog Operator -![Version: 1.6.0](https://img.shields.io/badge/Version-1.6.0-informational?style=flat-square) ![AppVersion: 1.5.0](https://img.shields.io/badge/AppVersion-1.5.0-informational?style=flat-square) +![Version: 1.6.1](https://img.shields.io/badge/Version-1.6.1-informational?style=flat-square) ![AppVersion: 1.5.0](https://img.shields.io/badge/AppVersion-1.5.0-informational?style=flat-square) ## Values diff --git a/charts/datadog-operator/templates/clusterrole.yaml b/charts/datadog-operator/templates/clusterrole.yaml index 15bbfb51b..0727369e3 100644 --- a/charts/datadog-operator/templates/clusterrole.yaml +++ b/charts/datadog-operator/templates/clusterrole.yaml @@ -696,7 +696,7 @@ rules: verbs: - list - watch -{{- if .Values.enableDatadogAgentProfile }} +{{- if .Values.datadogAgentProfile.enabled }} - apiGroups: - "" resources: diff --git a/test/datadog-operator/baseline/Operator_Deployment_default.yaml b/test/datadog-operator/baseline/Operator_Deployment_default.yaml index cd87f7825..0140aea4e 100644 --- a/test/datadog-operator/baseline/Operator_Deployment_default.yaml +++ b/test/datadog-operator/baseline/Operator_Deployment_default.yaml @@ -7,7 +7,7 @@ metadata: namespace: datadog-agent labels: app.kubernetes.io/name: datadog-operator - helm.sh/chart: datadog-operator-1.6.0 + helm.sh/chart: datadog-operator-1.6.1 app.kubernetes.io/instance: datadog-operator app.kubernetes.io/version: "1.5.0" app.kubernetes.io/managed-by: Helm diff --git a/test/datadog-operator/baseline/Operator_Deployment_with_certManager.yaml b/test/datadog-operator/baseline/Operator_Deployment_with_certManager.yaml index 00c01a31b..9d3e5e10e 100644 --- a/test/datadog-operator/baseline/Operator_Deployment_with_certManager.yaml +++ b/test/datadog-operator/baseline/Operator_Deployment_with_certManager.yaml @@ -7,7 +7,7 @@ metadata: namespace: datadog-agent labels: app.kubernetes.io/name: datadog-operator - helm.sh/chart: datadog-operator-1.6.0 + helm.sh/chart: datadog-operator-1.6.1 app.kubernetes.io/instance: datadog-operator app.kubernetes.io/version: "1.5.0" app.kubernetes.io/managed-by: Helm From 21144c018b16ba18e99f0fad29dba00ad56caf7f Mon Sep 17 00:00:00 2001 From: Nicolas Guerguadj <35628945+Kaderinho@users.noreply.github.com> Date: Wed, 15 May 2024 15:09:18 +0200 Subject: [PATCH 049/209] Update FIPS Proxy version to 1.1.2 (#1397) Signed-off-by: Nicolas Guerguadj --- charts/datadog/CHANGELOG.md | 4 ++++ charts/datadog/Chart.yaml | 2 +- charts/datadog/README.md | 4 ++-- charts/datadog/values.yaml | 2 +- 4 files changed, 8 insertions(+), 4 deletions(-) diff --git a/charts/datadog/CHANGELOG.md b/charts/datadog/CHANGELOG.md index 15b852bc5..ff1fca46e 100644 --- a/charts/datadog/CHANGELOG.md +++ b/charts/datadog/CHANGELOG.md @@ -1,5 +1,9 @@ # Datadog changelog +## 3.62.1 + +* Update `fips.image.tag` to `1.1.2` + ## 3.62.0 * Add `datadog.asm` section to configure various features of the ASM Security Product. Disabled by default diff --git a/charts/datadog/Chart.yaml b/charts/datadog/Chart.yaml index cdc87ba2f..b818e76bb 100644 --- a/charts/datadog/Chart.yaml +++ b/charts/datadog/Chart.yaml @@ -1,6 +1,6 @@ apiVersion: v1 name: datadog -version: 3.62.0 +version: 3.62.1 appVersion: "7" description: Datadog Agent keywords: diff --git a/charts/datadog/README.md b/charts/datadog/README.md index 85acfae29..c169403fd 100644 --- a/charts/datadog/README.md +++ b/charts/datadog/README.md @@ -1,6 +1,6 @@ # Datadog -![Version: 3.62.0](https://img.shields.io/badge/Version-3.62.0-informational?style=flat-square) ![AppVersion: 7](https://img.shields.io/badge/AppVersion-7-informational?style=flat-square) +![Version: 3.62.1](https://img.shields.io/badge/Version-3.62.1-informational?style=flat-square) ![AppVersion: 7](https://img.shields.io/badge/AppVersion-7-informational?style=flat-square) [Datadog](https://www.datadoghq.com/) is a hosted infrastructure monitoring platform. This chart adds the Datadog Agent to all nodes in your cluster via a DaemonSet. It also optionally depends on the [kube-state-metrics chart](https://github.com/prometheus-community/helm-charts/tree/main/charts/kube-state-metrics). For more information about monitoring Kubernetes with Datadog, please refer to the [Datadog documentation website](https://docs.datadoghq.com/agent/basic_agent_usage/kubernetes/). @@ -835,7 +835,7 @@ helm install \ | fips.image.name | string | `"fips-proxy"` | | | fips.image.pullPolicy | string | `"IfNotPresent"` | Datadog the FIPS sidecar image pull policy | | fips.image.repository | string | `nil` | Override default registry + image.name for the FIPS sidecar container. | -| fips.image.tag | string | `"1.1.1"` | Define the FIPS sidecar container version to use. | +| fips.image.tag | string | `"1.1.2"` | Define the FIPS sidecar container version to use. | | fips.local_address | string | `"127.0.0.1"` | Set local IP address | | fips.port | int | `9803` | Specifies which port is used by the containers to communicate to the FIPS sidecar. | | fips.portRange | int | `15` | Specifies the number of ports used, defaults to 13 https://github.com/DataDog/datadog-agent/blob/7.44.x/pkg/config/config.go#L1564-L1577 | diff --git a/charts/datadog/values.yaml b/charts/datadog/values.yaml index 4c1107e58..cab06d8c3 100644 --- a/charts/datadog/values.yaml +++ b/charts/datadog/values.yaml @@ -1364,7 +1364,7 @@ fips: name: fips-proxy # fips.image.tag -- Define the FIPS sidecar container version to use. - tag: 1.1.1 + tag: 1.1.2 # fips.image.pullPolicy -- Datadog the FIPS sidecar image pull policy pullPolicy: IfNotPresent From 54644e34abec1c7b2ab7cf98a4c4f0a9623006d9 Mon Sep 17 00:00:00 2001 From: Jennifer Chen <32009013+jennchenn@users.noreply.github.com> Date: Wed, 15 May 2024 10:15:58 -0400 Subject: [PATCH 050/209] Set kubelet core check option to be enabled by default (#1391) * Set kubelet core check option to be enabled by default * Fix description not being added to README --- charts/datadog/CHANGELOG.md | 4 ++++ charts/datadog/Chart.yaml | 2 +- charts/datadog/README.md | 4 ++-- charts/datadog/values.yaml | 6 +++--- 4 files changed, 10 insertions(+), 6 deletions(-) diff --git a/charts/datadog/CHANGELOG.md b/charts/datadog/CHANGELOG.md index ff1fca46e..130cfc378 100644 --- a/charts/datadog/CHANGELOG.md +++ b/charts/datadog/CHANGELOG.md @@ -1,5 +1,9 @@ # Datadog changelog +## 3.63.0 + +* Set kubelet core check to be enabled by default + ## 3.62.1 * Update `fips.image.tag` to `1.1.2` diff --git a/charts/datadog/Chart.yaml b/charts/datadog/Chart.yaml index b818e76bb..36ed5e41c 100644 --- a/charts/datadog/Chart.yaml +++ b/charts/datadog/Chart.yaml @@ -1,6 +1,6 @@ apiVersion: v1 name: datadog -version: 3.62.1 +version: 3.63.0 appVersion: "7" description: Datadog Agent keywords: diff --git a/charts/datadog/README.md b/charts/datadog/README.md index c169403fd..27056bae8 100644 --- a/charts/datadog/README.md +++ b/charts/datadog/README.md @@ -1,6 +1,6 @@ # Datadog -![Version: 3.62.1](https://img.shields.io/badge/Version-3.62.1-informational?style=flat-square) ![AppVersion: 7](https://img.shields.io/badge/AppVersion-7-informational?style=flat-square) +![Version: 3.63.0](https://img.shields.io/badge/Version-3.63.0-informational?style=flat-square) ![AppVersion: 7](https://img.shields.io/badge/AppVersion-7-informational?style=flat-square) [Datadog](https://www.datadoghq.com/) is a hosted infrastructure monitoring platform. This chart adds the Datadog Agent to all nodes in your cluster via a DaemonSet. It also optionally depends on the [kube-state-metrics chart](https://github.com/prometheus-community/helm-charts/tree/main/charts/kube-state-metrics). For more information about monitoring Kubernetes with Datadog, please refer to the [Datadog documentation website](https://docs.datadoghq.com/agent/basic_agent_usage/kubernetes/). @@ -733,7 +733,7 @@ helm install \ | datadog.kubeStateMetricsEnabled | bool | `false` | If true, deploys the kube-state-metrics deployment | | datadog.kubeStateMetricsNetworkPolicy.create | bool | `false` | If true, create a NetworkPolicy for kube state metrics | | datadog.kubelet.agentCAPath | string | /var/run/host-kubelet-ca.crt if hostCAPath else /var/run/secrets/kubernetes.io/serviceaccount/ca.crt | Path (inside Agent containers) where the Kubelet CA certificate is stored | -| datadog.kubelet.coreCheckEnabled | bool | `false` | | +| datadog.kubelet.coreCheckEnabled | bool | true | Toggle if kubelet core check should be used instead of Python check. (Requires Agent/Cluster Agent 7.53.0+) | | datadog.kubelet.host | object | `{"valueFrom":{"fieldRef":{"fieldPath":"status.hostIP"}}}` | Override kubelet IP | | datadog.kubelet.hostCAPath | string | None (no mount from host) | Path (on host) where the Kubelet CA certificate is stored | | datadog.kubelet.podLogsPath | string | /var/log/pods on Linux, C:\var\log\pods on Windows | Path (on host) where the PODs logs are located | diff --git a/charts/datadog/values.yaml b/charts/datadog/values.yaml index cab06d8c3..a634f2d7d 100644 --- a/charts/datadog/values.yaml +++ b/charts/datadog/values.yaml @@ -280,9 +280,9 @@ datadog: # datadog.kubelet.podLogsPath -- Path (on host) where the PODs logs are located # @default -- /var/log/pods on Linux, C:\var\log\pods on Windows podLogsPath: - # datadog.kubelet.coreCheck -- Toggle if kubelet core check should be used instead of Python check. (Requires Agent/Cluster Agent 7.53.0+) - # @default -- false - coreCheckEnabled: false + # datadog.kubelet.coreCheckEnabled -- Toggle if kubelet core check should be used instead of Python check. (Requires Agent/Cluster Agent 7.53.0+) + # @default -- true + coreCheckEnabled: true # datadog.expvarPort -- Specify the port to expose pprof and expvar to not interfere with the agent metrics port from the cluster-agent, which defaults to 5000 expvarPort: 6000 From c93d2a11e4dab079aac018dfacdbe7657e90d5a8 Mon Sep 17 00:00:00 2001 From: Wassim Dhif Date: Wed, 15 May 2024 17:24:47 +0200 Subject: [PATCH 051/209] feat(origin-detection): add unified setting (#1392) Signed-off-by: Wassim DHIF --- charts/datadog/CHANGELOG.md | 4 ++++ charts/datadog/Chart.yaml | 2 +- charts/datadog/README.md | 3 ++- charts/datadog/templates/_container-agent.yaml | 4 ++++ charts/datadog/values.yaml | 4 ++++ 5 files changed, 15 insertions(+), 2 deletions(-) diff --git a/charts/datadog/CHANGELOG.md b/charts/datadog/CHANGELOG.md index 130cfc378..3bdbfcac5 100644 --- a/charts/datadog/CHANGELOG.md +++ b/charts/datadog/CHANGELOG.md @@ -1,5 +1,9 @@ # Datadog changelog +## 3.64.0 + +* Add `datadog.originDetectionUnified.enabled` setting to enable unified origin detection for container tagging. Disabled by default + ## 3.63.0 * Set kubelet core check to be enabled by default diff --git a/charts/datadog/Chart.yaml b/charts/datadog/Chart.yaml index 36ed5e41c..09634ccbc 100644 --- a/charts/datadog/Chart.yaml +++ b/charts/datadog/Chart.yaml @@ -1,6 +1,6 @@ apiVersion: v1 name: datadog -version: 3.63.0 +version: 3.64.0 appVersion: "7" description: Datadog Agent keywords: diff --git a/charts/datadog/README.md b/charts/datadog/README.md index 27056bae8..47dca3cbf 100644 --- a/charts/datadog/README.md +++ b/charts/datadog/README.md @@ -1,6 +1,6 @@ # Datadog -![Version: 3.63.0](https://img.shields.io/badge/Version-3.63.0-informational?style=flat-square) ![AppVersion: 7](https://img.shields.io/badge/AppVersion-7-informational?style=flat-square) +![Version: 3.64.0](https://img.shields.io/badge/Version-3.64.0-informational?style=flat-square) ![AppVersion: 7](https://img.shields.io/badge/AppVersion-7-informational?style=flat-square) [Datadog](https://www.datadoghq.com/) is a hosted infrastructure monitoring platform. This chart adds the Datadog Agent to all nodes in your cluster via a DaemonSet. It also optionally depends on the [kube-state-metrics chart](https://github.com/prometheus-community/helm-charts/tree/main/charts/kube-state-metrics). For more information about monitoring Kubernetes with Datadog, please refer to the [Datadog documentation website](https://docs.datadoghq.com/agent/basic_agent_usage/kubernetes/). @@ -757,6 +757,7 @@ helm install \ | datadog.orchestratorExplorer.container_scrubbing | object | `{"enabled":true}` | Enable the scrubbing of containers in the kubernetes resource YAML for sensitive information | | datadog.orchestratorExplorer.customResources | list | `[]` | Defines custom resources for the orchestrator explorer to collect | | datadog.orchestratorExplorer.enabled | bool | `true` | Set this to false to disable the orchestrator explorer | +| datadog.originDetectionUnified.enabled | bool | `false` | Enabled enables unified mechanism for origin detection. Default: false. (Requires Agent 7.54.0+). | | datadog.osReleasePath | string | `"/etc/os-release"` | Specify the path to your os-release file | | datadog.otlp.logs.enabled | bool | `false` | Enable logs support in the OTLP ingest endpoint | | datadog.otlp.receiver.protocols.grpc.enabled | bool | `false` | Enable the OTLP/gRPC endpoint | diff --git a/charts/datadog/templates/_container-agent.yaml b/charts/datadog/templates/_container-agent.yaml index 4aae1021d..f19b9d2fb 100644 --- a/charts/datadog/templates/_container-agent.yaml +++ b/charts/datadog/templates/_container-agent.yaml @@ -76,6 +76,10 @@ - name: DD_DOGSTATSD_ORIGIN_DETECTION_CLIENT value: {{ .Values.datadog.dogstatsd.originDetection | quote }} {{- end }} + {{- if .Values.datadog.originDetectionUnified.enabled }} + - name: DD_ORIGIN_DETECTION_UNIFIED + value: {{ .Values.datadog.originDetectionUnified.enabled | quote }} + {{- end }} {{- if .Values.datadog.dogstatsd.tagCardinality }} - name: DD_DOGSTATSD_TAG_CARDINALITY value: {{ .Values.datadog.dogstatsd.tagCardinality | quote }} diff --git a/charts/datadog/values.yaml b/charts/datadog/values.yaml index a634f2d7d..ea7a09020 100644 --- a/charts/datadog/values.yaml +++ b/charts/datadog/values.yaml @@ -249,6 +249,10 @@ datadog: # env: environment # : + originDetectionUnified: + # datadog.originDetectionUnified.enabled -- Enabled enables unified mechanism for origin detection. Default: false. (Requires Agent 7.54.0+). + enabled: false + # datadog.tags -- List of static tags to attach to every metric, event and service check collected by this Agent. ## Learn more about tagging: https://docs.datadoghq.com/tagging/ From 337fd7aca21b27675ccbc3dd7014b64077f02c00 Mon Sep 17 00:00:00 2001 From: Paul Cacheux Date: Wed, 15 May 2024 18:56:40 +0200 Subject: [PATCH 052/209] [CWS] add new config option to control the CWS events track (#1394) * [CWS] add new option to switch CWS events to the new track * apply review suggestion * apply second review suggestion --- charts/datadog/CHANGELOG.md | 4 ++++ charts/datadog/Chart.yaml | 2 +- charts/datadog/README.md | 3 ++- charts/datadog/templates/system-probe-configmap.yaml | 1 + charts/datadog/values.yaml | 3 +++ 5 files changed, 11 insertions(+), 2 deletions(-) diff --git a/charts/datadog/CHANGELOG.md b/charts/datadog/CHANGELOG.md index 3bdbfcac5..f9fcf867e 100644 --- a/charts/datadog/CHANGELOG.md +++ b/charts/datadog/CHANGELOG.md @@ -1,5 +1,9 @@ # Datadog changelog +## 3.64.1 + +* Add `datadog.securityAgent.runtime.useSecruntimeTrack` config to start sending CWS events directly to the new secruntime track (and to the new agent events explorer). + ## 3.64.0 * Add `datadog.originDetectionUnified.enabled` setting to enable unified origin detection for container tagging. Disabled by default diff --git a/charts/datadog/Chart.yaml b/charts/datadog/Chart.yaml index 09634ccbc..e2fdd6b74 100644 --- a/charts/datadog/Chart.yaml +++ b/charts/datadog/Chart.yaml @@ -1,6 +1,6 @@ apiVersion: v1 name: datadog -version: 3.64.0 +version: 3.64.1 appVersion: "7" description: Datadog Agent keywords: diff --git a/charts/datadog/README.md b/charts/datadog/README.md index 47dca3cbf..655e7bab2 100644 --- a/charts/datadog/README.md +++ b/charts/datadog/README.md @@ -1,6 +1,6 @@ # Datadog -![Version: 3.64.0](https://img.shields.io/badge/Version-3.64.0-informational?style=flat-square) ![AppVersion: 7](https://img.shields.io/badge/AppVersion-7-informational?style=flat-square) +![Version: 3.64.1](https://img.shields.io/badge/Version-3.64.1-informational?style=flat-square) ![AppVersion: 7](https://img.shields.io/badge/AppVersion-7-informational?style=flat-square) [Datadog](https://www.datadoghq.com/) is a hosted infrastructure monitoring platform. This chart adds the Datadog Agent to all nodes in your cluster via a DaemonSet. It also optionally depends on the [kube-state-metrics chart](https://github.com/prometheus-community/helm-charts/tree/main/charts/kube-state-metrics). For more information about monitoring Kubernetes with Datadog, please refer to the [Datadog documentation website](https://docs.datadoghq.com/agent/basic_agent_usage/kubernetes/). @@ -804,6 +804,7 @@ helm install \ | datadog.securityAgent.runtime.securityProfile.autoSuppression.enabled | bool | `true` | Set to true to enable CWS runtime auto suppression | | datadog.securityAgent.runtime.securityProfile.enabled | bool | `true` | Set to true to enable CWS runtime security profiles | | datadog.securityAgent.runtime.syscallMonitor.enabled | bool | `false` | Set to true to enable the Syscall monitoring (recommended for troubleshooting only) | +| datadog.securityAgent.runtime.useSecruntimeTrack | bool | `false` | Set to true to send Cloud Workload Security (CWS) events directly to the Agent events explorer | | datadog.securityContext | object | `{"runAsUser":0}` | Allows you to overwrite the default PodSecurityContext on the Daemonset or Deployment | | datadog.serviceMonitoring.enabled | bool | `false` | Enable Universal Service Monitoring | | datadog.site | string | `nil` | The site of the Datadog intake to send Agent data to. (documentation: https://docs.datadoghq.com/getting_started/site/) | diff --git a/charts/datadog/templates/system-probe-configmap.yaml b/charts/datadog/templates/system-probe-configmap.yaml index 55ce1162c..4897b7bb9 100644 --- a/charts/datadog/templates/system-probe-configmap.yaml +++ b/charts/datadog/templates/system-probe-configmap.yaml @@ -46,6 +46,7 @@ data: runtime_security_config: enabled: {{ $.Values.datadog.securityAgent.runtime.enabled }} fim_enabled: {{ $.Values.datadog.securityAgent.runtime.fimEnabled }} + use_secruntime_track: {{ $.Values.datadog.securityAgent.runtime.useSecruntimeTrack }} socket: /var/run/sysprobe/runtime-security.sock policies: dir: /etc/datadog-agent/runtime-security.d diff --git a/charts/datadog/values.yaml b/charts/datadog/values.yaml index ea7a09020..9678ad219 100644 --- a/charts/datadog/values.yaml +++ b/charts/datadog/values.yaml @@ -782,6 +782,9 @@ datadog: # datadog.securityAgent.runtime.fimEnabled -- Set to true to enable Cloud Workload Security (CWS) File Integrity Monitoring fimEnabled: false + # datadog.securityAgent.runtime.useSecruntimeTrack -- Set to true to send Cloud Workload Security (CWS) events directly to the Agent events explorer + useSecruntimeTrack: false + policies: # datadog.securityAgent.runtime.policies.configMap -- Contains CWS policies that will be used configMap: From 832f87b3d903b862636b715b655d54fd24ce30fe Mon Sep 17 00:00:00 2001 From: Fanny Jiang Date: Wed, 15 May 2024 17:29:54 -0400 Subject: [PATCH 053/209] Update crds for operator v1.6.0 (#1398) --- charts/datadog-crds/CHANGELOG.md | 3 +++ charts/datadog-crds/Chart.yaml | 2 +- charts/datadog-crds/README.md | 2 +- .../datadoghq.com_datadogagentprofiles_v1.yaml | 4 ++++ .../datadoghq.com_datadogagentprofiles_v1beta1.yaml | 4 ++++ .../templates/datadoghq.com_datadogmonitors_v1.yaml | 12 ++++++++++++ .../datadoghq.com_datadogmonitors_v1beta1.yaml | 12 ++++++++++++ crds/datadoghq.com_datadogagentprofiles.yaml | 4 ++++ crds/datadoghq.com_datadogmonitors.yaml | 12 ++++++++++++ 9 files changed, 53 insertions(+), 2 deletions(-) diff --git a/charts/datadog-crds/CHANGELOG.md b/charts/datadog-crds/CHANGELOG.md index 06fc73759..8feb24781 100644 --- a/charts/datadog-crds/CHANGELOG.md +++ b/charts/datadog-crds/CHANGELOG.md @@ -1,5 +1,8 @@ # Changelog +## 1.6.0 +* Update CRDs from Datadog Operator v1.6.0 tag. + ## 1.5.0 * Update CRDs from Datadog Operator v1.5.0 tag. diff --git a/charts/datadog-crds/Chart.yaml b/charts/datadog-crds/Chart.yaml index 498e65d47..dfbe3f63c 100644 --- a/charts/datadog-crds/Chart.yaml +++ b/charts/datadog-crds/Chart.yaml @@ -1,7 +1,7 @@ apiVersion: v1 name: datadog-crds description: Datadog Kubernetes CRDs chart -version: 1.5.0 +version: 1.6.0 appVersion: "1" keywords: - monitoring diff --git a/charts/datadog-crds/README.md b/charts/datadog-crds/README.md index d139c5c01..b9e62d55d 100644 --- a/charts/datadog-crds/README.md +++ b/charts/datadog-crds/README.md @@ -1,6 +1,6 @@ # Datadog CRDs -![Version: 1.5.0](https://img.shields.io/badge/Version-1.5.0-informational?style=flat-square) ![AppVersion: 1](https://img.shields.io/badge/AppVersion-1-informational?style=flat-square) +![Version: 1.6.0](https://img.shields.io/badge/Version-1.6.0-informational?style=flat-square) ![AppVersion: 1](https://img.shields.io/badge/AppVersion-1-informational?style=flat-square) This chart was designed to allow other "datadog" charts to share `CustomResourceDefinitions` such as the `DatadogMetric`. diff --git a/charts/datadog-crds/templates/datadoghq.com_datadogagentprofiles_v1.yaml b/charts/datadog-crds/templates/datadoghq.com_datadogagentprofiles_v1.yaml index b8d5cb075..764ea462d 100644 --- a/charts/datadog-crds/templates/datadoghq.com_datadogagentprofiles_v1.yaml +++ b/charts/datadog-crds/templates/datadoghq.com_datadogagentprofiles_v1.yaml @@ -71,7 +71,11 @@ spec: type: object type: object type: object + description: 'Configure the basic configurations for an Agent container Valid Agent container names are: `agent`' type: object + priorityClassName: + description: If specified, indicates the pod's priority. "system-node-critical" and "system-cluster-critical" are two special keywords which indicate the highest priorities with the former being the highest priority. Any other name must be defined by creating a PriorityClass object with that name. If not specified, the pod priority will be default or zero if there is no default. + type: string type: object type: object type: object diff --git a/charts/datadog-crds/templates/datadoghq.com_datadogagentprofiles_v1beta1.yaml b/charts/datadog-crds/templates/datadoghq.com_datadogagentprofiles_v1beta1.yaml index 435cde5bd..8732438b1 100644 --- a/charts/datadog-crds/templates/datadoghq.com_datadogagentprofiles_v1beta1.yaml +++ b/charts/datadog-crds/templates/datadoghq.com_datadogagentprofiles_v1beta1.yaml @@ -71,7 +71,11 @@ spec: type: object type: object type: object + description: 'Configure the basic configurations for an Agent container Valid Agent container names are: `agent`' type: object + priorityClassName: + description: If specified, indicates the pod's priority. "system-node-critical" and "system-cluster-critical" are two special keywords which indicate the highest priorities with the former being the highest priority. Any other name must be defined by creating a PriorityClass object with that name. If not specified, the pod priority will be default or zero if there is no default. + type: string type: object type: object type: object diff --git a/charts/datadog-crds/templates/datadoghq.com_datadogmonitors_v1.yaml b/charts/datadog-crds/templates/datadoghq.com_datadogmonitors_v1.yaml index 3b7f85b5d..d16cabbb1 100644 --- a/charts/datadog-crds/templates/datadoghq.com_datadogmonitors_v1.yaml +++ b/charts/datadog-crds/templates/datadoghq.com_datadogmonitors_v1.yaml @@ -84,6 +84,9 @@ spec: description: Time (in seconds) to delay evaluation, as a non-negative integer. For example, if the value is set to 300 (5min), the timeframe is set to last_5m and the time is 7:00, the monitor evaluates data from 6:50 to 6:55. This is useful for AWS CloudWatch and other backfilled metrics to ensure the monitor always has data during evaluation. format: int64 type: integer + groupbySimpleMonitor: + description: A Boolean indicating whether the log alert monitor triggers a single alert or multiple alerts when any group breaches a threshold. + type: boolean includeTags: description: A Boolean indicating whether notifications from this monitor automatically inserts its triggering tags into the title. type: boolean @@ -104,6 +107,11 @@ spec: notifyAudit: description: A Boolean indicating whether tagged users are notified on changes to this monitor. type: boolean + notifyBy: + description: A string indicating the granularity a monitor alerts on. Only available for monitors with groupings. For instance, a monitor grouped by cluster, namespace, and pod can be configured to only notify on each new cluster violating the alert conditions by setting notify_by to ["cluster"]. Tags mentioned in notify_by must be a subset of the grouping tags in the query. For example, a query grouped by cluster and namespace cannot notify on region. Setting notify_by to [*] configures the monitor to notify as a simple-alert. + items: + type: string + type: array notifyNoData: description: A Boolean indicating whether this monitor notifies when data stops reporting. type: boolean @@ -114,6 +122,10 @@ spec: description: The number of minutes after the last notification before a monitor re-notifies on the current status. It only re-notifies if it’s not resolved. format: int64 type: integer + renotifyOccurrences: + description: The number of times re-notification messages should be sent on the current status at the provided re-notification interval. + format: int64 + type: integer requireFullWindow: description: A Boolean indicating whether this monitor needs a full window of data before it’s evaluated. We highly recommend you set this to false for sparse metrics, otherwise some evaluations are skipped. Default is false. type: boolean diff --git a/charts/datadog-crds/templates/datadoghq.com_datadogmonitors_v1beta1.yaml b/charts/datadog-crds/templates/datadoghq.com_datadogmonitors_v1beta1.yaml index e432c53d9..a8c8db48f 100644 --- a/charts/datadog-crds/templates/datadoghq.com_datadogmonitors_v1beta1.yaml +++ b/charts/datadog-crds/templates/datadoghq.com_datadogmonitors_v1beta1.yaml @@ -84,6 +84,9 @@ spec: description: Time (in seconds) to delay evaluation, as a non-negative integer. For example, if the value is set to 300 (5min), the timeframe is set to last_5m and the time is 7:00, the monitor evaluates data from 6:50 to 6:55. This is useful for AWS CloudWatch and other backfilled metrics to ensure the monitor always has data during evaluation. format: int64 type: integer + groupbySimpleMonitor: + description: A Boolean indicating whether the log alert monitor triggers a single alert or multiple alerts when any group breaches a threshold. + type: boolean includeTags: description: A Boolean indicating whether notifications from this monitor automatically inserts its triggering tags into the title. type: boolean @@ -104,6 +107,11 @@ spec: notifyAudit: description: A Boolean indicating whether tagged users are notified on changes to this monitor. type: boolean + notifyBy: + description: A string indicating the granularity a monitor alerts on. Only available for monitors with groupings. For instance, a monitor grouped by cluster, namespace, and pod can be configured to only notify on each new cluster violating the alert conditions by setting notify_by to ["cluster"]. Tags mentioned in notify_by must be a subset of the grouping tags in the query. For example, a query grouped by cluster and namespace cannot notify on region. Setting notify_by to [*] configures the monitor to notify as a simple-alert. + items: + type: string + type: array notifyNoData: description: A Boolean indicating whether this monitor notifies when data stops reporting. type: boolean @@ -114,6 +122,10 @@ spec: description: The number of minutes after the last notification before a monitor re-notifies on the current status. It only re-notifies if it’s not resolved. format: int64 type: integer + renotifyOccurrences: + description: The number of times re-notification messages should be sent on the current status at the provided re-notification interval. + format: int64 + type: integer requireFullWindow: description: A Boolean indicating whether this monitor needs a full window of data before it’s evaluated. We highly recommend you set this to false for sparse metrics, otherwise some evaluations are skipped. Default is false. type: boolean diff --git a/crds/datadoghq.com_datadogagentprofiles.yaml b/crds/datadoghq.com_datadogagentprofiles.yaml index b0e817ecf..e32536727 100644 --- a/crds/datadoghq.com_datadogagentprofiles.yaml +++ b/crds/datadoghq.com_datadogagentprofiles.yaml @@ -65,7 +65,11 @@ spec: type: object type: object type: object + description: 'Configure the basic configurations for an Agent container Valid Agent container names are: `agent`' type: object + priorityClassName: + description: If specified, indicates the pod's priority. "system-node-critical" and "system-cluster-critical" are two special keywords which indicate the highest priorities with the former being the highest priority. Any other name must be defined by creating a PriorityClass object with that name. If not specified, the pod priority will be default or zero if there is no default. + type: string type: object type: object type: object diff --git a/crds/datadoghq.com_datadogmonitors.yaml b/crds/datadoghq.com_datadogmonitors.yaml index 7aa61c60d..17a70b2e1 100644 --- a/crds/datadoghq.com_datadogmonitors.yaml +++ b/crds/datadoghq.com_datadogmonitors.yaml @@ -78,6 +78,9 @@ spec: description: Time (in seconds) to delay evaluation, as a non-negative integer. For example, if the value is set to 300 (5min), the timeframe is set to last_5m and the time is 7:00, the monitor evaluates data from 6:50 to 6:55. This is useful for AWS CloudWatch and other backfilled metrics to ensure the monitor always has data during evaluation. format: int64 type: integer + groupbySimpleMonitor: + description: A Boolean indicating whether the log alert monitor triggers a single alert or multiple alerts when any group breaches a threshold. + type: boolean includeTags: description: A Boolean indicating whether notifications from this monitor automatically inserts its triggering tags into the title. type: boolean @@ -98,6 +101,11 @@ spec: notifyAudit: description: A Boolean indicating whether tagged users are notified on changes to this monitor. type: boolean + notifyBy: + description: A string indicating the granularity a monitor alerts on. Only available for monitors with groupings. For instance, a monitor grouped by cluster, namespace, and pod can be configured to only notify on each new cluster violating the alert conditions by setting notify_by to ["cluster"]. Tags mentioned in notify_by must be a subset of the grouping tags in the query. For example, a query grouped by cluster and namespace cannot notify on region. Setting notify_by to [*] configures the monitor to notify as a simple-alert. + items: + type: string + type: array notifyNoData: description: A Boolean indicating whether this monitor notifies when data stops reporting. type: boolean @@ -108,6 +116,10 @@ spec: description: The number of minutes after the last notification before a monitor re-notifies on the current status. It only re-notifies if it’s not resolved. format: int64 type: integer + renotifyOccurrences: + description: The number of times re-notification messages should be sent on the current status at the provided re-notification interval. + format: int64 + type: integer requireFullWindow: description: A Boolean indicating whether this monitor needs a full window of data before it’s evaluated. We highly recommend you set this to false for sparse metrics, otherwise some evaluations are skipped. Default is false. type: boolean From 97d9522f38163b4697b714927be0a9a292bd5085 Mon Sep 17 00:00:00 2001 From: Fanny Jiang Date: Thu, 16 May 2024 10:18:29 -0400 Subject: [PATCH 054/209] update datadog-operator chart for v1.6.0 (#1399) --- charts/datadog-operator/CHANGELOG.md | 4 + charts/datadog-operator/Chart.lock | 6 +- charts/datadog-operator/Chart.yaml | 6 +- charts/datadog-operator/README.md | 6 +- charts/datadog-operator/README.md.gotmpl | 2 +- charts/datadog-operator/values.yaml | 2 +- .../baseline/DatadogAgent_CRD_default.yaml | 2 +- .../DatadogAgent_CRD_with_certManager.yaml | 2 +- .../baseline/Operator_Deployment_default.yaml | 6 +- .../Operator_Deployment_with_certManager.yaml | 6 +- .../operator_deployment_test.go | 5 +- ...gent-clusterchecks-deployment_default.yaml | 12 +- .../cluster-agent-deployment_default.yaml | 14 +-- ...loyment_default_advanced_AC_injection.yaml | 14 +-- ...ployment_default_minimal_AC_injection.yaml | 16 +-- test/datadog/baseline/daemonset_default.yaml | 18 +-- test/datadog/baseline/other_default.yaml | 106 +++++++++--------- test/datadog/dca_AC_sidecar_test.go | 5 +- 18 files changed, 121 insertions(+), 111 deletions(-) diff --git a/charts/datadog-operator/CHANGELOG.md b/charts/datadog-operator/CHANGELOG.md index 0626cf7e0..430798c64 100644 --- a/charts/datadog-operator/CHANGELOG.md +++ b/charts/datadog-operator/CHANGELOG.md @@ -1,5 +1,9 @@ # Changelog +## 1.7.0 + +* Update Datadog Operator version to 1.6.0. + ## 1.6.1 * Fix clusterRole when DatadogAgentProfiles are enabled. diff --git a/charts/datadog-operator/Chart.lock b/charts/datadog-operator/Chart.lock index be00d4f6a..ff7f38a03 100644 --- a/charts/datadog-operator/Chart.lock +++ b/charts/datadog-operator/Chart.lock @@ -1,6 +1,6 @@ dependencies: - name: datadog-crds repository: https://helm.datadoghq.com - version: 1.5.0 -digest: sha256:0d4930313af68e7bb8e9074b782b5e09fd47201343f25f5bf0c01a3e0d920a47 -generated: "2024-03-28T13:57:10.146369-04:00" + version: 1.6.0 +digest: sha256:8ba0faa3eec8b7e0fab258789b0ddf16a106b725adb8548edd7fedbb862499f3 +generated: "2024-05-15T17:32:24.08231-04:00" diff --git a/charts/datadog-operator/Chart.yaml b/charts/datadog-operator/Chart.yaml index 0ed41ed95..31331ce91 100644 --- a/charts/datadog-operator/Chart.yaml +++ b/charts/datadog-operator/Chart.yaml @@ -1,7 +1,7 @@ apiVersion: v2 name: datadog-operator -version: 1.6.1 -appVersion: 1.5.0 +version: 1.7.0 +appVersion: 1.6.0 description: Datadog Operator keywords: - monitoring @@ -17,7 +17,7 @@ maintainers: email: support@datadoghq.com dependencies: - name: datadog-crds - version: "=1.5.0" + version: "=1.6.0" alias: datadogCRDs repository: https://helm.datadoghq.com condition: installCRDs diff --git a/charts/datadog-operator/README.md b/charts/datadog-operator/README.md index 17cb42a76..d67460f7e 100644 --- a/charts/datadog-operator/README.md +++ b/charts/datadog-operator/README.md @@ -1,6 +1,6 @@ # Datadog Operator -![Version: 1.6.1](https://img.shields.io/badge/Version-1.6.1-informational?style=flat-square) ![AppVersion: 1.5.0](https://img.shields.io/badge/AppVersion-1.5.0-informational?style=flat-square) +![Version: 1.7.0](https://img.shields.io/badge/Version-1.7.0-informational?style=flat-square) ![AppVersion: 1.6.0](https://img.shields.io/badge/AppVersion-1.6.0-informational?style=flat-square) ## Values @@ -31,7 +31,7 @@ | fullnameOverride | string | `""` | | | image.pullPolicy | string | `"IfNotPresent"` | Define the pullPolicy for Datadog Operator image | | image.repository | string | `"gcr.io/datadoghq/operator"` | Repository to use for Datadog Operator image | -| image.tag | string | `"1.5.0"` | Define the Datadog Operator version to use | +| image.tag | string | `"1.6.0"` | Define the Datadog Operator version to use | | imagePullSecrets | list | `[]` | Datadog Operator repository pullSecret (ex: specify docker registry credentials) | | installCRDs | bool | `true` | Set to true to deploy the Datadog's CRDs | | introspection.enabled | bool | `false` | If true, enables introspection feature (beta). Requires v1.4.0+ | @@ -122,7 +122,7 @@ You can update with the following: ``` helm upgrade \ datadog-operator datadog/datadog-operator \ - --set image.tag=1.5.0 \ + --set image.tag=1.6.0 \ --set datadogCRDs.migration.datadogAgents.version=v2alpha1 \ --set datadogCRDs.migration.datadogAgents.useCertManager=true \ --set datadogCRDs.migration.datadogAgents.conversionWebhook.enabled=true diff --git a/charts/datadog-operator/README.md.gotmpl b/charts/datadog-operator/README.md.gotmpl index e7c017ca9..9b459f4c1 100644 --- a/charts/datadog-operator/README.md.gotmpl +++ b/charts/datadog-operator/README.md.gotmpl @@ -68,7 +68,7 @@ You can update with the following: ``` helm upgrade \ datadog-operator datadog/datadog-operator \ - --set image.tag=1.5.0 \ + --set image.tag=1.6.0 \ --set datadogCRDs.migration.datadogAgents.version=v2alpha1 \ --set datadogCRDs.migration.datadogAgents.useCertManager=true \ --set datadogCRDs.migration.datadogAgents.conversionWebhook.enabled=true diff --git a/charts/datadog-operator/values.yaml b/charts/datadog-operator/values.yaml index 415edfacd..409462063 100644 --- a/charts/datadog-operator/values.yaml +++ b/charts/datadog-operator/values.yaml @@ -43,7 +43,7 @@ image: # image.repository -- Repository to use for Datadog Operator image repository: gcr.io/datadoghq/operator # image.tag -- Define the Datadog Operator version to use - tag: 1.5.0 + tag: 1.6.0 # image.pullPolicy -- Define the pullPolicy for Datadog Operator image pullPolicy: IfNotPresent # imagePullSecrets -- Datadog Operator repository pullSecret (ex: specify docker registry credentials) diff --git a/test/datadog-operator/baseline/DatadogAgent_CRD_default.yaml b/test/datadog-operator/baseline/DatadogAgent_CRD_default.yaml index ea788ad08..3bb33a89e 100644 --- a/test/datadog-operator/baseline/DatadogAgent_CRD_default.yaml +++ b/test/datadog-operator/baseline/DatadogAgent_CRD_default.yaml @@ -8,7 +8,7 @@ metadata: creationTimestamp: null name: datadogagents.datadoghq.com labels: - helm.sh/chart: 'datadogCRDs-1.5.0' + helm.sh/chart: 'datadogCRDs-1.6.0' app.kubernetes.io/managed-by: 'Helm' app.kubernetes.io/name: 'datadogCRDs' app.kubernetes.io/instance: 'datadog-operator' diff --git a/test/datadog-operator/baseline/DatadogAgent_CRD_with_certManager.yaml b/test/datadog-operator/baseline/DatadogAgent_CRD_with_certManager.yaml index d3baadaec..9d79a4451 100644 --- a/test/datadog-operator/baseline/DatadogAgent_CRD_with_certManager.yaml +++ b/test/datadog-operator/baseline/DatadogAgent_CRD_with_certManager.yaml @@ -9,7 +9,7 @@ metadata: creationTimestamp: null name: datadogagents.datadoghq.com labels: - helm.sh/chart: 'datadogCRDs-1.5.0' + helm.sh/chart: 'datadogCRDs-1.6.0' app.kubernetes.io/managed-by: 'Helm' app.kubernetes.io/name: 'datadogCRDs' app.kubernetes.io/instance: 'datadog-operator' diff --git a/test/datadog-operator/baseline/Operator_Deployment_default.yaml b/test/datadog-operator/baseline/Operator_Deployment_default.yaml index 0140aea4e..35331fc87 100644 --- a/test/datadog-operator/baseline/Operator_Deployment_default.yaml +++ b/test/datadog-operator/baseline/Operator_Deployment_default.yaml @@ -7,9 +7,9 @@ metadata: namespace: datadog-agent labels: app.kubernetes.io/name: datadog-operator - helm.sh/chart: datadog-operator-1.6.1 + helm.sh/chart: datadog-operator-1.7.0 app.kubernetes.io/instance: datadog-operator - app.kubernetes.io/version: "1.5.0" + app.kubernetes.io/version: "1.6.0" app.kubernetes.io/managed-by: Helm spec: replicas: 1 @@ -35,7 +35,7 @@ spec: serviceAccountName: datadog-operator containers: - name: datadog-operator - image: "gcr.io/datadoghq/operator:1.5.0" + image: "gcr.io/datadoghq/operator:1.6.0" imagePullPolicy: IfNotPresent env: - name: WATCH_NAMESPACE diff --git a/test/datadog-operator/baseline/Operator_Deployment_with_certManager.yaml b/test/datadog-operator/baseline/Operator_Deployment_with_certManager.yaml index 9d3e5e10e..61d615a8d 100644 --- a/test/datadog-operator/baseline/Operator_Deployment_with_certManager.yaml +++ b/test/datadog-operator/baseline/Operator_Deployment_with_certManager.yaml @@ -7,9 +7,9 @@ metadata: namespace: datadog-agent labels: app.kubernetes.io/name: datadog-operator - helm.sh/chart: datadog-operator-1.6.1 + helm.sh/chart: datadog-operator-1.7.0 app.kubernetes.io/instance: datadog-operator - app.kubernetes.io/version: "1.5.0" + app.kubernetes.io/version: "1.6.0" app.kubernetes.io/managed-by: Helm spec: replicas: 1 @@ -35,7 +35,7 @@ spec: serviceAccountName: datadog-operator containers: - name: datadog-operator - image: "gcr.io/datadoghq/operator:1.5.0" + image: "gcr.io/datadoghq/operator:1.6.0" imagePullPolicy: IfNotPresent env: - name: WATCH_NAMESPACE diff --git a/test/datadog-operator/operator_deployment_test.go b/test/datadog-operator/operator_deployment_test.go index d63271e42..b55fa796d 100644 --- a/test/datadog-operator/operator_deployment_test.go +++ b/test/datadog-operator/operator_deployment_test.go @@ -3,10 +3,11 @@ package datadog_operator import ( "testing" - "github.com/DataDog/helm-charts/test/common" "github.com/stretchr/testify/assert" appsv1 "k8s.io/api/apps/v1" v1 "k8s.io/api/core/v1" + + "github.com/DataDog/helm-charts/test/common" ) // This test will produce two renderings for two versions of DatadogAgent. @@ -130,7 +131,7 @@ func verifyDeployment(t *testing.T, manifest string) { assert.Equal(t, 1, len(deployment.Spec.Template.Spec.Containers)) operatorContainer := deployment.Spec.Template.Spec.Containers[0] assert.Equal(t, v1.PullPolicy("IfNotPresent"), operatorContainer.ImagePullPolicy) - assert.Equal(t, "gcr.io/datadoghq/operator:1.5.0", operatorContainer.Image) + assert.Equal(t, "gcr.io/datadoghq/operator:1.6.0", operatorContainer.Image) assert.Contains(t, operatorContainer.Args, "-webhookEnabled=false") } diff --git a/test/datadog/baseline/agent-clusterchecks-deployment_default.yaml b/test/datadog/baseline/agent-clusterchecks-deployment_default.yaml index ab5cdf9f0..3a0bf771f 100644 --- a/test/datadog/baseline/agent-clusterchecks-deployment_default.yaml +++ b/test/datadog/baseline/agent-clusterchecks-deployment_default.yaml @@ -6,7 +6,7 @@ metadata: name: datadog-clusterchecks namespace: datadog-agent labels: - helm.sh/chart: 'datadog-3.59.5' + helm.sh/chart: 'datadog-3.64.1' app.kubernetes.io/name: "datadog" app.kubernetes.io/instance: "datadog" app.kubernetes.io/managed-by: Helm @@ -36,8 +36,8 @@ spec: name: datadog-clusterchecks annotations: - checksum/clusteragent_token: 70ee659df0e52871e8d378fcc43eaf4c28f5740fcf630c044aa05ab172fff59e - checksum/install_info: ff7899c74b353510429944625eb16f8e592229bb5787e83e275316fa810fb729 + checksum/clusteragent_token: 61c40a6cf60e0eedd46df38594b28a4a091044fcc50a168f84f1837c7b14b0b8 + checksum/install_info: f2cb33b54b5eb5df4f4e7285e408f6d4ee343c8a98a644780e18ab457ac4207f spec: serviceAccountName: datadog-cluster-checks automountServiceAccountToken: true @@ -45,7 +45,7 @@ spec: [] initContainers: - name: init-volume - image: "gcr.io/datadoghq/agent:7.52.1" + image: "gcr.io/datadoghq/agent:7.53.0" imagePullPolicy: IfNotPresent command: ["bash", "-c"] args: @@ -57,7 +57,7 @@ spec: resources: {} - name: init-config - image: "gcr.io/datadoghq/agent:7.52.1" + image: "gcr.io/datadoghq/agent:7.53.0" imagePullPolicy: IfNotPresent command: ["bash", "-c"] args: @@ -70,7 +70,7 @@ spec: {} containers: - name: agent - image: "gcr.io/datadoghq/agent:7.52.1" + image: "gcr.io/datadoghq/agent:7.53.0" command: ["bash", "-c"] args: - rm -rf /etc/datadog-agent/conf.d && touch /etc/datadog-agent/datadog.yaml && exec agent run diff --git a/test/datadog/baseline/cluster-agent-deployment_default.yaml b/test/datadog/baseline/cluster-agent-deployment_default.yaml index 15805c69e..3d5597fa0 100644 --- a/test/datadog/baseline/cluster-agent-deployment_default.yaml +++ b/test/datadog/baseline/cluster-agent-deployment_default.yaml @@ -6,7 +6,7 @@ metadata: name: datadog-cluster-agent namespace: datadog-agent labels: - helm.sh/chart: 'datadog-3.59.5' + helm.sh/chart: 'datadog-3.64.1' app.kubernetes.io/name: "datadog" app.kubernetes.io/instance: "datadog" app.kubernetes.io/managed-by: Helm @@ -36,17 +36,17 @@ spec: name: datadog-cluster-agent annotations: - checksum/clusteragent_token: 5aef8764f6b4aeb3bd45082ad9876bb29166947c57686982e07a831d07ec5c53 - checksum/clusteragent-configmap: e76c6e387906993bf00147d7686dc3c64be7714d069bb1a2cbf88240ef996268 - checksum/api_key: 285e50be97a9ee27ecdd3466635dcedc8b3d08f9db978c1d427bf3bc39d2de0c + checksum/clusteragent_token: dc8cfc926a5573098750522941a404659c7f1eb96ba650f7ff981da66403a9cd + checksum/clusteragent-configmap: caf999fa78367514b2b4ed07b750164036342f54a91dd4ed386dc79ee1441a4c + checksum/api_key: cc9f65a108b01735ce1b5508397b1a84f2dee1679fabd5a3dcfbc8822c3e8301 checksum/application_key: 01ba4719c80b6fe911b091a7c05124b64eeece964e09c058ef8f9805daca546b - checksum/install_info: ff7899c74b353510429944625eb16f8e592229bb5787e83e275316fa810fb729 + checksum/install_info: f2cb33b54b5eb5df4f4e7285e408f6d4ee343c8a98a644780e18ab457ac4207f spec: serviceAccountName: datadog-cluster-agent automountServiceAccountToken: true initContainers: - name: init-volume - image: "gcr.io/datadoghq/cluster-agent:7.52.1" + image: "gcr.io/datadoghq/cluster-agent:7.53.0" imagePullPolicy: IfNotPresent command: - cp @@ -59,7 +59,7 @@ spec: mountPath: /opt/datadog-agent containers: - name: cluster-agent - image: "gcr.io/datadoghq/cluster-agent:7.52.1" + image: "gcr.io/datadoghq/cluster-agent:7.53.0" imagePullPolicy: IfNotPresent resources: {} diff --git a/test/datadog/baseline/cluster-agent-deployment_default_advanced_AC_injection.yaml b/test/datadog/baseline/cluster-agent-deployment_default_advanced_AC_injection.yaml index f365f4b8d..77898c6d2 100644 --- a/test/datadog/baseline/cluster-agent-deployment_default_advanced_AC_injection.yaml +++ b/test/datadog/baseline/cluster-agent-deployment_default_advanced_AC_injection.yaml @@ -6,7 +6,7 @@ metadata: name: datadog-cluster-agent namespace: datadog-agent labels: - helm.sh/chart: 'datadog-3.59.5' + helm.sh/chart: 'datadog-3.64.1' app.kubernetes.io/name: "datadog" app.kubernetes.io/instance: "datadog" app.kubernetes.io/managed-by: Helm @@ -36,17 +36,17 @@ spec: name: datadog-cluster-agent annotations: - checksum/clusteragent_token: 181ecf39c46a1dd44547d1584e61a5ab984fcfadc01b1a9951511de7be33b4ff - checksum/clusteragent-configmap: e76c6e387906993bf00147d7686dc3c64be7714d069bb1a2cbf88240ef996268 - checksum/api_key: 285e50be97a9ee27ecdd3466635dcedc8b3d08f9db978c1d427bf3bc39d2de0c + checksum/clusteragent_token: cceac6b866c30b95baaca15e9d16c3bbaf6d074f7b624a4fc82254008f3fdab4 + checksum/clusteragent-configmap: caf999fa78367514b2b4ed07b750164036342f54a91dd4ed386dc79ee1441a4c + checksum/api_key: cc9f65a108b01735ce1b5508397b1a84f2dee1679fabd5a3dcfbc8822c3e8301 checksum/application_key: 01ba4719c80b6fe911b091a7c05124b64eeece964e09c058ef8f9805daca546b - checksum/install_info: ff7899c74b353510429944625eb16f8e592229bb5787e83e275316fa810fb729 + checksum/install_info: f2cb33b54b5eb5df4f4e7285e408f6d4ee343c8a98a644780e18ab457ac4207f spec: serviceAccountName: datadog-cluster-agent automountServiceAccountToken: true initContainers: - name: init-volume - image: "gcr.io/datadoghq/cluster-agent:7.52.1" + image: "gcr.io/datadoghq/cluster-agent:7.53.0" imagePullPolicy: IfNotPresent command: - cp @@ -59,7 +59,7 @@ spec: mountPath: /opt/datadog-agent containers: - name: cluster-agent - image: "gcr.io/datadoghq/cluster-agent:7.52.1" + image: "gcr.io/datadoghq/cluster-agent:7.53.0" imagePullPolicy: IfNotPresent resources: {} diff --git a/test/datadog/baseline/cluster-agent-deployment_default_minimal_AC_injection.yaml b/test/datadog/baseline/cluster-agent-deployment_default_minimal_AC_injection.yaml index 4efc71b97..2fb814750 100644 --- a/test/datadog/baseline/cluster-agent-deployment_default_minimal_AC_injection.yaml +++ b/test/datadog/baseline/cluster-agent-deployment_default_minimal_AC_injection.yaml @@ -6,7 +6,7 @@ metadata: name: datadog-cluster-agent namespace: datadog-agent labels: - helm.sh/chart: 'datadog-3.59.5' + helm.sh/chart: 'datadog-3.64.1' app.kubernetes.io/name: "datadog" app.kubernetes.io/instance: "datadog" app.kubernetes.io/managed-by: Helm @@ -36,17 +36,17 @@ spec: name: datadog-cluster-agent annotations: - checksum/clusteragent_token: 2fa601d9e096c193a20fc2206befc84edbdb2d0734a436ba8756f1810ea38757 - checksum/clusteragent-configmap: e76c6e387906993bf00147d7686dc3c64be7714d069bb1a2cbf88240ef996268 - checksum/api_key: 285e50be97a9ee27ecdd3466635dcedc8b3d08f9db978c1d427bf3bc39d2de0c + checksum/clusteragent_token: 39e098085201de3706d0276d95382f9dd9114f7fb62f45501163ceedb1660144 + checksum/clusteragent-configmap: caf999fa78367514b2b4ed07b750164036342f54a91dd4ed386dc79ee1441a4c + checksum/api_key: cc9f65a108b01735ce1b5508397b1a84f2dee1679fabd5a3dcfbc8822c3e8301 checksum/application_key: 01ba4719c80b6fe911b091a7c05124b64eeece964e09c058ef8f9805daca546b - checksum/install_info: ff7899c74b353510429944625eb16f8e592229bb5787e83e275316fa810fb729 + checksum/install_info: f2cb33b54b5eb5df4f4e7285e408f6d4ee343c8a98a644780e18ab457ac4207f spec: serviceAccountName: datadog-cluster-agent automountServiceAccountToken: true initContainers: - name: init-volume - image: "gcr.io/datadoghq/cluster-agent:7.52.1" + image: "gcr.io/datadoghq/cluster-agent:7.53.0" imagePullPolicy: IfNotPresent command: - cp @@ -59,7 +59,7 @@ spec: mountPath: /opt/datadog-agent containers: - name: cluster-agent - image: "gcr.io/datadoghq/cluster-agent:7.52.1" + image: "gcr.io/datadoghq/cluster-agent:7.53.0" imagePullPolicy: IfNotPresent resources: {} @@ -119,7 +119,7 @@ spec: - name: DD_ADMISSION_CONTROLLER_AGENT_SIDECAR_IMAGE_NAME value: agent - name: DD_ADMISSION_CONTROLLER_AGENT_SIDECAR_IMAGE_TAG - value: 7.52.1 + value: 7.53.0 - name: DD_REMOTE_CONFIGURATION_ENABLED value: "false" - name: DD_CLUSTER_CHECKS_ENABLED diff --git a/test/datadog/baseline/daemonset_default.yaml b/test/datadog/baseline/daemonset_default.yaml index 93ef7a2db..36577ee3b 100644 --- a/test/datadog/baseline/daemonset_default.yaml +++ b/test/datadog/baseline/daemonset_default.yaml @@ -6,7 +6,7 @@ metadata: name: datadog namespace: datadog-agent labels: - helm.sh/chart: 'datadog-3.59.5' + helm.sh/chart: 'datadog-3.64.1' app.kubernetes.io/name: "datadog" app.kubernetes.io/instance: "datadog" app.kubernetes.io/managed-by: Helm @@ -30,8 +30,8 @@ spec: name: datadog annotations: - checksum/clusteragent_token: cdc95023f8d20e02cbfbe7fccf9e3ace103429d80685b51e2c23f7ac155c3737 - checksum/install_info: ff7899c74b353510429944625eb16f8e592229bb5787e83e275316fa810fb729 + checksum/clusteragent_token: a35e0fc3c9cc5d2684bce9d9cc6a3c694647a2ab9e7135057afd317d893a8771 + checksum/install_info: f2cb33b54b5eb5df4f4e7285e408f6d4ee343c8a98a644780e18ab457ac4207f checksum/autoconf-config: 74234e98afe7498fb5daf1f36ac2d78acc339464f950703b8c019892f982b90b checksum/confd-config: 44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a checksum/checksd-config: 44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a @@ -42,7 +42,7 @@ spec: hostPID: true containers: - name: agent - image: "gcr.io/datadoghq/agent:7.52.1" + image: "gcr.io/datadoghq/agent:7.53.0" imagePullPolicy: IfNotPresent command: ["agent", "run"] @@ -120,6 +120,8 @@ spec: - name: DD_COMPLIANCE_CONFIG_ENABLED value: "false" - name: DD_CONTAINER_IMAGE_ENABLED + value: "true" + - name: DD_KUBELET_CORE_CHECK_ENABLED value: "true" volumeMounts: - name: logdatadog @@ -180,7 +182,7 @@ spec: successThreshold: 1 timeoutSeconds: 5 - name: trace-agent - image: "gcr.io/datadoghq/agent:7.52.1" + image: "gcr.io/datadoghq/agent:7.53.0" imagePullPolicy: IfNotPresent command: ["trace-agent", "-config=/etc/datadog-agent/datadog.yaml"] resources: @@ -286,7 +288,7 @@ spec: port: 8126 timeoutSeconds: 5 - name: process-agent - image: "gcr.io/datadoghq/agent:7.52.1" + image: "gcr.io/datadoghq/agent:7.53.0" imagePullPolicy: IfNotPresent command: ["process-agent", "--cfgpath=/etc/datadog-agent/datadog.yaml"] resources: @@ -377,7 +379,7 @@ spec: - name: init-volume - image: "gcr.io/datadoghq/agent:7.52.1" + image: "gcr.io/datadoghq/agent:7.53.0" imagePullPolicy: IfNotPresent command: ["bash", "-c"] args: @@ -390,7 +392,7 @@ spec: {} - name: init-config - image: "gcr.io/datadoghq/agent:7.52.1" + image: "gcr.io/datadoghq/agent:7.53.0" imagePullPolicy: IfNotPresent command: - bash diff --git a/test/datadog/baseline/other_default.yaml b/test/datadog/baseline/other_default.yaml index c3d65437c..d4c533832 100644 --- a/test/datadog/baseline/other_default.yaml +++ b/test/datadog/baseline/other_default.yaml @@ -6,7 +6,7 @@ metadata: name: datadog-clusterchecks namespace: datadog-agent labels: - helm.sh/chart: 'datadog-3.59.5' + helm.sh/chart: 'datadog-3.64.1' app.kubernetes.io/name: "datadog" app.kubernetes.io/instance: "datadog" app.kubernetes.io/managed-by: Helm @@ -24,7 +24,7 @@ metadata: name: datadog-cluster-agent namespace: datadog-agent labels: - helm.sh/chart: 'datadog-3.59.5' + helm.sh/chart: 'datadog-3.64.1' app.kubernetes.io/name: "datadog" app.kubernetes.io/instance: "datadog" app.kubernetes.io/managed-by: Helm @@ -41,13 +41,13 @@ kind: ServiceAccount automountServiceAccountToken: true metadata: labels: - helm.sh/chart: 'datadog-3.59.5' + helm.sh/chart: 'datadog-3.64.1' app.kubernetes.io/name: "datadog" app.kubernetes.io/instance: "datadog" app.kubernetes.io/managed-by: Helm app.kubernetes.io/version: "7" app: "datadog" - chart: "datadog-3.59.5" + chart: "datadog-3.64.1" heritage: "Helm" release: "datadog" name: datadog-cluster-checks @@ -60,10 +60,10 @@ automountServiceAccountToken: true metadata: labels: app: "datadog" - chart: "datadog-3.59.5" + chart: "datadog-3.64.1" heritage: "Helm" release: "datadog" - helm.sh/chart: 'datadog-3.59.5' + helm.sh/chart: 'datadog-3.64.1' app.kubernetes.io/name: "datadog" app.kubernetes.io/instance: "datadog" app.kubernetes.io/managed-by: Helm @@ -79,7 +79,7 @@ metadata: name: datadog namespace: datadog-agent labels: - helm.sh/chart: 'datadog-3.59.5' + helm.sh/chart: 'datadog-3.64.1' app.kubernetes.io/name: "datadog" app.kubernetes.io/instance: "datadog" app.kubernetes.io/managed-by: Helm @@ -92,14 +92,14 @@ metadata: name: datadog-cluster-agent namespace: datadog-agent labels: - helm.sh/chart: 'datadog-3.59.5' + helm.sh/chart: 'datadog-3.64.1' app.kubernetes.io/name: "datadog" app.kubernetes.io/instance: "datadog" app.kubernetes.io/managed-by: Helm app.kubernetes.io/version: "7" type: Opaque data: - token: "dXY0UUNGYUswcGNMQnpHb1lRMDh0R2txOXlpZEdrVnc=" + token: "N0JMTWlPaUoxMXlIMEhKbnVqTEVGUlJndTZ6NnMzTFY=" --- # Source: datadog/templates/cluster-agent-confd-configmap.yaml apiVersion: v1 @@ -108,7 +108,7 @@ metadata: name: datadog-cluster-agent-confd namespace: datadog-agent labels: - helm.sh/chart: 'datadog-3.59.5' + helm.sh/chart: 'datadog-3.64.1' app.kubernetes.io/name: "datadog" app.kubernetes.io/instance: "datadog" app.kubernetes.io/managed-by: Helm @@ -157,20 +157,20 @@ metadata: name: datadog-installinfo namespace: datadog-agent labels: - helm.sh/chart: 'datadog-3.59.5' + helm.sh/chart: 'datadog-3.64.1' app.kubernetes.io/name: "datadog" app.kubernetes.io/instance: "datadog" app.kubernetes.io/managed-by: Helm app.kubernetes.io/version: "7" annotations: - checksum/install_info: ff7899c74b353510429944625eb16f8e592229bb5787e83e275316fa810fb729 + checksum/install_info: f2cb33b54b5eb5df4f4e7285e408f6d4ee343c8a98a644780e18ab457ac4207f data: install_info: | --- install_method: tool: helm tool_version: Helm - installer_version: datadog-3.59.5 + installer_version: datadog-3.64.1 --- # Source: datadog/templates/kpi-telemetry-configmap.yaml apiVersion: v1 @@ -179,22 +179,22 @@ metadata: name: datadog-kpi-telemetry-configmap namespace: datadog-agent labels: - helm.sh/chart: 'datadog-3.59.5' + helm.sh/chart: 'datadog-3.64.1' app.kubernetes.io/name: "datadog" app.kubernetes.io/instance: "datadog" app.kubernetes.io/managed-by: Helm app.kubernetes.io/version: "7" data: - install_id: "dc5846eb-4b2c-4335-9991-87c478de108d" install_type: k8s_manual - install_time: "1712612300" + install_id: "ecae0a5b-f319-413d-80bd-00aa24bddb11" + install_time: "1715810654" --- # Source: datadog/templates/cluster-agent-rbac.yaml apiVersion: "rbac.authorization.k8s.io/v1" kind: ClusterRole metadata: labels: - helm.sh/chart: 'datadog-3.59.5' + helm.sh/chart: 'datadog-3.64.1' app.kubernetes.io/name: "datadog" app.kubernetes.io/instance: "datadog" app.kubernetes.io/managed-by: Helm @@ -400,7 +400,7 @@ apiVersion: "rbac.authorization.k8s.io/v1" kind: ClusterRole metadata: labels: - helm.sh/chart: 'datadog-3.59.5' + helm.sh/chart: 'datadog-3.64.1' app.kubernetes.io/name: "datadog" app.kubernetes.io/instance: "datadog" app.kubernetes.io/managed-by: Helm @@ -496,7 +496,7 @@ kind: ClusterRole metadata: name: datadog labels: - helm.sh/chart: 'datadog-3.59.5' + helm.sh/chart: 'datadog-3.64.1' app.kubernetes.io/name: "datadog" app.kubernetes.io/instance: "datadog" app.kubernetes.io/managed-by: Helm @@ -544,7 +544,7 @@ apiVersion: "rbac.authorization.k8s.io/v1" kind: ClusterRoleBinding metadata: labels: - helm.sh/chart: 'datadog-3.59.5' + helm.sh/chart: 'datadog-3.64.1' app.kubernetes.io/name: "datadog" app.kubernetes.io/instance: "datadog" app.kubernetes.io/managed-by: Helm @@ -564,7 +564,7 @@ apiVersion: "rbac.authorization.k8s.io/v1" kind: ClusterRoleBinding metadata: labels: - helm.sh/chart: 'datadog-3.59.5' + helm.sh/chart: 'datadog-3.64.1' app.kubernetes.io/name: "datadog" app.kubernetes.io/instance: "datadog" app.kubernetes.io/managed-by: Helm @@ -584,7 +584,7 @@ apiVersion: "rbac.authorization.k8s.io/v1" kind: ClusterRoleBinding metadata: labels: - helm.sh/chart: 'datadog-3.59.5' + helm.sh/chart: 'datadog-3.64.1' app.kubernetes.io/name: "datadog" app.kubernetes.io/instance: "datadog" app.kubernetes.io/managed-by: Helm @@ -605,7 +605,7 @@ kind: ClusterRoleBinding metadata: name: datadog labels: - helm.sh/chart: 'datadog-3.59.5' + helm.sh/chart: 'datadog-3.64.1' app.kubernetes.io/name: "datadog" app.kubernetes.io/instance: "datadog" app.kubernetes.io/managed-by: Helm @@ -624,7 +624,7 @@ apiVersion: "rbac.authorization.k8s.io/v1" kind: Role metadata: labels: - helm.sh/chart: 'datadog-3.59.5' + helm.sh/chart: 'datadog-3.64.1' app.kubernetes.io/name: "datadog" app.kubernetes.io/instance: "datadog" app.kubernetes.io/managed-by: Helm @@ -641,7 +641,7 @@ apiVersion: "rbac.authorization.k8s.io/v1" kind: Role metadata: labels: - helm.sh/chart: 'datadog-3.59.5' + helm.sh/chart: 'datadog-3.64.1' app.kubernetes.io/name: "datadog" app.kubernetes.io/instance: "datadog" app.kubernetes.io/managed-by: Helm @@ -663,7 +663,7 @@ apiVersion: "rbac.authorization.k8s.io/v1" kind: RoleBinding metadata: labels: - helm.sh/chart: 'datadog-3.59.5' + helm.sh/chart: 'datadog-3.64.1' app.kubernetes.io/name: "datadog" app.kubernetes.io/instance: "datadog" app.kubernetes.io/managed-by: Helm @@ -684,7 +684,7 @@ apiVersion: "rbac.authorization.k8s.io/v1" kind: RoleBinding metadata: labels: - helm.sh/chart: 'datadog-3.59.5' + helm.sh/chart: 'datadog-3.64.1' app.kubernetes.io/name: "datadog" app.kubernetes.io/instance: "datadog" app.kubernetes.io/managed-by: Helm @@ -707,7 +707,7 @@ metadata: name: datadog-cluster-agent namespace: datadog-agent labels: - helm.sh/chart: 'datadog-3.59.5' + helm.sh/chart: 'datadog-3.64.1' app.kubernetes.io/name: "datadog" app.kubernetes.io/instance: "datadog" app.kubernetes.io/managed-by: Helm @@ -729,10 +729,10 @@ metadata: namespace: datadog-agent labels: app: "datadog" - chart: "datadog-3.59.5" + chart: "datadog-3.64.1" release: "datadog" heritage: "Helm" - helm.sh/chart: 'datadog-3.59.5' + helm.sh/chart: 'datadog-3.64.1' app.kubernetes.io/name: "datadog" app.kubernetes.io/instance: "datadog" app.kubernetes.io/managed-by: Helm @@ -755,10 +755,10 @@ metadata: namespace: datadog-agent labels: app: "datadog" - chart: "datadog-3.59.5" + chart: "datadog-3.64.1" release: "datadog" heritage: "Helm" - helm.sh/chart: 'datadog-3.59.5' + helm.sh/chart: 'datadog-3.64.1' app.kubernetes.io/name: "datadog" app.kubernetes.io/instance: "datadog" app.kubernetes.io/managed-by: Helm @@ -784,7 +784,7 @@ metadata: name: datadog namespace: datadog-agent labels: - helm.sh/chart: 'datadog-3.59.5' + helm.sh/chart: 'datadog-3.64.1' app.kubernetes.io/name: "datadog" app.kubernetes.io/instance: "datadog" app.kubernetes.io/managed-by: Helm @@ -808,8 +808,8 @@ spec: name: datadog annotations: - checksum/clusteragent_token: 2eca1fa995f5cdf71fd464aa84a3b0376f3f7ecd1d6731b8fa18eeb9694b4579 - checksum/install_info: ff7899c74b353510429944625eb16f8e592229bb5787e83e275316fa810fb729 + checksum/clusteragent_token: d03a9a5065f8962a08c54a40fe16a847c62d369a3b53fb0d8eab43464ceb2f71 + checksum/install_info: f2cb33b54b5eb5df4f4e7285e408f6d4ee343c8a98a644780e18ab457ac4207f checksum/autoconf-config: 74234e98afe7498fb5daf1f36ac2d78acc339464f950703b8c019892f982b90b checksum/confd-config: 44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a checksum/checksd-config: 44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a @@ -820,7 +820,7 @@ spec: hostPID: true containers: - name: agent - image: "gcr.io/datadoghq/agent:7.52.1" + image: "gcr.io/datadoghq/agent:7.53.0" imagePullPolicy: IfNotPresent command: ["agent", "run"] @@ -899,6 +899,8 @@ spec: - name: DD_COMPLIANCE_CONFIG_ENABLED value: "false" - name: DD_CONTAINER_IMAGE_ENABLED + value: "true" + - name: DD_KUBELET_CORE_CHECK_ENABLED value: "true" volumeMounts: - name: logdatadog @@ -959,7 +961,7 @@ spec: successThreshold: 1 timeoutSeconds: 5 - name: trace-agent - image: "gcr.io/datadoghq/agent:7.52.1" + image: "gcr.io/datadoghq/agent:7.53.0" imagePullPolicy: IfNotPresent command: ["trace-agent", "-config=/etc/datadog-agent/datadog.yaml"] resources: @@ -1065,7 +1067,7 @@ spec: port: 8126 timeoutSeconds: 5 - name: process-agent - image: "gcr.io/datadoghq/agent:7.52.1" + image: "gcr.io/datadoghq/agent:7.53.0" imagePullPolicy: IfNotPresent command: ["process-agent", "--cfgpath=/etc/datadog-agent/datadog.yaml"] resources: @@ -1156,7 +1158,7 @@ spec: - name: init-volume - image: "gcr.io/datadoghq/agent:7.52.1" + image: "gcr.io/datadoghq/agent:7.53.0" imagePullPolicy: IfNotPresent command: ["bash", "-c"] args: @@ -1169,7 +1171,7 @@ spec: {} - name: init-config - image: "gcr.io/datadoghq/agent:7.52.1" + image: "gcr.io/datadoghq/agent:7.53.0" imagePullPolicy: IfNotPresent command: - bash @@ -1274,7 +1276,7 @@ metadata: name: datadog-clusterchecks namespace: datadog-agent labels: - helm.sh/chart: 'datadog-3.59.5' + helm.sh/chart: 'datadog-3.64.1' app.kubernetes.io/name: "datadog" app.kubernetes.io/instance: "datadog" app.kubernetes.io/managed-by: Helm @@ -1304,8 +1306,8 @@ spec: name: datadog-clusterchecks annotations: - checksum/clusteragent_token: 0f5813b5b82cfb158b2ce63357f1f87771c9c64cc9dec0ce8163eb3f86f1ed2b - checksum/install_info: ff7899c74b353510429944625eb16f8e592229bb5787e83e275316fa810fb729 + checksum/clusteragent_token: 831a63691a28bf46d9ee882d24ed86a390771d63d365e38f2c1de87a255b1189 + checksum/install_info: f2cb33b54b5eb5df4f4e7285e408f6d4ee343c8a98a644780e18ab457ac4207f spec: serviceAccountName: datadog-cluster-checks automountServiceAccountToken: true @@ -1313,7 +1315,7 @@ spec: [] initContainers: - name: init-volume - image: "gcr.io/datadoghq/agent:7.52.1" + image: "gcr.io/datadoghq/agent:7.53.0" imagePullPolicy: IfNotPresent command: ["bash", "-c"] args: @@ -1325,7 +1327,7 @@ spec: resources: {} - name: init-config - image: "gcr.io/datadoghq/agent:7.52.1" + image: "gcr.io/datadoghq/agent:7.53.0" imagePullPolicy: IfNotPresent command: ["bash", "-c"] args: @@ -1338,7 +1340,7 @@ spec: {} containers: - name: agent - image: "gcr.io/datadoghq/agent:7.52.1" + image: "gcr.io/datadoghq/agent:7.53.0" command: ["bash", "-c"] args: - rm -rf /etc/datadog-agent/conf.d && touch /etc/datadog-agent/datadog.yaml && exec agent run @@ -1455,7 +1457,7 @@ metadata: name: datadog-cluster-agent namespace: datadog-agent labels: - helm.sh/chart: 'datadog-3.59.5' + helm.sh/chart: 'datadog-3.64.1' app.kubernetes.io/name: "datadog" app.kubernetes.io/instance: "datadog" app.kubernetes.io/managed-by: Helm @@ -1485,15 +1487,15 @@ spec: name: datadog-cluster-agent annotations: - checksum/clusteragent_token: 97694b10aa1860763a995809539a1dd0913868bc7eb396772d43907e3b577f53 - checksum/clusteragent-configmap: c3898339b22cb80ce6654e95096d254c8b01d95a7daebf0dd43d8bedb1a8e7da - checksum/install_info: ff7899c74b353510429944625eb16f8e592229bb5787e83e275316fa810fb729 + checksum/clusteragent_token: bc65ea20059b7c744324b8d5d2847a197f1a57c3696a6ced7096ab67434c6e3b + checksum/clusteragent-configmap: e83039fde82075a0a0be813cf361ac8a4d8a726f6fba902b4a407fb172eab591 + checksum/install_info: f2cb33b54b5eb5df4f4e7285e408f6d4ee343c8a98a644780e18ab457ac4207f spec: serviceAccountName: datadog-cluster-agent automountServiceAccountToken: true initContainers: - name: init-volume - image: "gcr.io/datadoghq/cluster-agent:7.52.1" + image: "gcr.io/datadoghq/cluster-agent:7.53.0" imagePullPolicy: IfNotPresent command: - cp @@ -1506,7 +1508,7 @@ spec: mountPath: /opt/datadog-agent containers: - name: cluster-agent - image: "gcr.io/datadoghq/cluster-agent:7.52.1" + image: "gcr.io/datadoghq/cluster-agent:7.53.0" imagePullPolicy: IfNotPresent resources: {} diff --git a/test/datadog/dca_AC_sidecar_test.go b/test/datadog/dca_AC_sidecar_test.go index 07f63199f..0e3baefb0 100644 --- a/test/datadog/dca_AC_sidecar_test.go +++ b/test/datadog/dca_AC_sidecar_test.go @@ -4,11 +4,12 @@ import ( "encoding/json" "testing" - "github.com/DataDog/helm-charts/test/common" "github.com/stretchr/testify/assert" appsv1 "k8s.io/api/apps/v1" corev1 "k8s.io/api/core/v1" metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" + + "github.com/DataDog/helm-charts/test/common" ) const ( @@ -90,7 +91,7 @@ func verifyDeploymentFargateMinimal(t *testing.T, manifest string) { // Default will be set by DCA assert.Empty(t, acConfigEnv[DDSidecarRegistry]) assert.Equal(t, "agent", acConfigEnv[DDSidecarImageName]) - assert.Equal(t, "7.52.1", acConfigEnv[DDSidecarImageTag]) + assert.Equal(t, "7.53.0", acConfigEnv[DDSidecarImageTag]) assert.Empty(t, acConfigEnv[DDSidecarSelectors]) assert.Empty(t, acConfigEnv[DDSidecarProfiles]) } From d54fccd4f7be0ec81a84142a85495c018c9c5e13 Mon Sep 17 00:00:00 2001 From: Paul Cacheux Date: Fri, 17 May 2024 14:22:43 +0200 Subject: [PATCH 055/209] [CWS] default option to switch CWS events to the new track to true (#1400) --- charts/datadog/CHANGELOG.md | 4 ++++ charts/datadog/Chart.yaml | 2 +- charts/datadog/README.md | 4 ++-- charts/datadog/values.yaml | 2 +- 4 files changed, 8 insertions(+), 4 deletions(-) diff --git a/charts/datadog/CHANGELOG.md b/charts/datadog/CHANGELOG.md index f9fcf867e..a8d137502 100644 --- a/charts/datadog/CHANGELOG.md +++ b/charts/datadog/CHANGELOG.md @@ -1,5 +1,9 @@ # Datadog changelog +## 3.65.0 + +* Default `datadog.securityAgent.runtime.useSecruntimeTrack` to `true`, sending CWS events directly to the new secruntime track (and to the new agent events explorer). + ## 3.64.1 * Add `datadog.securityAgent.runtime.useSecruntimeTrack` config to start sending CWS events directly to the new secruntime track (and to the new agent events explorer). diff --git a/charts/datadog/Chart.yaml b/charts/datadog/Chart.yaml index e2fdd6b74..26ddcabf7 100644 --- a/charts/datadog/Chart.yaml +++ b/charts/datadog/Chart.yaml @@ -1,6 +1,6 @@ apiVersion: v1 name: datadog -version: 3.64.1 +version: 3.65.0 appVersion: "7" description: Datadog Agent keywords: diff --git a/charts/datadog/README.md b/charts/datadog/README.md index 655e7bab2..da584da20 100644 --- a/charts/datadog/README.md +++ b/charts/datadog/README.md @@ -1,6 +1,6 @@ # Datadog -![Version: 3.64.1](https://img.shields.io/badge/Version-3.64.1-informational?style=flat-square) ![AppVersion: 7](https://img.shields.io/badge/AppVersion-7-informational?style=flat-square) +![Version: 3.65.0](https://img.shields.io/badge/Version-3.65.0-informational?style=flat-square) ![AppVersion: 7](https://img.shields.io/badge/AppVersion-7-informational?style=flat-square) [Datadog](https://www.datadoghq.com/) is a hosted infrastructure monitoring platform. This chart adds the Datadog Agent to all nodes in your cluster via a DaemonSet. It also optionally depends on the [kube-state-metrics chart](https://github.com/prometheus-community/helm-charts/tree/main/charts/kube-state-metrics). For more information about monitoring Kubernetes with Datadog, please refer to the [Datadog documentation website](https://docs.datadoghq.com/agent/basic_agent_usage/kubernetes/). @@ -804,7 +804,7 @@ helm install \ | datadog.securityAgent.runtime.securityProfile.autoSuppression.enabled | bool | `true` | Set to true to enable CWS runtime auto suppression | | datadog.securityAgent.runtime.securityProfile.enabled | bool | `true` | Set to true to enable CWS runtime security profiles | | datadog.securityAgent.runtime.syscallMonitor.enabled | bool | `false` | Set to true to enable the Syscall monitoring (recommended for troubleshooting only) | -| datadog.securityAgent.runtime.useSecruntimeTrack | bool | `false` | Set to true to send Cloud Workload Security (CWS) events directly to the Agent events explorer | +| datadog.securityAgent.runtime.useSecruntimeTrack | bool | `true` | Set to true to send Cloud Workload Security (CWS) events directly to the Agent events explorer | | datadog.securityContext | object | `{"runAsUser":0}` | Allows you to overwrite the default PodSecurityContext on the Daemonset or Deployment | | datadog.serviceMonitoring.enabled | bool | `false` | Enable Universal Service Monitoring | | datadog.site | string | `nil` | The site of the Datadog intake to send Agent data to. (documentation: https://docs.datadoghq.com/getting_started/site/) | diff --git a/charts/datadog/values.yaml b/charts/datadog/values.yaml index 9678ad219..3c2ff7429 100644 --- a/charts/datadog/values.yaml +++ b/charts/datadog/values.yaml @@ -783,7 +783,7 @@ datadog: fimEnabled: false # datadog.securityAgent.runtime.useSecruntimeTrack -- Set to true to send Cloud Workload Security (CWS) events directly to the Agent events explorer - useSecruntimeTrack: false + useSecruntimeTrack: true policies: # datadog.securityAgent.runtime.policies.configMap -- Contains CWS policies that will be used From 26a45cfb6cfd2cc4471d932cd2ed7d9748a44a33 Mon Sep 17 00:00:00 2001 From: Tess Neau Date: Fri, 17 May 2024 13:42:06 -0400 Subject: [PATCH 056/209] [observability-pipelines-worker] 2.0.1 release (#1402) * [observability-pipelines-worker] release 2.0.1 * [observability-pipelines-worker] release 2.0.1 --- charts/observability-pipelines-worker/CHANGELOG.md | 4 ++++ charts/observability-pipelines-worker/Chart.yaml | 4 ++-- charts/observability-pipelines-worker/README.md | 4 ++-- charts/observability-pipelines-worker/values.yaml | 2 +- 4 files changed, 9 insertions(+), 5 deletions(-) diff --git a/charts/observability-pipelines-worker/CHANGELOG.md b/charts/observability-pipelines-worker/CHANGELOG.md index c643a7417..45e883bcb 100644 --- a/charts/observability-pipelines-worker/CHANGELOG.md +++ b/charts/observability-pipelines-worker/CHANGELOG.md @@ -1,5 +1,9 @@ # Changelog +## 2.0.1 + +* Official image `2.0.1` + ## 2.0.0 * GA release of Observability Pipelines Worker v2 diff --git a/charts/observability-pipelines-worker/Chart.yaml b/charts/observability-pipelines-worker/Chart.yaml index 047bbd8d9..b1ff8fa06 100644 --- a/charts/observability-pipelines-worker/Chart.yaml +++ b/charts/observability-pipelines-worker/Chart.yaml @@ -1,6 +1,6 @@ apiVersion: v2 name: observability-pipelines-worker -version: "2.0.0" +version: "2.0.1" description: Observability Pipelines Worker type: application keywords: @@ -13,7 +13,7 @@ icon: https://datadog-live.imgix.net/img/dd_logo_70x75.png maintainers: - name: Datadog email: support@datadoghq.com -appVersion: "2.0.0" +appVersion: "2.0.1" annotations: artifacthub.io/links: | - name: Chart Source diff --git a/charts/observability-pipelines-worker/README.md b/charts/observability-pipelines-worker/README.md index d6e96edeb..5c94b146b 100644 --- a/charts/observability-pipelines-worker/README.md +++ b/charts/observability-pipelines-worker/README.md @@ -1,6 +1,6 @@ # Observability Pipelines Worker -![Version: 2.0.0](https://img.shields.io/badge/Version-2.0.0-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 2.0.0](https://img.shields.io/badge/AppVersion-2.0.0-informational?style=flat-square) +![Version: 2.0.1](https://img.shields.io/badge/Version-2.0.1-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 2.0.1](https://img.shields.io/badge/AppVersion-2.0.1-informational?style=flat-square) ## How to use Datadog Helm repository @@ -110,7 +110,7 @@ The command removes all the Kubernetes components associated with the chart and | image.pullPolicy | string | `"IfNotPresent"` | Specify the [pullPolicy](https://kubernetes.io/docs/concepts/containers/images/#image-pull-policy). | | image.pullSecrets | list | `[]` | Specify the [imagePullSecrets](https://kubernetes.io/docs/concepts/containers/images/#specifying-imagepullsecrets-on-a-pod). | | image.repository | string | `"gcr.io/datadoghq"` | Specify the image repository to use. | -| image.tag | string | `"2.0.0"` | Specify the image tag to use. | +| image.tag | string | `"2.0.1"` | Specify the image tag to use. | | ingress.annotations | object | `{}` | Specify annotations for the Ingress. | | ingress.className | string | `""` | Specify the [ingressClassName](https://kubernetes.io/blog/2020/04/02/improvements-to-the-ingress-api-in-kubernetes-1.18/#specifying-the-class-of-an-ingress), requires Kubernetes >= 1.18. | | ingress.enabled | bool | `false` | If **true**, create an Ingress resource. | diff --git a/charts/observability-pipelines-worker/values.yaml b/charts/observability-pipelines-worker/values.yaml index e0d212d48..2f3af7210 100644 --- a/charts/observability-pipelines-worker/values.yaml +++ b/charts/observability-pipelines-worker/values.yaml @@ -42,7 +42,7 @@ image: # image.name -- Specify the image name to use (relative to `image.repository`). name: observability-pipelines-worker # image.tag -- Specify the image tag to use. - tag: 2.0.0 + tag: 2.0.1 # image.digest -- (string) Specify the image digest to use; takes precedence over `image.tag`. digest: ## Currently, we offer images at: From 5fdc9079d5645eaf995c7c8736cf2190798efc67 Mon Sep 17 00:00:00 2001 From: Paul Cacheux Date: Tue, 21 May 2024 23:34:59 +0200 Subject: [PATCH 057/209] [CWS] make sure the security agent is aware of `datadog.securityAgent.runtime.useSecruntimeTrack`. (#1404) * [CWS] pass `useSecruntimeTrack` to security agent as well * version bump + changelog --- charts/datadog/CHANGELOG.md | 4 ++++ charts/datadog/Chart.yaml | 2 +- charts/datadog/README.md | 2 +- charts/datadog/templates/_container-security-agent.yaml | 4 +++- 4 files changed, 9 insertions(+), 3 deletions(-) diff --git a/charts/datadog/CHANGELOG.md b/charts/datadog/CHANGELOG.md index a8d137502..366e01370 100644 --- a/charts/datadog/CHANGELOG.md +++ b/charts/datadog/CHANGELOG.md @@ -1,5 +1,9 @@ # Datadog changelog +## 3.65.1 + +* Make sure the security agent is aware of `datadog.securityAgent.runtime.useSecruntimeTrack`. + ## 3.65.0 * Default `datadog.securityAgent.runtime.useSecruntimeTrack` to `true`, sending CWS events directly to the new secruntime track (and to the new agent events explorer). diff --git a/charts/datadog/Chart.yaml b/charts/datadog/Chart.yaml index 26ddcabf7..6967b5215 100644 --- a/charts/datadog/Chart.yaml +++ b/charts/datadog/Chart.yaml @@ -1,6 +1,6 @@ apiVersion: v1 name: datadog -version: 3.65.0 +version: 3.65.1 appVersion: "7" description: Datadog Agent keywords: diff --git a/charts/datadog/README.md b/charts/datadog/README.md index da584da20..0c61eee04 100644 --- a/charts/datadog/README.md +++ b/charts/datadog/README.md @@ -1,6 +1,6 @@ # Datadog -![Version: 3.65.0](https://img.shields.io/badge/Version-3.65.0-informational?style=flat-square) ![AppVersion: 7](https://img.shields.io/badge/AppVersion-7-informational?style=flat-square) +![Version: 3.65.1](https://img.shields.io/badge/Version-3.65.1-informational?style=flat-square) ![AppVersion: 7](https://img.shields.io/badge/AppVersion-7-informational?style=flat-square) [Datadog](https://www.datadoghq.com/) is a hosted infrastructure monitoring platform. This chart adds the Datadog Agent to all nodes in your cluster via a DaemonSet. It also optionally depends on the [kube-state-metrics chart](https://github.com/prometheus-community/helm-charts/tree/main/charts/kube-state-metrics). For more information about monitoring Kubernetes with Datadog, please refer to the [Datadog documentation website](https://docs.datadoghq.com/agent/basic_agent_usage/kubernetes/). diff --git a/charts/datadog/templates/_container-security-agent.yaml b/charts/datadog/templates/_container-security-agent.yaml index 29656fc2c..49d65f8ed 100644 --- a/charts/datadog/templates/_container-security-agent.yaml +++ b/charts/datadog/templates/_container-security-agent.yaml @@ -44,12 +44,14 @@ value: /host/root {{- end }} - name: DD_RUNTIME_SECURITY_CONFIG_ENABLED - value: {{ .Values.datadog.securityAgent.runtime.enabled | quote }} + value: {{ .Values.datadog.securityAgent.runtime.enabled | quote }} {{- if or .Values.datadog.securityAgent.runtime.enabled .Values.datadog.securityAgent.runtime.fimEnabled }} - name: DD_RUNTIME_SECURITY_CONFIG_POLICIES_DIR value: "/etc/datadog-agent/runtime-security.d" - name: DD_RUNTIME_SECURITY_CONFIG_SOCKET value: /var/run/sysprobe/runtime-security.sock + - name: DD_RUNTIME_SECURITY_CONFIG_USE_SECRUNTIME_TRACK + value: {{ .Values.datadog.securityAgent.runtime.useSecruntimeTrack | quote }} {{- end }} {{- if eq .Values.targetSystem "linux" }} - name: DD_DOGSTATSD_SOCKET From bde0d7084967bc5e3b7177b642b168d7e09a97f0 Mon Sep 17 00:00:00 2001 From: Rafael Melo de Oliveira Date: Mon, 27 May 2024 18:03:48 +0200 Subject: [PATCH 058/209] [Synthetics] Private Location 1.48.0 --- charts/synthetics-private-location/CHANGELOG.md | 4 ++++ charts/synthetics-private-location/Chart.yaml | 4 ++-- charts/synthetics-private-location/README.md | 4 ++-- charts/synthetics-private-location/values.yaml | 2 +- 4 files changed, 9 insertions(+), 5 deletions(-) diff --git a/charts/synthetics-private-location/CHANGELOG.md b/charts/synthetics-private-location/CHANGELOG.md index 2651f5475..eefb21d1d 100644 --- a/charts/synthetics-private-location/CHANGELOG.md +++ b/charts/synthetics-private-location/CHANGELOG.md @@ -1,5 +1,9 @@ # Datadog changelog +## 0.16.2 + +* Update private location image version to `1.48.0`. + ## 0.16.1 * Update private location image version to `1.47.0`. diff --git a/charts/synthetics-private-location/Chart.yaml b/charts/synthetics-private-location/Chart.yaml index 6af29097b..38bdb4060 100644 --- a/charts/synthetics-private-location/Chart.yaml +++ b/charts/synthetics-private-location/Chart.yaml @@ -1,7 +1,7 @@ apiVersion: v2 name: synthetics-private-location -version: 0.16.1 -appVersion: 1.47.0 +version: 0.16.2 +appVersion: 1.48.0 description: Datadog Synthetics Private Location keywords: - monitoring diff --git a/charts/synthetics-private-location/README.md b/charts/synthetics-private-location/README.md index 8e7841a13..c1954cbb9 100644 --- a/charts/synthetics-private-location/README.md +++ b/charts/synthetics-private-location/README.md @@ -1,6 +1,6 @@ # Datadog Synthetics Private Location -![Version: 0.16.1](https://img.shields.io/badge/Version-0.16.1-informational?style=flat-square) ![AppVersion: 1.47.0](https://img.shields.io/badge/AppVersion-1.47.0-informational?style=flat-square) +![Version: 0.16.2](https://img.shields.io/badge/Version-0.16.2-informational?style=flat-square) ![AppVersion: 1.48.0](https://img.shields.io/badge/AppVersion-1.48.0-informational?style=flat-square) [Datadog](https://www.datadoghq.com/) is a hosted infrastructure monitoring platform. This chart adds a Datadog Synthetics Private Location Deployment. For more information about synthetics monitoring with Datadog, please refer to the [Datadog documentation website](https://docs.datadoghq.com/synthetics/private_locations/?tab=helmchart). @@ -40,7 +40,7 @@ helm install datadog/synthetics-private-location --set-file confi | hostAliases | list | `[]` | Add entries to Datadog Synthetics Private Location PODs' /etc/hosts | | image.pullPolicy | string | `"IfNotPresent"` | Define the pullPolicy for Datadog Synthetics Private Location image | | image.repository | string | `"gcr.io/datadoghq/synthetics-private-location-worker"` | Repository to use for Datadog Synthetics Private Location image | -| image.tag | string | `"1.47.0"` | Define the Datadog Synthetics Private Location version to use | +| image.tag | string | `"1.48.0"` | Define the Datadog Synthetics Private Location version to use | | imagePullSecrets | list | `[]` | Datadog Synthetics Private Location repository pullSecret (ex: specify docker registry credentials) | | nameOverride | string | `""` | Override name of app | | nodeSelector | object | `{}` | Allows to schedule Datadog Synthetics Private Location on specific nodes | diff --git a/charts/synthetics-private-location/values.yaml b/charts/synthetics-private-location/values.yaml index 8e20c42f1..8e5412bf1 100644 --- a/charts/synthetics-private-location/values.yaml +++ b/charts/synthetics-private-location/values.yaml @@ -15,7 +15,7 @@ image: # image.pullPolicy -- Define the pullPolicy for Datadog Synthetics Private Location image pullPolicy: IfNotPresent # image.tag -- Define the Datadog Synthetics Private Location version to use - tag: 1.47.0 + tag: 1.48.0 # dnsPolicy -- DNS Policy to set to the Datadog Synthetics Private Location PODs dnsPolicy: ClusterFirst From b3a6c4d06e1441b813115b9d8a0e741613542202 Mon Sep 17 00:00:00 2001 From: Robert Li Date: Wed, 29 May 2024 12:37:09 -0400 Subject: [PATCH 059/209] Add CODEOWNER for process agent template (#1408) --- .github/CODEOWNERS | 21 +++++++++++---------- 1 file changed, 11 insertions(+), 10 deletions(-) diff --git a/.github/CODEOWNERS b/.github/CODEOWNERS index 67a03d272..262d861ec 100644 --- a/.github/CODEOWNERS +++ b/.github/CODEOWNERS @@ -6,13 +6,14 @@ *.md @DataDog/documentation @DataDog/container-helm-chart-maintainers # Charts -charts/datadog-crds @DataDog/container-ecosystems -charts/datadog-operator @DataDog/container-ecosystems -charts/extended-daemon-set @DataDog/container-ecosystems -charts/datadog @DataDog/container-helm-chart-maintainers -charts/datadog/templates/container-system-probe.yaml @DataDog/ebpf-platform @DataDog/container-helm-chart-maintainers -charts/datadog/templates/system-probe-configmap.yaml @DataDog/ebpf-platform @DataDog/container-helm-chart-maintainers -charts/datadog/templates/system-probe-init.yaml @DataDog/ebpf-platform @DataDog/container-helm-chart-maintainers -charts/synthetics-private-location/ @Datadog/synthetics -charts/observability-pipelines-worker @DataDog/observability-pipelines -charts/datadog/templates/_container-trace-agent.yaml @DataDog/agent-apm @DataDog/container-helm-chart-maintainers +charts/datadog-crds @DataDog/container-ecosystems +charts/datadog-operator @DataDog/container-ecosystems +charts/extended-daemon-set @DataDog/container-ecosystems +charts/datadog @DataDog/container-helm-chart-maintainers +charts/datadog/templates/_container-process-agent.yaml @DataDog/processes @DataDog/container-helm-chart-maintainers +charts/datadog/templates/_container-system-probe.yaml @DataDog/ebpf-platform @DataDog/container-helm-chart-maintainers +charts/datadog/templates/_container-trace-agent.yaml @DataDog/agent-apm @DataDog/container-helm-chart-maintainers +charts/datadog/templates/_system-probe-init.yaml @DataDog/ebpf-platform @DataDog/container-helm-chart-maintainers +charts/datadog/templates/system-probe-configmap.yaml @DataDog/ebpf-platform @DataDog/container-helm-chart-maintainers +charts/synthetics-private-location/ @Datadog/synthetics +charts/observability-pipelines-worker @DataDog/observability-pipelines From 8f7cdc9dd7eb8a60002aca91ac4def4d0cc7db72 Mon Sep 17 00:00:00 2001 From: Adel Haj Hassan <41540817+adel121@users.noreply.github.com> Date: Fri, 31 May 2024 18:46:51 +0200 Subject: [PATCH 060/209] do not enable live process collection by default when language detection is enabled (#1410) --- charts/datadog/CHANGELOG.md | 4 ++++ charts/datadog/Chart.yaml | 2 +- charts/datadog/README.md | 2 +- charts/datadog/templates/_container-process-agent.yaml | 2 -- 4 files changed, 6 insertions(+), 4 deletions(-) diff --git a/charts/datadog/CHANGELOG.md b/charts/datadog/CHANGELOG.md index 366e01370..cebecf06e 100644 --- a/charts/datadog/CHANGELOG.md +++ b/charts/datadog/CHANGELOG.md @@ -1,5 +1,9 @@ # Datadog changelog +## 3.65.2 + +* Do not enable live process collection by default when language detection is enabled for `APM SSI`. + ## 3.65.1 * Make sure the security agent is aware of `datadog.securityAgent.runtime.useSecruntimeTrack`. diff --git a/charts/datadog/Chart.yaml b/charts/datadog/Chart.yaml index 6967b5215..207280b63 100644 --- a/charts/datadog/Chart.yaml +++ b/charts/datadog/Chart.yaml @@ -1,6 +1,6 @@ apiVersion: v1 name: datadog -version: 3.65.1 +version: 3.65.2 appVersion: "7" description: Datadog Agent keywords: diff --git a/charts/datadog/README.md b/charts/datadog/README.md index 0c61eee04..7091ec21a 100644 --- a/charts/datadog/README.md +++ b/charts/datadog/README.md @@ -1,6 +1,6 @@ # Datadog -![Version: 3.65.1](https://img.shields.io/badge/Version-3.65.1-informational?style=flat-square) ![AppVersion: 7](https://img.shields.io/badge/AppVersion-7-informational?style=flat-square) +![Version: 3.65.2](https://img.shields.io/badge/Version-3.65.2-informational?style=flat-square) ![AppVersion: 7](https://img.shields.io/badge/AppVersion-7-informational?style=flat-square) [Datadog](https://www.datadoghq.com/) is a hosted infrastructure monitoring platform. This chart adds the Datadog Agent to all nodes in your cluster via a DaemonSet. It also optionally depends on the [kube-state-metrics chart](https://github.com/prometheus-community/helm-charts/tree/main/charts/kube-state-metrics). For more information about monitoring Kubernetes with Datadog, please refer to the [Datadog documentation website](https://docs.datadoghq.com/agent/basic_agent_usage/kubernetes/). diff --git a/charts/datadog/templates/_container-process-agent.yaml b/charts/datadog/templates/_container-process-agent.yaml index 1fd312c5c..b69179bbc 100644 --- a/charts/datadog/templates/_container-process-agent.yaml +++ b/charts/datadog/templates/_container-process-agent.yaml @@ -52,8 +52,6 @@ {{- end }} - name: DD_ORCHESTRATOR_EXPLORER_ENABLED value: {{ (include "should-enable-k8s-resource-monitoring" .) | quote }} - - name: DD_PROCESS_AGENT_PROCESS_COLLECTION_ENABLED - value: {{ include "language-detection-enabled" . | quote }} {{- include "additional-env-entries" .Values.agents.containers.processAgent.env | indent 4 }} {{- include "additional-env-dict-entries" .Values.agents.containers.processAgent.envDict | indent 4 }} volumeMounts: From 147c8b931df19f34b3790e8a76ac4f83c0cc571a Mon Sep 17 00:00:00 2001 From: Xavier Lucas Date: Mon, 3 Jun 2024 14:55:10 +0200 Subject: [PATCH 061/209] Update RBACs for storageclass and limitrange collection (#1387) --- charts/datadog/CHANGELOG.md | 5 ++++- charts/datadog/Chart.yaml | 2 +- charts/datadog/README.md | 2 +- charts/datadog/templates/cluster-agent-rbac.yaml | 9 +++++++++ 4 files changed, 15 insertions(+), 3 deletions(-) diff --git a/charts/datadog/CHANGELOG.md b/charts/datadog/CHANGELOG.md index cebecf06e..ae2a5f31f 100644 --- a/charts/datadog/CHANGELOG.md +++ b/charts/datadog/CHANGELOG.md @@ -1,5 +1,9 @@ # Datadog changelog +## 3.65.3 + +* Add RBAC rules for collection of StorageClass and LimitRange resources in the Orchestrator Explorer. + ## 3.65.2 * Do not enable live process collection by default when language detection is enabled for `APM SSI`. @@ -86,7 +90,6 @@ * `datadog.apm.instrumentation.enabledNamespaces` - optional; list of namespaces to enable automatic instrumentation in. If not provided, every namespace in the cluster will be instrumented. * `datadog.apm.instrumentation.disabledNamespaces` - optional; list of namespaces to disable automatic instrumentation in. - ## 3.57.3 * Exclude agent, cluster agent and agent clusterchecks pods from injection from the admission controller. diff --git a/charts/datadog/Chart.yaml b/charts/datadog/Chart.yaml index 207280b63..6b1b5e7e1 100644 --- a/charts/datadog/Chart.yaml +++ b/charts/datadog/Chart.yaml @@ -1,6 +1,6 @@ apiVersion: v1 name: datadog -version: 3.65.2 +version: 3.65.3 appVersion: "7" description: Datadog Agent keywords: diff --git a/charts/datadog/README.md b/charts/datadog/README.md index 7091ec21a..1e4fc7a1e 100644 --- a/charts/datadog/README.md +++ b/charts/datadog/README.md @@ -1,6 +1,6 @@ # Datadog -![Version: 3.65.2](https://img.shields.io/badge/Version-3.65.2-informational?style=flat-square) ![AppVersion: 7](https://img.shields.io/badge/AppVersion-7-informational?style=flat-square) +![Version: 3.65.3](https://img.shields.io/badge/Version-3.65.3-informational?style=flat-square) ![AppVersion: 7](https://img.shields.io/badge/AppVersion-7-informational?style=flat-square) [Datadog](https://www.datadoghq.com/) is a hosted infrastructure monitoring platform. This chart adds the Datadog Agent to all nodes in your cluster via a DaemonSet. It also optionally depends on the [kube-state-metrics chart](https://github.com/prometheus-community/helm-charts/tree/main/charts/kube-state-metrics). For more information about monitoring Kubernetes with Datadog, please refer to the [Datadog documentation website](https://docs.datadoghq.com/agent/basic_agent_usage/kubernetes/). diff --git a/charts/datadog/templates/cluster-agent-rbac.yaml b/charts/datadog/templates/cluster-agent-rbac.yaml index d9e87ff5b..35b87c548 100644 --- a/charts/datadog/templates/cluster-agent-rbac.yaml +++ b/charts/datadog/templates/cluster-agent-rbac.yaml @@ -15,6 +15,7 @@ rules: - nodes - namespaces - componentstatuses + - limitranges verbs: - get - list @@ -198,6 +199,14 @@ rules: - list - get - watch +- apiGroups: + - "storage.k8s.io" + resources: + - storageclasses + verbs: + - list + - get + - watch - apiGroups: - autoscaling.k8s.io resources: From 03cdce1208dbe7633f26e9ef8467070f9e8644ae Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?L=C3=A9na=C3=AFc=20Huard?= Date: Mon, 3 Jun 2024 17:17:04 +0200 Subject: [PATCH 062/209] Set default (cluster-)agent version to `7.54.0` (#1412) --- charts/datadog/CHANGELOG.md | 4 ++++ charts/datadog/Chart.yaml | 2 +- charts/datadog/README.md | 8 ++++---- charts/datadog/values.yaml | 6 +++--- 4 files changed, 12 insertions(+), 8 deletions(-) diff --git a/charts/datadog/CHANGELOG.md b/charts/datadog/CHANGELOG.md index ae2a5f31f..85ab2c6bc 100644 --- a/charts/datadog/CHANGELOG.md +++ b/charts/datadog/CHANGELOG.md @@ -1,5 +1,9 @@ # Datadog changelog +## 3.66.0 + +* Set default `Agent` and `Cluster-Agent` version to `7.54.0`. + ## 3.65.3 * Add RBAC rules for collection of StorageClass and LimitRange resources in the Orchestrator Explorer. diff --git a/charts/datadog/Chart.yaml b/charts/datadog/Chart.yaml index 6b1b5e7e1..98a3246b4 100644 --- a/charts/datadog/Chart.yaml +++ b/charts/datadog/Chart.yaml @@ -1,6 +1,6 @@ apiVersion: v1 name: datadog -version: 3.65.3 +version: 3.66.0 appVersion: "7" description: Datadog Agent keywords: diff --git a/charts/datadog/README.md b/charts/datadog/README.md index 1e4fc7a1e..d5b3f817a 100644 --- a/charts/datadog/README.md +++ b/charts/datadog/README.md @@ -1,6 +1,6 @@ # Datadog -![Version: 3.65.3](https://img.shields.io/badge/Version-3.65.3-informational?style=flat-square) ![AppVersion: 7](https://img.shields.io/badge/AppVersion-7-informational?style=flat-square) +![Version: 3.66.0](https://img.shields.io/badge/Version-3.66.0-informational?style=flat-square) ![AppVersion: 7](https://img.shields.io/badge/AppVersion-7-informational?style=flat-square) [Datadog](https://www.datadoghq.com/) is a hosted infrastructure monitoring platform. This chart adds the Datadog Agent to all nodes in your cluster via a DaemonSet. It also optionally depends on the [kube-state-metrics chart](https://github.com/prometheus-community/helm-charts/tree/main/charts/kube-state-metrics). For more information about monitoring Kubernetes with Datadog, please refer to the [Datadog documentation website](https://docs.datadoghq.com/agent/basic_agent_usage/kubernetes/). @@ -508,7 +508,7 @@ helm install \ | agents.image.pullPolicy | string | `"IfNotPresent"` | Datadog Agent image pull policy | | agents.image.pullSecrets | list | `[]` | Datadog Agent repository pullSecret (ex: specify docker registry credentials) | | agents.image.repository | string | `nil` | Override default registry + image.name for Agent | -| agents.image.tag | string | `"7.53.0"` | Define the Agent version to use | +| agents.image.tag | string | `"7.54.0"` | Define the Agent version to use | | agents.image.tagSuffix | string | `""` | Suffix to append to Agent tag | | agents.localService.forceLocalServiceEnabled | bool | `false` | Force the creation of the internal traffic policy service to target the agent running on the local node. By default, the internal traffic service is created only on Kubernetes 1.22+ where the feature became beta and enabled by default. This option allows to force the creation of the internal traffic service on kubernetes 1.21 where the feature was alpha and required a feature gate to be explicitly enabled. | | agents.localService.overrideName | string | `""` | Name of the internal traffic service to target the agent running on the local node | @@ -583,7 +583,7 @@ helm install \ | clusterAgent.image.pullPolicy | string | `"IfNotPresent"` | Cluster Agent image pullPolicy | | clusterAgent.image.pullSecrets | list | `[]` | Cluster Agent repository pullSecret (ex: specify docker registry credentials) | | clusterAgent.image.repository | string | `nil` | Override default registry + image.name for Cluster Agent | -| clusterAgent.image.tag | string | `"7.53.0"` | Cluster Agent image tag to use | +| clusterAgent.image.tag | string | `"7.54.0"` | Cluster Agent image tag to use | | clusterAgent.livenessProbe | object | Every 15s / 6 KO / 1 OK | Override default Cluster Agent liveness probe settings | | clusterAgent.metricsProvider.aggregator | string | `"avg"` | Define the aggregator the cluster agent will use to process the metrics. The options are (avg, min, max, sum) | | clusterAgent.metricsProvider.createReaderRbac | bool | `true` | Create `external-metrics-reader` RBAC automatically (to allow HPA to read data from Cluster Agent) | @@ -634,7 +634,7 @@ helm install \ | clusterChecksRunner.image.pullPolicy | string | `"IfNotPresent"` | Datadog Agent image pull policy | | clusterChecksRunner.image.pullSecrets | list | `[]` | Datadog Agent repository pullSecret (ex: specify docker registry credentials) | | clusterChecksRunner.image.repository | string | `nil` | Override default registry + image.name for Cluster Check Runners | -| clusterChecksRunner.image.tag | string | `"7.53.0"` | Define the Agent version to use | +| clusterChecksRunner.image.tag | string | `"7.54.0"` | Define the Agent version to use | | clusterChecksRunner.image.tagSuffix | string | `""` | Suffix to append to Agent tag | | clusterChecksRunner.livenessProbe | object | Every 15s / 6 KO / 1 OK | Override default agent liveness probe settings | | clusterChecksRunner.networkPolicy.create | bool | `false` | If true, create a NetworkPolicy for the cluster checks runners. DEPRECATED. Use datadog.networkPolicy.create instead | diff --git a/charts/datadog/values.yaml b/charts/datadog/values.yaml index 3c2ff7429..35c571ccf 100644 --- a/charts/datadog/values.yaml +++ b/charts/datadog/values.yaml @@ -930,7 +930,7 @@ clusterAgent: name: cluster-agent # clusterAgent.image.tag -- Cluster Agent image tag to use - tag: 7.53.0 + tag: 7.54.0 # clusterAgent.image.digest -- Cluster Agent image digest to use, takes precedence over tag if specified digest: "" @@ -1414,7 +1414,7 @@ agents: name: agent # agents.image.tag -- Define the Agent version to use - tag: 7.53.0 + tag: 7.54.0 # agents.image.digest -- Define Agent image digest to use, takes precedence over tag if specified digest: "" @@ -1882,7 +1882,7 @@ clusterChecksRunner: name: agent # clusterChecksRunner.image.tag -- Define the Agent version to use - tag: 7.53.0 + tag: 7.54.0 # clusterChecksRunner.image.digest -- Define Agent image digest to use, takes precedence over tag if specified digest: "" From 669ebe05b43803d288e0ab6d9325bccbf2ad5d95 Mon Sep 17 00:00:00 2001 From: Tess Neau Date: Tue, 4 Jun 2024 09:01:19 -0700 Subject: [PATCH 063/209] [observability-pipelines-worker] release 2.0.2 (#1414) --- charts/observability-pipelines-worker/CHANGELOG.md | 4 ++++ charts/observability-pipelines-worker/Chart.yaml | 4 ++-- charts/observability-pipelines-worker/README.md | 4 ++-- charts/observability-pipelines-worker/values.yaml | 2 +- 4 files changed, 9 insertions(+), 5 deletions(-) diff --git a/charts/observability-pipelines-worker/CHANGELOG.md b/charts/observability-pipelines-worker/CHANGELOG.md index 45e883bcb..0216d1c44 100644 --- a/charts/observability-pipelines-worker/CHANGELOG.md +++ b/charts/observability-pipelines-worker/CHANGELOG.md @@ -2,6 +2,10 @@ ## 2.0.1 +* Official image `2.0.2` + +## 2.0.1 + * Official image `2.0.1` ## 2.0.0 diff --git a/charts/observability-pipelines-worker/Chart.yaml b/charts/observability-pipelines-worker/Chart.yaml index b1ff8fa06..589bf8b7c 100644 --- a/charts/observability-pipelines-worker/Chart.yaml +++ b/charts/observability-pipelines-worker/Chart.yaml @@ -1,6 +1,6 @@ apiVersion: v2 name: observability-pipelines-worker -version: "2.0.1" +version: "2.0.2" description: Observability Pipelines Worker type: application keywords: @@ -13,7 +13,7 @@ icon: https://datadog-live.imgix.net/img/dd_logo_70x75.png maintainers: - name: Datadog email: support@datadoghq.com -appVersion: "2.0.1" +appVersion: "2.0.2" annotations: artifacthub.io/links: | - name: Chart Source diff --git a/charts/observability-pipelines-worker/README.md b/charts/observability-pipelines-worker/README.md index 5c94b146b..ee907d892 100644 --- a/charts/observability-pipelines-worker/README.md +++ b/charts/observability-pipelines-worker/README.md @@ -1,6 +1,6 @@ # Observability Pipelines Worker -![Version: 2.0.1](https://img.shields.io/badge/Version-2.0.1-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 2.0.1](https://img.shields.io/badge/AppVersion-2.0.1-informational?style=flat-square) +![Version: 2.0.2](https://img.shields.io/badge/Version-2.0.2-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 2.0.2](https://img.shields.io/badge/AppVersion-2.0.2-informational?style=flat-square) ## How to use Datadog Helm repository @@ -110,7 +110,7 @@ The command removes all the Kubernetes components associated with the chart and | image.pullPolicy | string | `"IfNotPresent"` | Specify the [pullPolicy](https://kubernetes.io/docs/concepts/containers/images/#image-pull-policy). | | image.pullSecrets | list | `[]` | Specify the [imagePullSecrets](https://kubernetes.io/docs/concepts/containers/images/#specifying-imagepullsecrets-on-a-pod). | | image.repository | string | `"gcr.io/datadoghq"` | Specify the image repository to use. | -| image.tag | string | `"2.0.1"` | Specify the image tag to use. | +| image.tag | string | `"2.0.2"` | Specify the image tag to use. | | ingress.annotations | object | `{}` | Specify annotations for the Ingress. | | ingress.className | string | `""` | Specify the [ingressClassName](https://kubernetes.io/blog/2020/04/02/improvements-to-the-ingress-api-in-kubernetes-1.18/#specifying-the-class-of-an-ingress), requires Kubernetes >= 1.18. | | ingress.enabled | bool | `false` | If **true**, create an Ingress resource. | diff --git a/charts/observability-pipelines-worker/values.yaml b/charts/observability-pipelines-worker/values.yaml index 2f3af7210..e3c3de235 100644 --- a/charts/observability-pipelines-worker/values.yaml +++ b/charts/observability-pipelines-worker/values.yaml @@ -42,7 +42,7 @@ image: # image.name -- Specify the image name to use (relative to `image.repository`). name: observability-pipelines-worker # image.tag -- Specify the image tag to use. - tag: 2.0.1 + tag: 2.0.2 # image.digest -- (string) Specify the image digest to use; takes precedence over `image.tag`. digest: ## Currently, we offer images at: From a340b286a3b5021c91cbcc9bb8c30617a692814e Mon Sep 17 00:00:00 2001 From: khewonc <39867936+khewonc@users.noreply.github.com> Date: Fri, 7 Jun 2024 09:41:39 -0400 Subject: [PATCH 064/209] [CECO-1228][operator] Add tool version to operator helm chart (#1416) * Add tool version to operator * Update helm docs --- charts/datadog-operator/CHANGELOG.md | 4 ++++ charts/datadog-operator/Chart.yaml | 2 +- charts/datadog-operator/README.md | 2 +- charts/datadog-operator/templates/deployment.yaml | 4 ++++ .../baseline/Operator_Deployment_default.yaml | 2 +- .../baseline/Operator_Deployment_with_certManager.yaml | 2 +- 6 files changed, 12 insertions(+), 4 deletions(-) diff --git a/charts/datadog-operator/CHANGELOG.md b/charts/datadog-operator/CHANGELOG.md index 430798c64..afda55faf 100644 --- a/charts/datadog-operator/CHANGELOG.md +++ b/charts/datadog-operator/CHANGELOG.md @@ -1,5 +1,9 @@ # Changelog +## 1.7.1 + +* Add `DD_TOOL_VERSION` to operator deployment. + ## 1.7.0 * Update Datadog Operator version to 1.6.0. diff --git a/charts/datadog-operator/Chart.yaml b/charts/datadog-operator/Chart.yaml index 31331ce91..833986a7a 100644 --- a/charts/datadog-operator/Chart.yaml +++ b/charts/datadog-operator/Chart.yaml @@ -1,6 +1,6 @@ apiVersion: v2 name: datadog-operator -version: 1.7.0 +version: 1.7.1 appVersion: 1.6.0 description: Datadog Operator keywords: diff --git a/charts/datadog-operator/README.md b/charts/datadog-operator/README.md index d67460f7e..bf4c5e936 100644 --- a/charts/datadog-operator/README.md +++ b/charts/datadog-operator/README.md @@ -1,6 +1,6 @@ # Datadog Operator -![Version: 1.7.0](https://img.shields.io/badge/Version-1.7.0-informational?style=flat-square) ![AppVersion: 1.6.0](https://img.shields.io/badge/AppVersion-1.6.0-informational?style=flat-square) +![Version: 1.7.1](https://img.shields.io/badge/Version-1.7.1-informational?style=flat-square) ![AppVersion: 1.6.0](https://img.shields.io/badge/AppVersion-1.6.0-informational?style=flat-square) ## Values diff --git a/charts/datadog-operator/templates/deployment.yaml b/charts/datadog-operator/templates/deployment.yaml index e8908b26f..5b6b095d7 100644 --- a/charts/datadog-operator/templates/deployment.yaml +++ b/charts/datadog-operator/templates/deployment.yaml @@ -62,6 +62,10 @@ spec: valueFrom: fieldRef: fieldPath: metadata.name + {{- if (semverCompare ">=1.7.0-0" .Values.image.tag) }} + - name: DD_TOOL_VERSION + value: "helm" + {{- end }} {{- if or .Values.apiKey .Values.apiKeyExistingSecret }} - name: DD_API_KEY valueFrom: diff --git a/test/datadog-operator/baseline/Operator_Deployment_default.yaml b/test/datadog-operator/baseline/Operator_Deployment_default.yaml index 35331fc87..27481b41a 100644 --- a/test/datadog-operator/baseline/Operator_Deployment_default.yaml +++ b/test/datadog-operator/baseline/Operator_Deployment_default.yaml @@ -7,7 +7,7 @@ metadata: namespace: datadog-agent labels: app.kubernetes.io/name: datadog-operator - helm.sh/chart: datadog-operator-1.7.0 + helm.sh/chart: datadog-operator-1.7.1 app.kubernetes.io/instance: datadog-operator app.kubernetes.io/version: "1.6.0" app.kubernetes.io/managed-by: Helm diff --git a/test/datadog-operator/baseline/Operator_Deployment_with_certManager.yaml b/test/datadog-operator/baseline/Operator_Deployment_with_certManager.yaml index 61d615a8d..61045b38b 100644 --- a/test/datadog-operator/baseline/Operator_Deployment_with_certManager.yaml +++ b/test/datadog-operator/baseline/Operator_Deployment_with_certManager.yaml @@ -7,7 +7,7 @@ metadata: namespace: datadog-agent labels: app.kubernetes.io/name: datadog-operator - helm.sh/chart: datadog-operator-1.7.0 + helm.sh/chart: datadog-operator-1.7.1 app.kubernetes.io/instance: datadog-operator app.kubernetes.io/version: "1.6.0" app.kubernetes.io/managed-by: Helm From 867c9c0dc8c618f501f28ec8084cde940458f5ce Mon Sep 17 00:00:00 2001 From: Celene Date: Mon, 17 Jun 2024 10:42:48 -0400 Subject: [PATCH 065/209] [datadog-crds] update CRDs following datadog operator 1.7.0 release (#1423) --- charts/datadog-crds/CHANGELOG.md | 3 + charts/datadog-crds/Chart.yaml | 2 +- charts/datadog-crds/README.md | 2 +- ...datadoghq.com_datadogagentprofiles_v1.yaml | 73 +- ...oghq.com_datadogagentprofiles_v1beta1.yaml | 71 ++ .../datadoghq.com_datadogagents_v1.yaml | 889 +++++++++++++++++- .../datadoghq.com_datadogagents_v1beta1.yaml | 889 +++++++++++++++++- crds/datadoghq.com_datadogagentprofiles.yaml | 73 +- crds/datadoghq.com_datadogagents.yaml | 876 +++++++++++++++++ 9 files changed, 2856 insertions(+), 22 deletions(-) diff --git a/charts/datadog-crds/CHANGELOG.md b/charts/datadog-crds/CHANGELOG.md index 8feb24781..4d6630675 100644 --- a/charts/datadog-crds/CHANGELOG.md +++ b/charts/datadog-crds/CHANGELOG.md @@ -1,5 +1,8 @@ # Changelog +## 1.7.0 +* Update CRDs from Datadog Operator v1.7.0 tag. + ## 1.6.0 * Update CRDs from Datadog Operator v1.6.0 tag. diff --git a/charts/datadog-crds/Chart.yaml b/charts/datadog-crds/Chart.yaml index dfbe3f63c..8a12c195c 100644 --- a/charts/datadog-crds/Chart.yaml +++ b/charts/datadog-crds/Chart.yaml @@ -1,7 +1,7 @@ apiVersion: v1 name: datadog-crds description: Datadog Kubernetes CRDs chart -version: 1.6.0 +version: 1.7.0 appVersion: "1" keywords: - monitoring diff --git a/charts/datadog-crds/README.md b/charts/datadog-crds/README.md index b9e62d55d..e26fde96d 100644 --- a/charts/datadog-crds/README.md +++ b/charts/datadog-crds/README.md @@ -1,6 +1,6 @@ # Datadog CRDs -![Version: 1.6.0](https://img.shields.io/badge/Version-1.6.0-informational?style=flat-square) ![AppVersion: 1](https://img.shields.io/badge/AppVersion-1-informational?style=flat-square) +![Version: 1.7.0](https://img.shields.io/badge/Version-1.7.0-informational?style=flat-square) ![AppVersion: 1](https://img.shields.io/badge/AppVersion-1-informational?style=flat-square) This chart was designed to allow other "datadog" charts to share `CustomResourceDefinitions` such as the `DatadogMetric`. diff --git a/charts/datadog-crds/templates/datadoghq.com_datadogagentprofiles_v1.yaml b/charts/datadog-crds/templates/datadoghq.com_datadogagentprofiles_v1.yaml index 764ea462d..53c4e0674 100644 --- a/charts/datadog-crds/templates/datadoghq.com_datadogagentprofiles_v1.yaml +++ b/charts/datadog-crds/templates/datadoghq.com_datadogagentprofiles_v1.yaml @@ -24,7 +24,17 @@ spec: singular: datadogagentprofile scope: Namespaced versions: - - name: v1alpha1 + - additionalPrinterColumns: + - jsonPath: .status.valid + name: valid + type: string + - jsonPath: .status.applied + name: applied + type: string + - jsonPath: .metadata.creationTimestamp + name: age + type: date + name: v1alpha1 schema: openAPIV3Schema: description: DatadogAgentProfile is the Schema for the datadogagentprofiles API @@ -105,6 +115,67 @@ spec: type: object status: description: DatadogAgentProfileStatus defines the observed state of DatadogAgentProfile + properties: + applied: + description: Applied shows whether the DatadogAgentProfile conflicts with an existing DatadogAgentProfile. + type: string + conditions: + description: Conditions represents the latest available observations of a DatadogAgentProfile's current state. + items: + description: "Condition contains details for one aspect of the current state of this API Resource. --- This struct is intended for direct use as an array at the field path .status.conditions. For example, type FooStatus struct{ // Represents the observations of a foo's current state. // Known .status.conditions.type are: \"Available\", \"Progressing\", and \"Degraded\" // +patchMergeKey=type // +patchStrategy=merge // +listType=map // +listMapKey=type Conditions []metav1.Condition `json:\"conditions,omitempty\" patchStrategy:\"merge\" patchMergeKey:\"type\" protobuf:\"bytes,1,rep,name=conditions\"` \n // other fields }" + properties: + lastTransitionTime: + description: lastTransitionTime is the last time the condition transitioned from one status to another. This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable. + format: date-time + type: string + message: + description: message is a human readable message indicating details about the transition. This may be an empty string. + maxLength: 32768 + type: string + observedGeneration: + description: observedGeneration represents the .metadata.generation that the condition was set based upon. For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date with respect to the current state of the instance. + format: int64 + minimum: 0 + type: integer + reason: + description: reason contains a programmatic identifier indicating the reason for the condition's last transition. Producers of specific condition types may define expected values and meanings for this field, and whether the values are considered a guaranteed API. The value should be a CamelCase string. This field may not be empty. + maxLength: 1024 + minLength: 1 + pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$ + type: string + status: + description: status of the condition, one of True, False, Unknown. + enum: + - "True" + - "False" + - Unknown + type: string + type: + description: type of condition in CamelCase or in foo.example.com/CamelCase. --- Many .condition.type values are consistent across resources like Available, but because arbitrary conditions can be useful (see .node.status.conditions), the ability to deconflict is important. The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt) + maxLength: 316 + pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ + type: string + required: + - lastTransitionTime + - message + - reason + - status + - type + type: object + type: array + x-kubernetes-list-map-keys: + - type + x-kubernetes-list-type: map + currentHash: + description: CurrentHash is the stored hash of the DatadogAgentProfile. + type: string + lastUpdate: + description: LastUpdate is the last time the status was updated. + format: date-time + type: string + valid: + description: Valid shows if the DatadogAgentProfile has a valid config spec. + type: string type: object type: object served: true diff --git a/charts/datadog-crds/templates/datadoghq.com_datadogagentprofiles_v1beta1.yaml b/charts/datadog-crds/templates/datadoghq.com_datadogagentprofiles_v1beta1.yaml index 8732438b1..5222cbb22 100644 --- a/charts/datadog-crds/templates/datadoghq.com_datadogagentprofiles_v1beta1.yaml +++ b/charts/datadog-crds/templates/datadoghq.com_datadogagentprofiles_v1beta1.yaml @@ -14,6 +14,16 @@ metadata: app.kubernetes.io/name: '{{ include "datadog-crds.name" . }}' app.kubernetes.io/instance: '{{ .Release.Name }}' spec: + additionalPrinterColumns: + - JSONPath: .status.valid + name: valid + type: string + - JSONPath: .status.applied + name: applied + type: string + - JSONPath: .metadata.creationTimestamp + name: age + type: date group: datadoghq.com names: kind: DatadogAgentProfile @@ -105,6 +115,67 @@ spec: type: object status: description: DatadogAgentProfileStatus defines the observed state of DatadogAgentProfile + properties: + applied: + description: Applied shows whether the DatadogAgentProfile conflicts with an existing DatadogAgentProfile. + type: string + conditions: + description: Conditions represents the latest available observations of a DatadogAgentProfile's current state. + items: + description: "Condition contains details for one aspect of the current state of this API Resource. --- This struct is intended for direct use as an array at the field path .status.conditions. For example, type FooStatus struct{ // Represents the observations of a foo's current state. // Known .status.conditions.type are: \"Available\", \"Progressing\", and \"Degraded\" // +patchMergeKey=type // +patchStrategy=merge // +listType=map // +listMapKey=type Conditions []metav1.Condition `json:\"conditions,omitempty\" patchStrategy:\"merge\" patchMergeKey:\"type\" protobuf:\"bytes,1,rep,name=conditions\"` \n // other fields }" + properties: + lastTransitionTime: + description: lastTransitionTime is the last time the condition transitioned from one status to another. This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable. + format: date-time + type: string + message: + description: message is a human readable message indicating details about the transition. This may be an empty string. + maxLength: 32768 + type: string + observedGeneration: + description: observedGeneration represents the .metadata.generation that the condition was set based upon. For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date with respect to the current state of the instance. + format: int64 + minimum: 0 + type: integer + reason: + description: reason contains a programmatic identifier indicating the reason for the condition's last transition. Producers of specific condition types may define expected values and meanings for this field, and whether the values are considered a guaranteed API. The value should be a CamelCase string. This field may not be empty. + maxLength: 1024 + minLength: 1 + pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$ + type: string + status: + description: status of the condition, one of True, False, Unknown. + enum: + - "True" + - "False" + - Unknown + type: string + type: + description: type of condition in CamelCase or in foo.example.com/CamelCase. --- Many .condition.type values are consistent across resources like Available, but because arbitrary conditions can be useful (see .node.status.conditions), the ability to deconflict is important. The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt) + maxLength: 316 + pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ + type: string + required: + - lastTransitionTime + - message + - reason + - status + - type + type: object + type: array + x-kubernetes-list-map-keys: + - type + x-kubernetes-list-type: map + currentHash: + description: CurrentHash is the stored hash of the DatadogAgentProfile. + type: string + lastUpdate: + description: LastUpdate is the last time the status was updated. + format: date-time + type: string + valid: + description: Valid shows if the DatadogAgentProfile has a valid config spec. + type: string type: object type: object version: v1alpha1 diff --git a/charts/datadog-crds/templates/datadoghq.com_datadogagents_v1.yaml b/charts/datadog-crds/templates/datadoghq.com_datadogagents_v1.yaml index 25a240bd9..61e162729 100644 --- a/charts/datadog-crds/templates/datadoghq.com_datadogagents_v1.yaml +++ b/charts/datadog-crds/templates/datadoghq.com_datadogagents_v1.yaml @@ -5896,12 +5896,190 @@ spec: properties: agentCommunicationMode: type: string + agentSidecarInjection: + properties: + clusterAgentCommunicationEnabled: + type: boolean + enabled: + type: boolean + image: + properties: + jmxEnabled: + type: boolean + name: + type: string + pullPolicy: + type: string + pullSecrets: + items: + properties: + name: + type: string + type: object + type: array + tag: + type: string + type: object + profiles: + items: + properties: + env: + items: + properties: + name: + type: string + value: + type: string + valueFrom: + properties: + configMapKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + fieldRef: + properties: + apiVersion: + type: string + fieldPath: + type: string + required: + - fieldPath + type: object + resourceFieldRef: + properties: + containerName: + type: string + divisor: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + type: string + required: + - resource + type: object + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + resources: + properties: + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + type: object + type: object + type: array + x-kubernetes-list-type: atomic + provider: + type: string + registry: + type: string + selectors: + items: + properties: + namespaceSelector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + type: object + type: object + objectSelector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + type: object + type: object + type: object + type: array + x-kubernetes-list-type: atomic + type: object + cwsInstrumentation: + properties: + enabled: + type: boolean + mode: + type: string + type: object enabled: type: boolean failurePolicy: type: string mutateUnlabelled: type: boolean + registry: + type: string serviceName: type: string webhookName: @@ -5946,6 +6124,24 @@ spec: type: string type: object type: object + asm: + properties: + iast: + properties: + enabled: + type: boolean + type: object + sca: + properties: + enabled: + type: boolean + type: object + threats: + properties: + enabled: + type: boolean + type: object + type: object clusterChecks: properties: enabled: @@ -6632,6 +6828,11 @@ spec: additionalProperties: type: string type: object + originDetectionUnified: + properties: + enabled: + type: boolean + type: object podAnnotationsAsTags: additionalProperties: type: string @@ -8530,15 +8731,685 @@ spec: x-kubernetes-list-map-keys: - type x-kubernetes-list-type: map - type: object - type: object - {{- if eq .Values.migration.datadogAgents.version "v2alpha1" }} - served: true - storage: true - {{- else }} - served: true - storage: false - {{- end }} + remoteConfigConfiguration: + properties: + features: + properties: + admissionController: + properties: + agentCommunicationMode: + type: string + agentSidecarInjection: + properties: + clusterAgentCommunicationEnabled: + type: boolean + enabled: + type: boolean + image: + properties: + jmxEnabled: + type: boolean + name: + type: string + pullPolicy: + type: string + pullSecrets: + items: + properties: + name: + type: string + type: object + type: array + tag: + type: string + type: object + profiles: + items: + properties: + env: + items: + properties: + name: + type: string + value: + type: string + valueFrom: + properties: + configMapKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + fieldRef: + properties: + apiVersion: + type: string + fieldPath: + type: string + required: + - fieldPath + type: object + resourceFieldRef: + properties: + containerName: + type: string + divisor: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + type: string + required: + - resource + type: object + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + resources: + properties: + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + type: object + type: object + type: array + x-kubernetes-list-type: atomic + provider: + type: string + registry: + type: string + selectors: + items: + properties: + namespaceSelector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + type: object + type: object + objectSelector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + type: object + type: object + type: object + type: array + x-kubernetes-list-type: atomic + type: object + cwsInstrumentation: + properties: + enabled: + type: boolean + mode: + type: string + type: object + enabled: + type: boolean + failurePolicy: + type: string + mutateUnlabelled: + type: boolean + registry: + type: string + serviceName: + type: string + webhookName: + type: string + type: object + apm: + properties: + enabled: + type: boolean + hostPortConfig: + properties: + enabled: + type: boolean + hostPort: + format: int32 + type: integer + type: object + instrumentation: + properties: + disabledNamespaces: + items: + type: string + type: array + x-kubernetes-list-type: set + enabled: + type: boolean + enabledNamespaces: + items: + type: string + type: array + x-kubernetes-list-type: set + libVersions: + additionalProperties: + type: string + type: object + type: object + unixDomainSocketConfig: + properties: + enabled: + type: boolean + path: + type: string + type: object + type: object + asm: + properties: + iast: + properties: + enabled: + type: boolean + type: object + sca: + properties: + enabled: + type: boolean + type: object + threats: + properties: + enabled: + type: boolean + type: object + type: object + clusterChecks: + properties: + enabled: + type: boolean + useClusterChecksRunners: + type: boolean + type: object + cspm: + properties: + checkInterval: + type: string + customBenchmarks: + properties: + configData: + type: string + configMap: + properties: + items: + items: + properties: + key: + type: string + mode: + format: int32 + type: integer + path: + type: string + required: + - key + - path + type: object + type: array + x-kubernetes-list-map-keys: + - key + x-kubernetes-list-type: map + name: + type: string + type: object + type: object + enabled: + type: boolean + hostBenchmarks: + properties: + enabled: + type: boolean + type: object + type: object + cws: + properties: + customPolicies: + properties: + configData: + type: string + configMap: + properties: + items: + items: + properties: + key: + type: string + mode: + format: int32 + type: integer + path: + type: string + required: + - key + - path + type: object + type: array + x-kubernetes-list-map-keys: + - key + x-kubernetes-list-type: map + name: + type: string + type: object + type: object + enabled: + type: boolean + network: + properties: + enabled: + type: boolean + type: object + remoteConfiguration: + properties: + enabled: + type: boolean + type: object + securityProfiles: + properties: + enabled: + type: boolean + type: object + syscallMonitorEnabled: + type: boolean + type: object + dogstatsd: + properties: + hostPortConfig: + properties: + enabled: + type: boolean + hostPort: + format: int32 + type: integer + type: object + mapperProfiles: + properties: + configData: + type: string + configMap: + properties: + items: + items: + properties: + key: + type: string + mode: + format: int32 + type: integer + path: + type: string + required: + - key + - path + type: object + type: array + x-kubernetes-list-map-keys: + - key + x-kubernetes-list-type: map + name: + type: string + type: object + type: object + originDetectionEnabled: + type: boolean + tagCardinality: + type: string + unixDomainSocketConfig: + properties: + enabled: + type: boolean + path: + type: string + type: object + type: object + ebpfCheck: + properties: + enabled: + type: boolean + type: object + eventCollection: + properties: + collectKubernetesEvents: + type: boolean + type: object + externalMetricsServer: + properties: + enabled: + type: boolean + endpoint: + properties: + credentials: + properties: + apiKey: + type: string + apiSecret: + properties: + keyName: + type: string + secretName: + type: string + required: + - secretName + type: object + appKey: + type: string + appSecret: + properties: + keyName: + type: string + secretName: + type: string + required: + - secretName + type: object + type: object + url: + type: string + type: object + port: + format: int32 + type: integer + registerAPIService: + type: boolean + useDatadogMetrics: + type: boolean + wpaController: + type: boolean + type: object + helmCheck: + properties: + collectEvents: + type: boolean + enabled: + type: boolean + valuesAsTags: + additionalProperties: + type: string + type: object + type: object + kubeStateMetricsCore: + properties: + conf: + properties: + configData: + type: string + configMap: + properties: + items: + items: + properties: + key: + type: string + mode: + format: int32 + type: integer + path: + type: string + required: + - key + - path + type: object + type: array + x-kubernetes-list-map-keys: + - key + x-kubernetes-list-type: map + name: + type: string + type: object + type: object + enabled: + type: boolean + type: object + liveContainerCollection: + properties: + enabled: + type: boolean + type: object + liveProcessCollection: + properties: + enabled: + type: boolean + scrubProcessArguments: + type: boolean + stripProcessArguments: + type: boolean + type: object + logCollection: + properties: + containerCollectAll: + type: boolean + containerCollectUsingFiles: + type: boolean + containerLogsPath: + type: string + containerSymlinksPath: + type: string + enabled: + type: boolean + openFilesLimit: + format: int32 + type: integer + podLogsPath: + type: string + tempStoragePath: + type: string + type: object + npm: + properties: + collectDNSStats: + type: boolean + enableConntrack: + type: boolean + enabled: + type: boolean + type: object + oomKill: + properties: + enabled: + type: boolean + type: object + orchestratorExplorer: + properties: + conf: + properties: + configData: + type: string + configMap: + properties: + items: + items: + properties: + key: + type: string + mode: + format: int32 + type: integer + path: + type: string + required: + - key + - path + type: object + type: array + x-kubernetes-list-map-keys: + - key + x-kubernetes-list-type: map + name: + type: string + type: object + type: object + customResources: + items: + type: string + type: array + x-kubernetes-list-type: set + ddUrl: + type: string + enabled: + type: boolean + extraTags: + items: + type: string + type: array + x-kubernetes-list-type: set + scrubContainers: + type: boolean + type: object + otlp: + properties: + receiver: + properties: + protocols: + properties: + grpc: + properties: + enabled: + type: boolean + endpoint: + type: string + type: object + http: + properties: + enabled: + type: boolean + endpoint: + type: string + type: object + type: object + type: object + type: object + processDiscovery: + properties: + enabled: + type: boolean + type: object + prometheusScrape: + properties: + additionalConfigs: + type: string + enableServiceEndpoints: + type: boolean + enabled: + type: boolean + version: + type: integer + type: object + remoteConfiguration: + properties: + enabled: + type: boolean + type: object + sbom: + properties: + containerImage: + properties: + analyzers: + items: + type: string + type: array + x-kubernetes-list-type: set + enabled: + type: boolean + type: object + enabled: + type: boolean + host: + properties: + analyzers: + items: + type: string + type: array + x-kubernetes-list-type: set + enabled: + type: boolean + type: object + type: object + tcpQueueLength: + properties: + enabled: + type: boolean + type: object + usm: + properties: + enabled: + type: boolean + type: object + type: object + type: object + type: object + type: object + served: true + storage: true subresources: status: {} status: diff --git a/charts/datadog-crds/templates/datadoghq.com_datadogagents_v1beta1.yaml b/charts/datadog-crds/templates/datadoghq.com_datadogagents_v1beta1.yaml index 15bf1efd0..93be5daf3 100644 --- a/charts/datadog-crds/templates/datadoghq.com_datadogagents_v1beta1.yaml +++ b/charts/datadog-crds/templates/datadoghq.com_datadogagents_v1beta1.yaml @@ -5885,12 +5885,190 @@ spec: properties: agentCommunicationMode: type: string + agentSidecarInjection: + properties: + clusterAgentCommunicationEnabled: + type: boolean + enabled: + type: boolean + image: + properties: + jmxEnabled: + type: boolean + name: + type: string + pullPolicy: + type: string + pullSecrets: + items: + properties: + name: + type: string + type: object + type: array + tag: + type: string + type: object + profiles: + items: + properties: + env: + items: + properties: + name: + type: string + value: + type: string + valueFrom: + properties: + configMapKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + fieldRef: + properties: + apiVersion: + type: string + fieldPath: + type: string + required: + - fieldPath + type: object + resourceFieldRef: + properties: + containerName: + type: string + divisor: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + type: string + required: + - resource + type: object + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + resources: + properties: + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + type: object + type: object + type: array + x-kubernetes-list-type: atomic + provider: + type: string + registry: + type: string + selectors: + items: + properties: + namespaceSelector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + type: object + type: object + objectSelector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + type: object + type: object + type: object + type: array + x-kubernetes-list-type: atomic + type: object + cwsInstrumentation: + properties: + enabled: + type: boolean + mode: + type: string + type: object enabled: type: boolean failurePolicy: type: string mutateUnlabelled: type: boolean + registry: + type: string serviceName: type: string webhookName: @@ -5935,6 +6113,24 @@ spec: type: string type: object type: object + asm: + properties: + iast: + properties: + enabled: + type: boolean + type: object + sca: + properties: + enabled: + type: boolean + type: object + threats: + properties: + enabled: + type: boolean + type: object + type: object clusterChecks: properties: enabled: @@ -6621,6 +6817,11 @@ spec: additionalProperties: type: string type: object + originDetectionUnified: + properties: + enabled: + type: boolean + type: object podAnnotationsAsTags: additionalProperties: type: string @@ -8519,15 +8720,685 @@ spec: x-kubernetes-list-map-keys: - type x-kubernetes-list-type: map - type: object - type: object - {{- if eq .Values.migration.datadogAgents.version "v2alpha1" }} - served: true - storage: true - {{- else }} - served: true - storage: false - {{- end }} + remoteConfigConfiguration: + properties: + features: + properties: + admissionController: + properties: + agentCommunicationMode: + type: string + agentSidecarInjection: + properties: + clusterAgentCommunicationEnabled: + type: boolean + enabled: + type: boolean + image: + properties: + jmxEnabled: + type: boolean + name: + type: string + pullPolicy: + type: string + pullSecrets: + items: + properties: + name: + type: string + type: object + type: array + tag: + type: string + type: object + profiles: + items: + properties: + env: + items: + properties: + name: + type: string + value: + type: string + valueFrom: + properties: + configMapKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + fieldRef: + properties: + apiVersion: + type: string + fieldPath: + type: string + required: + - fieldPath + type: object + resourceFieldRef: + properties: + containerName: + type: string + divisor: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + type: string + required: + - resource + type: object + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + resources: + properties: + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + type: object + type: object + type: array + x-kubernetes-list-type: atomic + provider: + type: string + registry: + type: string + selectors: + items: + properties: + namespaceSelector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + type: object + type: object + objectSelector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + type: object + type: object + type: object + type: array + x-kubernetes-list-type: atomic + type: object + cwsInstrumentation: + properties: + enabled: + type: boolean + mode: + type: string + type: object + enabled: + type: boolean + failurePolicy: + type: string + mutateUnlabelled: + type: boolean + registry: + type: string + serviceName: + type: string + webhookName: + type: string + type: object + apm: + properties: + enabled: + type: boolean + hostPortConfig: + properties: + enabled: + type: boolean + hostPort: + format: int32 + type: integer + type: object + instrumentation: + properties: + disabledNamespaces: + items: + type: string + type: array + x-kubernetes-list-type: set + enabled: + type: boolean + enabledNamespaces: + items: + type: string + type: array + x-kubernetes-list-type: set + libVersions: + additionalProperties: + type: string + type: object + type: object + unixDomainSocketConfig: + properties: + enabled: + type: boolean + path: + type: string + type: object + type: object + asm: + properties: + iast: + properties: + enabled: + type: boolean + type: object + sca: + properties: + enabled: + type: boolean + type: object + threats: + properties: + enabled: + type: boolean + type: object + type: object + clusterChecks: + properties: + enabled: + type: boolean + useClusterChecksRunners: + type: boolean + type: object + cspm: + properties: + checkInterval: + type: string + customBenchmarks: + properties: + configData: + type: string + configMap: + properties: + items: + items: + properties: + key: + type: string + mode: + format: int32 + type: integer + path: + type: string + required: + - key + - path + type: object + type: array + x-kubernetes-list-map-keys: + - key + x-kubernetes-list-type: map + name: + type: string + type: object + type: object + enabled: + type: boolean + hostBenchmarks: + properties: + enabled: + type: boolean + type: object + type: object + cws: + properties: + customPolicies: + properties: + configData: + type: string + configMap: + properties: + items: + items: + properties: + key: + type: string + mode: + format: int32 + type: integer + path: + type: string + required: + - key + - path + type: object + type: array + x-kubernetes-list-map-keys: + - key + x-kubernetes-list-type: map + name: + type: string + type: object + type: object + enabled: + type: boolean + network: + properties: + enabled: + type: boolean + type: object + remoteConfiguration: + properties: + enabled: + type: boolean + type: object + securityProfiles: + properties: + enabled: + type: boolean + type: object + syscallMonitorEnabled: + type: boolean + type: object + dogstatsd: + properties: + hostPortConfig: + properties: + enabled: + type: boolean + hostPort: + format: int32 + type: integer + type: object + mapperProfiles: + properties: + configData: + type: string + configMap: + properties: + items: + items: + properties: + key: + type: string + mode: + format: int32 + type: integer + path: + type: string + required: + - key + - path + type: object + type: array + x-kubernetes-list-map-keys: + - key + x-kubernetes-list-type: map + name: + type: string + type: object + type: object + originDetectionEnabled: + type: boolean + tagCardinality: + type: string + unixDomainSocketConfig: + properties: + enabled: + type: boolean + path: + type: string + type: object + type: object + ebpfCheck: + properties: + enabled: + type: boolean + type: object + eventCollection: + properties: + collectKubernetesEvents: + type: boolean + type: object + externalMetricsServer: + properties: + enabled: + type: boolean + endpoint: + properties: + credentials: + properties: + apiKey: + type: string + apiSecret: + properties: + keyName: + type: string + secretName: + type: string + required: + - secretName + type: object + appKey: + type: string + appSecret: + properties: + keyName: + type: string + secretName: + type: string + required: + - secretName + type: object + type: object + url: + type: string + type: object + port: + format: int32 + type: integer + registerAPIService: + type: boolean + useDatadogMetrics: + type: boolean + wpaController: + type: boolean + type: object + helmCheck: + properties: + collectEvents: + type: boolean + enabled: + type: boolean + valuesAsTags: + additionalProperties: + type: string + type: object + type: object + kubeStateMetricsCore: + properties: + conf: + properties: + configData: + type: string + configMap: + properties: + items: + items: + properties: + key: + type: string + mode: + format: int32 + type: integer + path: + type: string + required: + - key + - path + type: object + type: array + x-kubernetes-list-map-keys: + - key + x-kubernetes-list-type: map + name: + type: string + type: object + type: object + enabled: + type: boolean + type: object + liveContainerCollection: + properties: + enabled: + type: boolean + type: object + liveProcessCollection: + properties: + enabled: + type: boolean + scrubProcessArguments: + type: boolean + stripProcessArguments: + type: boolean + type: object + logCollection: + properties: + containerCollectAll: + type: boolean + containerCollectUsingFiles: + type: boolean + containerLogsPath: + type: string + containerSymlinksPath: + type: string + enabled: + type: boolean + openFilesLimit: + format: int32 + type: integer + podLogsPath: + type: string + tempStoragePath: + type: string + type: object + npm: + properties: + collectDNSStats: + type: boolean + enableConntrack: + type: boolean + enabled: + type: boolean + type: object + oomKill: + properties: + enabled: + type: boolean + type: object + orchestratorExplorer: + properties: + conf: + properties: + configData: + type: string + configMap: + properties: + items: + items: + properties: + key: + type: string + mode: + format: int32 + type: integer + path: + type: string + required: + - key + - path + type: object + type: array + x-kubernetes-list-map-keys: + - key + x-kubernetes-list-type: map + name: + type: string + type: object + type: object + customResources: + items: + type: string + type: array + x-kubernetes-list-type: set + ddUrl: + type: string + enabled: + type: boolean + extraTags: + items: + type: string + type: array + x-kubernetes-list-type: set + scrubContainers: + type: boolean + type: object + otlp: + properties: + receiver: + properties: + protocols: + properties: + grpc: + properties: + enabled: + type: boolean + endpoint: + type: string + type: object + http: + properties: + enabled: + type: boolean + endpoint: + type: string + type: object + type: object + type: object + type: object + processDiscovery: + properties: + enabled: + type: boolean + type: object + prometheusScrape: + properties: + additionalConfigs: + type: string + enableServiceEndpoints: + type: boolean + enabled: + type: boolean + version: + type: integer + type: object + remoteConfiguration: + properties: + enabled: + type: boolean + type: object + sbom: + properties: + containerImage: + properties: + analyzers: + items: + type: string + type: array + x-kubernetes-list-type: set + enabled: + type: boolean + type: object + enabled: + type: boolean + host: + properties: + analyzers: + items: + type: string + type: array + x-kubernetes-list-type: set + enabled: + type: boolean + type: object + type: object + tcpQueueLength: + properties: + enabled: + type: boolean + type: object + usm: + properties: + enabled: + type: boolean + type: object + type: object + type: object + type: object + type: object + served: true + storage: true status: acceptedNames: kind: "" diff --git a/crds/datadoghq.com_datadogagentprofiles.yaml b/crds/datadoghq.com_datadogagentprofiles.yaml index e32536727..4ce95b8dc 100644 --- a/crds/datadoghq.com_datadogagentprofiles.yaml +++ b/crds/datadoghq.com_datadogagentprofiles.yaml @@ -18,7 +18,17 @@ spec: singular: datadogagentprofile scope: Namespaced versions: - - name: v1alpha1 + - additionalPrinterColumns: + - jsonPath: .status.valid + name: valid + type: string + - jsonPath: .status.applied + name: applied + type: string + - jsonPath: .metadata.creationTimestamp + name: age + type: date + name: v1alpha1 schema: openAPIV3Schema: description: DatadogAgentProfile is the Schema for the datadogagentprofiles API @@ -99,6 +109,67 @@ spec: type: object status: description: DatadogAgentProfileStatus defines the observed state of DatadogAgentProfile + properties: + applied: + description: Applied shows whether the DatadogAgentProfile conflicts with an existing DatadogAgentProfile. + type: string + conditions: + description: Conditions represents the latest available observations of a DatadogAgentProfile's current state. + items: + description: "Condition contains details for one aspect of the current state of this API Resource. --- This struct is intended for direct use as an array at the field path .status.conditions. For example, type FooStatus struct{ // Represents the observations of a foo's current state. // Known .status.conditions.type are: \"Available\", \"Progressing\", and \"Degraded\" // +patchMergeKey=type // +patchStrategy=merge // +listType=map // +listMapKey=type Conditions []metav1.Condition `json:\"conditions,omitempty\" patchStrategy:\"merge\" patchMergeKey:\"type\" protobuf:\"bytes,1,rep,name=conditions\"` \n // other fields }" + properties: + lastTransitionTime: + description: lastTransitionTime is the last time the condition transitioned from one status to another. This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable. + format: date-time + type: string + message: + description: message is a human readable message indicating details about the transition. This may be an empty string. + maxLength: 32768 + type: string + observedGeneration: + description: observedGeneration represents the .metadata.generation that the condition was set based upon. For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date with respect to the current state of the instance. + format: int64 + minimum: 0 + type: integer + reason: + description: reason contains a programmatic identifier indicating the reason for the condition's last transition. Producers of specific condition types may define expected values and meanings for this field, and whether the values are considered a guaranteed API. The value should be a CamelCase string. This field may not be empty. + maxLength: 1024 + minLength: 1 + pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$ + type: string + status: + description: status of the condition, one of True, False, Unknown. + enum: + - "True" + - "False" + - Unknown + type: string + type: + description: type of condition in CamelCase or in foo.example.com/CamelCase. --- Many .condition.type values are consistent across resources like Available, but because arbitrary conditions can be useful (see .node.status.conditions), the ability to deconflict is important. The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt) + maxLength: 316 + pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ + type: string + required: + - lastTransitionTime + - message + - reason + - status + - type + type: object + type: array + x-kubernetes-list-map-keys: + - type + x-kubernetes-list-type: map + currentHash: + description: CurrentHash is the stored hash of the DatadogAgentProfile. + type: string + lastUpdate: + description: LastUpdate is the last time the status was updated. + format: date-time + type: string + valid: + description: Valid shows if the DatadogAgentProfile has a valid config spec. + type: string type: object type: object served: true diff --git a/crds/datadoghq.com_datadogagents.yaml b/crds/datadoghq.com_datadogagents.yaml index 9307755ff..580498cb1 100644 --- a/crds/datadoghq.com_datadogagents.yaml +++ b/crds/datadoghq.com_datadogagents.yaml @@ -5870,12 +5870,190 @@ spec: properties: agentCommunicationMode: type: string + agentSidecarInjection: + properties: + clusterAgentCommunicationEnabled: + type: boolean + enabled: + type: boolean + image: + properties: + jmxEnabled: + type: boolean + name: + type: string + pullPolicy: + type: string + pullSecrets: + items: + properties: + name: + type: string + type: object + type: array + tag: + type: string + type: object + profiles: + items: + properties: + env: + items: + properties: + name: + type: string + value: + type: string + valueFrom: + properties: + configMapKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + fieldRef: + properties: + apiVersion: + type: string + fieldPath: + type: string + required: + - fieldPath + type: object + resourceFieldRef: + properties: + containerName: + type: string + divisor: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + type: string + required: + - resource + type: object + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + resources: + properties: + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + type: object + type: object + type: array + x-kubernetes-list-type: atomic + provider: + type: string + registry: + type: string + selectors: + items: + properties: + namespaceSelector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + type: object + type: object + objectSelector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + type: object + type: object + type: object + type: array + x-kubernetes-list-type: atomic + type: object + cwsInstrumentation: + properties: + enabled: + type: boolean + mode: + type: string + type: object enabled: type: boolean failurePolicy: type: string mutateUnlabelled: type: boolean + registry: + type: string serviceName: type: string webhookName: @@ -5920,6 +6098,24 @@ spec: type: string type: object type: object + asm: + properties: + iast: + properties: + enabled: + type: boolean + type: object + sca: + properties: + enabled: + type: boolean + type: object + threats: + properties: + enabled: + type: boolean + type: object + type: object clusterChecks: properties: enabled: @@ -6606,6 +6802,11 @@ spec: additionalProperties: type: string type: object + originDetectionUnified: + properties: + enabled: + type: boolean + type: object podAnnotationsAsTags: additionalProperties: type: string @@ -8504,6 +8705,681 @@ spec: x-kubernetes-list-map-keys: - type x-kubernetes-list-type: map + remoteConfigConfiguration: + properties: + features: + properties: + admissionController: + properties: + agentCommunicationMode: + type: string + agentSidecarInjection: + properties: + clusterAgentCommunicationEnabled: + type: boolean + enabled: + type: boolean + image: + properties: + jmxEnabled: + type: boolean + name: + type: string + pullPolicy: + type: string + pullSecrets: + items: + properties: + name: + type: string + type: object + type: array + tag: + type: string + type: object + profiles: + items: + properties: + env: + items: + properties: + name: + type: string + value: + type: string + valueFrom: + properties: + configMapKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + fieldRef: + properties: + apiVersion: + type: string + fieldPath: + type: string + required: + - fieldPath + type: object + resourceFieldRef: + properties: + containerName: + type: string + divisor: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + type: string + required: + - resource + type: object + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + resources: + properties: + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + type: object + type: object + type: array + x-kubernetes-list-type: atomic + provider: + type: string + registry: + type: string + selectors: + items: + properties: + namespaceSelector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + type: object + type: object + objectSelector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + type: object + type: object + type: object + type: array + x-kubernetes-list-type: atomic + type: object + cwsInstrumentation: + properties: + enabled: + type: boolean + mode: + type: string + type: object + enabled: + type: boolean + failurePolicy: + type: string + mutateUnlabelled: + type: boolean + registry: + type: string + serviceName: + type: string + webhookName: + type: string + type: object + apm: + properties: + enabled: + type: boolean + hostPortConfig: + properties: + enabled: + type: boolean + hostPort: + format: int32 + type: integer + type: object + instrumentation: + properties: + disabledNamespaces: + items: + type: string + type: array + x-kubernetes-list-type: set + enabled: + type: boolean + enabledNamespaces: + items: + type: string + type: array + x-kubernetes-list-type: set + libVersions: + additionalProperties: + type: string + type: object + type: object + unixDomainSocketConfig: + properties: + enabled: + type: boolean + path: + type: string + type: object + type: object + asm: + properties: + iast: + properties: + enabled: + type: boolean + type: object + sca: + properties: + enabled: + type: boolean + type: object + threats: + properties: + enabled: + type: boolean + type: object + type: object + clusterChecks: + properties: + enabled: + type: boolean + useClusterChecksRunners: + type: boolean + type: object + cspm: + properties: + checkInterval: + type: string + customBenchmarks: + properties: + configData: + type: string + configMap: + properties: + items: + items: + properties: + key: + type: string + mode: + format: int32 + type: integer + path: + type: string + required: + - key + - path + type: object + type: array + x-kubernetes-list-map-keys: + - key + x-kubernetes-list-type: map + name: + type: string + type: object + type: object + enabled: + type: boolean + hostBenchmarks: + properties: + enabled: + type: boolean + type: object + type: object + cws: + properties: + customPolicies: + properties: + configData: + type: string + configMap: + properties: + items: + items: + properties: + key: + type: string + mode: + format: int32 + type: integer + path: + type: string + required: + - key + - path + type: object + type: array + x-kubernetes-list-map-keys: + - key + x-kubernetes-list-type: map + name: + type: string + type: object + type: object + enabled: + type: boolean + network: + properties: + enabled: + type: boolean + type: object + remoteConfiguration: + properties: + enabled: + type: boolean + type: object + securityProfiles: + properties: + enabled: + type: boolean + type: object + syscallMonitorEnabled: + type: boolean + type: object + dogstatsd: + properties: + hostPortConfig: + properties: + enabled: + type: boolean + hostPort: + format: int32 + type: integer + type: object + mapperProfiles: + properties: + configData: + type: string + configMap: + properties: + items: + items: + properties: + key: + type: string + mode: + format: int32 + type: integer + path: + type: string + required: + - key + - path + type: object + type: array + x-kubernetes-list-map-keys: + - key + x-kubernetes-list-type: map + name: + type: string + type: object + type: object + originDetectionEnabled: + type: boolean + tagCardinality: + type: string + unixDomainSocketConfig: + properties: + enabled: + type: boolean + path: + type: string + type: object + type: object + ebpfCheck: + properties: + enabled: + type: boolean + type: object + eventCollection: + properties: + collectKubernetesEvents: + type: boolean + type: object + externalMetricsServer: + properties: + enabled: + type: boolean + endpoint: + properties: + credentials: + properties: + apiKey: + type: string + apiSecret: + properties: + keyName: + type: string + secretName: + type: string + required: + - secretName + type: object + appKey: + type: string + appSecret: + properties: + keyName: + type: string + secretName: + type: string + required: + - secretName + type: object + type: object + url: + type: string + type: object + port: + format: int32 + type: integer + registerAPIService: + type: boolean + useDatadogMetrics: + type: boolean + wpaController: + type: boolean + type: object + helmCheck: + properties: + collectEvents: + type: boolean + enabled: + type: boolean + valuesAsTags: + additionalProperties: + type: string + type: object + type: object + kubeStateMetricsCore: + properties: + conf: + properties: + configData: + type: string + configMap: + properties: + items: + items: + properties: + key: + type: string + mode: + format: int32 + type: integer + path: + type: string + required: + - key + - path + type: object + type: array + x-kubernetes-list-map-keys: + - key + x-kubernetes-list-type: map + name: + type: string + type: object + type: object + enabled: + type: boolean + type: object + liveContainerCollection: + properties: + enabled: + type: boolean + type: object + liveProcessCollection: + properties: + enabled: + type: boolean + scrubProcessArguments: + type: boolean + stripProcessArguments: + type: boolean + type: object + logCollection: + properties: + containerCollectAll: + type: boolean + containerCollectUsingFiles: + type: boolean + containerLogsPath: + type: string + containerSymlinksPath: + type: string + enabled: + type: boolean + openFilesLimit: + format: int32 + type: integer + podLogsPath: + type: string + tempStoragePath: + type: string + type: object + npm: + properties: + collectDNSStats: + type: boolean + enableConntrack: + type: boolean + enabled: + type: boolean + type: object + oomKill: + properties: + enabled: + type: boolean + type: object + orchestratorExplorer: + properties: + conf: + properties: + configData: + type: string + configMap: + properties: + items: + items: + properties: + key: + type: string + mode: + format: int32 + type: integer + path: + type: string + required: + - key + - path + type: object + type: array + x-kubernetes-list-map-keys: + - key + x-kubernetes-list-type: map + name: + type: string + type: object + type: object + customResources: + items: + type: string + type: array + x-kubernetes-list-type: set + ddUrl: + type: string + enabled: + type: boolean + extraTags: + items: + type: string + type: array + x-kubernetes-list-type: set + scrubContainers: + type: boolean + type: object + otlp: + properties: + receiver: + properties: + protocols: + properties: + grpc: + properties: + enabled: + type: boolean + endpoint: + type: string + type: object + http: + properties: + enabled: + type: boolean + endpoint: + type: string + type: object + type: object + type: object + type: object + processDiscovery: + properties: + enabled: + type: boolean + type: object + prometheusScrape: + properties: + additionalConfigs: + type: string + enableServiceEndpoints: + type: boolean + enabled: + type: boolean + version: + type: integer + type: object + remoteConfiguration: + properties: + enabled: + type: boolean + type: object + sbom: + properties: + containerImage: + properties: + analyzers: + items: + type: string + type: array + x-kubernetes-list-type: set + enabled: + type: boolean + type: object + enabled: + type: boolean + host: + properties: + analyzers: + items: + type: string + type: array + x-kubernetes-list-type: set + enabled: + type: boolean + type: object + type: object + tcpQueueLength: + properties: + enabled: + type: boolean + type: object + usm: + properties: + enabled: + type: boolean + type: object + type: object + type: object type: object type: object served: true From 09319a5ee5f451c87d53947b569107bc640f218f Mon Sep 17 00:00:00 2001 From: Celene Date: Mon, 17 Jun 2024 12:49:53 -0400 Subject: [PATCH 066/209] [datadog-operator] update chart for 1.7.0 (#1424) * [datadog-operator] update chart for 1.7.0 release * update test baselines --- charts/datadog-operator/CHANGELOG.md | 4 + charts/datadog-operator/Chart.lock | 6 +- charts/datadog-operator/Chart.yaml | 6 +- charts/datadog-operator/README.md | 8 +- charts/datadog-operator/README.md.gotmpl | 2 +- .../templates/clusterrole.yaml | 6 + .../templates/deployment.yaml | 7 + charts/datadog-operator/values.yaml | 10 +- .../baseline/DatadogAgent_CRD_default.yaml | 878 +++++++++++++++++- .../DatadogAgent_CRD_with_certManager.yaml | 878 +++++++++++++++++- .../baseline/Operator_Deployment_default.yaml | 9 +- .../Operator_Deployment_with_certManager.yaml | 9 +- .../operator_deployment_test.go | 2 +- ...gent-clusterchecks-deployment_default.yaml | 12 +- .../cluster-agent-deployment_default.yaml | 14 +- ...loyment_default_advanced_AC_injection.yaml | 14 +- ...ployment_default_minimal_AC_injection.yaml | 16 +- test/datadog/baseline/daemonset_default.yaml | 20 +- test/datadog/baseline/other_default.yaml | 117 +-- test/datadog/dca_AC_sidecar_test.go | 2 +- 20 files changed, 1905 insertions(+), 115 deletions(-) diff --git a/charts/datadog-operator/CHANGELOG.md b/charts/datadog-operator/CHANGELOG.md index afda55faf..bc9d422c2 100644 --- a/charts/datadog-operator/CHANGELOG.md +++ b/charts/datadog-operator/CHANGELOG.md @@ -1,5 +1,9 @@ # Changelog +## 1.8.0 + +* Update Datadog Operator version to 1.7.0. + ## 1.7.1 * Add `DD_TOOL_VERSION` to operator deployment. diff --git a/charts/datadog-operator/Chart.lock b/charts/datadog-operator/Chart.lock index ff7f38a03..74314d791 100644 --- a/charts/datadog-operator/Chart.lock +++ b/charts/datadog-operator/Chart.lock @@ -1,6 +1,6 @@ dependencies: - name: datadog-crds repository: https://helm.datadoghq.com - version: 1.6.0 -digest: sha256:8ba0faa3eec8b7e0fab258789b0ddf16a106b725adb8548edd7fedbb862499f3 -generated: "2024-05-15T17:32:24.08231-04:00" + version: 1.7.0 +digest: sha256:30edb3c96a953b123604997bffdd2e4f52d2634d60b102c5fe7d532327c26c27 +generated: "2024-06-17T10:48:12.316395-04:00" diff --git a/charts/datadog-operator/Chart.yaml b/charts/datadog-operator/Chart.yaml index 833986a7a..a510db0bc 100644 --- a/charts/datadog-operator/Chart.yaml +++ b/charts/datadog-operator/Chart.yaml @@ -1,7 +1,7 @@ apiVersion: v2 name: datadog-operator -version: 1.7.1 -appVersion: 1.6.0 +version: 1.8.0 +appVersion: 1.7.0 description: Datadog Operator keywords: - monitoring @@ -17,7 +17,7 @@ maintainers: email: support@datadoghq.com dependencies: - name: datadog-crds - version: "=1.6.0" + version: "=1.7.0" alias: datadogCRDs repository: https://helm.datadoghq.com condition: installCRDs diff --git a/charts/datadog-operator/README.md b/charts/datadog-operator/README.md index bf4c5e936..c72201873 100644 --- a/charts/datadog-operator/README.md +++ b/charts/datadog-operator/README.md @@ -1,6 +1,6 @@ # Datadog Operator -![Version: 1.7.1](https://img.shields.io/badge/Version-1.7.1-informational?style=flat-square) ![AppVersion: 1.6.0](https://img.shields.io/badge/AppVersion-1.6.0-informational?style=flat-square) +![Version: 1.8.0](https://img.shields.io/badge/Version-1.8.0-informational?style=flat-square) ![AppVersion: 1.7.0](https://img.shields.io/badge/AppVersion-1.7.0-informational?style=flat-square) ## Values @@ -11,6 +11,7 @@ | apiKeyExistingSecret | string | `nil` | Use existing Secret which stores API key instead of creating a new one | | appKey | string | `nil` | Your Datadog APP key | | appKeyExistingSecret | string | `nil` | Use existing Secret which stores APP key instead of creating a new one | +| clusterName | string | `nil` | Set a unique cluster name reporting from the Datadog Operator. | | collectOperatorMetrics | bool | `true` | Configures an openmetrics check to collect operator metrics | | containerSecurityContext | object | `{}` | A security context defines privileges and access control settings for a container. | | datadogAgent.enabled | bool | `true` | Enables Datadog Agent controller | @@ -31,7 +32,7 @@ | fullnameOverride | string | `""` | | | image.pullPolicy | string | `"IfNotPresent"` | Define the pullPolicy for Datadog Operator image | | image.repository | string | `"gcr.io/datadoghq/operator"` | Repository to use for Datadog Operator image | -| image.tag | string | `"1.6.0"` | Define the Datadog Operator version to use | +| image.tag | string | `"1.7.0"` | Define the Datadog Operator version to use | | imagePullSecrets | list | `[]` | Datadog Operator repository pullSecret (ex: specify docker registry credentials) | | installCRDs | bool | `true` | Set to true to deploy the Datadog's CRDs | | introspection.enabled | bool | `false` | If true, enables introspection feature (beta). Requires v1.4.0+ | @@ -44,6 +45,7 @@ | podAnnotations | object | `{}` | Allows setting additional annotations for Datadog Operator PODs | | podLabels | object | `{}` | Allows setting additional labels for for Datadog Operator PODs | | rbac.create | bool | `true` | Specifies whether the RBAC resources should be created | +| remoteConfiguration.enabled | bool | `false` | If true, enables Remote Configuration in the Datadog Operator (beta). Requires clusterName, API and App keys to be set. | | replicaCount | int | `1` | Number of instances of Datadog Operator | | resources | object | `{}` | Set resources requests/limits for Datadog Operator PODs | | secretBackend.arguments | string | `""` | Specifies the space-separated arguments passed to the command that implements the secret backend api | @@ -122,7 +124,7 @@ You can update with the following: ``` helm upgrade \ datadog-operator datadog/datadog-operator \ - --set image.tag=1.6.0 \ + --set image.tag=1.7.0 \ --set datadogCRDs.migration.datadogAgents.version=v2alpha1 \ --set datadogCRDs.migration.datadogAgents.useCertManager=true \ --set datadogCRDs.migration.datadogAgents.conversionWebhook.enabled=true diff --git a/charts/datadog-operator/README.md.gotmpl b/charts/datadog-operator/README.md.gotmpl index 9b459f4c1..6ef8c4c9c 100644 --- a/charts/datadog-operator/README.md.gotmpl +++ b/charts/datadog-operator/README.md.gotmpl @@ -68,7 +68,7 @@ You can update with the following: ``` helm upgrade \ datadog-operator datadog/datadog-operator \ - --set image.tag=1.6.0 \ + --set image.tag=1.7.0 \ --set datadogCRDs.migration.datadogAgents.version=v2alpha1 \ --set datadogCRDs.migration.datadogAgents.useCertManager=true \ --set datadogCRDs.migration.datadogAgents.conversionWebhook.enabled=true diff --git a/charts/datadog-operator/templates/clusterrole.yaml b/charts/datadog-operator/templates/clusterrole.yaml index 0727369e3..f4b212891 100644 --- a/charts/datadog-operator/templates/clusterrole.yaml +++ b/charts/datadog-operator/templates/clusterrole.yaml @@ -696,6 +696,12 @@ rules: verbs: - list - watch +- apiGroups: + - "" + resources: + - pods/exec + verbs: + - create {{- if .Values.datadogAgentProfile.enabled }} - apiGroups: - "" diff --git a/charts/datadog-operator/templates/deployment.yaml b/charts/datadog-operator/templates/deployment.yaml index 5b6b095d7..62ddcbeff 100644 --- a/charts/datadog-operator/templates/deployment.yaml +++ b/charts/datadog-operator/templates/deployment.yaml @@ -66,6 +66,10 @@ spec: - name: DD_TOOL_VERSION value: "helm" {{- end }} + {{- if .Values.clusterName }} + - name: DD_CLUSTER_NAME + value: {{ .Values.clusterName }} + {{- end }} {{- if or .Values.apiKey .Values.apiKeyExistingSecret }} - name: DD_API_KEY valueFrom: @@ -125,6 +129,9 @@ spec: {{- if (semverCompare ">=1.3.0" .Values.image.tag) }} - "-datadogSLOEnabled={{ .Values.datadogSLO.enabled }}" {{- end }} + {{- if (semverCompare ">=1.7.0" .Values.image.tag) }} + - "-remoteConfigEnabled={{ .Values.remoteConfiguration.enabled }}" + {{- end }} ports: - name: metrics containerPort: {{ .Values.metricsPort }} diff --git a/charts/datadog-operator/values.yaml b/charts/datadog-operator/values.yaml index 409462063..df136809e 100644 --- a/charts/datadog-operator/values.yaml +++ b/charts/datadog-operator/values.yaml @@ -16,6 +16,10 @@ apiKeyExistingSecret: # # appKey -- Your Datadog APP key appKey: # + +# clusterName -- Set a unique cluster name reporting from the Datadog Operator. +clusterName: + # site -- The site of the Datadog intake to send data to (documentation: https://docs.datadoghq.com/getting_started/site/) ## Set to 'datadoghq.com' to send data to the US1 site (default). @@ -43,7 +47,7 @@ image: # image.repository -- Repository to use for Datadog Operator image repository: gcr.io/datadoghq/operator # image.tag -- Define the Datadog Operator version to use - tag: 1.6.0 + tag: 1.7.0 # image.pullPolicy -- Define the pullPolicy for Datadog Operator image pullPolicy: IfNotPresent # imagePullSecrets -- Datadog Operator repository pullSecret (ex: specify docker registry credentials) @@ -84,6 +88,10 @@ datadogMonitor: datadogSLO: # datadogSLO.enabled -- Enables the Datadog SLO controller enabled: false +remoteConfiguration: + # remoteConfiguration.enabled -- If true, enables Remote Configuration in the Datadog Operator (beta). Requires clusterName, API and App keys to be set. + enabled: false + rbac: # rbac.create -- Specifies whether the RBAC resources should be created create: true diff --git a/test/datadog-operator/baseline/DatadogAgent_CRD_default.yaml b/test/datadog-operator/baseline/DatadogAgent_CRD_default.yaml index 3bb33a89e..732097cc9 100644 --- a/test/datadog-operator/baseline/DatadogAgent_CRD_default.yaml +++ b/test/datadog-operator/baseline/DatadogAgent_CRD_default.yaml @@ -8,7 +8,7 @@ metadata: creationTimestamp: null name: datadogagents.datadoghq.com labels: - helm.sh/chart: 'datadogCRDs-1.6.0' + helm.sh/chart: 'datadogCRDs-1.7.0' app.kubernetes.io/managed-by: 'Helm' app.kubernetes.io/name: 'datadogCRDs' app.kubernetes.io/instance: 'datadog-operator' @@ -5875,12 +5875,190 @@ spec: properties: agentCommunicationMode: type: string + agentSidecarInjection: + properties: + clusterAgentCommunicationEnabled: + type: boolean + enabled: + type: boolean + image: + properties: + jmxEnabled: + type: boolean + name: + type: string + pullPolicy: + type: string + pullSecrets: + items: + properties: + name: + type: string + type: object + type: array + tag: + type: string + type: object + profiles: + items: + properties: + env: + items: + properties: + name: + type: string + value: + type: string + valueFrom: + properties: + configMapKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + fieldRef: + properties: + apiVersion: + type: string + fieldPath: + type: string + required: + - fieldPath + type: object + resourceFieldRef: + properties: + containerName: + type: string + divisor: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + type: string + required: + - resource + type: object + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + resources: + properties: + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + type: object + type: object + type: array + x-kubernetes-list-type: atomic + provider: + type: string + registry: + type: string + selectors: + items: + properties: + namespaceSelector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + type: object + type: object + objectSelector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + type: object + type: object + type: object + type: array + x-kubernetes-list-type: atomic + type: object + cwsInstrumentation: + properties: + enabled: + type: boolean + mode: + type: string + type: object enabled: type: boolean failurePolicy: type: string mutateUnlabelled: type: boolean + registry: + type: string serviceName: type: string webhookName: @@ -5925,6 +6103,24 @@ spec: type: string type: object type: object + asm: + properties: + iast: + properties: + enabled: + type: boolean + type: object + sca: + properties: + enabled: + type: boolean + type: object + threats: + properties: + enabled: + type: boolean + type: object + type: object clusterChecks: properties: enabled: @@ -6611,6 +6807,11 @@ spec: additionalProperties: type: string type: object + originDetectionUnified: + properties: + enabled: + type: boolean + type: object podAnnotationsAsTags: additionalProperties: type: string @@ -8509,6 +8710,681 @@ spec: x-kubernetes-list-map-keys: - type x-kubernetes-list-type: map + remoteConfigConfiguration: + properties: + features: + properties: + admissionController: + properties: + agentCommunicationMode: + type: string + agentSidecarInjection: + properties: + clusterAgentCommunicationEnabled: + type: boolean + enabled: + type: boolean + image: + properties: + jmxEnabled: + type: boolean + name: + type: string + pullPolicy: + type: string + pullSecrets: + items: + properties: + name: + type: string + type: object + type: array + tag: + type: string + type: object + profiles: + items: + properties: + env: + items: + properties: + name: + type: string + value: + type: string + valueFrom: + properties: + configMapKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + fieldRef: + properties: + apiVersion: + type: string + fieldPath: + type: string + required: + - fieldPath + type: object + resourceFieldRef: + properties: + containerName: + type: string + divisor: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + type: string + required: + - resource + type: object + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + resources: + properties: + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + type: object + type: object + type: array + x-kubernetes-list-type: atomic + provider: + type: string + registry: + type: string + selectors: + items: + properties: + namespaceSelector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + type: object + type: object + objectSelector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + type: object + type: object + type: object + type: array + x-kubernetes-list-type: atomic + type: object + cwsInstrumentation: + properties: + enabled: + type: boolean + mode: + type: string + type: object + enabled: + type: boolean + failurePolicy: + type: string + mutateUnlabelled: + type: boolean + registry: + type: string + serviceName: + type: string + webhookName: + type: string + type: object + apm: + properties: + enabled: + type: boolean + hostPortConfig: + properties: + enabled: + type: boolean + hostPort: + format: int32 + type: integer + type: object + instrumentation: + properties: + disabledNamespaces: + items: + type: string + type: array + x-kubernetes-list-type: set + enabled: + type: boolean + enabledNamespaces: + items: + type: string + type: array + x-kubernetes-list-type: set + libVersions: + additionalProperties: + type: string + type: object + type: object + unixDomainSocketConfig: + properties: + enabled: + type: boolean + path: + type: string + type: object + type: object + asm: + properties: + iast: + properties: + enabled: + type: boolean + type: object + sca: + properties: + enabled: + type: boolean + type: object + threats: + properties: + enabled: + type: boolean + type: object + type: object + clusterChecks: + properties: + enabled: + type: boolean + useClusterChecksRunners: + type: boolean + type: object + cspm: + properties: + checkInterval: + type: string + customBenchmarks: + properties: + configData: + type: string + configMap: + properties: + items: + items: + properties: + key: + type: string + mode: + format: int32 + type: integer + path: + type: string + required: + - key + - path + type: object + type: array + x-kubernetes-list-map-keys: + - key + x-kubernetes-list-type: map + name: + type: string + type: object + type: object + enabled: + type: boolean + hostBenchmarks: + properties: + enabled: + type: boolean + type: object + type: object + cws: + properties: + customPolicies: + properties: + configData: + type: string + configMap: + properties: + items: + items: + properties: + key: + type: string + mode: + format: int32 + type: integer + path: + type: string + required: + - key + - path + type: object + type: array + x-kubernetes-list-map-keys: + - key + x-kubernetes-list-type: map + name: + type: string + type: object + type: object + enabled: + type: boolean + network: + properties: + enabled: + type: boolean + type: object + remoteConfiguration: + properties: + enabled: + type: boolean + type: object + securityProfiles: + properties: + enabled: + type: boolean + type: object + syscallMonitorEnabled: + type: boolean + type: object + dogstatsd: + properties: + hostPortConfig: + properties: + enabled: + type: boolean + hostPort: + format: int32 + type: integer + type: object + mapperProfiles: + properties: + configData: + type: string + configMap: + properties: + items: + items: + properties: + key: + type: string + mode: + format: int32 + type: integer + path: + type: string + required: + - key + - path + type: object + type: array + x-kubernetes-list-map-keys: + - key + x-kubernetes-list-type: map + name: + type: string + type: object + type: object + originDetectionEnabled: + type: boolean + tagCardinality: + type: string + unixDomainSocketConfig: + properties: + enabled: + type: boolean + path: + type: string + type: object + type: object + ebpfCheck: + properties: + enabled: + type: boolean + type: object + eventCollection: + properties: + collectKubernetesEvents: + type: boolean + type: object + externalMetricsServer: + properties: + enabled: + type: boolean + endpoint: + properties: + credentials: + properties: + apiKey: + type: string + apiSecret: + properties: + keyName: + type: string + secretName: + type: string + required: + - secretName + type: object + appKey: + type: string + appSecret: + properties: + keyName: + type: string + secretName: + type: string + required: + - secretName + type: object + type: object + url: + type: string + type: object + port: + format: int32 + type: integer + registerAPIService: + type: boolean + useDatadogMetrics: + type: boolean + wpaController: + type: boolean + type: object + helmCheck: + properties: + collectEvents: + type: boolean + enabled: + type: boolean + valuesAsTags: + additionalProperties: + type: string + type: object + type: object + kubeStateMetricsCore: + properties: + conf: + properties: + configData: + type: string + configMap: + properties: + items: + items: + properties: + key: + type: string + mode: + format: int32 + type: integer + path: + type: string + required: + - key + - path + type: object + type: array + x-kubernetes-list-map-keys: + - key + x-kubernetes-list-type: map + name: + type: string + type: object + type: object + enabled: + type: boolean + type: object + liveContainerCollection: + properties: + enabled: + type: boolean + type: object + liveProcessCollection: + properties: + enabled: + type: boolean + scrubProcessArguments: + type: boolean + stripProcessArguments: + type: boolean + type: object + logCollection: + properties: + containerCollectAll: + type: boolean + containerCollectUsingFiles: + type: boolean + containerLogsPath: + type: string + containerSymlinksPath: + type: string + enabled: + type: boolean + openFilesLimit: + format: int32 + type: integer + podLogsPath: + type: string + tempStoragePath: + type: string + type: object + npm: + properties: + collectDNSStats: + type: boolean + enableConntrack: + type: boolean + enabled: + type: boolean + type: object + oomKill: + properties: + enabled: + type: boolean + type: object + orchestratorExplorer: + properties: + conf: + properties: + configData: + type: string + configMap: + properties: + items: + items: + properties: + key: + type: string + mode: + format: int32 + type: integer + path: + type: string + required: + - key + - path + type: object + type: array + x-kubernetes-list-map-keys: + - key + x-kubernetes-list-type: map + name: + type: string + type: object + type: object + customResources: + items: + type: string + type: array + x-kubernetes-list-type: set + ddUrl: + type: string + enabled: + type: boolean + extraTags: + items: + type: string + type: array + x-kubernetes-list-type: set + scrubContainers: + type: boolean + type: object + otlp: + properties: + receiver: + properties: + protocols: + properties: + grpc: + properties: + enabled: + type: boolean + endpoint: + type: string + type: object + http: + properties: + enabled: + type: boolean + endpoint: + type: string + type: object + type: object + type: object + type: object + processDiscovery: + properties: + enabled: + type: boolean + type: object + prometheusScrape: + properties: + additionalConfigs: + type: string + enableServiceEndpoints: + type: boolean + enabled: + type: boolean + version: + type: integer + type: object + remoteConfiguration: + properties: + enabled: + type: boolean + type: object + sbom: + properties: + containerImage: + properties: + analyzers: + items: + type: string + type: array + x-kubernetes-list-type: set + enabled: + type: boolean + type: object + enabled: + type: boolean + host: + properties: + analyzers: + items: + type: string + type: array + x-kubernetes-list-type: set + enabled: + type: boolean + type: object + type: object + tcpQueueLength: + properties: + enabled: + type: boolean + type: object + usm: + properties: + enabled: + type: boolean + type: object + type: object + type: object type: object type: object served: true diff --git a/test/datadog-operator/baseline/DatadogAgent_CRD_with_certManager.yaml b/test/datadog-operator/baseline/DatadogAgent_CRD_with_certManager.yaml index 9d79a4451..ac7e5a511 100644 --- a/test/datadog-operator/baseline/DatadogAgent_CRD_with_certManager.yaml +++ b/test/datadog-operator/baseline/DatadogAgent_CRD_with_certManager.yaml @@ -9,7 +9,7 @@ metadata: creationTimestamp: null name: datadogagents.datadoghq.com labels: - helm.sh/chart: 'datadogCRDs-1.6.0' + helm.sh/chart: 'datadogCRDs-1.7.0' app.kubernetes.io/managed-by: 'Helm' app.kubernetes.io/name: 'datadogCRDs' app.kubernetes.io/instance: 'datadog-operator' @@ -5886,12 +5886,190 @@ spec: properties: agentCommunicationMode: type: string + agentSidecarInjection: + properties: + clusterAgentCommunicationEnabled: + type: boolean + enabled: + type: boolean + image: + properties: + jmxEnabled: + type: boolean + name: + type: string + pullPolicy: + type: string + pullSecrets: + items: + properties: + name: + type: string + type: object + type: array + tag: + type: string + type: object + profiles: + items: + properties: + env: + items: + properties: + name: + type: string + value: + type: string + valueFrom: + properties: + configMapKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + fieldRef: + properties: + apiVersion: + type: string + fieldPath: + type: string + required: + - fieldPath + type: object + resourceFieldRef: + properties: + containerName: + type: string + divisor: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + type: string + required: + - resource + type: object + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + resources: + properties: + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + type: object + type: object + type: array + x-kubernetes-list-type: atomic + provider: + type: string + registry: + type: string + selectors: + items: + properties: + namespaceSelector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + type: object + type: object + objectSelector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + type: object + type: object + type: object + type: array + x-kubernetes-list-type: atomic + type: object + cwsInstrumentation: + properties: + enabled: + type: boolean + mode: + type: string + type: object enabled: type: boolean failurePolicy: type: string mutateUnlabelled: type: boolean + registry: + type: string serviceName: type: string webhookName: @@ -5936,6 +6114,24 @@ spec: type: string type: object type: object + asm: + properties: + iast: + properties: + enabled: + type: boolean + type: object + sca: + properties: + enabled: + type: boolean + type: object + threats: + properties: + enabled: + type: boolean + type: object + type: object clusterChecks: properties: enabled: @@ -6622,6 +6818,11 @@ spec: additionalProperties: type: string type: object + originDetectionUnified: + properties: + enabled: + type: boolean + type: object podAnnotationsAsTags: additionalProperties: type: string @@ -8520,6 +8721,681 @@ spec: x-kubernetes-list-map-keys: - type x-kubernetes-list-type: map + remoteConfigConfiguration: + properties: + features: + properties: + admissionController: + properties: + agentCommunicationMode: + type: string + agentSidecarInjection: + properties: + clusterAgentCommunicationEnabled: + type: boolean + enabled: + type: boolean + image: + properties: + jmxEnabled: + type: boolean + name: + type: string + pullPolicy: + type: string + pullSecrets: + items: + properties: + name: + type: string + type: object + type: array + tag: + type: string + type: object + profiles: + items: + properties: + env: + items: + properties: + name: + type: string + value: + type: string + valueFrom: + properties: + configMapKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + fieldRef: + properties: + apiVersion: + type: string + fieldPath: + type: string + required: + - fieldPath + type: object + resourceFieldRef: + properties: + containerName: + type: string + divisor: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + type: string + required: + - resource + type: object + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + resources: + properties: + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + type: object + type: object + type: array + x-kubernetes-list-type: atomic + provider: + type: string + registry: + type: string + selectors: + items: + properties: + namespaceSelector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + type: object + type: object + objectSelector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + type: object + type: object + type: object + type: array + x-kubernetes-list-type: atomic + type: object + cwsInstrumentation: + properties: + enabled: + type: boolean + mode: + type: string + type: object + enabled: + type: boolean + failurePolicy: + type: string + mutateUnlabelled: + type: boolean + registry: + type: string + serviceName: + type: string + webhookName: + type: string + type: object + apm: + properties: + enabled: + type: boolean + hostPortConfig: + properties: + enabled: + type: boolean + hostPort: + format: int32 + type: integer + type: object + instrumentation: + properties: + disabledNamespaces: + items: + type: string + type: array + x-kubernetes-list-type: set + enabled: + type: boolean + enabledNamespaces: + items: + type: string + type: array + x-kubernetes-list-type: set + libVersions: + additionalProperties: + type: string + type: object + type: object + unixDomainSocketConfig: + properties: + enabled: + type: boolean + path: + type: string + type: object + type: object + asm: + properties: + iast: + properties: + enabled: + type: boolean + type: object + sca: + properties: + enabled: + type: boolean + type: object + threats: + properties: + enabled: + type: boolean + type: object + type: object + clusterChecks: + properties: + enabled: + type: boolean + useClusterChecksRunners: + type: boolean + type: object + cspm: + properties: + checkInterval: + type: string + customBenchmarks: + properties: + configData: + type: string + configMap: + properties: + items: + items: + properties: + key: + type: string + mode: + format: int32 + type: integer + path: + type: string + required: + - key + - path + type: object + type: array + x-kubernetes-list-map-keys: + - key + x-kubernetes-list-type: map + name: + type: string + type: object + type: object + enabled: + type: boolean + hostBenchmarks: + properties: + enabled: + type: boolean + type: object + type: object + cws: + properties: + customPolicies: + properties: + configData: + type: string + configMap: + properties: + items: + items: + properties: + key: + type: string + mode: + format: int32 + type: integer + path: + type: string + required: + - key + - path + type: object + type: array + x-kubernetes-list-map-keys: + - key + x-kubernetes-list-type: map + name: + type: string + type: object + type: object + enabled: + type: boolean + network: + properties: + enabled: + type: boolean + type: object + remoteConfiguration: + properties: + enabled: + type: boolean + type: object + securityProfiles: + properties: + enabled: + type: boolean + type: object + syscallMonitorEnabled: + type: boolean + type: object + dogstatsd: + properties: + hostPortConfig: + properties: + enabled: + type: boolean + hostPort: + format: int32 + type: integer + type: object + mapperProfiles: + properties: + configData: + type: string + configMap: + properties: + items: + items: + properties: + key: + type: string + mode: + format: int32 + type: integer + path: + type: string + required: + - key + - path + type: object + type: array + x-kubernetes-list-map-keys: + - key + x-kubernetes-list-type: map + name: + type: string + type: object + type: object + originDetectionEnabled: + type: boolean + tagCardinality: + type: string + unixDomainSocketConfig: + properties: + enabled: + type: boolean + path: + type: string + type: object + type: object + ebpfCheck: + properties: + enabled: + type: boolean + type: object + eventCollection: + properties: + collectKubernetesEvents: + type: boolean + type: object + externalMetricsServer: + properties: + enabled: + type: boolean + endpoint: + properties: + credentials: + properties: + apiKey: + type: string + apiSecret: + properties: + keyName: + type: string + secretName: + type: string + required: + - secretName + type: object + appKey: + type: string + appSecret: + properties: + keyName: + type: string + secretName: + type: string + required: + - secretName + type: object + type: object + url: + type: string + type: object + port: + format: int32 + type: integer + registerAPIService: + type: boolean + useDatadogMetrics: + type: boolean + wpaController: + type: boolean + type: object + helmCheck: + properties: + collectEvents: + type: boolean + enabled: + type: boolean + valuesAsTags: + additionalProperties: + type: string + type: object + type: object + kubeStateMetricsCore: + properties: + conf: + properties: + configData: + type: string + configMap: + properties: + items: + items: + properties: + key: + type: string + mode: + format: int32 + type: integer + path: + type: string + required: + - key + - path + type: object + type: array + x-kubernetes-list-map-keys: + - key + x-kubernetes-list-type: map + name: + type: string + type: object + type: object + enabled: + type: boolean + type: object + liveContainerCollection: + properties: + enabled: + type: boolean + type: object + liveProcessCollection: + properties: + enabled: + type: boolean + scrubProcessArguments: + type: boolean + stripProcessArguments: + type: boolean + type: object + logCollection: + properties: + containerCollectAll: + type: boolean + containerCollectUsingFiles: + type: boolean + containerLogsPath: + type: string + containerSymlinksPath: + type: string + enabled: + type: boolean + openFilesLimit: + format: int32 + type: integer + podLogsPath: + type: string + tempStoragePath: + type: string + type: object + npm: + properties: + collectDNSStats: + type: boolean + enableConntrack: + type: boolean + enabled: + type: boolean + type: object + oomKill: + properties: + enabled: + type: boolean + type: object + orchestratorExplorer: + properties: + conf: + properties: + configData: + type: string + configMap: + properties: + items: + items: + properties: + key: + type: string + mode: + format: int32 + type: integer + path: + type: string + required: + - key + - path + type: object + type: array + x-kubernetes-list-map-keys: + - key + x-kubernetes-list-type: map + name: + type: string + type: object + type: object + customResources: + items: + type: string + type: array + x-kubernetes-list-type: set + ddUrl: + type: string + enabled: + type: boolean + extraTags: + items: + type: string + type: array + x-kubernetes-list-type: set + scrubContainers: + type: boolean + type: object + otlp: + properties: + receiver: + properties: + protocols: + properties: + grpc: + properties: + enabled: + type: boolean + endpoint: + type: string + type: object + http: + properties: + enabled: + type: boolean + endpoint: + type: string + type: object + type: object + type: object + type: object + processDiscovery: + properties: + enabled: + type: boolean + type: object + prometheusScrape: + properties: + additionalConfigs: + type: string + enableServiceEndpoints: + type: boolean + enabled: + type: boolean + version: + type: integer + type: object + remoteConfiguration: + properties: + enabled: + type: boolean + type: object + sbom: + properties: + containerImage: + properties: + analyzers: + items: + type: string + type: array + x-kubernetes-list-type: set + enabled: + type: boolean + type: object + enabled: + type: boolean + host: + properties: + analyzers: + items: + type: string + type: array + x-kubernetes-list-type: set + enabled: + type: boolean + type: object + type: object + tcpQueueLength: + properties: + enabled: + type: boolean + type: object + usm: + properties: + enabled: + type: boolean + type: object + type: object + type: object type: object type: object served: true diff --git a/test/datadog-operator/baseline/Operator_Deployment_default.yaml b/test/datadog-operator/baseline/Operator_Deployment_default.yaml index 27481b41a..3b40169c6 100644 --- a/test/datadog-operator/baseline/Operator_Deployment_default.yaml +++ b/test/datadog-operator/baseline/Operator_Deployment_default.yaml @@ -7,9 +7,9 @@ metadata: namespace: datadog-agent labels: app.kubernetes.io/name: datadog-operator - helm.sh/chart: datadog-operator-1.7.1 + helm.sh/chart: datadog-operator-1.8.0 app.kubernetes.io/instance: datadog-operator - app.kubernetes.io/version: "1.6.0" + app.kubernetes.io/version: "1.7.0" app.kubernetes.io/managed-by: Helm spec: replicas: 1 @@ -35,7 +35,7 @@ spec: serviceAccountName: datadog-operator containers: - name: datadog-operator - image: "gcr.io/datadoghq/operator:1.6.0" + image: "gcr.io/datadoghq/operator:1.7.0" imagePullPolicy: IfNotPresent env: - name: WATCH_NAMESPACE @@ -46,6 +46,8 @@ spec: valueFrom: fieldRef: fieldPath: metadata.name + - name: DD_TOOL_VERSION + value: "helm" args: - "-supportExtendedDaemonset=false" - "-logEncoder=json" @@ -58,6 +60,7 @@ spec: - "-datadogMonitorEnabled=false" - "-datadogAgentEnabled=true" - "-datadogSLOEnabled=false" + - "-remoteConfigEnabled=false" ports: - name: metrics containerPort: 8383 diff --git a/test/datadog-operator/baseline/Operator_Deployment_with_certManager.yaml b/test/datadog-operator/baseline/Operator_Deployment_with_certManager.yaml index 61045b38b..87973a5a6 100644 --- a/test/datadog-operator/baseline/Operator_Deployment_with_certManager.yaml +++ b/test/datadog-operator/baseline/Operator_Deployment_with_certManager.yaml @@ -7,9 +7,9 @@ metadata: namespace: datadog-agent labels: app.kubernetes.io/name: datadog-operator - helm.sh/chart: datadog-operator-1.7.1 + helm.sh/chart: datadog-operator-1.8.0 app.kubernetes.io/instance: datadog-operator - app.kubernetes.io/version: "1.6.0" + app.kubernetes.io/version: "1.7.0" app.kubernetes.io/managed-by: Helm spec: replicas: 1 @@ -35,7 +35,7 @@ spec: serviceAccountName: datadog-operator containers: - name: datadog-operator - image: "gcr.io/datadoghq/operator:1.6.0" + image: "gcr.io/datadoghq/operator:1.7.0" imagePullPolicy: IfNotPresent env: - name: WATCH_NAMESPACE @@ -46,6 +46,8 @@ spec: valueFrom: fieldRef: fieldPath: metadata.name + - name: DD_TOOL_VERSION + value: "helm" args: - "-supportExtendedDaemonset=false" - "-logEncoder=json" @@ -58,6 +60,7 @@ spec: - "-datadogMonitorEnabled=false" - "-datadogAgentEnabled=true" - "-datadogSLOEnabled=false" + - "-remoteConfigEnabled=false" ports: - name: metrics containerPort: 8383 diff --git a/test/datadog-operator/operator_deployment_test.go b/test/datadog-operator/operator_deployment_test.go index b55fa796d..f249ce9aa 100644 --- a/test/datadog-operator/operator_deployment_test.go +++ b/test/datadog-operator/operator_deployment_test.go @@ -131,7 +131,7 @@ func verifyDeployment(t *testing.T, manifest string) { assert.Equal(t, 1, len(deployment.Spec.Template.Spec.Containers)) operatorContainer := deployment.Spec.Template.Spec.Containers[0] assert.Equal(t, v1.PullPolicy("IfNotPresent"), operatorContainer.ImagePullPolicy) - assert.Equal(t, "gcr.io/datadoghq/operator:1.6.0", operatorContainer.Image) + assert.Equal(t, "gcr.io/datadoghq/operator:1.7.0", operatorContainer.Image) assert.Contains(t, operatorContainer.Args, "-webhookEnabled=false") } diff --git a/test/datadog/baseline/agent-clusterchecks-deployment_default.yaml b/test/datadog/baseline/agent-clusterchecks-deployment_default.yaml index 3a0bf771f..0e95d4804 100644 --- a/test/datadog/baseline/agent-clusterchecks-deployment_default.yaml +++ b/test/datadog/baseline/agent-clusterchecks-deployment_default.yaml @@ -6,7 +6,7 @@ metadata: name: datadog-clusterchecks namespace: datadog-agent labels: - helm.sh/chart: 'datadog-3.64.1' + helm.sh/chart: 'datadog-3.66.0' app.kubernetes.io/name: "datadog" app.kubernetes.io/instance: "datadog" app.kubernetes.io/managed-by: Helm @@ -36,8 +36,8 @@ spec: name: datadog-clusterchecks annotations: - checksum/clusteragent_token: 61c40a6cf60e0eedd46df38594b28a4a091044fcc50a168f84f1837c7b14b0b8 - checksum/install_info: f2cb33b54b5eb5df4f4e7285e408f6d4ee343c8a98a644780e18ab457ac4207f + checksum/clusteragent_token: 3459e971a8ca6563795d449c569bef1d0cb8d8038bb60cc2ca805b61c2f2db26 + checksum/install_info: 4b7ec9616456fc79cafc6e8f64bda4671d2b86f7e48196ab808e5edc4d2e42b8 spec: serviceAccountName: datadog-cluster-checks automountServiceAccountToken: true @@ -45,7 +45,7 @@ spec: [] initContainers: - name: init-volume - image: "gcr.io/datadoghq/agent:7.53.0" + image: "gcr.io/datadoghq/agent:7.54.0" imagePullPolicy: IfNotPresent command: ["bash", "-c"] args: @@ -57,7 +57,7 @@ spec: resources: {} - name: init-config - image: "gcr.io/datadoghq/agent:7.53.0" + image: "gcr.io/datadoghq/agent:7.54.0" imagePullPolicy: IfNotPresent command: ["bash", "-c"] args: @@ -70,7 +70,7 @@ spec: {} containers: - name: agent - image: "gcr.io/datadoghq/agent:7.53.0" + image: "gcr.io/datadoghq/agent:7.54.0" command: ["bash", "-c"] args: - rm -rf /etc/datadog-agent/conf.d && touch /etc/datadog-agent/datadog.yaml && exec agent run diff --git a/test/datadog/baseline/cluster-agent-deployment_default.yaml b/test/datadog/baseline/cluster-agent-deployment_default.yaml index 3d5597fa0..38f4708d6 100644 --- a/test/datadog/baseline/cluster-agent-deployment_default.yaml +++ b/test/datadog/baseline/cluster-agent-deployment_default.yaml @@ -6,7 +6,7 @@ metadata: name: datadog-cluster-agent namespace: datadog-agent labels: - helm.sh/chart: 'datadog-3.64.1' + helm.sh/chart: 'datadog-3.66.0' app.kubernetes.io/name: "datadog" app.kubernetes.io/instance: "datadog" app.kubernetes.io/managed-by: Helm @@ -36,17 +36,17 @@ spec: name: datadog-cluster-agent annotations: - checksum/clusteragent_token: dc8cfc926a5573098750522941a404659c7f1eb96ba650f7ff981da66403a9cd - checksum/clusteragent-configmap: caf999fa78367514b2b4ed07b750164036342f54a91dd4ed386dc79ee1441a4c - checksum/api_key: cc9f65a108b01735ce1b5508397b1a84f2dee1679fabd5a3dcfbc8822c3e8301 + checksum/clusteragent_token: 4122a08135d1943b564119d27d6f9815b3323c3646663257d7dd24962e6df266 + checksum/clusteragent-configmap: 80a9c13662500ea03119b6b8dda56d052531ff50d984e940ea12154216366835 + checksum/api_key: 2ef8b628066c8d58e91d72385732a044c160dd44704d385170e2b045d98e05f7 checksum/application_key: 01ba4719c80b6fe911b091a7c05124b64eeece964e09c058ef8f9805daca546b - checksum/install_info: f2cb33b54b5eb5df4f4e7285e408f6d4ee343c8a98a644780e18ab457ac4207f + checksum/install_info: 4b7ec9616456fc79cafc6e8f64bda4671d2b86f7e48196ab808e5edc4d2e42b8 spec: serviceAccountName: datadog-cluster-agent automountServiceAccountToken: true initContainers: - name: init-volume - image: "gcr.io/datadoghq/cluster-agent:7.53.0" + image: "gcr.io/datadoghq/cluster-agent:7.54.0" imagePullPolicy: IfNotPresent command: - cp @@ -59,7 +59,7 @@ spec: mountPath: /opt/datadog-agent containers: - name: cluster-agent - image: "gcr.io/datadoghq/cluster-agent:7.53.0" + image: "gcr.io/datadoghq/cluster-agent:7.54.0" imagePullPolicy: IfNotPresent resources: {} diff --git a/test/datadog/baseline/cluster-agent-deployment_default_advanced_AC_injection.yaml b/test/datadog/baseline/cluster-agent-deployment_default_advanced_AC_injection.yaml index 77898c6d2..901e59e15 100644 --- a/test/datadog/baseline/cluster-agent-deployment_default_advanced_AC_injection.yaml +++ b/test/datadog/baseline/cluster-agent-deployment_default_advanced_AC_injection.yaml @@ -6,7 +6,7 @@ metadata: name: datadog-cluster-agent namespace: datadog-agent labels: - helm.sh/chart: 'datadog-3.64.1' + helm.sh/chart: 'datadog-3.66.0' app.kubernetes.io/name: "datadog" app.kubernetes.io/instance: "datadog" app.kubernetes.io/managed-by: Helm @@ -36,17 +36,17 @@ spec: name: datadog-cluster-agent annotations: - checksum/clusteragent_token: cceac6b866c30b95baaca15e9d16c3bbaf6d074f7b624a4fc82254008f3fdab4 - checksum/clusteragent-configmap: caf999fa78367514b2b4ed07b750164036342f54a91dd4ed386dc79ee1441a4c - checksum/api_key: cc9f65a108b01735ce1b5508397b1a84f2dee1679fabd5a3dcfbc8822c3e8301 + checksum/clusteragent_token: 3866496aa7bdfa37da999d8aee1996caa9abfa70b312ecd5438a3b03134b1ec6 + checksum/clusteragent-configmap: 80a9c13662500ea03119b6b8dda56d052531ff50d984e940ea12154216366835 + checksum/api_key: 2ef8b628066c8d58e91d72385732a044c160dd44704d385170e2b045d98e05f7 checksum/application_key: 01ba4719c80b6fe911b091a7c05124b64eeece964e09c058ef8f9805daca546b - checksum/install_info: f2cb33b54b5eb5df4f4e7285e408f6d4ee343c8a98a644780e18ab457ac4207f + checksum/install_info: 4b7ec9616456fc79cafc6e8f64bda4671d2b86f7e48196ab808e5edc4d2e42b8 spec: serviceAccountName: datadog-cluster-agent automountServiceAccountToken: true initContainers: - name: init-volume - image: "gcr.io/datadoghq/cluster-agent:7.53.0" + image: "gcr.io/datadoghq/cluster-agent:7.54.0" imagePullPolicy: IfNotPresent command: - cp @@ -59,7 +59,7 @@ spec: mountPath: /opt/datadog-agent containers: - name: cluster-agent - image: "gcr.io/datadoghq/cluster-agent:7.53.0" + image: "gcr.io/datadoghq/cluster-agent:7.54.0" imagePullPolicy: IfNotPresent resources: {} diff --git a/test/datadog/baseline/cluster-agent-deployment_default_minimal_AC_injection.yaml b/test/datadog/baseline/cluster-agent-deployment_default_minimal_AC_injection.yaml index 2fb814750..fcf1542a5 100644 --- a/test/datadog/baseline/cluster-agent-deployment_default_minimal_AC_injection.yaml +++ b/test/datadog/baseline/cluster-agent-deployment_default_minimal_AC_injection.yaml @@ -6,7 +6,7 @@ metadata: name: datadog-cluster-agent namespace: datadog-agent labels: - helm.sh/chart: 'datadog-3.64.1' + helm.sh/chart: 'datadog-3.66.0' app.kubernetes.io/name: "datadog" app.kubernetes.io/instance: "datadog" app.kubernetes.io/managed-by: Helm @@ -36,17 +36,17 @@ spec: name: datadog-cluster-agent annotations: - checksum/clusteragent_token: 39e098085201de3706d0276d95382f9dd9114f7fb62f45501163ceedb1660144 - checksum/clusteragent-configmap: caf999fa78367514b2b4ed07b750164036342f54a91dd4ed386dc79ee1441a4c - checksum/api_key: cc9f65a108b01735ce1b5508397b1a84f2dee1679fabd5a3dcfbc8822c3e8301 + checksum/clusteragent_token: da0754a7afd92073e09fdd53304b8a3f73d07f26c41f56de654dae7863400d33 + checksum/clusteragent-configmap: 80a9c13662500ea03119b6b8dda56d052531ff50d984e940ea12154216366835 + checksum/api_key: 2ef8b628066c8d58e91d72385732a044c160dd44704d385170e2b045d98e05f7 checksum/application_key: 01ba4719c80b6fe911b091a7c05124b64eeece964e09c058ef8f9805daca546b - checksum/install_info: f2cb33b54b5eb5df4f4e7285e408f6d4ee343c8a98a644780e18ab457ac4207f + checksum/install_info: 4b7ec9616456fc79cafc6e8f64bda4671d2b86f7e48196ab808e5edc4d2e42b8 spec: serviceAccountName: datadog-cluster-agent automountServiceAccountToken: true initContainers: - name: init-volume - image: "gcr.io/datadoghq/cluster-agent:7.53.0" + image: "gcr.io/datadoghq/cluster-agent:7.54.0" imagePullPolicy: IfNotPresent command: - cp @@ -59,7 +59,7 @@ spec: mountPath: /opt/datadog-agent containers: - name: cluster-agent - image: "gcr.io/datadoghq/cluster-agent:7.53.0" + image: "gcr.io/datadoghq/cluster-agent:7.54.0" imagePullPolicy: IfNotPresent resources: {} @@ -119,7 +119,7 @@ spec: - name: DD_ADMISSION_CONTROLLER_AGENT_SIDECAR_IMAGE_NAME value: agent - name: DD_ADMISSION_CONTROLLER_AGENT_SIDECAR_IMAGE_TAG - value: 7.53.0 + value: 7.54.0 - name: DD_REMOTE_CONFIGURATION_ENABLED value: "false" - name: DD_CLUSTER_CHECKS_ENABLED diff --git a/test/datadog/baseline/daemonset_default.yaml b/test/datadog/baseline/daemonset_default.yaml index 36577ee3b..7842feb3f 100644 --- a/test/datadog/baseline/daemonset_default.yaml +++ b/test/datadog/baseline/daemonset_default.yaml @@ -6,7 +6,7 @@ metadata: name: datadog namespace: datadog-agent labels: - helm.sh/chart: 'datadog-3.64.1' + helm.sh/chart: 'datadog-3.66.0' app.kubernetes.io/name: "datadog" app.kubernetes.io/instance: "datadog" app.kubernetes.io/managed-by: Helm @@ -30,8 +30,8 @@ spec: name: datadog annotations: - checksum/clusteragent_token: a35e0fc3c9cc5d2684bce9d9cc6a3c694647a2ab9e7135057afd317d893a8771 - checksum/install_info: f2cb33b54b5eb5df4f4e7285e408f6d4ee343c8a98a644780e18ab457ac4207f + checksum/clusteragent_token: 6f8939afb1a8bca4c40c75a43a7e0b7995b0832814af2ba85a32bd891f20d0c6 + checksum/install_info: 4b7ec9616456fc79cafc6e8f64bda4671d2b86f7e48196ab808e5edc4d2e42b8 checksum/autoconf-config: 74234e98afe7498fb5daf1f36ac2d78acc339464f950703b8c019892f982b90b checksum/confd-config: 44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a checksum/checksd-config: 44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a @@ -42,7 +42,7 @@ spec: hostPID: true containers: - name: agent - image: "gcr.io/datadoghq/agent:7.53.0" + image: "gcr.io/datadoghq/agent:7.54.0" imagePullPolicy: IfNotPresent command: ["agent", "run"] @@ -182,7 +182,7 @@ spec: successThreshold: 1 timeoutSeconds: 5 - name: trace-agent - image: "gcr.io/datadoghq/agent:7.53.0" + image: "gcr.io/datadoghq/agent:7.54.0" imagePullPolicy: IfNotPresent command: ["trace-agent", "-config=/etc/datadog-agent/datadog.yaml"] resources: @@ -288,7 +288,7 @@ spec: port: 8126 timeoutSeconds: 5 - name: process-agent - image: "gcr.io/datadoghq/agent:7.53.0" + image: "gcr.io/datadoghq/agent:7.54.0" imagePullPolicy: IfNotPresent command: ["process-agent", "--cfgpath=/etc/datadog-agent/datadog.yaml"] resources: @@ -335,9 +335,7 @@ spec: - name: DD_DOGSTATSD_SOCKET value: "/var/run/datadog/dsd.socket" - name: DD_ORCHESTRATOR_EXPLORER_ENABLED - value: "true" - - name: DD_PROCESS_AGENT_PROCESS_COLLECTION_ENABLED - value: "false" + value: "true" volumeMounts: - name: config mountPath: /etc/datadog-agent @@ -379,7 +377,7 @@ spec: - name: init-volume - image: "gcr.io/datadoghq/agent:7.53.0" + image: "gcr.io/datadoghq/agent:7.54.0" imagePullPolicy: IfNotPresent command: ["bash", "-c"] args: @@ -392,7 +390,7 @@ spec: {} - name: init-config - image: "gcr.io/datadoghq/agent:7.53.0" + image: "gcr.io/datadoghq/agent:7.54.0" imagePullPolicy: IfNotPresent command: - bash diff --git a/test/datadog/baseline/other_default.yaml b/test/datadog/baseline/other_default.yaml index d4c533832..65102e06d 100644 --- a/test/datadog/baseline/other_default.yaml +++ b/test/datadog/baseline/other_default.yaml @@ -6,7 +6,7 @@ metadata: name: datadog-clusterchecks namespace: datadog-agent labels: - helm.sh/chart: 'datadog-3.64.1' + helm.sh/chart: 'datadog-3.66.0' app.kubernetes.io/name: "datadog" app.kubernetes.io/instance: "datadog" app.kubernetes.io/managed-by: Helm @@ -24,7 +24,7 @@ metadata: name: datadog-cluster-agent namespace: datadog-agent labels: - helm.sh/chart: 'datadog-3.64.1' + helm.sh/chart: 'datadog-3.66.0' app.kubernetes.io/name: "datadog" app.kubernetes.io/instance: "datadog" app.kubernetes.io/managed-by: Helm @@ -41,13 +41,13 @@ kind: ServiceAccount automountServiceAccountToken: true metadata: labels: - helm.sh/chart: 'datadog-3.64.1' + helm.sh/chart: 'datadog-3.66.0' app.kubernetes.io/name: "datadog" app.kubernetes.io/instance: "datadog" app.kubernetes.io/managed-by: Helm app.kubernetes.io/version: "7" app: "datadog" - chart: "datadog-3.64.1" + chart: "datadog-3.66.0" heritage: "Helm" release: "datadog" name: datadog-cluster-checks @@ -60,10 +60,10 @@ automountServiceAccountToken: true metadata: labels: app: "datadog" - chart: "datadog-3.64.1" + chart: "datadog-3.66.0" heritage: "Helm" release: "datadog" - helm.sh/chart: 'datadog-3.64.1' + helm.sh/chart: 'datadog-3.66.0' app.kubernetes.io/name: "datadog" app.kubernetes.io/instance: "datadog" app.kubernetes.io/managed-by: Helm @@ -79,7 +79,7 @@ metadata: name: datadog namespace: datadog-agent labels: - helm.sh/chart: 'datadog-3.64.1' + helm.sh/chart: 'datadog-3.66.0' app.kubernetes.io/name: "datadog" app.kubernetes.io/instance: "datadog" app.kubernetes.io/managed-by: Helm @@ -92,14 +92,14 @@ metadata: name: datadog-cluster-agent namespace: datadog-agent labels: - helm.sh/chart: 'datadog-3.64.1' + helm.sh/chart: 'datadog-3.66.0' app.kubernetes.io/name: "datadog" app.kubernetes.io/instance: "datadog" app.kubernetes.io/managed-by: Helm app.kubernetes.io/version: "7" type: Opaque data: - token: "N0JMTWlPaUoxMXlIMEhKbnVqTEVGUlJndTZ6NnMzTFY=" + token: "QWc0RHFMaWI0bEtnQUV6bmRJZXFoNUVqNXZqVUhSWlU=" --- # Source: datadog/templates/cluster-agent-confd-configmap.yaml apiVersion: v1 @@ -108,7 +108,7 @@ metadata: name: datadog-cluster-agent-confd namespace: datadog-agent labels: - helm.sh/chart: 'datadog-3.64.1' + helm.sh/chart: 'datadog-3.66.0' app.kubernetes.io/name: "datadog" app.kubernetes.io/instance: "datadog" app.kubernetes.io/managed-by: Helm @@ -157,20 +157,20 @@ metadata: name: datadog-installinfo namespace: datadog-agent labels: - helm.sh/chart: 'datadog-3.64.1' + helm.sh/chart: 'datadog-3.66.0' app.kubernetes.io/name: "datadog" app.kubernetes.io/instance: "datadog" app.kubernetes.io/managed-by: Helm app.kubernetes.io/version: "7" annotations: - checksum/install_info: f2cb33b54b5eb5df4f4e7285e408f6d4ee343c8a98a644780e18ab457ac4207f + checksum/install_info: 4b7ec9616456fc79cafc6e8f64bda4671d2b86f7e48196ab808e5edc4d2e42b8 data: install_info: | --- install_method: tool: helm tool_version: Helm - installer_version: datadog-3.64.1 + installer_version: datadog-3.66.0 --- # Source: datadog/templates/kpi-telemetry-configmap.yaml apiVersion: v1 @@ -179,22 +179,22 @@ metadata: name: datadog-kpi-telemetry-configmap namespace: datadog-agent labels: - helm.sh/chart: 'datadog-3.64.1' + helm.sh/chart: 'datadog-3.66.0' app.kubernetes.io/name: "datadog" app.kubernetes.io/instance: "datadog" app.kubernetes.io/managed-by: Helm app.kubernetes.io/version: "7" data: install_type: k8s_manual - install_id: "ecae0a5b-f319-413d-80bd-00aa24bddb11" - install_time: "1715810654" + install_id: "3120a1cd-f8ce-4480-a24e-c28ed115ee41" + install_time: "1718641163" --- # Source: datadog/templates/cluster-agent-rbac.yaml apiVersion: "rbac.authorization.k8s.io/v1" kind: ClusterRole metadata: labels: - helm.sh/chart: 'datadog-3.64.1' + helm.sh/chart: 'datadog-3.66.0' app.kubernetes.io/name: "datadog" app.kubernetes.io/instance: "datadog" app.kubernetes.io/managed-by: Helm @@ -210,6 +210,7 @@ rules: - nodes - namespaces - componentstatuses + - limitranges verbs: - get - list @@ -351,6 +352,14 @@ rules: - list - get - watch +- apiGroups: + - "storage.k8s.io" + resources: + - storageclasses + verbs: + - list + - get + - watch - apiGroups: - autoscaling.k8s.io resources: @@ -400,7 +409,7 @@ apiVersion: "rbac.authorization.k8s.io/v1" kind: ClusterRole metadata: labels: - helm.sh/chart: 'datadog-3.64.1' + helm.sh/chart: 'datadog-3.66.0' app.kubernetes.io/name: "datadog" app.kubernetes.io/instance: "datadog" app.kubernetes.io/managed-by: Helm @@ -496,7 +505,7 @@ kind: ClusterRole metadata: name: datadog labels: - helm.sh/chart: 'datadog-3.64.1' + helm.sh/chart: 'datadog-3.66.0' app.kubernetes.io/name: "datadog" app.kubernetes.io/instance: "datadog" app.kubernetes.io/managed-by: Helm @@ -544,7 +553,7 @@ apiVersion: "rbac.authorization.k8s.io/v1" kind: ClusterRoleBinding metadata: labels: - helm.sh/chart: 'datadog-3.64.1' + helm.sh/chart: 'datadog-3.66.0' app.kubernetes.io/name: "datadog" app.kubernetes.io/instance: "datadog" app.kubernetes.io/managed-by: Helm @@ -564,7 +573,7 @@ apiVersion: "rbac.authorization.k8s.io/v1" kind: ClusterRoleBinding metadata: labels: - helm.sh/chart: 'datadog-3.64.1' + helm.sh/chart: 'datadog-3.66.0' app.kubernetes.io/name: "datadog" app.kubernetes.io/instance: "datadog" app.kubernetes.io/managed-by: Helm @@ -584,7 +593,7 @@ apiVersion: "rbac.authorization.k8s.io/v1" kind: ClusterRoleBinding metadata: labels: - helm.sh/chart: 'datadog-3.64.1' + helm.sh/chart: 'datadog-3.66.0' app.kubernetes.io/name: "datadog" app.kubernetes.io/instance: "datadog" app.kubernetes.io/managed-by: Helm @@ -605,7 +614,7 @@ kind: ClusterRoleBinding metadata: name: datadog labels: - helm.sh/chart: 'datadog-3.64.1' + helm.sh/chart: 'datadog-3.66.0' app.kubernetes.io/name: "datadog" app.kubernetes.io/instance: "datadog" app.kubernetes.io/managed-by: Helm @@ -624,7 +633,7 @@ apiVersion: "rbac.authorization.k8s.io/v1" kind: Role metadata: labels: - helm.sh/chart: 'datadog-3.64.1' + helm.sh/chart: 'datadog-3.66.0' app.kubernetes.io/name: "datadog" app.kubernetes.io/instance: "datadog" app.kubernetes.io/managed-by: Helm @@ -641,7 +650,7 @@ apiVersion: "rbac.authorization.k8s.io/v1" kind: Role metadata: labels: - helm.sh/chart: 'datadog-3.64.1' + helm.sh/chart: 'datadog-3.66.0' app.kubernetes.io/name: "datadog" app.kubernetes.io/instance: "datadog" app.kubernetes.io/managed-by: Helm @@ -663,7 +672,7 @@ apiVersion: "rbac.authorization.k8s.io/v1" kind: RoleBinding metadata: labels: - helm.sh/chart: 'datadog-3.64.1' + helm.sh/chart: 'datadog-3.66.0' app.kubernetes.io/name: "datadog" app.kubernetes.io/instance: "datadog" app.kubernetes.io/managed-by: Helm @@ -684,7 +693,7 @@ apiVersion: "rbac.authorization.k8s.io/v1" kind: RoleBinding metadata: labels: - helm.sh/chart: 'datadog-3.64.1' + helm.sh/chart: 'datadog-3.66.0' app.kubernetes.io/name: "datadog" app.kubernetes.io/instance: "datadog" app.kubernetes.io/managed-by: Helm @@ -707,7 +716,7 @@ metadata: name: datadog-cluster-agent namespace: datadog-agent labels: - helm.sh/chart: 'datadog-3.64.1' + helm.sh/chart: 'datadog-3.66.0' app.kubernetes.io/name: "datadog" app.kubernetes.io/instance: "datadog" app.kubernetes.io/managed-by: Helm @@ -729,10 +738,10 @@ metadata: namespace: datadog-agent labels: app: "datadog" - chart: "datadog-3.64.1" + chart: "datadog-3.66.0" release: "datadog" heritage: "Helm" - helm.sh/chart: 'datadog-3.64.1' + helm.sh/chart: 'datadog-3.66.0' app.kubernetes.io/name: "datadog" app.kubernetes.io/instance: "datadog" app.kubernetes.io/managed-by: Helm @@ -755,10 +764,10 @@ metadata: namespace: datadog-agent labels: app: "datadog" - chart: "datadog-3.64.1" + chart: "datadog-3.66.0" release: "datadog" heritage: "Helm" - helm.sh/chart: 'datadog-3.64.1' + helm.sh/chart: 'datadog-3.66.0' app.kubernetes.io/name: "datadog" app.kubernetes.io/instance: "datadog" app.kubernetes.io/managed-by: Helm @@ -784,7 +793,7 @@ metadata: name: datadog namespace: datadog-agent labels: - helm.sh/chart: 'datadog-3.64.1' + helm.sh/chart: 'datadog-3.66.0' app.kubernetes.io/name: "datadog" app.kubernetes.io/instance: "datadog" app.kubernetes.io/managed-by: Helm @@ -808,8 +817,8 @@ spec: name: datadog annotations: - checksum/clusteragent_token: d03a9a5065f8962a08c54a40fe16a847c62d369a3b53fb0d8eab43464ceb2f71 - checksum/install_info: f2cb33b54b5eb5df4f4e7285e408f6d4ee343c8a98a644780e18ab457ac4207f + checksum/clusteragent_token: e12e2eb2a4be1f1b8a29859f60fc96c130a9a5948f151b31dc43aeb993333ba3 + checksum/install_info: 4b7ec9616456fc79cafc6e8f64bda4671d2b86f7e48196ab808e5edc4d2e42b8 checksum/autoconf-config: 74234e98afe7498fb5daf1f36ac2d78acc339464f950703b8c019892f982b90b checksum/confd-config: 44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a checksum/checksd-config: 44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a @@ -820,7 +829,7 @@ spec: hostPID: true containers: - name: agent - image: "gcr.io/datadoghq/agent:7.53.0" + image: "gcr.io/datadoghq/agent:7.54.0" imagePullPolicy: IfNotPresent command: ["agent", "run"] @@ -961,7 +970,7 @@ spec: successThreshold: 1 timeoutSeconds: 5 - name: trace-agent - image: "gcr.io/datadoghq/agent:7.53.0" + image: "gcr.io/datadoghq/agent:7.54.0" imagePullPolicy: IfNotPresent command: ["trace-agent", "-config=/etc/datadog-agent/datadog.yaml"] resources: @@ -1067,7 +1076,7 @@ spec: port: 8126 timeoutSeconds: 5 - name: process-agent - image: "gcr.io/datadoghq/agent:7.53.0" + image: "gcr.io/datadoghq/agent:7.54.0" imagePullPolicy: IfNotPresent command: ["process-agent", "--cfgpath=/etc/datadog-agent/datadog.yaml"] resources: @@ -1114,9 +1123,7 @@ spec: - name: DD_DOGSTATSD_SOCKET value: "/var/run/datadog/dsd.socket" - name: DD_ORCHESTRATOR_EXPLORER_ENABLED - value: "true" - - name: DD_PROCESS_AGENT_PROCESS_COLLECTION_ENABLED - value: "false" + value: "true" volumeMounts: - name: config mountPath: /etc/datadog-agent @@ -1158,7 +1165,7 @@ spec: - name: init-volume - image: "gcr.io/datadoghq/agent:7.53.0" + image: "gcr.io/datadoghq/agent:7.54.0" imagePullPolicy: IfNotPresent command: ["bash", "-c"] args: @@ -1171,7 +1178,7 @@ spec: {} - name: init-config - image: "gcr.io/datadoghq/agent:7.53.0" + image: "gcr.io/datadoghq/agent:7.54.0" imagePullPolicy: IfNotPresent command: - bash @@ -1276,7 +1283,7 @@ metadata: name: datadog-clusterchecks namespace: datadog-agent labels: - helm.sh/chart: 'datadog-3.64.1' + helm.sh/chart: 'datadog-3.66.0' app.kubernetes.io/name: "datadog" app.kubernetes.io/instance: "datadog" app.kubernetes.io/managed-by: Helm @@ -1306,8 +1313,8 @@ spec: name: datadog-clusterchecks annotations: - checksum/clusteragent_token: 831a63691a28bf46d9ee882d24ed86a390771d63d365e38f2c1de87a255b1189 - checksum/install_info: f2cb33b54b5eb5df4f4e7285e408f6d4ee343c8a98a644780e18ab457ac4207f + checksum/clusteragent_token: 0a20b03220af60fbb374c64b77fea29760e35efce754ee9f67534c48259a378a + checksum/install_info: 4b7ec9616456fc79cafc6e8f64bda4671d2b86f7e48196ab808e5edc4d2e42b8 spec: serviceAccountName: datadog-cluster-checks automountServiceAccountToken: true @@ -1315,7 +1322,7 @@ spec: [] initContainers: - name: init-volume - image: "gcr.io/datadoghq/agent:7.53.0" + image: "gcr.io/datadoghq/agent:7.54.0" imagePullPolicy: IfNotPresent command: ["bash", "-c"] args: @@ -1327,7 +1334,7 @@ spec: resources: {} - name: init-config - image: "gcr.io/datadoghq/agent:7.53.0" + image: "gcr.io/datadoghq/agent:7.54.0" imagePullPolicy: IfNotPresent command: ["bash", "-c"] args: @@ -1340,7 +1347,7 @@ spec: {} containers: - name: agent - image: "gcr.io/datadoghq/agent:7.53.0" + image: "gcr.io/datadoghq/agent:7.54.0" command: ["bash", "-c"] args: - rm -rf /etc/datadog-agent/conf.d && touch /etc/datadog-agent/datadog.yaml && exec agent run @@ -1457,7 +1464,7 @@ metadata: name: datadog-cluster-agent namespace: datadog-agent labels: - helm.sh/chart: 'datadog-3.64.1' + helm.sh/chart: 'datadog-3.66.0' app.kubernetes.io/name: "datadog" app.kubernetes.io/instance: "datadog" app.kubernetes.io/managed-by: Helm @@ -1487,15 +1494,15 @@ spec: name: datadog-cluster-agent annotations: - checksum/clusteragent_token: bc65ea20059b7c744324b8d5d2847a197f1a57c3696a6ced7096ab67434c6e3b - checksum/clusteragent-configmap: e83039fde82075a0a0be813cf361ac8a4d8a726f6fba902b4a407fb172eab591 - checksum/install_info: f2cb33b54b5eb5df4f4e7285e408f6d4ee343c8a98a644780e18ab457ac4207f + checksum/clusteragent_token: f89f726a8377f719975f1938011cad0013d557f9eda2b2c366a8f173d1481541 + checksum/clusteragent-configmap: 55c5054d57dfce4e0394edaea52e4a1812a89b51feeace892f9ca30f98785450 + checksum/install_info: 4b7ec9616456fc79cafc6e8f64bda4671d2b86f7e48196ab808e5edc4d2e42b8 spec: serviceAccountName: datadog-cluster-agent automountServiceAccountToken: true initContainers: - name: init-volume - image: "gcr.io/datadoghq/cluster-agent:7.53.0" + image: "gcr.io/datadoghq/cluster-agent:7.54.0" imagePullPolicy: IfNotPresent command: - cp @@ -1508,7 +1515,7 @@ spec: mountPath: /opt/datadog-agent containers: - name: cluster-agent - image: "gcr.io/datadoghq/cluster-agent:7.53.0" + image: "gcr.io/datadoghq/cluster-agent:7.54.0" imagePullPolicy: IfNotPresent resources: {} diff --git a/test/datadog/dca_AC_sidecar_test.go b/test/datadog/dca_AC_sidecar_test.go index 0e3baefb0..3d4f288ea 100644 --- a/test/datadog/dca_AC_sidecar_test.go +++ b/test/datadog/dca_AC_sidecar_test.go @@ -91,7 +91,7 @@ func verifyDeploymentFargateMinimal(t *testing.T, manifest string) { // Default will be set by DCA assert.Empty(t, acConfigEnv[DDSidecarRegistry]) assert.Equal(t, "agent", acConfigEnv[DDSidecarImageName]) - assert.Equal(t, "7.53.0", acConfigEnv[DDSidecarImageTag]) + assert.Equal(t, "7.54.0", acConfigEnv[DDSidecarImageTag]) assert.Empty(t, acConfigEnv[DDSidecarSelectors]) assert.Empty(t, acConfigEnv[DDSidecarProfiles]) } From 036f328b265f2d3ceb541ad3c0349552ce3d1b44 Mon Sep 17 00:00:00 2001 From: khewonc <39867936+khewonc@users.noreply.github.com> Date: Mon, 17 Jun 2024 15:02:16 -0400 Subject: [PATCH 067/209] Modify tool version in operator chart (#1427) --- charts/datadog-operator/CHANGELOG.md | 4 ++++ charts/datadog-operator/Chart.yaml | 2 +- charts/datadog-operator/README.md | 2 +- charts/datadog-operator/templates/deployment.yaml | 2 +- .../baseline/Operator_Deployment_default.yaml | 4 ++-- .../baseline/Operator_Deployment_with_certManager.yaml | 4 ++-- 6 files changed, 11 insertions(+), 7 deletions(-) diff --git a/charts/datadog-operator/CHANGELOG.md b/charts/datadog-operator/CHANGELOG.md index bc9d422c2..3e2358e4d 100644 --- a/charts/datadog-operator/CHANGELOG.md +++ b/charts/datadog-operator/CHANGELOG.md @@ -1,5 +1,9 @@ # Changelog +## 1.8.1 + +* Configure tool version. + ## 1.8.0 * Update Datadog Operator version to 1.7.0. diff --git a/charts/datadog-operator/Chart.yaml b/charts/datadog-operator/Chart.yaml index a510db0bc..7893e07b7 100644 --- a/charts/datadog-operator/Chart.yaml +++ b/charts/datadog-operator/Chart.yaml @@ -1,6 +1,6 @@ apiVersion: v2 name: datadog-operator -version: 1.8.0 +version: 1.8.1 appVersion: 1.7.0 description: Datadog Operator keywords: diff --git a/charts/datadog-operator/README.md b/charts/datadog-operator/README.md index c72201873..f3caacfbc 100644 --- a/charts/datadog-operator/README.md +++ b/charts/datadog-operator/README.md @@ -1,6 +1,6 @@ # Datadog Operator -![Version: 1.8.0](https://img.shields.io/badge/Version-1.8.0-informational?style=flat-square) ![AppVersion: 1.7.0](https://img.shields.io/badge/AppVersion-1.7.0-informational?style=flat-square) +![Version: 1.8.1](https://img.shields.io/badge/Version-1.8.1-informational?style=flat-square) ![AppVersion: 1.7.0](https://img.shields.io/badge/AppVersion-1.7.0-informational?style=flat-square) ## Values diff --git a/charts/datadog-operator/templates/deployment.yaml b/charts/datadog-operator/templates/deployment.yaml index 62ddcbeff..ab52e0741 100644 --- a/charts/datadog-operator/templates/deployment.yaml +++ b/charts/datadog-operator/templates/deployment.yaml @@ -64,7 +64,7 @@ spec: fieldPath: metadata.name {{- if (semverCompare ">=1.7.0-0" .Values.image.tag) }} - name: DD_TOOL_VERSION - value: "helm" + value: {{ .Values.toolVersion | default "helm" }} {{- end }} {{- if .Values.clusterName }} - name: DD_CLUSTER_NAME diff --git a/test/datadog-operator/baseline/Operator_Deployment_default.yaml b/test/datadog-operator/baseline/Operator_Deployment_default.yaml index 3b40169c6..1dc054626 100644 --- a/test/datadog-operator/baseline/Operator_Deployment_default.yaml +++ b/test/datadog-operator/baseline/Operator_Deployment_default.yaml @@ -7,7 +7,7 @@ metadata: namespace: datadog-agent labels: app.kubernetes.io/name: datadog-operator - helm.sh/chart: datadog-operator-1.8.0 + helm.sh/chart: datadog-operator-1.8.1 app.kubernetes.io/instance: datadog-operator app.kubernetes.io/version: "1.7.0" app.kubernetes.io/managed-by: Helm @@ -47,7 +47,7 @@ spec: fieldRef: fieldPath: metadata.name - name: DD_TOOL_VERSION - value: "helm" + value: helm args: - "-supportExtendedDaemonset=false" - "-logEncoder=json" diff --git a/test/datadog-operator/baseline/Operator_Deployment_with_certManager.yaml b/test/datadog-operator/baseline/Operator_Deployment_with_certManager.yaml index 87973a5a6..9c56c98e1 100644 --- a/test/datadog-operator/baseline/Operator_Deployment_with_certManager.yaml +++ b/test/datadog-operator/baseline/Operator_Deployment_with_certManager.yaml @@ -7,7 +7,7 @@ metadata: namespace: datadog-agent labels: app.kubernetes.io/name: datadog-operator - helm.sh/chart: datadog-operator-1.8.0 + helm.sh/chart: datadog-operator-1.8.1 app.kubernetes.io/instance: datadog-operator app.kubernetes.io/version: "1.7.0" app.kubernetes.io/managed-by: Helm @@ -47,7 +47,7 @@ spec: fieldRef: fieldPath: metadata.name - name: DD_TOOL_VERSION - value: "helm" + value: helm args: - "-supportExtendedDaemonset=false" - "-logEncoder=json" From 4af0ec65300a8634e372de6d4f0ea9f5d9805477 Mon Sep 17 00:00:00 2001 From: Minyi Zhu Date: Thu, 27 Jun 2024 11:03:05 -0400 Subject: [PATCH 068/209] add namespaceAnnotationsAsTags to helm chart (#1428) --- charts/datadog/CHANGELOG.md | 4 ++++ charts/datadog/Chart.yaml | 2 +- charts/datadog/README.md | 3 ++- charts/datadog/templates/_components-common-env.yaml | 4 ++++ charts/datadog/values.yaml | 5 +++++ 5 files changed, 16 insertions(+), 2 deletions(-) diff --git a/charts/datadog/CHANGELOG.md b/charts/datadog/CHANGELOG.md index 85ab2c6bc..1d166f591 100644 --- a/charts/datadog/CHANGELOG.md +++ b/charts/datadog/CHANGELOG.md @@ -1,5 +1,9 @@ # Datadog changelog +## 3.66.1 + +* Add 'datadog.namespaceAnnotationsAsTags' to assign namespace annotations as tags on pod entities in the tagger. + ## 3.66.0 * Set default `Agent` and `Cluster-Agent` version to `7.54.0`. diff --git a/charts/datadog/Chart.yaml b/charts/datadog/Chart.yaml index 98a3246b4..f9e17263d 100644 --- a/charts/datadog/Chart.yaml +++ b/charts/datadog/Chart.yaml @@ -1,6 +1,6 @@ apiVersion: v1 name: datadog -version: 3.66.0 +version: 3.66.1 appVersion: "7" description: Datadog Agent keywords: diff --git a/charts/datadog/README.md b/charts/datadog/README.md index d5b3f817a..c2546a260 100644 --- a/charts/datadog/README.md +++ b/charts/datadog/README.md @@ -1,6 +1,6 @@ # Datadog -![Version: 3.66.0](https://img.shields.io/badge/Version-3.66.0-informational?style=flat-square) ![AppVersion: 7](https://img.shields.io/badge/AppVersion-7-informational?style=flat-square) +![Version: 3.66.1](https://img.shields.io/badge/Version-3.66.1-informational?style=flat-square) ![AppVersion: 7](https://img.shields.io/badge/AppVersion-7-informational?style=flat-square) [Datadog](https://www.datadoghq.com/) is a hosted infrastructure monitoring platform. This chart adds the Datadog Agent to all nodes in your cluster via a DaemonSet. It also optionally depends on the [kube-state-metrics chart](https://github.com/prometheus-community/helm-charts/tree/main/charts/kube-state-metrics). For more information about monitoring Kubernetes with Datadog, please refer to the [Datadog documentation website](https://docs.datadoghq.com/agent/basic_agent_usage/kubernetes/). @@ -748,6 +748,7 @@ helm install \ | datadog.logs.containerCollectAll | bool | `false` | Enable this to allow log collection for all containers | | datadog.logs.containerCollectUsingFiles | bool | `true` | Collect logs from files in /var/log/pods instead of using container runtime API | | datadog.logs.enabled | bool | `false` | Enables this to activate Datadog Agent log collection | +| datadog.namespaceAnnotationsAsTags | object | `{}` | Provide a mapping of Kubernetes Namespace Annotations to Datadog Tags | | datadog.namespaceLabelsAsTags | object | `{}` | Provide a mapping of Kubernetes Namespace Labels to Datadog Tags | | datadog.networkMonitoring.enabled | bool | `false` | Enable network performance monitoring | | datadog.networkPolicy.cilium.dnsSelector | object | kube-dns in namespace kube-system | Cilium selector of the DNS server entity | diff --git a/charts/datadog/templates/_components-common-env.yaml b/charts/datadog/templates/_components-common-env.yaml index 6d6394895..3ef5bb8f4 100644 --- a/charts/datadog/templates/_components-common-env.yaml +++ b/charts/datadog/templates/_components-common-env.yaml @@ -42,6 +42,10 @@ - name: DD_KUBERNETES_NAMESPACE_LABELS_AS_TAGS value: '{{ toJson .Values.datadog.namespaceLabelsAsTags }}' {{- end }} +{{- if .Values.datadog.namespaceAnnotationsAsTags }} +- name: DD_KUBERNETES_NAMESPACE_ANNOTATIONS_AS_TAGS + value: '{{ toJson .Values.datadog.namespaceAnnotationsAsTags }}' +{{- end }} - name: KUBERNETES value: "yes" {{- if .Values.datadog.site }} diff --git a/charts/datadog/values.yaml b/charts/datadog/values.yaml index 35c571ccf..7d1bed422 100644 --- a/charts/datadog/values.yaml +++ b/charts/datadog/values.yaml @@ -249,6 +249,11 @@ datadog: # env: environment # : + # datadog.namespaceAnnotationsAsTags -- Provide a mapping of Kubernetes Namespace Annotations to Datadog Tags + namespaceAnnotationsAsTags: {} + # env: environment + # : + originDetectionUnified: # datadog.originDetectionUnified.enabled -- Enabled enables unified mechanism for origin detection. Default: false. (Requires Agent 7.54.0+). enabled: false From 7f4da79935ac349bfd8a0db4b1c6c6a863d41175 Mon Sep 17 00:00:00 2001 From: Wassim Dhif Date: Fri, 28 Jun 2024 13:17:25 +0200 Subject: [PATCH 069/209] feat(probe): add startup probe (#1420) Signed-off-by: Wassim DHIF --- charts/datadog/CHANGELOG.md | 4 ++ charts/datadog/Chart.yaml | 2 +- charts/datadog/README.md | 5 ++- charts/datadog/templates/NOTES.txt | 42 +++++++++++++++++++ .../datadog/templates/_container-agent.yaml | 3 ++ .../agent-clusterchecks-deployment.yaml | 3 ++ .../templates/cluster-agent-deployment.yaml | 3 ++ charts/datadog/values.yaml | 35 ++++++++++++++++ ...gent-clusterchecks-deployment_default.yaml | 10 +++++ .../cluster-agent-deployment_default.yaml | 10 +++++ ...loyment_default_advanced_AC_injection.yaml | 10 +++++ ...ployment_default_minimal_AC_injection.yaml | 10 +++++ test/datadog/baseline/daemonset_default.yaml | 10 +++++ test/datadog/baseline/other_default.yaml | 30 +++++++++++++ 14 files changed, 175 insertions(+), 2 deletions(-) diff --git a/charts/datadog/CHANGELOG.md b/charts/datadog/CHANGELOG.md index 1d166f591..280b7397d 100644 --- a/charts/datadog/CHANGELOG.md +++ b/charts/datadog/CHANGELOG.md @@ -1,5 +1,9 @@ # Datadog changelog +## 3.67.0 + +* Add startup probe for `Agent`, `Cluster-Agent` and `Cluster-Check-Runner`. + ## 3.66.1 * Add 'datadog.namespaceAnnotationsAsTags' to assign namespace annotations as tags on pod entities in the tagger. diff --git a/charts/datadog/Chart.yaml b/charts/datadog/Chart.yaml index f9e17263d..6498de828 100644 --- a/charts/datadog/Chart.yaml +++ b/charts/datadog/Chart.yaml @@ -1,6 +1,6 @@ apiVersion: v1 name: datadog -version: 3.66.1 +version: 3.67.0 appVersion: "7" description: Datadog Agent keywords: diff --git a/charts/datadog/README.md b/charts/datadog/README.md index c2546a260..213a74dc1 100644 --- a/charts/datadog/README.md +++ b/charts/datadog/README.md @@ -1,6 +1,6 @@ # Datadog -![Version: 3.66.1](https://img.shields.io/badge/Version-3.66.1-informational?style=flat-square) ![AppVersion: 7](https://img.shields.io/badge/AppVersion-7-informational?style=flat-square) +![Version: 3.67.0](https://img.shields.io/badge/Version-3.67.0-informational?style=flat-square) ![AppVersion: 7](https://img.shields.io/badge/AppVersion-7-informational?style=flat-square) [Datadog](https://www.datadoghq.com/) is a hosted infrastructure monitoring platform. This chart adds the Datadog Agent to all nodes in your cluster via a DaemonSet. It also optionally depends on the [kube-state-metrics chart](https://github.com/prometheus-community/helm-charts/tree/main/charts/kube-state-metrics). For more information about monitoring Kubernetes with Datadog, please refer to the [Datadog documentation website](https://docs.datadoghq.com/agent/basic_agent_usage/kubernetes/). @@ -467,6 +467,7 @@ helm install \ | agents.containers.agent.readinessProbe | object | Every 15s / 6 KO / 1 OK | Override default agent readiness probe settings | | agents.containers.agent.resources | object | `{}` | Resource requests and limits for the agent container. | | agents.containers.agent.securityContext | object | `{}` | Allows you to overwrite the default container SecurityContext for the agent container. | +| agents.containers.agent.startupProbe | object | Every 15s / 6 KO / 1 OK | Override default agent startup probe settings | | agents.containers.initContainers.resources | object | `{}` | Resource requests and limits for the init containers | | agents.containers.initContainers.securityContext | object | `{}` | Allows you to overwrite the default container SecurityContext for the init containers. | | agents.containers.initContainers.volumeMounts | list | `[]` | Specify additional volumes to mount for the init containers | @@ -611,6 +612,7 @@ helm install \ | clusterAgent.revisionHistoryLimit | int | `10` | The number of old ReplicaSets to keep in this Deployment. | | clusterAgent.securityContext | object | `{}` | Allows you to overwrite the default PodSecurityContext on the cluster-agent pods. | | clusterAgent.shareProcessNamespace | bool | `false` | Set the process namespace sharing on the Datadog Cluster Agent | +| clusterAgent.startupProbe | object | Every 15s / 6 KO / 1 OK | Override default Cluster Agent startup probe settings | | clusterAgent.strategy | object | `{"rollingUpdate":{"maxSurge":1,"maxUnavailable":0},"type":"RollingUpdate"}` | Allow the Cluster Agent deployment to perform a rolling update on helm update | | clusterAgent.token | string | `""` | Cluster Agent token is a preshared key between node agents and cluster agent (autogenerated if empty, needs to be at least 32 characters a-zA-z) | | clusterAgent.tokenExistingSecret | string | `""` | Existing secret name to use for Cluster Agent token. Put the Cluster Agent token in a key named `token` inside the Secret | @@ -652,6 +654,7 @@ helm install \ | clusterChecksRunner.resources | object | `{}` | Datadog clusterchecks-agent resource requests and limits. | | clusterChecksRunner.revisionHistoryLimit | int | `10` | The number of old ReplicaSets to keep in this Deployment. | | clusterChecksRunner.securityContext | object | `{}` | Allows you to overwrite the default PodSecurityContext on the clusterchecks pods. | +| clusterChecksRunner.startupProbe | object | Every 15s / 6 KO / 1 OK | Override default agent startup probe settings | | clusterChecksRunner.strategy | object | `{"rollingUpdate":{"maxSurge":1,"maxUnavailable":0},"type":"RollingUpdate"}` | Allow the ClusterChecks deployment to perform a rolling update on helm update | | clusterChecksRunner.tolerations | list | `[]` | Tolerations for pod assignment | | clusterChecksRunner.topologySpreadConstraints | list | `[]` | Allow the ClusterChecks Deployment to schedule using pod topology spreading | diff --git a/charts/datadog/templates/NOTES.txt b/charts/datadog/templates/NOTES.txt index e3575c2cf..c716cd630 100644 --- a/charts/datadog/templates/NOTES.txt +++ b/charts/datadog/templates/NOTES.txt @@ -27,6 +27,7 @@ Then run: {{- end }} {{- $healthPort := .Values.agents.containers.agent.healthPort }} + {{- with $liveness := .Values.agents.containers.agent.livenessProbe.httpGet }} {{- if and $liveness.port (ne $healthPort $liveness.port) }} @@ -37,6 +38,7 @@ Then run: Node Agent liveness probe port ({{ $liveness.port }}) is different from the configured health port ({{ $healthPort }}). {{- end }} {{- end }} + {{- with $readiness := .Values.agents.containers.agent.readinessProbe.httpGet }} {{- if and $readiness.port (ne $healthPort $readiness.port) }} @@ -47,6 +49,18 @@ Node Agent liveness probe port ({{ $liveness.port }}) is different from the conf Node Agent readiness probe port ({{ $readiness.port }}) is different from the configured health port ({{ $healthPort }}). {{- end }} {{- end }} + +{{- with $startup := .Values.agents.containers.agent.startupProbe.httpGet }} +{{- if and $startup.port (ne $healthPort $startup.port) }} + +############################################################################## +#### ERROR: Node Agent startup probe misconfiguration #### +############################################################################## + +Node Agent readiness probe port ({{ $startup.port }}) is different from the configured health port ({{ $healthPort }}). +{{- end }} +{{- end }} + {{- if eq (include "should-deploy-cluster-agent" .) "true" }} {{- if .Values.clusterAgent.metricsProvider.enabled }} @@ -65,6 +79,7 @@ Create an application key at https://app.datadoghq.com/account/settings#api {{- end }} {{- end }} {{- $healthPort := .Values.clusterAgent.healthPort }} + {{- with $liveness := .Values.clusterAgent.livenessProbe.httpGet }} {{- if and $liveness.port (ne $healthPort $liveness.port) }} @@ -75,6 +90,7 @@ Create an application key at https://app.datadoghq.com/account/settings#api Cluster Agent liveness probe port ({{ $liveness.port }}) is different from the configured health port ({{ $healthPort }}). {{- end }} {{- end }} + {{- with $readiness := .Values.clusterAgent.readinessProbe.httpGet }} {{- if and $readiness.port (ne $healthPort $readiness.port) }} @@ -85,8 +101,21 @@ Cluster Agent liveness probe port ({{ $liveness.port }}) is different from the c Cluster Agent readiness probe port ({{ $readiness.port }}) is different from the configured health port ({{ $healthPort }}). {{- end }} {{- end }} + + {{- with $startup := .Values.clusterAgent.startupProbe.httpGet }} + {{- if and $startup.port (ne $healthPort $startup.port) }} + +############################################################################## +#### ERROR: Cluster Agent startup probe misconfiguration #### +############################################################################## + +Cluster Agent readiness probe port ({{ $startup.port }}) is different from the configured health port ({{ $healthPort }}). + {{- end }} + {{- end }} + {{- if (eq (include "should-enable-cluster-check-workers" .) "true") }} {{- $healthPort := .Values.clusterChecksRunner.healthPort }} + {{- with $liveness := .Values.clusterChecksRunner.livenessProbe.httpGet }} {{- if and $liveness.port (ne $healthPort $liveness.port) }} @@ -97,6 +126,7 @@ Cluster Agent readiness probe port ({{ $readiness.port }}) is different from the Cluster Checks Runner liveness probe port ({{ $liveness.port }}) is different from the configured health port ({{ $healthPort }}). {{- end }} {{- end }} + {{- with $readiness := .Values.clusterChecksRunner.readinessProbe.httpGet }} {{- if and $readiness.port (ne $healthPort $readiness.port) }} @@ -107,6 +137,18 @@ Cluster Checks Runner liveness probe port ({{ $liveness.port }}) is different fr Cluster Checks Runner readiness probe port ({{ $readiness.port }}) is different from the configured health port ({{ $healthPort }}). {{- end }} {{- end }} + + {{- with $startup := .Values.clusterChecksRunner.startupProbe.httpGet }} + {{- if and $startup.port (ne $healthPort $startup.port) }} + +##################################################################################### +#### ERROR: Cluster Checks Runner startup probe misconfiguration #### +##################################################################################### + +Cluster Checks Runner readiness probe port ({{ $startup.port }}) is different from the configured health port ({{ $healthPort }}). + {{- end }} + {{- end }} + {{- end }} {{- end }} {{- if or .Values.datadog.apm.enabled .Values.datadog.apm.portEnabled }} diff --git a/charts/datadog/templates/_container-agent.yaml b/charts/datadog/templates/_container-agent.yaml index f19b9d2fb..787741a2c 100644 --- a/charts/datadog/templates/_container-agent.yaml +++ b/charts/datadog/templates/_container-agent.yaml @@ -330,4 +330,7 @@ readinessProbe: {{- $ready := .Values.agents.containers.agent.readinessProbe }} {{ include "probe.http" (dict "path" "/ready" "port" $healthPort "settings" $ready) | indent 4 }} + startupProbe: +{{- $startup := .Values.agents.containers.agent.startupProbe }} +{{ include "probe.http" (dict "path" "/startup" "port" $healthPort "settings" $startup) | indent 4 }} {{- end -}} diff --git a/charts/datadog/templates/agent-clusterchecks-deployment.yaml b/charts/datadog/templates/agent-clusterchecks-deployment.yaml index d845f4756..1f0442c1b 100644 --- a/charts/datadog/templates/agent-clusterchecks-deployment.yaml +++ b/charts/datadog/templates/agent-clusterchecks-deployment.yaml @@ -227,6 +227,9 @@ spec: readinessProbe: {{- $ready := .Values.clusterChecksRunner.readinessProbe }} {{ include "probe.http" (dict "settings" $ready "path" "/ready" "port" $healthPort) | indent 10 }} + startupProbe: +{{- $startup := .Values.clusterChecksRunner.startupProbe }} +{{ include "probe.http" (dict "settings" $startup "path" "/startup" "port" $healthPort) | indent 10 }} volumes: - name: installinfo configMap: diff --git a/charts/datadog/templates/cluster-agent-deployment.yaml b/charts/datadog/templates/cluster-agent-deployment.yaml index 5bca5c2de..9c1dd636a 100644 --- a/charts/datadog/templates/cluster-agent-deployment.yaml +++ b/charts/datadog/templates/cluster-agent-deployment.yaml @@ -368,6 +368,9 @@ spec: readinessProbe: {{- $ready := .Values.clusterAgent.readinessProbe }} {{ include "probe.http" (dict "path" "/ready" "port" $healthPort "settings" $ready) | indent 10 }} + startupProbe: +{{- $startup := .Values.clusterAgent.startupProbe }} +{{ include "probe.http" (dict "path" "/startup" "port" $healthPort "settings" $startup) | indent 10 }} {{- if .Values.clusterAgent.containers.clusterAgent.securityContext }} securityContext: {{ toYaml .Values.clusterAgent.containers.clusterAgent.securityContext | indent 10 }} diff --git a/charts/datadog/values.yaml b/charts/datadog/values.yaml index 7d1bed422..f470e99a8 100644 --- a/charts/datadog/values.yaml +++ b/charts/datadog/values.yaml @@ -1249,6 +1249,15 @@ clusterAgent: successThreshold: 1 failureThreshold: 6 + # clusterAgent.startupProbe -- Override default Cluster Agent startup probe settings + # @default -- Every 15s / 6 KO / 1 OK + startupProbe: + initialDelaySeconds: 15 + periodSeconds: 15 + timeoutSeconds: 5 + successThreshold: 1 + failureThreshold: 6 + # clusterAgent.strategy -- Allow the Cluster Agent deployment to perform a rolling update on helm update ## ref: https://kubernetes.io/docs/concepts/workloads/controllers/deployment/#strategy @@ -1585,6 +1594,15 @@ agents: successThreshold: 1 failureThreshold: 6 + # agents.containers.agent.startupProbe -- Override default agent startup probe settings + # @default -- Every 15s / 6 KO / 1 OK + startupProbe: + initialDelaySeconds: 15 + periodSeconds: 15 + timeoutSeconds: 5 + successThreshold: 1 + failureThreshold: 6 + # agents.containers.agent.securityContext -- Allows you to overwrite the default container SecurityContext for the agent container. securityContext: {} @@ -2028,6 +2046,23 @@ clusterChecksRunner: successThreshold: 1 failureThreshold: 6 + # clusterChecksRunner.startupProbe -- Override default agent startup probe settings + # @default -- Every 15s / 6 KO / 1 OK + + ## In case of issues with the probe, you can disable it with the + ## following values, to allow easier investigating: + # + # startupProbe: + # exec: + # command: ["/bin/true"] + # + startupProbe: + initialDelaySeconds: 15 + periodSeconds: 15 + timeoutSeconds: 5 + successThreshold: 1 + failureThreshold: 6 + # clusterChecksRunner.deploymentAnnotations -- Annotations to add to the cluster-checks-runner's Deployment deploymentAnnotations: {} # key: "value" diff --git a/test/datadog/baseline/agent-clusterchecks-deployment_default.yaml b/test/datadog/baseline/agent-clusterchecks-deployment_default.yaml index 0e95d4804..cd4e8f364 100644 --- a/test/datadog/baseline/agent-clusterchecks-deployment_default.yaml +++ b/test/datadog/baseline/agent-clusterchecks-deployment_default.yaml @@ -160,6 +160,16 @@ spec: periodSeconds: 15 successThreshold: 1 timeoutSeconds: 5 + startupProbe: + failureThreshold: 6 + httpGet: + path: /startup + port: 5557 + scheme: HTTP + initialDelaySeconds: 15 + periodSeconds: 15 + successThreshold: 1 + timeoutSeconds: 5 volumes: - name: installinfo configMap: diff --git a/test/datadog/baseline/cluster-agent-deployment_default.yaml b/test/datadog/baseline/cluster-agent-deployment_default.yaml index 38f4708d6..ba9df9dfe 100644 --- a/test/datadog/baseline/cluster-agent-deployment_default.yaml +++ b/test/datadog/baseline/cluster-agent-deployment_default.yaml @@ -189,6 +189,16 @@ spec: periodSeconds: 15 successThreshold: 1 timeoutSeconds: 5 + startupProbe: + failureThreshold: 6 + httpGet: + path: /live + port: 5556 + scheme: HTTP + initialDelaySeconds: 15 + periodSeconds: 15 + successThreshold: 1 + timeoutSeconds: 5 securityContext: allowPrivilegeEscalation: false readOnlyRootFilesystem: true diff --git a/test/datadog/baseline/cluster-agent-deployment_default_advanced_AC_injection.yaml b/test/datadog/baseline/cluster-agent-deployment_default_advanced_AC_injection.yaml index 901e59e15..1a1890181 100644 --- a/test/datadog/baseline/cluster-agent-deployment_default_advanced_AC_injection.yaml +++ b/test/datadog/baseline/cluster-agent-deployment_default_advanced_AC_injection.yaml @@ -203,6 +203,16 @@ spec: periodSeconds: 15 successThreshold: 1 timeoutSeconds: 5 + startupProbe: + failureThreshold: 6 + httpGet: + path: /startup + port: 5556 + scheme: HTTP + initialDelaySeconds: 15 + periodSeconds: 15 + successThreshold: 1 + timeoutSeconds: 5 securityContext: allowPrivilegeEscalation: false readOnlyRootFilesystem: true diff --git a/test/datadog/baseline/cluster-agent-deployment_default_minimal_AC_injection.yaml b/test/datadog/baseline/cluster-agent-deployment_default_minimal_AC_injection.yaml index fcf1542a5..fff2bd021 100644 --- a/test/datadog/baseline/cluster-agent-deployment_default_minimal_AC_injection.yaml +++ b/test/datadog/baseline/cluster-agent-deployment_default_minimal_AC_injection.yaml @@ -199,6 +199,16 @@ spec: periodSeconds: 15 successThreshold: 1 timeoutSeconds: 5 + startupProbe: + failureThreshold: 6 + httpGet: + path: /live + port: 5556 + scheme: HTTP + initialDelaySeconds: 15 + periodSeconds: 15 + successThreshold: 1 + timeoutSeconds: 5 securityContext: allowPrivilegeEscalation: false readOnlyRootFilesystem: true diff --git a/test/datadog/baseline/daemonset_default.yaml b/test/datadog/baseline/daemonset_default.yaml index 7842feb3f..c3b1b487a 100644 --- a/test/datadog/baseline/daemonset_default.yaml +++ b/test/datadog/baseline/daemonset_default.yaml @@ -181,6 +181,16 @@ spec: periodSeconds: 15 successThreshold: 1 timeoutSeconds: 5 + startupProbe: + failureThreshold: 6 + httpGet: + path: /startup + port: 5555 + scheme: HTTP + initialDelaySeconds: 15 + periodSeconds: 15 + successThreshold: 1 + timeoutSeconds: 5 - name: trace-agent image: "gcr.io/datadoghq/agent:7.54.0" imagePullPolicy: IfNotPresent diff --git a/test/datadog/baseline/other_default.yaml b/test/datadog/baseline/other_default.yaml index 65102e06d..82bee22cf 100644 --- a/test/datadog/baseline/other_default.yaml +++ b/test/datadog/baseline/other_default.yaml @@ -969,6 +969,16 @@ spec: periodSeconds: 15 successThreshold: 1 timeoutSeconds: 5 + startupProbe: + failureThreshold: 6 + httpGet: + path: /startup + port: 5555 + scheme: HTTP + initialDelaySeconds: 15 + periodSeconds: 15 + successThreshold: 1 + timeoutSeconds: 5 - name: trace-agent image: "gcr.io/datadoghq/agent:7.54.0" imagePullPolicy: IfNotPresent @@ -1437,6 +1447,16 @@ spec: periodSeconds: 15 successThreshold: 1 timeoutSeconds: 5 + startupProbe: + failureThreshold: 6 + httpGet: + path: /live + port: 5557 + scheme: HTTP + initialDelaySeconds: 15 + periodSeconds: 15 + successThreshold: 1 + timeoutSeconds: 5 volumes: - name: installinfo configMap: @@ -1647,6 +1667,16 @@ spec: periodSeconds: 15 successThreshold: 1 timeoutSeconds: 5 + startupProbe: + failureThreshold: 6 + httpGet: + path: /startup + port: 5556 + scheme: HTTP + initialDelaySeconds: 15 + periodSeconds: 15 + successThreshold: 1 + timeoutSeconds: 5 securityContext: allowPrivilegeEscalation: false readOnlyRootFilesystem: true From 9005fd0e38ca0d838e3cd274dd79acf1bf36041d Mon Sep 17 00:00:00 2001 From: Jeremy Hanna Date: Fri, 28 Jun 2024 12:06:31 -0400 Subject: [PATCH 070/209] Update fips-proxy image tag to 1.1.3 release (#1434) --- charts/datadog/CHANGELOG.md | 4 ++++ charts/datadog/Chart.yaml | 2 +- charts/datadog/README.md | 4 ++-- charts/datadog/values.yaml | 2 +- 4 files changed, 8 insertions(+), 4 deletions(-) diff --git a/charts/datadog/CHANGELOG.md b/charts/datadog/CHANGELOG.md index 280b7397d..e6eeab773 100644 --- a/charts/datadog/CHANGELOG.md +++ b/charts/datadog/CHANGELOG.md @@ -1,5 +1,9 @@ # Datadog changelog +## 3.67.1 + +* Update `fips.image.tag` to `1.1.3` + ## 3.67.0 * Add startup probe for `Agent`, `Cluster-Agent` and `Cluster-Check-Runner`. diff --git a/charts/datadog/Chart.yaml b/charts/datadog/Chart.yaml index 6498de828..9e7bcf65e 100644 --- a/charts/datadog/Chart.yaml +++ b/charts/datadog/Chart.yaml @@ -1,6 +1,6 @@ apiVersion: v1 name: datadog -version: 3.67.0 +version: 3.67.1 appVersion: "7" description: Datadog Agent keywords: diff --git a/charts/datadog/README.md b/charts/datadog/README.md index 213a74dc1..4cf7085f5 100644 --- a/charts/datadog/README.md +++ b/charts/datadog/README.md @@ -1,6 +1,6 @@ # Datadog -![Version: 3.67.0](https://img.shields.io/badge/Version-3.67.0-informational?style=flat-square) ![AppVersion: 7](https://img.shields.io/badge/AppVersion-7-informational?style=flat-square) +![Version: 3.67.1](https://img.shields.io/badge/Version-3.67.1-informational?style=flat-square) ![AppVersion: 7](https://img.shields.io/badge/AppVersion-7-informational?style=flat-square) [Datadog](https://www.datadoghq.com/) is a hosted infrastructure monitoring platform. This chart adds the Datadog Agent to all nodes in your cluster via a DaemonSet. It also optionally depends on the [kube-state-metrics chart](https://github.com/prometheus-community/helm-charts/tree/main/charts/kube-state-metrics). For more information about monitoring Kubernetes with Datadog, please refer to the [Datadog documentation website](https://docs.datadoghq.com/agent/basic_agent_usage/kubernetes/). @@ -841,7 +841,7 @@ helm install \ | fips.image.name | string | `"fips-proxy"` | | | fips.image.pullPolicy | string | `"IfNotPresent"` | Datadog the FIPS sidecar image pull policy | | fips.image.repository | string | `nil` | Override default registry + image.name for the FIPS sidecar container. | -| fips.image.tag | string | `"1.1.2"` | Define the FIPS sidecar container version to use. | +| fips.image.tag | string | `"1.1.3"` | Define the FIPS sidecar container version to use. | | fips.local_address | string | `"127.0.0.1"` | Set local IP address | | fips.port | int | `9803` | Specifies which port is used by the containers to communicate to the FIPS sidecar. | | fips.portRange | int | `15` | Specifies the number of ports used, defaults to 13 https://github.com/DataDog/datadog-agent/blob/7.44.x/pkg/config/config.go#L1564-L1577 | diff --git a/charts/datadog/values.yaml b/charts/datadog/values.yaml index f470e99a8..d7e14114a 100644 --- a/charts/datadog/values.yaml +++ b/charts/datadog/values.yaml @@ -1385,7 +1385,7 @@ fips: name: fips-proxy # fips.image.tag -- Define the FIPS sidecar container version to use. - tag: 1.1.2 + tag: 1.1.3 # fips.image.pullPolicy -- Datadog the FIPS sidecar image pull policy pullPolicy: IfNotPresent From 70ffaebd96585236ed9a344f33e9ce9b0123d556 Mon Sep 17 00:00:00 2001 From: bagnaram <11695670+bagnaram@users.noreply.github.com> Date: Mon, 1 Jul 2024 12:27:08 -0500 Subject: [PATCH 071/209] DD PL: add DNS policy (#1426) * DD PL: add DNS policy * Update charts/synthetics-private-location/templates/deployment.yaml Co-authored-by: Adam Johnson <6908366+nhyne@users.noreply.github.com> --------- Co-authored-by: Adam Johnson <6908366+nhyne@users.noreply.github.com> --- charts/synthetics-private-location/CHANGELOG.md | 4 ++++ charts/synthetics-private-location/Chart.yaml | 2 +- charts/synthetics-private-location/README.md | 3 ++- charts/synthetics-private-location/templates/deployment.yaml | 4 ++++ charts/synthetics-private-location/values.yaml | 2 ++ 5 files changed, 13 insertions(+), 2 deletions(-) diff --git a/charts/synthetics-private-location/CHANGELOG.md b/charts/synthetics-private-location/CHANGELOG.md index eefb21d1d..a5d6cfb53 100644 --- a/charts/synthetics-private-location/CHANGELOG.md +++ b/charts/synthetics-private-location/CHANGELOG.md @@ -1,5 +1,9 @@ # Datadog changelog +## 0.16.3 + +* Add dnsConfig to DD private location Pod + ## 0.16.2 * Update private location image version to `1.48.0`. diff --git a/charts/synthetics-private-location/Chart.yaml b/charts/synthetics-private-location/Chart.yaml index 38bdb4060..2e5eb7260 100644 --- a/charts/synthetics-private-location/Chart.yaml +++ b/charts/synthetics-private-location/Chart.yaml @@ -1,6 +1,6 @@ apiVersion: v2 name: synthetics-private-location -version: 0.16.2 +version: 0.16.3 appVersion: 1.48.0 description: Datadog Synthetics Private Location keywords: diff --git a/charts/synthetics-private-location/README.md b/charts/synthetics-private-location/README.md index c1954cbb9..5ac2aceea 100644 --- a/charts/synthetics-private-location/README.md +++ b/charts/synthetics-private-location/README.md @@ -1,6 +1,6 @@ # Datadog Synthetics Private Location -![Version: 0.16.2](https://img.shields.io/badge/Version-0.16.2-informational?style=flat-square) ![AppVersion: 1.48.0](https://img.shields.io/badge/AppVersion-1.48.0-informational?style=flat-square) +![Version: 0.16.3](https://img.shields.io/badge/Version-0.16.3-informational?style=flat-square) ![AppVersion: 1.48.0](https://img.shields.io/badge/AppVersion-1.48.0-informational?style=flat-square) [Datadog](https://www.datadoghq.com/) is a hosted infrastructure monitoring platform. This chart adds a Datadog Synthetics Private Location Deployment. For more information about synthetics monitoring with Datadog, please refer to the [Datadog documentation website](https://docs.datadoghq.com/synthetics/private_locations/?tab=helmchart). @@ -30,6 +30,7 @@ helm install datadog/synthetics-private-location --set-file confi | configConfigMap | string | `""` | Config Map that stores the configuration of the private location worker for the deployment | | configFile | string | `"{}"` | JSON string containing the configuration of the private location worker | | configSecret | string | `""` | Name of the secret that stores the configuration of the private location worker for the deployment. Use it only if you want to manage the secret outside of the Helm chart as using `configFile` will create a secret. The `data` inside the secret needs to have the key `synthetics-check-runner.json`. | +| dnsConfig | object | `{}` | DNS Config to set to the Datadog Synthetics Private Location PODs | | dnsPolicy | string | `"ClusterFirst"` | DNS Policy to set to the Datadog Synthetics Private Location PODs | | enableStatusProbes | bool | `false` | Enable both liveness and readiness probes (minimal private location image version required: 1.12.0) | | env | list | `[]` | Set environment variables | diff --git a/charts/synthetics-private-location/templates/deployment.yaml b/charts/synthetics-private-location/templates/deployment.yaml index 131754cb8..8a6115cf7 100644 --- a/charts/synthetics-private-location/templates/deployment.yaml +++ b/charts/synthetics-private-location/templates/deployment.yaml @@ -24,6 +24,10 @@ spec: {{ if .Values.dnsPolicy }} dnsPolicy: {{ .Values.dnsPolicy}} {{ end }} + {{- with .Values.dnsConfig }} + dnsConfig: + {{- toYaml . | nindent 8 }} + {{- end }} {{- if .Values.priorityClassName }} priorityClassName: {{ .Values.priorityClassName }} {{- end }} diff --git a/charts/synthetics-private-location/values.yaml b/charts/synthetics-private-location/values.yaml index 8e5412bf1..bdd242407 100644 --- a/charts/synthetics-private-location/values.yaml +++ b/charts/synthetics-private-location/values.yaml @@ -19,6 +19,8 @@ image: # dnsPolicy -- DNS Policy to set to the Datadog Synthetics Private Location PODs dnsPolicy: ClusterFirst +# dnsConfig -- DNS Config to set to the Datadog Synthetics Private Location PODs +dnsConfig: {} # imagePullSecrets -- Datadog Synthetics Private Location repository pullSecret (ex: specify docker registry credentials) imagePullSecrets: [] From 82a80fdacd088d22361b248fbe559142e1f5114f Mon Sep 17 00:00:00 2001 From: levan-m <116471169+levan-m@users.noreply.github.com> Date: Tue, 2 Jul 2024 10:08:02 -0400 Subject: [PATCH 072/209] Add Kubernetes 1.30 to Operator integ test (#1435) --- .github/workflows/go-test.yaml | 1 + 1 file changed, 1 insertion(+) diff --git a/.github/workflows/go-test.yaml b/.github/workflows/go-test.yaml index 28dbbd836..1b17bd990 100644 --- a/.github/workflows/go-test.yaml +++ b/.github/workflows/go-test.yaml @@ -49,6 +49,7 @@ jobs: - v1.27.3 - v1.28.7 - v1.29.2 + - v1.30.0 steps: - name: Checkout uses: actions/checkout@v3 From 72ff538f6826c19d9bd69ec763602413552a4b5f Mon Sep 17 00:00:00 2001 From: Celene Date: Tue, 2 Jul 2024 10:35:47 -0400 Subject: [PATCH 073/209] [datadog-operator] deprecate webhook flag (#1438) * [datadog-operator] deprecate webhook * update chart version * update tests --- charts/datadog-operator/CHANGELOG.md | 4 + charts/datadog-operator/Chart.yaml | 2 +- charts/datadog-operator/README.md | 2 +- .../templates/deployment.yaml | 4 +- charts/datadog-operator/values.yaml | 2 + .../baseline/Operator_Deployment_default.yaml | 3 +- .../Operator_Deployment_with_certManager.yaml | 3 +- .../operator_deployment_test.go | 6 +- ...gent-clusterchecks-deployment_default.yaml | 6 +- .../cluster-agent-deployment_default.yaml | 12 +-- ...loyment_default_advanced_AC_injection.yaml | 10 +-- ...ployment_default_minimal_AC_injection.yaml | 12 +-- test/datadog/baseline/daemonset_default.yaml | 6 +- test/datadog/baseline/other_default.yaml | 86 +++++++++---------- 14 files changed, 80 insertions(+), 78 deletions(-) diff --git a/charts/datadog-operator/CHANGELOG.md b/charts/datadog-operator/CHANGELOG.md index 3e2358e4d..30e9414a1 100644 --- a/charts/datadog-operator/CHANGELOG.md +++ b/charts/datadog-operator/CHANGELOG.md @@ -1,5 +1,9 @@ # Changelog +## 1.8.2 + +* Deprecate `webhookEnabled` flag for 1.7.0. + ## 1.8.1 * Configure tool version. diff --git a/charts/datadog-operator/Chart.yaml b/charts/datadog-operator/Chart.yaml index 7893e07b7..3fe79b35d 100644 --- a/charts/datadog-operator/Chart.yaml +++ b/charts/datadog-operator/Chart.yaml @@ -1,6 +1,6 @@ apiVersion: v2 name: datadog-operator -version: 1.8.1 +version: 1.8.2 appVersion: 1.7.0 description: Datadog Operator keywords: diff --git a/charts/datadog-operator/README.md b/charts/datadog-operator/README.md index f3caacfbc..730bd0d32 100644 --- a/charts/datadog-operator/README.md +++ b/charts/datadog-operator/README.md @@ -1,6 +1,6 @@ # Datadog Operator -![Version: 1.8.1](https://img.shields.io/badge/Version-1.8.1-informational?style=flat-square) ![AppVersion: 1.7.0](https://img.shields.io/badge/AppVersion-1.7.0-informational?style=flat-square) +![Version: 1.8.2](https://img.shields.io/badge/Version-1.8.2-informational?style=flat-square) ![AppVersion: 1.7.0](https://img.shields.io/badge/AppVersion-1.7.0-informational?style=flat-square) ## Values diff --git a/charts/datadog-operator/templates/deployment.yaml b/charts/datadog-operator/templates/deployment.yaml index ab52e0741..b22ab2921 100644 --- a/charts/datadog-operator/templates/deployment.yaml +++ b/charts/datadog-operator/templates/deployment.yaml @@ -102,10 +102,8 @@ spec: - "-metrics-addr=:{{ .Values.metricsPort }}" - "-loglevel={{ .Values.logLevel }}" - "-operatorMetricsEnabled={{ .Values.operatorMetricsEnabled }}" - {{- if and (not (empty .Values.datadogCRDs.migration.datadogAgents.conversionWebhook.enabled)) (semverCompare ">=1.0.0-0" .Values.image.tag ) }} + {{- if and (not (empty .Values.datadogCRDs.migration.datadogAgents.conversionWebhook.enabled)) (semverCompare ">=1.0.0-0" .Values.image.tag ) (semverCompare "<1.7.0-0" .Values.image.tag ) }} - "-webhookEnabled={{ .Values.datadogCRDs.migration.datadogAgents.conversionWebhook.enabled }}" - {{- else }} - - "-webhookEnabled=false" {{- end }} {{- if .Values.secretBackend.command }} - "-secretBackendCommand={{ .Values.secretBackend.command }}" diff --git a/charts/datadog-operator/values.yaml b/charts/datadog-operator/values.yaml index df136809e..17ce4a24f 100644 --- a/charts/datadog-operator/values.yaml +++ b/charts/datadog-operator/values.yaml @@ -135,6 +135,8 @@ datadogCRDs: datadogMonitors: true # datadogCRDs.crds.datadogSLOs -- Set to true to deploy the DatadogSLO CRD datadogSLOs: false + + # v1alpha1 to v2alpha1 CRD conversion is deprecated in v1.7.0 migration: datadogAgents: conversionWebhook: diff --git a/test/datadog-operator/baseline/Operator_Deployment_default.yaml b/test/datadog-operator/baseline/Operator_Deployment_default.yaml index 1dc054626..93916c131 100644 --- a/test/datadog-operator/baseline/Operator_Deployment_default.yaml +++ b/test/datadog-operator/baseline/Operator_Deployment_default.yaml @@ -7,7 +7,7 @@ metadata: namespace: datadog-agent labels: app.kubernetes.io/name: datadog-operator - helm.sh/chart: datadog-operator-1.8.1 + helm.sh/chart: datadog-operator-1.8.2 app.kubernetes.io/instance: datadog-operator app.kubernetes.io/version: "1.7.0" app.kubernetes.io/managed-by: Helm @@ -54,7 +54,6 @@ spec: - "-metrics-addr=:8383" - "-loglevel=info" - "-operatorMetricsEnabled=true" - - "-webhookEnabled=false" - "-introspectionEnabled=false" - "-datadogAgentProfileEnabled=false" - "-datadogMonitorEnabled=false" diff --git a/test/datadog-operator/baseline/Operator_Deployment_with_certManager.yaml b/test/datadog-operator/baseline/Operator_Deployment_with_certManager.yaml index 9c56c98e1..994918129 100644 --- a/test/datadog-operator/baseline/Operator_Deployment_with_certManager.yaml +++ b/test/datadog-operator/baseline/Operator_Deployment_with_certManager.yaml @@ -7,7 +7,7 @@ metadata: namespace: datadog-agent labels: app.kubernetes.io/name: datadog-operator - helm.sh/chart: datadog-operator-1.8.1 + helm.sh/chart: datadog-operator-1.8.2 app.kubernetes.io/instance: datadog-operator app.kubernetes.io/version: "1.7.0" app.kubernetes.io/managed-by: Helm @@ -54,7 +54,6 @@ spec: - "-metrics-addr=:8383" - "-loglevel=info" - "-operatorMetricsEnabled=true" - - "-webhookEnabled=true" - "-introspectionEnabled=false" - "-datadogAgentProfileEnabled=false" - "-datadogMonitorEnabled=false" diff --git a/test/datadog-operator/operator_deployment_test.go b/test/datadog-operator/operator_deployment_test.go index f249ce9aa..eb59e42c2 100644 --- a/test/datadog-operator/operator_deployment_test.go +++ b/test/datadog-operator/operator_deployment_test.go @@ -132,7 +132,7 @@ func verifyDeployment(t *testing.T, manifest string) { operatorContainer := deployment.Spec.Template.Spec.Containers[0] assert.Equal(t, v1.PullPolicy("IfNotPresent"), operatorContainer.ImagePullPolicy) assert.Equal(t, "gcr.io/datadoghq/operator:1.7.0", operatorContainer.Image) - assert.Contains(t, operatorContainer.Args, "-webhookEnabled=false") + assert.NotContains(t, operatorContainer.Args, "-webhookEnabled=false") } func verifyDeploymentCertSecretName(t *testing.T, manifest string) { @@ -155,14 +155,14 @@ func verifyConversionWebhookEnabledTrue(t *testing.T, manifest string) { var deployment appsv1.Deployment common.Unmarshal(t, manifest, &deployment) operatorContainer := deployment.Spec.Template.Spec.Containers[0] - assert.Contains(t, operatorContainer.Args, "-webhookEnabled=true") + assert.NotContains(t, operatorContainer.Args, "-webhookEnabled=true") } func verifyConversionWebhookEnabledFalse(t *testing.T, manifest string) { var deployment appsv1.Deployment common.Unmarshal(t, manifest, &deployment) operatorContainer := deployment.Spec.Template.Spec.Containers[0] - assert.Contains(t, operatorContainer.Args, "-webhookEnabled=false") + assert.NotContains(t, operatorContainer.Args, "-webhookEnabled=false") } func verifyAll(t *testing.T, manifest string) { diff --git a/test/datadog/baseline/agent-clusterchecks-deployment_default.yaml b/test/datadog/baseline/agent-clusterchecks-deployment_default.yaml index cd4e8f364..cf3765eb8 100644 --- a/test/datadog/baseline/agent-clusterchecks-deployment_default.yaml +++ b/test/datadog/baseline/agent-clusterchecks-deployment_default.yaml @@ -6,7 +6,7 @@ metadata: name: datadog-clusterchecks namespace: datadog-agent labels: - helm.sh/chart: 'datadog-3.66.0' + helm.sh/chart: 'datadog-3.67.1' app.kubernetes.io/name: "datadog" app.kubernetes.io/instance: "datadog" app.kubernetes.io/managed-by: Helm @@ -36,8 +36,8 @@ spec: name: datadog-clusterchecks annotations: - checksum/clusteragent_token: 3459e971a8ca6563795d449c569bef1d0cb8d8038bb60cc2ca805b61c2f2db26 - checksum/install_info: 4b7ec9616456fc79cafc6e8f64bda4671d2b86f7e48196ab808e5edc4d2e42b8 + checksum/clusteragent_token: 069db2ec698bcaa67b89f1c9f4c2bde19524fc27f5ff38e48ddd50a7396c1deb + checksum/install_info: 1cd47b2b7692889d599ad2357593b299f57b541f4c1b30a509b656426a673a81 spec: serviceAccountName: datadog-cluster-checks automountServiceAccountToken: true diff --git a/test/datadog/baseline/cluster-agent-deployment_default.yaml b/test/datadog/baseline/cluster-agent-deployment_default.yaml index ba9df9dfe..4081f1184 100644 --- a/test/datadog/baseline/cluster-agent-deployment_default.yaml +++ b/test/datadog/baseline/cluster-agent-deployment_default.yaml @@ -6,7 +6,7 @@ metadata: name: datadog-cluster-agent namespace: datadog-agent labels: - helm.sh/chart: 'datadog-3.66.0' + helm.sh/chart: 'datadog-3.67.1' app.kubernetes.io/name: "datadog" app.kubernetes.io/instance: "datadog" app.kubernetes.io/managed-by: Helm @@ -36,11 +36,11 @@ spec: name: datadog-cluster-agent annotations: - checksum/clusteragent_token: 4122a08135d1943b564119d27d6f9815b3323c3646663257d7dd24962e6df266 - checksum/clusteragent-configmap: 80a9c13662500ea03119b6b8dda56d052531ff50d984e940ea12154216366835 - checksum/api_key: 2ef8b628066c8d58e91d72385732a044c160dd44704d385170e2b045d98e05f7 + checksum/clusteragent_token: ae5af2b02cd4118071f87616925f9e9e40d0538d839c48ec1b5fac59891ff5f0 + checksum/clusteragent-configmap: a1e9c6d1f6172ad93ca80c0147d290e062884cc9b382704c810a69558b8ffbb0 + checksum/api_key: 699863a8973b857c1696d886d81b3ce41de19c2150137633920651fc82f50138 checksum/application_key: 01ba4719c80b6fe911b091a7c05124b64eeece964e09c058ef8f9805daca546b - checksum/install_info: 4b7ec9616456fc79cafc6e8f64bda4671d2b86f7e48196ab808e5edc4d2e42b8 + checksum/install_info: 1cd47b2b7692889d599ad2357593b299f57b541f4c1b30a509b656426a673a81 spec: serviceAccountName: datadog-cluster-agent automountServiceAccountToken: true @@ -192,7 +192,7 @@ spec: startupProbe: failureThreshold: 6 httpGet: - path: /live + path: /startup port: 5556 scheme: HTTP initialDelaySeconds: 15 diff --git a/test/datadog/baseline/cluster-agent-deployment_default_advanced_AC_injection.yaml b/test/datadog/baseline/cluster-agent-deployment_default_advanced_AC_injection.yaml index 1a1890181..ac8da5676 100644 --- a/test/datadog/baseline/cluster-agent-deployment_default_advanced_AC_injection.yaml +++ b/test/datadog/baseline/cluster-agent-deployment_default_advanced_AC_injection.yaml @@ -6,7 +6,7 @@ metadata: name: datadog-cluster-agent namespace: datadog-agent labels: - helm.sh/chart: 'datadog-3.66.0' + helm.sh/chart: 'datadog-3.67.1' app.kubernetes.io/name: "datadog" app.kubernetes.io/instance: "datadog" app.kubernetes.io/managed-by: Helm @@ -36,11 +36,11 @@ spec: name: datadog-cluster-agent annotations: - checksum/clusteragent_token: 3866496aa7bdfa37da999d8aee1996caa9abfa70b312ecd5438a3b03134b1ec6 - checksum/clusteragent-configmap: 80a9c13662500ea03119b6b8dda56d052531ff50d984e940ea12154216366835 - checksum/api_key: 2ef8b628066c8d58e91d72385732a044c160dd44704d385170e2b045d98e05f7 + checksum/clusteragent_token: 1a7cb90befea2491d1c6a8130d6f68c95df649ec39130082be46fa51a4a7649f + checksum/clusteragent-configmap: a1e9c6d1f6172ad93ca80c0147d290e062884cc9b382704c810a69558b8ffbb0 + checksum/api_key: 699863a8973b857c1696d886d81b3ce41de19c2150137633920651fc82f50138 checksum/application_key: 01ba4719c80b6fe911b091a7c05124b64eeece964e09c058ef8f9805daca546b - checksum/install_info: 4b7ec9616456fc79cafc6e8f64bda4671d2b86f7e48196ab808e5edc4d2e42b8 + checksum/install_info: 1cd47b2b7692889d599ad2357593b299f57b541f4c1b30a509b656426a673a81 spec: serviceAccountName: datadog-cluster-agent automountServiceAccountToken: true diff --git a/test/datadog/baseline/cluster-agent-deployment_default_minimal_AC_injection.yaml b/test/datadog/baseline/cluster-agent-deployment_default_minimal_AC_injection.yaml index fff2bd021..a4b925370 100644 --- a/test/datadog/baseline/cluster-agent-deployment_default_minimal_AC_injection.yaml +++ b/test/datadog/baseline/cluster-agent-deployment_default_minimal_AC_injection.yaml @@ -6,7 +6,7 @@ metadata: name: datadog-cluster-agent namespace: datadog-agent labels: - helm.sh/chart: 'datadog-3.66.0' + helm.sh/chart: 'datadog-3.67.1' app.kubernetes.io/name: "datadog" app.kubernetes.io/instance: "datadog" app.kubernetes.io/managed-by: Helm @@ -36,11 +36,11 @@ spec: name: datadog-cluster-agent annotations: - checksum/clusteragent_token: da0754a7afd92073e09fdd53304b8a3f73d07f26c41f56de654dae7863400d33 - checksum/clusteragent-configmap: 80a9c13662500ea03119b6b8dda56d052531ff50d984e940ea12154216366835 - checksum/api_key: 2ef8b628066c8d58e91d72385732a044c160dd44704d385170e2b045d98e05f7 + checksum/clusteragent_token: 5713aa2056d9abb340e2aa850d5965658427ed7ec23832dc9585cd72e645f82e + checksum/clusteragent-configmap: a1e9c6d1f6172ad93ca80c0147d290e062884cc9b382704c810a69558b8ffbb0 + checksum/api_key: 699863a8973b857c1696d886d81b3ce41de19c2150137633920651fc82f50138 checksum/application_key: 01ba4719c80b6fe911b091a7c05124b64eeece964e09c058ef8f9805daca546b - checksum/install_info: 4b7ec9616456fc79cafc6e8f64bda4671d2b86f7e48196ab808e5edc4d2e42b8 + checksum/install_info: 1cd47b2b7692889d599ad2357593b299f57b541f4c1b30a509b656426a673a81 spec: serviceAccountName: datadog-cluster-agent automountServiceAccountToken: true @@ -202,7 +202,7 @@ spec: startupProbe: failureThreshold: 6 httpGet: - path: /live + path: /startup port: 5556 scheme: HTTP initialDelaySeconds: 15 diff --git a/test/datadog/baseline/daemonset_default.yaml b/test/datadog/baseline/daemonset_default.yaml index c3b1b487a..9a4cdb9a3 100644 --- a/test/datadog/baseline/daemonset_default.yaml +++ b/test/datadog/baseline/daemonset_default.yaml @@ -6,7 +6,7 @@ metadata: name: datadog namespace: datadog-agent labels: - helm.sh/chart: 'datadog-3.66.0' + helm.sh/chart: 'datadog-3.67.1' app.kubernetes.io/name: "datadog" app.kubernetes.io/instance: "datadog" app.kubernetes.io/managed-by: Helm @@ -30,8 +30,8 @@ spec: name: datadog annotations: - checksum/clusteragent_token: 6f8939afb1a8bca4c40c75a43a7e0b7995b0832814af2ba85a32bd891f20d0c6 - checksum/install_info: 4b7ec9616456fc79cafc6e8f64bda4671d2b86f7e48196ab808e5edc4d2e42b8 + checksum/clusteragent_token: 8e025d9856e7b47c2c097e03a08497c52f658409cd8ef3c1c82f812e616a9e75 + checksum/install_info: 1cd47b2b7692889d599ad2357593b299f57b541f4c1b30a509b656426a673a81 checksum/autoconf-config: 74234e98afe7498fb5daf1f36ac2d78acc339464f950703b8c019892f982b90b checksum/confd-config: 44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a checksum/checksd-config: 44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a diff --git a/test/datadog/baseline/other_default.yaml b/test/datadog/baseline/other_default.yaml index 82bee22cf..d1804b6c6 100644 --- a/test/datadog/baseline/other_default.yaml +++ b/test/datadog/baseline/other_default.yaml @@ -6,7 +6,7 @@ metadata: name: datadog-clusterchecks namespace: datadog-agent labels: - helm.sh/chart: 'datadog-3.66.0' + helm.sh/chart: 'datadog-3.67.1' app.kubernetes.io/name: "datadog" app.kubernetes.io/instance: "datadog" app.kubernetes.io/managed-by: Helm @@ -24,7 +24,7 @@ metadata: name: datadog-cluster-agent namespace: datadog-agent labels: - helm.sh/chart: 'datadog-3.66.0' + helm.sh/chart: 'datadog-3.67.1' app.kubernetes.io/name: "datadog" app.kubernetes.io/instance: "datadog" app.kubernetes.io/managed-by: Helm @@ -41,13 +41,13 @@ kind: ServiceAccount automountServiceAccountToken: true metadata: labels: - helm.sh/chart: 'datadog-3.66.0' + helm.sh/chart: 'datadog-3.67.1' app.kubernetes.io/name: "datadog" app.kubernetes.io/instance: "datadog" app.kubernetes.io/managed-by: Helm app.kubernetes.io/version: "7" app: "datadog" - chart: "datadog-3.66.0" + chart: "datadog-3.67.1" heritage: "Helm" release: "datadog" name: datadog-cluster-checks @@ -60,10 +60,10 @@ automountServiceAccountToken: true metadata: labels: app: "datadog" - chart: "datadog-3.66.0" + chart: "datadog-3.67.1" heritage: "Helm" release: "datadog" - helm.sh/chart: 'datadog-3.66.0' + helm.sh/chart: 'datadog-3.67.1' app.kubernetes.io/name: "datadog" app.kubernetes.io/instance: "datadog" app.kubernetes.io/managed-by: Helm @@ -79,7 +79,7 @@ metadata: name: datadog namespace: datadog-agent labels: - helm.sh/chart: 'datadog-3.66.0' + helm.sh/chart: 'datadog-3.67.1' app.kubernetes.io/name: "datadog" app.kubernetes.io/instance: "datadog" app.kubernetes.io/managed-by: Helm @@ -92,14 +92,14 @@ metadata: name: datadog-cluster-agent namespace: datadog-agent labels: - helm.sh/chart: 'datadog-3.66.0' + helm.sh/chart: 'datadog-3.67.1' app.kubernetes.io/name: "datadog" app.kubernetes.io/instance: "datadog" app.kubernetes.io/managed-by: Helm app.kubernetes.io/version: "7" type: Opaque data: - token: "QWc0RHFMaWI0bEtnQUV6bmRJZXFoNUVqNXZqVUhSWlU=" + token: "SEpYaDg2aGVaRGxQMXZwQmtpbFF3N2dhMVBxalBkbDg=" --- # Source: datadog/templates/cluster-agent-confd-configmap.yaml apiVersion: v1 @@ -108,7 +108,7 @@ metadata: name: datadog-cluster-agent-confd namespace: datadog-agent labels: - helm.sh/chart: 'datadog-3.66.0' + helm.sh/chart: 'datadog-3.67.1' app.kubernetes.io/name: "datadog" app.kubernetes.io/instance: "datadog" app.kubernetes.io/managed-by: Helm @@ -157,20 +157,20 @@ metadata: name: datadog-installinfo namespace: datadog-agent labels: - helm.sh/chart: 'datadog-3.66.0' + helm.sh/chart: 'datadog-3.67.1' app.kubernetes.io/name: "datadog" app.kubernetes.io/instance: "datadog" app.kubernetes.io/managed-by: Helm app.kubernetes.io/version: "7" annotations: - checksum/install_info: 4b7ec9616456fc79cafc6e8f64bda4671d2b86f7e48196ab808e5edc4d2e42b8 + checksum/install_info: 1cd47b2b7692889d599ad2357593b299f57b541f4c1b30a509b656426a673a81 data: install_info: | --- install_method: tool: helm tool_version: Helm - installer_version: datadog-3.66.0 + installer_version: datadog-3.67.1 --- # Source: datadog/templates/kpi-telemetry-configmap.yaml apiVersion: v1 @@ -179,22 +179,22 @@ metadata: name: datadog-kpi-telemetry-configmap namespace: datadog-agent labels: - helm.sh/chart: 'datadog-3.66.0' + helm.sh/chart: 'datadog-3.67.1' app.kubernetes.io/name: "datadog" app.kubernetes.io/instance: "datadog" app.kubernetes.io/managed-by: Helm app.kubernetes.io/version: "7" data: install_type: k8s_manual - install_id: "3120a1cd-f8ce-4480-a24e-c28ed115ee41" - install_time: "1718641163" + install_id: "75d14d26-3a27-48a2-a15e-19dc24ff26cd" + install_time: "1719929668" --- # Source: datadog/templates/cluster-agent-rbac.yaml apiVersion: "rbac.authorization.k8s.io/v1" kind: ClusterRole metadata: labels: - helm.sh/chart: 'datadog-3.66.0' + helm.sh/chart: 'datadog-3.67.1' app.kubernetes.io/name: "datadog" app.kubernetes.io/instance: "datadog" app.kubernetes.io/managed-by: Helm @@ -409,7 +409,7 @@ apiVersion: "rbac.authorization.k8s.io/v1" kind: ClusterRole metadata: labels: - helm.sh/chart: 'datadog-3.66.0' + helm.sh/chart: 'datadog-3.67.1' app.kubernetes.io/name: "datadog" app.kubernetes.io/instance: "datadog" app.kubernetes.io/managed-by: Helm @@ -505,7 +505,7 @@ kind: ClusterRole metadata: name: datadog labels: - helm.sh/chart: 'datadog-3.66.0' + helm.sh/chart: 'datadog-3.67.1' app.kubernetes.io/name: "datadog" app.kubernetes.io/instance: "datadog" app.kubernetes.io/managed-by: Helm @@ -553,7 +553,7 @@ apiVersion: "rbac.authorization.k8s.io/v1" kind: ClusterRoleBinding metadata: labels: - helm.sh/chart: 'datadog-3.66.0' + helm.sh/chart: 'datadog-3.67.1' app.kubernetes.io/name: "datadog" app.kubernetes.io/instance: "datadog" app.kubernetes.io/managed-by: Helm @@ -573,7 +573,7 @@ apiVersion: "rbac.authorization.k8s.io/v1" kind: ClusterRoleBinding metadata: labels: - helm.sh/chart: 'datadog-3.66.0' + helm.sh/chart: 'datadog-3.67.1' app.kubernetes.io/name: "datadog" app.kubernetes.io/instance: "datadog" app.kubernetes.io/managed-by: Helm @@ -593,7 +593,7 @@ apiVersion: "rbac.authorization.k8s.io/v1" kind: ClusterRoleBinding metadata: labels: - helm.sh/chart: 'datadog-3.66.0' + helm.sh/chart: 'datadog-3.67.1' app.kubernetes.io/name: "datadog" app.kubernetes.io/instance: "datadog" app.kubernetes.io/managed-by: Helm @@ -614,7 +614,7 @@ kind: ClusterRoleBinding metadata: name: datadog labels: - helm.sh/chart: 'datadog-3.66.0' + helm.sh/chart: 'datadog-3.67.1' app.kubernetes.io/name: "datadog" app.kubernetes.io/instance: "datadog" app.kubernetes.io/managed-by: Helm @@ -633,7 +633,7 @@ apiVersion: "rbac.authorization.k8s.io/v1" kind: Role metadata: labels: - helm.sh/chart: 'datadog-3.66.0' + helm.sh/chart: 'datadog-3.67.1' app.kubernetes.io/name: "datadog" app.kubernetes.io/instance: "datadog" app.kubernetes.io/managed-by: Helm @@ -650,7 +650,7 @@ apiVersion: "rbac.authorization.k8s.io/v1" kind: Role metadata: labels: - helm.sh/chart: 'datadog-3.66.0' + helm.sh/chart: 'datadog-3.67.1' app.kubernetes.io/name: "datadog" app.kubernetes.io/instance: "datadog" app.kubernetes.io/managed-by: Helm @@ -672,7 +672,7 @@ apiVersion: "rbac.authorization.k8s.io/v1" kind: RoleBinding metadata: labels: - helm.sh/chart: 'datadog-3.66.0' + helm.sh/chart: 'datadog-3.67.1' app.kubernetes.io/name: "datadog" app.kubernetes.io/instance: "datadog" app.kubernetes.io/managed-by: Helm @@ -693,7 +693,7 @@ apiVersion: "rbac.authorization.k8s.io/v1" kind: RoleBinding metadata: labels: - helm.sh/chart: 'datadog-3.66.0' + helm.sh/chart: 'datadog-3.67.1' app.kubernetes.io/name: "datadog" app.kubernetes.io/instance: "datadog" app.kubernetes.io/managed-by: Helm @@ -716,7 +716,7 @@ metadata: name: datadog-cluster-agent namespace: datadog-agent labels: - helm.sh/chart: 'datadog-3.66.0' + helm.sh/chart: 'datadog-3.67.1' app.kubernetes.io/name: "datadog" app.kubernetes.io/instance: "datadog" app.kubernetes.io/managed-by: Helm @@ -738,10 +738,10 @@ metadata: namespace: datadog-agent labels: app: "datadog" - chart: "datadog-3.66.0" + chart: "datadog-3.67.1" release: "datadog" heritage: "Helm" - helm.sh/chart: 'datadog-3.66.0' + helm.sh/chart: 'datadog-3.67.1' app.kubernetes.io/name: "datadog" app.kubernetes.io/instance: "datadog" app.kubernetes.io/managed-by: Helm @@ -764,10 +764,10 @@ metadata: namespace: datadog-agent labels: app: "datadog" - chart: "datadog-3.66.0" + chart: "datadog-3.67.1" release: "datadog" heritage: "Helm" - helm.sh/chart: 'datadog-3.66.0' + helm.sh/chart: 'datadog-3.67.1' app.kubernetes.io/name: "datadog" app.kubernetes.io/instance: "datadog" app.kubernetes.io/managed-by: Helm @@ -793,7 +793,7 @@ metadata: name: datadog namespace: datadog-agent labels: - helm.sh/chart: 'datadog-3.66.0' + helm.sh/chart: 'datadog-3.67.1' app.kubernetes.io/name: "datadog" app.kubernetes.io/instance: "datadog" app.kubernetes.io/managed-by: Helm @@ -817,8 +817,8 @@ spec: name: datadog annotations: - checksum/clusteragent_token: e12e2eb2a4be1f1b8a29859f60fc96c130a9a5948f151b31dc43aeb993333ba3 - checksum/install_info: 4b7ec9616456fc79cafc6e8f64bda4671d2b86f7e48196ab808e5edc4d2e42b8 + checksum/clusteragent_token: 5e3bcaa1abe5a4446d86f353dc66b076d2d91355fc30e40a0edb3085578bf818 + checksum/install_info: 1cd47b2b7692889d599ad2357593b299f57b541f4c1b30a509b656426a673a81 checksum/autoconf-config: 74234e98afe7498fb5daf1f36ac2d78acc339464f950703b8c019892f982b90b checksum/confd-config: 44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a checksum/checksd-config: 44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a @@ -1293,7 +1293,7 @@ metadata: name: datadog-clusterchecks namespace: datadog-agent labels: - helm.sh/chart: 'datadog-3.66.0' + helm.sh/chart: 'datadog-3.67.1' app.kubernetes.io/name: "datadog" app.kubernetes.io/instance: "datadog" app.kubernetes.io/managed-by: Helm @@ -1323,8 +1323,8 @@ spec: name: datadog-clusterchecks annotations: - checksum/clusteragent_token: 0a20b03220af60fbb374c64b77fea29760e35efce754ee9f67534c48259a378a - checksum/install_info: 4b7ec9616456fc79cafc6e8f64bda4671d2b86f7e48196ab808e5edc4d2e42b8 + checksum/clusteragent_token: d1c635a8c97cb19250c65ef2c3ecf58f93c4a71427db8b52b62e21f25aacc218 + checksum/install_info: 1cd47b2b7692889d599ad2357593b299f57b541f4c1b30a509b656426a673a81 spec: serviceAccountName: datadog-cluster-checks automountServiceAccountToken: true @@ -1450,7 +1450,7 @@ spec: startupProbe: failureThreshold: 6 httpGet: - path: /live + path: /startup port: 5557 scheme: HTTP initialDelaySeconds: 15 @@ -1484,7 +1484,7 @@ metadata: name: datadog-cluster-agent namespace: datadog-agent labels: - helm.sh/chart: 'datadog-3.66.0' + helm.sh/chart: 'datadog-3.67.1' app.kubernetes.io/name: "datadog" app.kubernetes.io/instance: "datadog" app.kubernetes.io/managed-by: Helm @@ -1514,9 +1514,9 @@ spec: name: datadog-cluster-agent annotations: - checksum/clusteragent_token: f89f726a8377f719975f1938011cad0013d557f9eda2b2c366a8f173d1481541 - checksum/clusteragent-configmap: 55c5054d57dfce4e0394edaea52e4a1812a89b51feeace892f9ca30f98785450 - checksum/install_info: 4b7ec9616456fc79cafc6e8f64bda4671d2b86f7e48196ab808e5edc4d2e42b8 + checksum/clusteragent_token: d1c6966977a4567d120221c50fc5d86000fc27324326176099a933227e1fa821 + checksum/clusteragent-configmap: c3e3b0964181fe36b22747721acaa9ebcb9505fa4cb9a3f9cce6a3b7091015bb + checksum/install_info: 1cd47b2b7692889d599ad2357593b299f57b541f4c1b30a509b656426a673a81 spec: serviceAccountName: datadog-cluster-agent automountServiceAccountToken: true From 6c7092578eb6216dcc3ba804e8900cbae9ae2556 Mon Sep 17 00:00:00 2001 From: JacksonDavenport Date: Wed, 3 Jul 2024 02:02:07 -0700 Subject: [PATCH 074/209] Remove startup probe for Agent in GKE AutoPilot due to deployment restrictions (#1440) --- charts/datadog/CHANGELOG.md | 4 ++++ charts/datadog/Chart.yaml | 2 +- charts/datadog/README.md | 2 +- charts/datadog/templates/_container-agent.yaml | 2 ++ 4 files changed, 8 insertions(+), 2 deletions(-) diff --git a/charts/datadog/CHANGELOG.md b/charts/datadog/CHANGELOG.md index e6eeab773..5904f6c9e 100644 --- a/charts/datadog/CHANGELOG.md +++ b/charts/datadog/CHANGELOG.md @@ -1,5 +1,9 @@ # Datadog changelog +## 3.67.2 + +* Remove startup probe for `Agent` in GKE AutoPilot due to deployment restrictions + ## 3.67.1 * Update `fips.image.tag` to `1.1.3` diff --git a/charts/datadog/Chart.yaml b/charts/datadog/Chart.yaml index 9e7bcf65e..d1cf4ee72 100644 --- a/charts/datadog/Chart.yaml +++ b/charts/datadog/Chart.yaml @@ -1,6 +1,6 @@ apiVersion: v1 name: datadog -version: 3.67.1 +version: 3.67.2 appVersion: "7" description: Datadog Agent keywords: diff --git a/charts/datadog/README.md b/charts/datadog/README.md index 4cf7085f5..2733afb31 100644 --- a/charts/datadog/README.md +++ b/charts/datadog/README.md @@ -1,6 +1,6 @@ # Datadog -![Version: 3.67.1](https://img.shields.io/badge/Version-3.67.1-informational?style=flat-square) ![AppVersion: 7](https://img.shields.io/badge/AppVersion-7-informational?style=flat-square) +![Version: 3.67.2](https://img.shields.io/badge/Version-3.67.2-informational?style=flat-square) ![AppVersion: 7](https://img.shields.io/badge/AppVersion-7-informational?style=flat-square) [Datadog](https://www.datadoghq.com/) is a hosted infrastructure monitoring platform. This chart adds the Datadog Agent to all nodes in your cluster via a DaemonSet. It also optionally depends on the [kube-state-metrics chart](https://github.com/prometheus-community/helm-charts/tree/main/charts/kube-state-metrics). For more information about monitoring Kubernetes with Datadog, please refer to the [Datadog documentation website](https://docs.datadoghq.com/agent/basic_agent_usage/kubernetes/). diff --git a/charts/datadog/templates/_container-agent.yaml b/charts/datadog/templates/_container-agent.yaml index 787741a2c..f52a7b386 100644 --- a/charts/datadog/templates/_container-agent.yaml +++ b/charts/datadog/templates/_container-agent.yaml @@ -330,7 +330,9 @@ readinessProbe: {{- $ready := .Values.agents.containers.agent.readinessProbe }} {{ include "probe.http" (dict "path" "/ready" "port" $healthPort "settings" $ready) | indent 4 }} +{{- if (not .Values.providers.gke.autopilot) }} startupProbe: {{- $startup := .Values.agents.containers.agent.startupProbe }} {{ include "probe.http" (dict "path" "/startup" "port" $healthPort "settings" $startup) | indent 4 }} +{{- end }} {{- end -}} From 3f840ea726f1a81e17f653da128baedaabcb6328 Mon Sep 17 00:00:00 2001 From: AliDatadog <125997632+AliDatadog@users.noreply.github.com> Date: Wed, 3 Jul 2024 17:16:38 +0200 Subject: [PATCH 075/209] Add rbac for the leader election lease (#1441) --- charts/extended-daemon-set/CHANGELOG.md | 4 ++++ charts/extended-daemon-set/Chart.yaml | 2 +- charts/extended-daemon-set/README.md | 2 +- charts/extended-daemon-set/templates/role.yaml | 16 ++++++++++++++++ 4 files changed, 22 insertions(+), 2 deletions(-) diff --git a/charts/extended-daemon-set/CHANGELOG.md b/charts/extended-daemon-set/CHANGELOG.md index a5242cee5..bbeaaaaec 100644 --- a/charts/extended-daemon-set/CHANGELOG.md +++ b/charts/extended-daemon-set/CHANGELOG.md @@ -1,5 +1,9 @@ # Changelog +## 0.3.2 + +* Add RBAC for the leader election lease. + ## 0.3.1 * Migrate from `kubeval` to `kubeconform` for ci chart validation. diff --git a/charts/extended-daemon-set/Chart.yaml b/charts/extended-daemon-set/Chart.yaml index b8cc49934..945339125 100644 --- a/charts/extended-daemon-set/Chart.yaml +++ b/charts/extended-daemon-set/Chart.yaml @@ -2,7 +2,7 @@ apiVersion: v1 appVersion: v0.8.0 description: Extended Daemonset Controller name: extendeddaemonset -version: v0.3.1 +version: v0.3.2 keywords: - monitoring - alerting diff --git a/charts/extended-daemon-set/README.md b/charts/extended-daemon-set/README.md index 26b39da47..3b6fe627c 100644 --- a/charts/extended-daemon-set/README.md +++ b/charts/extended-daemon-set/README.md @@ -1,6 +1,6 @@ # Extended DaemonSet -![Version: v0.3.1](https://img.shields.io/badge/Version-v0.3.1-informational?style=flat-square) ![AppVersion: v0.8.0](https://img.shields.io/badge/AppVersion-v0.8.0-informational?style=flat-square) +![Version: v0.3.2](https://img.shields.io/badge/Version-v0.3.2-informational?style=flat-square) ![AppVersion: v0.8.0](https://img.shields.io/badge/AppVersion-v0.8.0-informational?style=flat-square) This chart installs the Extended DaemonSet (EDS). It aims to provide a new implementation of the Kubernetes DaemonSet resource with key features: - Canary Deployment: Deploy a new DaemonSet version with only a few nodes. diff --git a/charts/extended-daemon-set/templates/role.yaml b/charts/extended-daemon-set/templates/role.yaml index b24a5984a..5e0bac3a8 100644 --- a/charts/extended-daemon-set/templates/role.yaml +++ b/charts/extended-daemon-set/templates/role.yaml @@ -34,6 +34,22 @@ rules: - update - get - watch +- apiGroups: + - coordination.k8s.io + resources: + - leases + verbs: + - create +- apiGroups: + - coordination.k8s.io + resources: + - leases + resourceNames: + - extendeddaemonset-lock + verbs: + - update + - get + - watch - apiGroups: - "" resources: From 210589b57ac89918a02acae82d860d0db9080c56 Mon Sep 17 00:00:00 2001 From: Benoit Ruiz Date: Thu, 4 Jul 2024 17:40:42 +0200 Subject: [PATCH 076/209] [synthetics] Bump to 0.16.4 with PL 1.49.0 (#1444) --- charts/synthetics-private-location/CHANGELOG.md | 4 ++++ charts/synthetics-private-location/Chart.yaml | 4 ++-- charts/synthetics-private-location/README.md | 4 ++-- charts/synthetics-private-location/values.yaml | 2 +- 4 files changed, 9 insertions(+), 5 deletions(-) diff --git a/charts/synthetics-private-location/CHANGELOG.md b/charts/synthetics-private-location/CHANGELOG.md index a5d6cfb53..174e36ff7 100644 --- a/charts/synthetics-private-location/CHANGELOG.md +++ b/charts/synthetics-private-location/CHANGELOG.md @@ -1,5 +1,9 @@ # Datadog changelog +## 0.16.4 + +* Update private location image version to `1.49.0`. + ## 0.16.3 * Add dnsConfig to DD private location Pod diff --git a/charts/synthetics-private-location/Chart.yaml b/charts/synthetics-private-location/Chart.yaml index 2e5eb7260..138c43982 100644 --- a/charts/synthetics-private-location/Chart.yaml +++ b/charts/synthetics-private-location/Chart.yaml @@ -1,7 +1,7 @@ apiVersion: v2 name: synthetics-private-location -version: 0.16.3 -appVersion: 1.48.0 +version: 0.16.4 +appVersion: 1.49.0 description: Datadog Synthetics Private Location keywords: - monitoring diff --git a/charts/synthetics-private-location/README.md b/charts/synthetics-private-location/README.md index 5ac2aceea..c8a0557e5 100644 --- a/charts/synthetics-private-location/README.md +++ b/charts/synthetics-private-location/README.md @@ -1,6 +1,6 @@ # Datadog Synthetics Private Location -![Version: 0.16.3](https://img.shields.io/badge/Version-0.16.3-informational?style=flat-square) ![AppVersion: 1.48.0](https://img.shields.io/badge/AppVersion-1.48.0-informational?style=flat-square) +![Version: 0.16.4](https://img.shields.io/badge/Version-0.16.4-informational?style=flat-square) ![AppVersion: 1.49.0](https://img.shields.io/badge/AppVersion-1.49.0-informational?style=flat-square) [Datadog](https://www.datadoghq.com/) is a hosted infrastructure monitoring platform. This chart adds a Datadog Synthetics Private Location Deployment. For more information about synthetics monitoring with Datadog, please refer to the [Datadog documentation website](https://docs.datadoghq.com/synthetics/private_locations/?tab=helmchart). @@ -41,7 +41,7 @@ helm install datadog/synthetics-private-location --set-file confi | hostAliases | list | `[]` | Add entries to Datadog Synthetics Private Location PODs' /etc/hosts | | image.pullPolicy | string | `"IfNotPresent"` | Define the pullPolicy for Datadog Synthetics Private Location image | | image.repository | string | `"gcr.io/datadoghq/synthetics-private-location-worker"` | Repository to use for Datadog Synthetics Private Location image | -| image.tag | string | `"1.48.0"` | Define the Datadog Synthetics Private Location version to use | +| image.tag | string | `"1.49.0"` | Define the Datadog Synthetics Private Location version to use | | imagePullSecrets | list | `[]` | Datadog Synthetics Private Location repository pullSecret (ex: specify docker registry credentials) | | nameOverride | string | `""` | Override name of app | | nodeSelector | object | `{}` | Allows to schedule Datadog Synthetics Private Location on specific nodes | diff --git a/charts/synthetics-private-location/values.yaml b/charts/synthetics-private-location/values.yaml index bdd242407..df9fe525c 100644 --- a/charts/synthetics-private-location/values.yaml +++ b/charts/synthetics-private-location/values.yaml @@ -15,7 +15,7 @@ image: # image.pullPolicy -- Define the pullPolicy for Datadog Synthetics Private Location image pullPolicy: IfNotPresent # image.tag -- Define the Datadog Synthetics Private Location version to use - tag: 1.48.0 + tag: 1.49.0 # dnsPolicy -- DNS Policy to set to the Datadog Synthetics Private Location PODs dnsPolicy: ClusterFirst From e69bb42c8418ac9947e714038dbf29b3b747ffca Mon Sep 17 00:00:00 2001 From: Paul Cacheux Date: Tue, 9 Jul 2024 16:23:56 +0200 Subject: [PATCH 077/209] make sure that disabling CSPM host benchmarks is propagated to the agent (#1446) * make sure that disabling CSPM host benchmarks is propagated to the agent * enable host benchmarks by default * apply review suggestion Co-authored-by: Celene --------- Co-authored-by: Celene --- charts/datadog/CHANGELOG.md | 4 ++++ charts/datadog/Chart.yaml | 2 +- charts/datadog/README.md | 4 ++-- charts/datadog/templates/_container-security-agent.yaml | 6 ++---- charts/datadog/values.yaml | 4 ++-- 5 files changed, 11 insertions(+), 9 deletions(-) diff --git a/charts/datadog/CHANGELOG.md b/charts/datadog/CHANGELOG.md index 5904f6c9e..04498caa4 100644 --- a/charts/datadog/CHANGELOG.md +++ b/charts/datadog/CHANGELOG.md @@ -1,5 +1,9 @@ # Datadog changelog +## 3.67.3 + +* Make sure that disabling CSPM host benchmarks is propagated to the agent. + ## 3.67.2 * Remove startup probe for `Agent` in GKE AutoPilot due to deployment restrictions diff --git a/charts/datadog/Chart.yaml b/charts/datadog/Chart.yaml index d1cf4ee72..7904f8495 100644 --- a/charts/datadog/Chart.yaml +++ b/charts/datadog/Chart.yaml @@ -1,6 +1,6 @@ apiVersion: v1 name: datadog -version: 3.67.2 +version: 3.67.3 appVersion: "7" description: Datadog Agent keywords: diff --git a/charts/datadog/README.md b/charts/datadog/README.md index 2733afb31..2e50fb1de 100644 --- a/charts/datadog/README.md +++ b/charts/datadog/README.md @@ -1,6 +1,6 @@ # Datadog -![Version: 3.67.2](https://img.shields.io/badge/Version-3.67.2-informational?style=flat-square) ![AppVersion: 7](https://img.shields.io/badge/AppVersion-7-informational?style=flat-square) +![Version: 3.67.3](https://img.shields.io/badge/Version-3.67.3-informational?style=flat-square) ![AppVersion: 7](https://img.shields.io/badge/AppVersion-7-informational?style=flat-square) [Datadog](https://www.datadoghq.com/) is a hosted infrastructure monitoring platform. This chart adds the Datadog Agent to all nodes in your cluster via a DaemonSet. It also optionally depends on the [kube-state-metrics chart](https://github.com/prometheus-community/helm-charts/tree/main/charts/kube-state-metrics). For more information about monitoring Kubernetes with Datadog, please refer to the [Datadog documentation website](https://docs.datadoghq.com/agent/basic_agent_usage/kubernetes/). @@ -793,7 +793,7 @@ helm install \ | datadog.securityAgent.compliance.checkInterval | string | `"20m"` | Compliance check run interval | | datadog.securityAgent.compliance.configMap | string | `nil` | Contains CSPM compliance benchmarks that will be used | | datadog.securityAgent.compliance.enabled | bool | `false` | Set to true to enable Cloud Security Posture Management (CSPM) | -| datadog.securityAgent.compliance.host_benchmarks.enabled | bool | `false` | Set to true to enable host benchmarks (this feature is supported from Agent 7.47, and requires 160 MB extra memory for the `security-agent` container) | +| datadog.securityAgent.compliance.host_benchmarks.enabled | bool | `true` | Set to false to disable host benchmarks. If enabled, this feature requires 160 MB extra memory for the `security-agent` container. (Requires Agent 7.47.0+) | | datadog.securityAgent.compliance.xccdf.enabled | bool | `false` | | | datadog.securityAgent.runtime.activityDump.cgroupDumpTimeout | int | `20` | Set to the desired duration of a single container tracing (in minutes) | | datadog.securityAgent.runtime.activityDump.cgroupWaitListSize | int | `0` | Set to the size of the wait list for already traced containers | diff --git a/charts/datadog/templates/_container-security-agent.yaml b/charts/datadog/templates/_container-security-agent.yaml index 49d65f8ed..0a6be843e 100644 --- a/charts/datadog/templates/_container-security-agent.yaml +++ b/charts/datadog/templates/_container-security-agent.yaml @@ -34,12 +34,10 @@ {{- if .Values.datadog.securityAgent.compliance.enabled }} - name: DD_COMPLIANCE_CONFIG_CHECK_INTERVAL value: {{ .Values.datadog.securityAgent.compliance.checkInterval | quote }} - {{- if or .Values.datadog.securityAgent.compliance.xccdf.enabled .Values.datadog.securityAgent.compliance.host_benchmarks.enabled }} - name: DD_COMPLIANCE_CONFIG_XCCDF_ENABLED - value: "true" + value: {{ (or .Values.datadog.securityAgent.compliance.xccdf.enabled .Values.datadog.securityAgent.compliance.host_benchmarks.enabled) | quote }} - name: DD_COMPLIANCE_CONFIG_HOST_BENCHMARKS_ENABLED - value: "true" - {{- end }} + value: {{ (or .Values.datadog.securityAgent.compliance.xccdf.enabled .Values.datadog.securityAgent.compliance.host_benchmarks.enabled) | quote }} - name: HOST_ROOT value: /host/root {{- end }} diff --git a/charts/datadog/values.yaml b/charts/datadog/values.yaml index d7e14114a..de9855e1a 100644 --- a/charts/datadog/values.yaml +++ b/charts/datadog/values.yaml @@ -776,9 +776,9 @@ datadog: xccdf: enabled: false - # datadog.securityAgent.compliance.host_benchmarks.enabled -- Set to true to enable host benchmarks (this feature is supported from Agent 7.47, and requires 160 MB extra memory for the `security-agent` container) + # datadog.securityAgent.compliance.host_benchmarks.enabled -- Set to false to disable host benchmarks. If enabled, this feature requires 160 MB extra memory for the `security-agent` container. (Requires Agent 7.47.0+) host_benchmarks: - enabled: false + enabled: true runtime: # datadog.securityAgent.runtime.enabled -- Set to true to enable Cloud Workload Security (CWS) From 897a7a119b58187793a0378ac484c3ff410daeaa Mon Sep 17 00:00:00 2001 From: Fanny Jiang Date: Tue, 9 Jul 2024 15:48:22 -0400 Subject: [PATCH 078/209] Add image.doNotCheckTag to operator chart (#1432) * Add image.doNotCheckTag * update baselines * update baselines * fix additional image tags * fix linter errors --- charts/datadog-operator/CHANGELOG.md | 4 + charts/datadog-operator/Chart.yaml | 2 +- charts/datadog-operator/README.md | 3 +- charts/datadog-operator/templates/NOTES.txt | 7 +- .../datadog-operator/templates/_helpers.tpl | 11 +++ .../templates/deployment.yaml | 17 ++-- charts/datadog-operator/values.yaml | 2 + .../baseline/Operator_Deployment_default.yaml | 2 +- .../Operator_Deployment_with_certManager.yaml | 2 +- ...gent-clusterchecks-deployment_default.yaml | 6 +- .../cluster-agent-deployment_default.yaml | 10 +-- ...loyment_default_advanced_AC_injection.yaml | 10 +-- ...ployment_default_minimal_AC_injection.yaml | 10 +-- test/datadog/baseline/daemonset_default.yaml | 6 +- test/datadog/baseline/other_default.yaml | 84 +++++++++---------- 15 files changed, 98 insertions(+), 78 deletions(-) diff --git a/charts/datadog-operator/CHANGELOG.md b/charts/datadog-operator/CHANGELOG.md index 30e9414a1..2c144a368 100644 --- a/charts/datadog-operator/CHANGELOG.md +++ b/charts/datadog-operator/CHANGELOG.md @@ -1,5 +1,9 @@ # Changelog +## 1.8.3 + +* Add `image.doNotCheckTag` option to permit skipping operator image tag compatibility. + ## 1.8.2 * Deprecate `webhookEnabled` flag for 1.7.0. diff --git a/charts/datadog-operator/Chart.yaml b/charts/datadog-operator/Chart.yaml index 3fe79b35d..63d3e7430 100644 --- a/charts/datadog-operator/Chart.yaml +++ b/charts/datadog-operator/Chart.yaml @@ -1,6 +1,6 @@ apiVersion: v2 name: datadog-operator -version: 1.8.2 +version: 1.8.3 appVersion: 1.7.0 description: Datadog Operator keywords: diff --git a/charts/datadog-operator/README.md b/charts/datadog-operator/README.md index 730bd0d32..84ccef466 100644 --- a/charts/datadog-operator/README.md +++ b/charts/datadog-operator/README.md @@ -1,6 +1,6 @@ # Datadog Operator -![Version: 1.8.2](https://img.shields.io/badge/Version-1.8.2-informational?style=flat-square) ![AppVersion: 1.7.0](https://img.shields.io/badge/AppVersion-1.7.0-informational?style=flat-square) +![Version: 1.8.3](https://img.shields.io/badge/Version-1.8.3-informational?style=flat-square) ![AppVersion: 1.7.0](https://img.shields.io/badge/AppVersion-1.7.0-informational?style=flat-square) ## Values @@ -30,6 +30,7 @@ | dd_url | string | `nil` | The host of the Datadog intake server to send Agent data to, only set this option if you need the Agent to send data to a custom URL | | env | list | `[]` | Define any environment variables to be passed to the operator. | | fullnameOverride | string | `""` | | +| image.doNotCheckTag | bool | `false` | Permit skipping operator image tag compatibility with the chart. | | image.pullPolicy | string | `"IfNotPresent"` | Define the pullPolicy for Datadog Operator image | | image.repository | string | `"gcr.io/datadoghq/operator"` | Repository to use for Datadog Operator image | | image.tag | string | `"1.7.0"` | Define the Datadog Operator version to use | diff --git a/charts/datadog-operator/templates/NOTES.txt b/charts/datadog-operator/templates/NOTES.txt index a6fea9c5d..62d6d657f 100644 --- a/charts/datadog-operator/templates/NOTES.txt +++ b/charts/datadog-operator/templates/NOTES.txt @@ -1,3 +1,4 @@ +{{ $version := include "check-image-tag" . }} {{- if .Values.datadogMonitor.enabled }} {{- if (and ( not .Values.apiKeyExistingSecret) (not .Values.apiKey)) }} ############################################################################## @@ -21,7 +22,7 @@ Create an application key at https://app.datadoghq.com/account/settings#api {{- end }} -{{- if (semverCompare "<1.0.0-rc.13" .Values.image.tag) }} +{{- if (semverCompare "<1.0.0-rc.13" $version) }} {{- if (not .Values.datadogAgent.enabled) }} ############################################################################## #### WARNING: Unsupported parameter datadogAgent.enabled. #### @@ -41,7 +42,7 @@ Setting a value will not change the default defined in the Operator. {{- end }} {{- end }} -{{- if (semverCompare ">=1.0.0" .Values.image.tag) }} +{{- if (semverCompare ">=1.0.0" $version) }} {{- if .Values.datadogCRDs.migration.datadogAgents.conversionWebhook.enabled }} ############################################################################## #### WARNING: v1alpha1 and conversion webhook deprecation. #### @@ -56,6 +57,6 @@ See the migration page for instructions on migrating to v2alpha1: https://docs.d {{- end }} -{{- if not (and (semverCompare ">=1.0.0-0" .Values.image.tag) (eq .Values.datadogCRDs.migration.datadogAgents.version "v2alpha1")) }} +{{- if not (and (semverCompare ">=1.0.0-0" $version) (eq .Values.datadogCRDs.migration.datadogAgents.version "v2alpha1")) }} {{- fail "The Datadog Operator `1.0.0` reconciles `DatadogAgent` versions `v2alpha1`. Using an old version of the Datadog Operator (< 1.0.0) with the new version of the DatadogAgent Customer Resource, or the Datadog Operator `1.X` with the `v1alpha1` as stored version of the DatadogAgent is not supported. If you are using a DatadogAgent `v1alpha1`, refer to the Migration Steps: https://github.com/DataDog/helm-charts/blob/main/charts/datadog-operator/README.md#migrating-to-the-version-10-of-the-datadog-operator."}} {{- end }} diff --git a/charts/datadog-operator/templates/_helpers.tpl b/charts/datadog-operator/templates/_helpers.tpl index 640d1b321..c5a5d370a 100644 --- a/charts/datadog-operator/templates/_helpers.tpl +++ b/charts/datadog-operator/templates/_helpers.tpl @@ -76,4 +76,15 @@ Return the appropriate apiVersion for PodDisruptionBudget policy APIs. {{- else -}} "policy/v1beta1" {{- end -}} +{{- end -}} + +{{/* +Check operator image tag version. +*/}} +{{- define "check-image-tag" -}} +{{- if not .Values.image.doNotCheckTag -}} +{{- .Values.image.tag -}} +{{- else -}} +{{ "1.7.0" }} +{{- end -}} {{- end -}} \ No newline at end of file diff --git a/charts/datadog-operator/templates/deployment.yaml b/charts/datadog-operator/templates/deployment.yaml index b22ab2921..a9db0535f 100644 --- a/charts/datadog-operator/templates/deployment.yaml +++ b/charts/datadog-operator/templates/deployment.yaml @@ -62,7 +62,8 @@ spec: valueFrom: fieldRef: fieldPath: metadata.name - {{- if (semverCompare ">=1.7.0-0" .Values.image.tag) }} + {{- $version := include "check-image-tag" . }} + {{- if (semverCompare ">=1.7.0-0" $version) }} - name: DD_TOOL_VERSION value: {{ .Values.toolVersion | default "helm" }} {{- end }} @@ -102,7 +103,7 @@ spec: - "-metrics-addr=:{{ .Values.metricsPort }}" - "-loglevel={{ .Values.logLevel }}" - "-operatorMetricsEnabled={{ .Values.operatorMetricsEnabled }}" - {{- if and (not (empty .Values.datadogCRDs.migration.datadogAgents.conversionWebhook.enabled)) (semverCompare ">=1.0.0-0" .Values.image.tag ) (semverCompare "<1.7.0-0" .Values.image.tag ) }} + {{- if and (not (empty .Values.datadogCRDs.migration.datadogAgents.conversionWebhook.enabled)) (semverCompare ">=1.0.0-0" $version ) (semverCompare "<1.7.0-0" $version ) }} - "-webhookEnabled={{ .Values.datadogCRDs.migration.datadogAgents.conversionWebhook.enabled }}" {{- end }} {{- if .Values.secretBackend.command }} @@ -111,23 +112,23 @@ spec: {{- if .Values.secretBackend.arguments }} - "-secretBackendArgs={{ .Values.secretBackend.arguments }}" {{- end }} - {{- if and .Values.maximumGoroutines (semverCompare ">=1.0.0-rc.13" .Values.image.tag) }} + {{- if and .Values.maximumGoroutines (semverCompare ">=1.0.0-rc.13" $version) }} - "-maximumGoroutines={{ .Values.maximumGoroutines }}" {{- end }} - {{- if (semverCompare ">=1.4.0" .Values.image.tag) }} + {{- if (semverCompare ">=1.4.0" $version) }} - "-introspectionEnabled={{ .Values.introspection.enabled }}" {{- end }} - {{- if (semverCompare ">=1.5.0" .Values.image.tag) }} + {{- if (semverCompare ">=1.5.0" $version) }} - "-datadogAgentProfileEnabled={{ .Values.datadogAgentProfile.enabled }}" {{- end }} - "-datadogMonitorEnabled={{ .Values.datadogMonitor.enabled }}" - {{- if (semverCompare ">=1.0.0-rc.13" .Values.image.tag) }} + {{- if (semverCompare ">=1.0.0-rc.13" $version) }} - "-datadogAgentEnabled={{ .Values.datadogAgent.enabled }}" {{- end }} - {{- if (semverCompare ">=1.3.0" .Values.image.tag) }} + {{- if (semverCompare ">=1.3.0" $version) }} - "-datadogSLOEnabled={{ .Values.datadogSLO.enabled }}" {{- end }} - {{- if (semverCompare ">=1.7.0" .Values.image.tag) }} + {{- if (semverCompare ">=1.7.0" $version) }} - "-remoteConfigEnabled={{ .Values.remoteConfiguration.enabled }}" {{- end }} ports: diff --git a/charts/datadog-operator/values.yaml b/charts/datadog-operator/values.yaml index 17ce4a24f..63d8c985c 100644 --- a/charts/datadog-operator/values.yaml +++ b/charts/datadog-operator/values.yaml @@ -50,6 +50,8 @@ image: tag: 1.7.0 # image.pullPolicy -- Define the pullPolicy for Datadog Operator image pullPolicy: IfNotPresent + # image.doNotCheckTag -- Permit skipping operator image tag compatibility with the chart. + doNotCheckTag: false # imagePullSecrets -- Datadog Operator repository pullSecret (ex: specify docker registry credentials) imagePullSecrets: [] # nameOverride -- Override name of app diff --git a/test/datadog-operator/baseline/Operator_Deployment_default.yaml b/test/datadog-operator/baseline/Operator_Deployment_default.yaml index 93916c131..85c4b265a 100644 --- a/test/datadog-operator/baseline/Operator_Deployment_default.yaml +++ b/test/datadog-operator/baseline/Operator_Deployment_default.yaml @@ -7,7 +7,7 @@ metadata: namespace: datadog-agent labels: app.kubernetes.io/name: datadog-operator - helm.sh/chart: datadog-operator-1.8.2 + helm.sh/chart: datadog-operator-1.8.3 app.kubernetes.io/instance: datadog-operator app.kubernetes.io/version: "1.7.0" app.kubernetes.io/managed-by: Helm diff --git a/test/datadog-operator/baseline/Operator_Deployment_with_certManager.yaml b/test/datadog-operator/baseline/Operator_Deployment_with_certManager.yaml index 994918129..9b8f96395 100644 --- a/test/datadog-operator/baseline/Operator_Deployment_with_certManager.yaml +++ b/test/datadog-operator/baseline/Operator_Deployment_with_certManager.yaml @@ -7,7 +7,7 @@ metadata: namespace: datadog-agent labels: app.kubernetes.io/name: datadog-operator - helm.sh/chart: datadog-operator-1.8.2 + helm.sh/chart: datadog-operator-1.8.3 app.kubernetes.io/instance: datadog-operator app.kubernetes.io/version: "1.7.0" app.kubernetes.io/managed-by: Helm diff --git a/test/datadog/baseline/agent-clusterchecks-deployment_default.yaml b/test/datadog/baseline/agent-clusterchecks-deployment_default.yaml index cf3765eb8..6643d7b8e 100644 --- a/test/datadog/baseline/agent-clusterchecks-deployment_default.yaml +++ b/test/datadog/baseline/agent-clusterchecks-deployment_default.yaml @@ -6,7 +6,7 @@ metadata: name: datadog-clusterchecks namespace: datadog-agent labels: - helm.sh/chart: 'datadog-3.67.1' + helm.sh/chart: 'datadog-3.67.3' app.kubernetes.io/name: "datadog" app.kubernetes.io/instance: "datadog" app.kubernetes.io/managed-by: Helm @@ -36,8 +36,8 @@ spec: name: datadog-clusterchecks annotations: - checksum/clusteragent_token: 069db2ec698bcaa67b89f1c9f4c2bde19524fc27f5ff38e48ddd50a7396c1deb - checksum/install_info: 1cd47b2b7692889d599ad2357593b299f57b541f4c1b30a509b656426a673a81 + checksum/clusteragent_token: 940bb7a00150569c15840feeeaa4ec5f054ab8a9c543fd9c717853ef86408928 + checksum/install_info: f50ea8a79f0564dc664ff870e2b565a24e874dd107024252b8439ef2771dc70c spec: serviceAccountName: datadog-cluster-checks automountServiceAccountToken: true diff --git a/test/datadog/baseline/cluster-agent-deployment_default.yaml b/test/datadog/baseline/cluster-agent-deployment_default.yaml index 4081f1184..4029874cb 100644 --- a/test/datadog/baseline/cluster-agent-deployment_default.yaml +++ b/test/datadog/baseline/cluster-agent-deployment_default.yaml @@ -6,7 +6,7 @@ metadata: name: datadog-cluster-agent namespace: datadog-agent labels: - helm.sh/chart: 'datadog-3.67.1' + helm.sh/chart: 'datadog-3.67.3' app.kubernetes.io/name: "datadog" app.kubernetes.io/instance: "datadog" app.kubernetes.io/managed-by: Helm @@ -36,11 +36,11 @@ spec: name: datadog-cluster-agent annotations: - checksum/clusteragent_token: ae5af2b02cd4118071f87616925f9e9e40d0538d839c48ec1b5fac59891ff5f0 - checksum/clusteragent-configmap: a1e9c6d1f6172ad93ca80c0147d290e062884cc9b382704c810a69558b8ffbb0 - checksum/api_key: 699863a8973b857c1696d886d81b3ce41de19c2150137633920651fc82f50138 + checksum/clusteragent_token: 41016e2dccdc8ec14bc77b12fa837798cf9b49d6ec33b982f38a9357bfcdb015 + checksum/clusteragent-configmap: fc0dc6008f97f0f0bbf7ff0d570e8f2aa1fe695c1d6e2ca0d4d014040fbdb06e + checksum/api_key: d625c7eeff65b2ba930348cd0cccd7158d616f7e71f4befd49eb3734387f2388 checksum/application_key: 01ba4719c80b6fe911b091a7c05124b64eeece964e09c058ef8f9805daca546b - checksum/install_info: 1cd47b2b7692889d599ad2357593b299f57b541f4c1b30a509b656426a673a81 + checksum/install_info: f50ea8a79f0564dc664ff870e2b565a24e874dd107024252b8439ef2771dc70c spec: serviceAccountName: datadog-cluster-agent automountServiceAccountToken: true diff --git a/test/datadog/baseline/cluster-agent-deployment_default_advanced_AC_injection.yaml b/test/datadog/baseline/cluster-agent-deployment_default_advanced_AC_injection.yaml index ac8da5676..b97ac6ed9 100644 --- a/test/datadog/baseline/cluster-agent-deployment_default_advanced_AC_injection.yaml +++ b/test/datadog/baseline/cluster-agent-deployment_default_advanced_AC_injection.yaml @@ -6,7 +6,7 @@ metadata: name: datadog-cluster-agent namespace: datadog-agent labels: - helm.sh/chart: 'datadog-3.67.1' + helm.sh/chart: 'datadog-3.67.3' app.kubernetes.io/name: "datadog" app.kubernetes.io/instance: "datadog" app.kubernetes.io/managed-by: Helm @@ -36,11 +36,11 @@ spec: name: datadog-cluster-agent annotations: - checksum/clusteragent_token: 1a7cb90befea2491d1c6a8130d6f68c95df649ec39130082be46fa51a4a7649f - checksum/clusteragent-configmap: a1e9c6d1f6172ad93ca80c0147d290e062884cc9b382704c810a69558b8ffbb0 - checksum/api_key: 699863a8973b857c1696d886d81b3ce41de19c2150137633920651fc82f50138 + checksum/clusteragent_token: e49cae63816f935069ef6f12fb6355438b1303e5e141b5a7141baacf2d5d819b + checksum/clusteragent-configmap: fc0dc6008f97f0f0bbf7ff0d570e8f2aa1fe695c1d6e2ca0d4d014040fbdb06e + checksum/api_key: d625c7eeff65b2ba930348cd0cccd7158d616f7e71f4befd49eb3734387f2388 checksum/application_key: 01ba4719c80b6fe911b091a7c05124b64eeece964e09c058ef8f9805daca546b - checksum/install_info: 1cd47b2b7692889d599ad2357593b299f57b541f4c1b30a509b656426a673a81 + checksum/install_info: f50ea8a79f0564dc664ff870e2b565a24e874dd107024252b8439ef2771dc70c spec: serviceAccountName: datadog-cluster-agent automountServiceAccountToken: true diff --git a/test/datadog/baseline/cluster-agent-deployment_default_minimal_AC_injection.yaml b/test/datadog/baseline/cluster-agent-deployment_default_minimal_AC_injection.yaml index a4b925370..a836c6d99 100644 --- a/test/datadog/baseline/cluster-agent-deployment_default_minimal_AC_injection.yaml +++ b/test/datadog/baseline/cluster-agent-deployment_default_minimal_AC_injection.yaml @@ -6,7 +6,7 @@ metadata: name: datadog-cluster-agent namespace: datadog-agent labels: - helm.sh/chart: 'datadog-3.67.1' + helm.sh/chart: 'datadog-3.67.3' app.kubernetes.io/name: "datadog" app.kubernetes.io/instance: "datadog" app.kubernetes.io/managed-by: Helm @@ -36,11 +36,11 @@ spec: name: datadog-cluster-agent annotations: - checksum/clusteragent_token: 5713aa2056d9abb340e2aa850d5965658427ed7ec23832dc9585cd72e645f82e - checksum/clusteragent-configmap: a1e9c6d1f6172ad93ca80c0147d290e062884cc9b382704c810a69558b8ffbb0 - checksum/api_key: 699863a8973b857c1696d886d81b3ce41de19c2150137633920651fc82f50138 + checksum/clusteragent_token: 7a0ca4e15723140df2c3fc4bf3aac52589061ce45538b1db674ddcc72273e0b4 + checksum/clusteragent-configmap: fc0dc6008f97f0f0bbf7ff0d570e8f2aa1fe695c1d6e2ca0d4d014040fbdb06e + checksum/api_key: d625c7eeff65b2ba930348cd0cccd7158d616f7e71f4befd49eb3734387f2388 checksum/application_key: 01ba4719c80b6fe911b091a7c05124b64eeece964e09c058ef8f9805daca546b - checksum/install_info: 1cd47b2b7692889d599ad2357593b299f57b541f4c1b30a509b656426a673a81 + checksum/install_info: f50ea8a79f0564dc664ff870e2b565a24e874dd107024252b8439ef2771dc70c spec: serviceAccountName: datadog-cluster-agent automountServiceAccountToken: true diff --git a/test/datadog/baseline/daemonset_default.yaml b/test/datadog/baseline/daemonset_default.yaml index 9a4cdb9a3..38ded4ac3 100644 --- a/test/datadog/baseline/daemonset_default.yaml +++ b/test/datadog/baseline/daemonset_default.yaml @@ -6,7 +6,7 @@ metadata: name: datadog namespace: datadog-agent labels: - helm.sh/chart: 'datadog-3.67.1' + helm.sh/chart: 'datadog-3.67.3' app.kubernetes.io/name: "datadog" app.kubernetes.io/instance: "datadog" app.kubernetes.io/managed-by: Helm @@ -30,8 +30,8 @@ spec: name: datadog annotations: - checksum/clusteragent_token: 8e025d9856e7b47c2c097e03a08497c52f658409cd8ef3c1c82f812e616a9e75 - checksum/install_info: 1cd47b2b7692889d599ad2357593b299f57b541f4c1b30a509b656426a673a81 + checksum/clusteragent_token: 287b49c857ea99e60a036ce189b6d1b59cb4a00baae0607a6b1b463ba2ea6613 + checksum/install_info: f50ea8a79f0564dc664ff870e2b565a24e874dd107024252b8439ef2771dc70c checksum/autoconf-config: 74234e98afe7498fb5daf1f36ac2d78acc339464f950703b8c019892f982b90b checksum/confd-config: 44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a checksum/checksd-config: 44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a diff --git a/test/datadog/baseline/other_default.yaml b/test/datadog/baseline/other_default.yaml index d1804b6c6..b0ced5846 100644 --- a/test/datadog/baseline/other_default.yaml +++ b/test/datadog/baseline/other_default.yaml @@ -6,7 +6,7 @@ metadata: name: datadog-clusterchecks namespace: datadog-agent labels: - helm.sh/chart: 'datadog-3.67.1' + helm.sh/chart: 'datadog-3.67.3' app.kubernetes.io/name: "datadog" app.kubernetes.io/instance: "datadog" app.kubernetes.io/managed-by: Helm @@ -24,7 +24,7 @@ metadata: name: datadog-cluster-agent namespace: datadog-agent labels: - helm.sh/chart: 'datadog-3.67.1' + helm.sh/chart: 'datadog-3.67.3' app.kubernetes.io/name: "datadog" app.kubernetes.io/instance: "datadog" app.kubernetes.io/managed-by: Helm @@ -41,13 +41,13 @@ kind: ServiceAccount automountServiceAccountToken: true metadata: labels: - helm.sh/chart: 'datadog-3.67.1' + helm.sh/chart: 'datadog-3.67.3' app.kubernetes.io/name: "datadog" app.kubernetes.io/instance: "datadog" app.kubernetes.io/managed-by: Helm app.kubernetes.io/version: "7" app: "datadog" - chart: "datadog-3.67.1" + chart: "datadog-3.67.3" heritage: "Helm" release: "datadog" name: datadog-cluster-checks @@ -60,10 +60,10 @@ automountServiceAccountToken: true metadata: labels: app: "datadog" - chart: "datadog-3.67.1" + chart: "datadog-3.67.3" heritage: "Helm" release: "datadog" - helm.sh/chart: 'datadog-3.67.1' + helm.sh/chart: 'datadog-3.67.3' app.kubernetes.io/name: "datadog" app.kubernetes.io/instance: "datadog" app.kubernetes.io/managed-by: Helm @@ -79,7 +79,7 @@ metadata: name: datadog namespace: datadog-agent labels: - helm.sh/chart: 'datadog-3.67.1' + helm.sh/chart: 'datadog-3.67.3' app.kubernetes.io/name: "datadog" app.kubernetes.io/instance: "datadog" app.kubernetes.io/managed-by: Helm @@ -92,14 +92,14 @@ metadata: name: datadog-cluster-agent namespace: datadog-agent labels: - helm.sh/chart: 'datadog-3.67.1' + helm.sh/chart: 'datadog-3.67.3' app.kubernetes.io/name: "datadog" app.kubernetes.io/instance: "datadog" app.kubernetes.io/managed-by: Helm app.kubernetes.io/version: "7" type: Opaque data: - token: "SEpYaDg2aGVaRGxQMXZwQmtpbFF3N2dhMVBxalBkbDg=" + token: "QUFveTdyd21RNU1ZUUhkTlJxSVRZSkJFdTdwdnVrVHQ=" --- # Source: datadog/templates/cluster-agent-confd-configmap.yaml apiVersion: v1 @@ -108,7 +108,7 @@ metadata: name: datadog-cluster-agent-confd namespace: datadog-agent labels: - helm.sh/chart: 'datadog-3.67.1' + helm.sh/chart: 'datadog-3.67.3' app.kubernetes.io/name: "datadog" app.kubernetes.io/instance: "datadog" app.kubernetes.io/managed-by: Helm @@ -157,20 +157,20 @@ metadata: name: datadog-installinfo namespace: datadog-agent labels: - helm.sh/chart: 'datadog-3.67.1' + helm.sh/chart: 'datadog-3.67.3' app.kubernetes.io/name: "datadog" app.kubernetes.io/instance: "datadog" app.kubernetes.io/managed-by: Helm app.kubernetes.io/version: "7" annotations: - checksum/install_info: 1cd47b2b7692889d599ad2357593b299f57b541f4c1b30a509b656426a673a81 + checksum/install_info: f50ea8a79f0564dc664ff870e2b565a24e874dd107024252b8439ef2771dc70c data: install_info: | --- install_method: tool: helm tool_version: Helm - installer_version: datadog-3.67.1 + installer_version: datadog-3.67.3 --- # Source: datadog/templates/kpi-telemetry-configmap.yaml apiVersion: v1 @@ -179,22 +179,22 @@ metadata: name: datadog-kpi-telemetry-configmap namespace: datadog-agent labels: - helm.sh/chart: 'datadog-3.67.1' + helm.sh/chart: 'datadog-3.67.3' app.kubernetes.io/name: "datadog" app.kubernetes.io/instance: "datadog" app.kubernetes.io/managed-by: Helm app.kubernetes.io/version: "7" data: install_type: k8s_manual - install_id: "75d14d26-3a27-48a2-a15e-19dc24ff26cd" - install_time: "1719929668" + install_id: "4e30aa1a-8ec7-4190-808c-beaa484cd1be" + install_time: "1720546349" --- # Source: datadog/templates/cluster-agent-rbac.yaml apiVersion: "rbac.authorization.k8s.io/v1" kind: ClusterRole metadata: labels: - helm.sh/chart: 'datadog-3.67.1' + helm.sh/chart: 'datadog-3.67.3' app.kubernetes.io/name: "datadog" app.kubernetes.io/instance: "datadog" app.kubernetes.io/managed-by: Helm @@ -409,7 +409,7 @@ apiVersion: "rbac.authorization.k8s.io/v1" kind: ClusterRole metadata: labels: - helm.sh/chart: 'datadog-3.67.1' + helm.sh/chart: 'datadog-3.67.3' app.kubernetes.io/name: "datadog" app.kubernetes.io/instance: "datadog" app.kubernetes.io/managed-by: Helm @@ -505,7 +505,7 @@ kind: ClusterRole metadata: name: datadog labels: - helm.sh/chart: 'datadog-3.67.1' + helm.sh/chart: 'datadog-3.67.3' app.kubernetes.io/name: "datadog" app.kubernetes.io/instance: "datadog" app.kubernetes.io/managed-by: Helm @@ -553,7 +553,7 @@ apiVersion: "rbac.authorization.k8s.io/v1" kind: ClusterRoleBinding metadata: labels: - helm.sh/chart: 'datadog-3.67.1' + helm.sh/chart: 'datadog-3.67.3' app.kubernetes.io/name: "datadog" app.kubernetes.io/instance: "datadog" app.kubernetes.io/managed-by: Helm @@ -573,7 +573,7 @@ apiVersion: "rbac.authorization.k8s.io/v1" kind: ClusterRoleBinding metadata: labels: - helm.sh/chart: 'datadog-3.67.1' + helm.sh/chart: 'datadog-3.67.3' app.kubernetes.io/name: "datadog" app.kubernetes.io/instance: "datadog" app.kubernetes.io/managed-by: Helm @@ -593,7 +593,7 @@ apiVersion: "rbac.authorization.k8s.io/v1" kind: ClusterRoleBinding metadata: labels: - helm.sh/chart: 'datadog-3.67.1' + helm.sh/chart: 'datadog-3.67.3' app.kubernetes.io/name: "datadog" app.kubernetes.io/instance: "datadog" app.kubernetes.io/managed-by: Helm @@ -614,7 +614,7 @@ kind: ClusterRoleBinding metadata: name: datadog labels: - helm.sh/chart: 'datadog-3.67.1' + helm.sh/chart: 'datadog-3.67.3' app.kubernetes.io/name: "datadog" app.kubernetes.io/instance: "datadog" app.kubernetes.io/managed-by: Helm @@ -633,7 +633,7 @@ apiVersion: "rbac.authorization.k8s.io/v1" kind: Role metadata: labels: - helm.sh/chart: 'datadog-3.67.1' + helm.sh/chart: 'datadog-3.67.3' app.kubernetes.io/name: "datadog" app.kubernetes.io/instance: "datadog" app.kubernetes.io/managed-by: Helm @@ -650,7 +650,7 @@ apiVersion: "rbac.authorization.k8s.io/v1" kind: Role metadata: labels: - helm.sh/chart: 'datadog-3.67.1' + helm.sh/chart: 'datadog-3.67.3' app.kubernetes.io/name: "datadog" app.kubernetes.io/instance: "datadog" app.kubernetes.io/managed-by: Helm @@ -672,7 +672,7 @@ apiVersion: "rbac.authorization.k8s.io/v1" kind: RoleBinding metadata: labels: - helm.sh/chart: 'datadog-3.67.1' + helm.sh/chart: 'datadog-3.67.3' app.kubernetes.io/name: "datadog" app.kubernetes.io/instance: "datadog" app.kubernetes.io/managed-by: Helm @@ -693,7 +693,7 @@ apiVersion: "rbac.authorization.k8s.io/v1" kind: RoleBinding metadata: labels: - helm.sh/chart: 'datadog-3.67.1' + helm.sh/chart: 'datadog-3.67.3' app.kubernetes.io/name: "datadog" app.kubernetes.io/instance: "datadog" app.kubernetes.io/managed-by: Helm @@ -716,7 +716,7 @@ metadata: name: datadog-cluster-agent namespace: datadog-agent labels: - helm.sh/chart: 'datadog-3.67.1' + helm.sh/chart: 'datadog-3.67.3' app.kubernetes.io/name: "datadog" app.kubernetes.io/instance: "datadog" app.kubernetes.io/managed-by: Helm @@ -738,10 +738,10 @@ metadata: namespace: datadog-agent labels: app: "datadog" - chart: "datadog-3.67.1" + chart: "datadog-3.67.3" release: "datadog" heritage: "Helm" - helm.sh/chart: 'datadog-3.67.1' + helm.sh/chart: 'datadog-3.67.3' app.kubernetes.io/name: "datadog" app.kubernetes.io/instance: "datadog" app.kubernetes.io/managed-by: Helm @@ -764,10 +764,10 @@ metadata: namespace: datadog-agent labels: app: "datadog" - chart: "datadog-3.67.1" + chart: "datadog-3.67.3" release: "datadog" heritage: "Helm" - helm.sh/chart: 'datadog-3.67.1' + helm.sh/chart: 'datadog-3.67.3' app.kubernetes.io/name: "datadog" app.kubernetes.io/instance: "datadog" app.kubernetes.io/managed-by: Helm @@ -793,7 +793,7 @@ metadata: name: datadog namespace: datadog-agent labels: - helm.sh/chart: 'datadog-3.67.1' + helm.sh/chart: 'datadog-3.67.3' app.kubernetes.io/name: "datadog" app.kubernetes.io/instance: "datadog" app.kubernetes.io/managed-by: Helm @@ -817,8 +817,8 @@ spec: name: datadog annotations: - checksum/clusteragent_token: 5e3bcaa1abe5a4446d86f353dc66b076d2d91355fc30e40a0edb3085578bf818 - checksum/install_info: 1cd47b2b7692889d599ad2357593b299f57b541f4c1b30a509b656426a673a81 + checksum/clusteragent_token: 9ef97dddd1e5b1a58467f956443bb44b5cc254b773babc64f396c7084c983245 + checksum/install_info: f50ea8a79f0564dc664ff870e2b565a24e874dd107024252b8439ef2771dc70c checksum/autoconf-config: 74234e98afe7498fb5daf1f36ac2d78acc339464f950703b8c019892f982b90b checksum/confd-config: 44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a checksum/checksd-config: 44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a @@ -1293,7 +1293,7 @@ metadata: name: datadog-clusterchecks namespace: datadog-agent labels: - helm.sh/chart: 'datadog-3.67.1' + helm.sh/chart: 'datadog-3.67.3' app.kubernetes.io/name: "datadog" app.kubernetes.io/instance: "datadog" app.kubernetes.io/managed-by: Helm @@ -1323,8 +1323,8 @@ spec: name: datadog-clusterchecks annotations: - checksum/clusteragent_token: d1c635a8c97cb19250c65ef2c3ecf58f93c4a71427db8b52b62e21f25aacc218 - checksum/install_info: 1cd47b2b7692889d599ad2357593b299f57b541f4c1b30a509b656426a673a81 + checksum/clusteragent_token: 34e2ad428259e9338b0aba3854c49fe82fca0bf62a56104652c011f6381d5140 + checksum/install_info: f50ea8a79f0564dc664ff870e2b565a24e874dd107024252b8439ef2771dc70c spec: serviceAccountName: datadog-cluster-checks automountServiceAccountToken: true @@ -1484,7 +1484,7 @@ metadata: name: datadog-cluster-agent namespace: datadog-agent labels: - helm.sh/chart: 'datadog-3.67.1' + helm.sh/chart: 'datadog-3.67.3' app.kubernetes.io/name: "datadog" app.kubernetes.io/instance: "datadog" app.kubernetes.io/managed-by: Helm @@ -1514,9 +1514,9 @@ spec: name: datadog-cluster-agent annotations: - checksum/clusteragent_token: d1c6966977a4567d120221c50fc5d86000fc27324326176099a933227e1fa821 - checksum/clusteragent-configmap: c3e3b0964181fe36b22747721acaa9ebcb9505fa4cb9a3f9cce6a3b7091015bb - checksum/install_info: 1cd47b2b7692889d599ad2357593b299f57b541f4c1b30a509b656426a673a81 + checksum/clusteragent_token: f4606476ef366e0c3fab79dde5c5c9bd3970824b6e48d4dd61dce484d892a491 + checksum/clusteragent-configmap: 3e05961e3055e7f00a5c6765d16eb843b13277b0201f232957d2fb832d7a2f64 + checksum/install_info: f50ea8a79f0564dc664ff870e2b565a24e874dd107024252b8439ef2771dc70c spec: serviceAccountName: datadog-cluster-agent automountServiceAccountToken: true From ad02ce8c1009883d075d4846ee673a6256464def Mon Sep 17 00:00:00 2001 From: AliDatadog <125997632+AliDatadog@users.noreply.github.com> Date: Wed, 10 Jul 2024 10:26:52 +0200 Subject: [PATCH 079/209] Configure security context for the seccomp-setup initContainer (#1445) --- charts/datadog/CHANGELOG.md | 4 ++++ charts/datadog/Chart.yaml | 2 +- charts/datadog/README.md | 2 +- charts/datadog/templates/_system-probe-init.yaml | 3 +++ 4 files changed, 9 insertions(+), 2 deletions(-) diff --git a/charts/datadog/CHANGELOG.md b/charts/datadog/CHANGELOG.md index 04498caa4..260a4567b 100644 --- a/charts/datadog/CHANGELOG.md +++ b/charts/datadog/CHANGELOG.md @@ -1,5 +1,9 @@ # Datadog changelog +## 3.67.4 + +* Overwrite the securityContext for the `seccomp-setup` initContainer with `agents.containers.initContainers.securityContext`. + ## 3.67.3 * Make sure that disabling CSPM host benchmarks is propagated to the agent. diff --git a/charts/datadog/Chart.yaml b/charts/datadog/Chart.yaml index 7904f8495..133aecc0b 100644 --- a/charts/datadog/Chart.yaml +++ b/charts/datadog/Chart.yaml @@ -1,6 +1,6 @@ apiVersion: v1 name: datadog -version: 3.67.3 +version: 3.67.4 appVersion: "7" description: Datadog Agent keywords: diff --git a/charts/datadog/README.md b/charts/datadog/README.md index 2e50fb1de..d7dba9cd3 100644 --- a/charts/datadog/README.md +++ b/charts/datadog/README.md @@ -1,6 +1,6 @@ # Datadog -![Version: 3.67.3](https://img.shields.io/badge/Version-3.67.3-informational?style=flat-square) ![AppVersion: 7](https://img.shields.io/badge/AppVersion-7-informational?style=flat-square) +![Version: 3.67.4](https://img.shields.io/badge/Version-3.67.4-informational?style=flat-square) ![AppVersion: 7](https://img.shields.io/badge/AppVersion-7-informational?style=flat-square) [Datadog](https://www.datadoghq.com/) is a hosted infrastructure monitoring platform. This chart adds the Datadog Agent to all nodes in your cluster via a DaemonSet. It also optionally depends on the [kube-state-metrics chart](https://github.com/prometheus-community/helm-charts/tree/main/charts/kube-state-metrics). For more information about monitoring Kubernetes with Datadog, please refer to the [Datadog documentation website](https://docs.datadoghq.com/agent/basic_agent_usage/kubernetes/). diff --git a/charts/datadog/templates/_system-probe-init.yaml b/charts/datadog/templates/_system-probe-init.yaml index 99b1f4fbf..cfea181fc 100644 --- a/charts/datadog/templates/_system-probe-init.yaml +++ b/charts/datadog/templates/_system-probe-init.yaml @@ -1,5 +1,8 @@ {{- define "system-probe-init" -}} - name: seccomp-setup +{{- if not .Values.providers.gke.autopilot }} +{{ include "generate-security-context" (dict "securityContext" .Values.agents.containers.initContainers.securityContext "targetSystem" .Values.targetSystem "seccomp" "" "kubeversion" .Capabilities.KubeVersion.Version) | indent 2 }} +{{- end }} image: "{{ include "image-path" (dict "root" .Values "image" .Values.agents.image) }}" imagePullPolicy: {{ .Values.agents.image.pullPolicy }} command: From 0a8482703d0712e48578cd3f685e61959f1ef772 Mon Sep 17 00:00:00 2001 From: Vladimir Zhuk <52405651+vladimir-dd@users.noreply.github.com> Date: Wed, 10 Jul 2024 17:53:08 +0200 Subject: [PATCH 080/209] [OPA-2008] Upgrade OPW helm chart to use to 2.1.0 image (#1447) --- charts/observability-pipelines-worker/CHANGELOG.md | 6 +++++- charts/observability-pipelines-worker/Chart.yaml | 4 ++-- charts/observability-pipelines-worker/README.md | 4 ++-- charts/observability-pipelines-worker/values.yaml | 2 +- 4 files changed, 10 insertions(+), 6 deletions(-) diff --git a/charts/observability-pipelines-worker/CHANGELOG.md b/charts/observability-pipelines-worker/CHANGELOG.md index 0216d1c44..a2558f499 100644 --- a/charts/observability-pipelines-worker/CHANGELOG.md +++ b/charts/observability-pipelines-worker/CHANGELOG.md @@ -1,6 +1,10 @@ # Changelog -## 2.0.1 +## 2.1.0 + +* Official image `2.1.0` + +## 2.0.2 * Official image `2.0.2` diff --git a/charts/observability-pipelines-worker/Chart.yaml b/charts/observability-pipelines-worker/Chart.yaml index 589bf8b7c..ec520d387 100644 --- a/charts/observability-pipelines-worker/Chart.yaml +++ b/charts/observability-pipelines-worker/Chart.yaml @@ -1,6 +1,6 @@ apiVersion: v2 name: observability-pipelines-worker -version: "2.0.2" +version: "2.1.0" description: Observability Pipelines Worker type: application keywords: @@ -13,7 +13,7 @@ icon: https://datadog-live.imgix.net/img/dd_logo_70x75.png maintainers: - name: Datadog email: support@datadoghq.com -appVersion: "2.0.2" +appVersion: "2.1.0" annotations: artifacthub.io/links: | - name: Chart Source diff --git a/charts/observability-pipelines-worker/README.md b/charts/observability-pipelines-worker/README.md index ee907d892..54d70c4f0 100644 --- a/charts/observability-pipelines-worker/README.md +++ b/charts/observability-pipelines-worker/README.md @@ -1,6 +1,6 @@ # Observability Pipelines Worker -![Version: 2.0.2](https://img.shields.io/badge/Version-2.0.2-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 2.0.2](https://img.shields.io/badge/AppVersion-2.0.2-informational?style=flat-square) +![Version: 2.1.0](https://img.shields.io/badge/Version-2.1.0-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 2.1.0](https://img.shields.io/badge/AppVersion-2.1.0-informational?style=flat-square) ## How to use Datadog Helm repository @@ -110,7 +110,7 @@ The command removes all the Kubernetes components associated with the chart and | image.pullPolicy | string | `"IfNotPresent"` | Specify the [pullPolicy](https://kubernetes.io/docs/concepts/containers/images/#image-pull-policy). | | image.pullSecrets | list | `[]` | Specify the [imagePullSecrets](https://kubernetes.io/docs/concepts/containers/images/#specifying-imagepullsecrets-on-a-pod). | | image.repository | string | `"gcr.io/datadoghq"` | Specify the image repository to use. | -| image.tag | string | `"2.0.2"` | Specify the image tag to use. | +| image.tag | string | `"2.1.0"` | Specify the image tag to use. | | ingress.annotations | object | `{}` | Specify annotations for the Ingress. | | ingress.className | string | `""` | Specify the [ingressClassName](https://kubernetes.io/blog/2020/04/02/improvements-to-the-ingress-api-in-kubernetes-1.18/#specifying-the-class-of-an-ingress), requires Kubernetes >= 1.18. | | ingress.enabled | bool | `false` | If **true**, create an Ingress resource. | diff --git a/charts/observability-pipelines-worker/values.yaml b/charts/observability-pipelines-worker/values.yaml index e3c3de235..248ec3f00 100644 --- a/charts/observability-pipelines-worker/values.yaml +++ b/charts/observability-pipelines-worker/values.yaml @@ -42,7 +42,7 @@ image: # image.name -- Specify the image name to use (relative to `image.repository`). name: observability-pipelines-worker # image.tag -- Specify the image tag to use. - tag: 2.0.2 + tag: 2.1.0 # image.digest -- (string) Specify the image digest to use; takes precedence over `image.tag`. digest: ## Currently, we offer images at: From 6267ea9d29e3b4df7120fa131b01fcbfdb28db8e Mon Sep 17 00:00:00 2001 From: Daniel Tafoya <63120739+daniel-taf@users.noreply.github.com> Date: Wed, 10 Jul 2024 15:56:30 -0400 Subject: [PATCH 081/209] [PROCS-3709] Add support to run process checks in core agent (#1439) * Support running process checks in core agent * Restore _helpers.tpl * Update docs * Minor updates * Update docs * Remove config guard for processes envs --------- Co-authored-by: Celene --- charts/datadog/CHANGELOG.md | 4 ++++ charts/datadog/Chart.yaml | 2 +- charts/datadog/README.md | 3 ++- charts/datadog/templates/_container-agent.yaml | 6 ++++++ .../templates/_container-process-agent.yaml | 11 +---------- .../templates/_daemonset-volumes-linux.yaml | 2 +- .../templates/_processes-common-env.yaml | 17 +++++++++++++++++ charts/datadog/values.yaml | 5 +++++ 8 files changed, 37 insertions(+), 13 deletions(-) create mode 100644 charts/datadog/templates/_processes-common-env.yaml diff --git a/charts/datadog/CHANGELOG.md b/charts/datadog/CHANGELOG.md index 260a4567b..63e58acb7 100644 --- a/charts/datadog/CHANGELOG.md +++ b/charts/datadog/CHANGELOG.md @@ -1,5 +1,9 @@ # Datadog changelog +## 3.67.5 + +* Add support for `processAgent.runInCoreAgent` as an experimental feature. + ## 3.67.4 * Overwrite the securityContext for the `seccomp-setup` initContainer with `agents.containers.initContainers.securityContext`. diff --git a/charts/datadog/Chart.yaml b/charts/datadog/Chart.yaml index 133aecc0b..693f1f490 100644 --- a/charts/datadog/Chart.yaml +++ b/charts/datadog/Chart.yaml @@ -1,6 +1,6 @@ apiVersion: v1 name: datadog -version: 3.67.4 +version: 3.67.5 appVersion: "7" description: Datadog Agent keywords: diff --git a/charts/datadog/README.md b/charts/datadog/README.md index d7dba9cd3..dbc39b419 100644 --- a/charts/datadog/README.md +++ b/charts/datadog/README.md @@ -1,6 +1,6 @@ # Datadog -![Version: 3.67.4](https://img.shields.io/badge/Version-3.67.4-informational?style=flat-square) ![AppVersion: 7](https://img.shields.io/badge/AppVersion-7-informational?style=flat-square) +![Version: 3.67.5](https://img.shields.io/badge/Version-3.67.5-informational?style=flat-square) ![AppVersion: 7](https://img.shields.io/badge/AppVersion-7-informational?style=flat-square) [Datadog](https://www.datadoghq.com/) is a hosted infrastructure monitoring platform. This chart adds the Datadog Agent to all nodes in your cluster via a DaemonSet. It also optionally depends on the [kube-state-metrics chart](https://github.com/prometheus-community/helm-charts/tree/main/charts/kube-state-metrics). For more information about monitoring Kubernetes with Datadog, please refer to the [Datadog documentation website](https://docs.datadoghq.com/agent/basic_agent_usage/kubernetes/). @@ -775,6 +775,7 @@ helm install \ | datadog.processAgent.enabled | bool | `true` | Set this to true to enable live process monitoring agent | | datadog.processAgent.processCollection | bool | `false` | Set this to true to enable process collection in process monitoring agent | | datadog.processAgent.processDiscovery | bool | `true` | Enables or disables autodiscovery of integrations | +| datadog.processAgent.runInCoreAgent | bool | `false` | Set this to true to run the following features in the core agent: Live Processes, Live Containers, Process Discovery. # This is an experimental feature requiring Agent 7.53.0+ and Linux. Currently not compatible with APM Single Step Instrumentation. # If Network Performance Monitoring is not being used, processAgent.enabled should be set to false to remove the process-agent container. | | datadog.processAgent.stripProcessArguments | bool | `false` | Set this to scrub all arguments from collected processes | | datadog.prometheusScrape.additionalConfigs | list | `[]` | Allows adding advanced openmetrics check configurations with custom discovery rules. (Requires Agent version 7.27+) | | datadog.prometheusScrape.enabled | bool | `false` | Enable autodiscovering pods and services exposing prometheus metrics. | diff --git a/charts/datadog/templates/_container-agent.yaml b/charts/datadog/templates/_container-agent.yaml index f52a7b386..c74281d14 100644 --- a/charts/datadog/templates/_container-agent.yaml +++ b/charts/datadog/templates/_container-agent.yaml @@ -58,6 +58,7 @@ env: {{- include "containers-common-env" . | nindent 4 }} {{- include "fips-envvar" . | nindent 4 }} + {{- include "processes-common-envs" . | nindent 4 }} {{- if .Values.datadog.logLevel }} - name: DD_LOG_LEVEL value: {{ .Values.agents.containers.agent.logLevel | default .Values.datadog.logLevel | quote }} @@ -248,6 +249,11 @@ mountPath: /host/sys/fs/cgroup mountPropagation: {{ .Values.datadog.hostVolumeMountPropagation }} readOnly: true + {{- if .Values.datadog.processAgent.runInCoreAgent }} + - name: passwd + mountPath: /etc/passwd + readOnly: true + {{- end }} {{- if or .Values.datadog.logs.enabled .Values.datadog.logsEnabled }} - name: pointerdir mountPath: /opt/datadog-agent/run diff --git a/charts/datadog/templates/_container-process-agent.yaml b/charts/datadog/templates/_container-process-agent.yaml index b69179bbc..21114b753 100644 --- a/charts/datadog/templates/_container-process-agent.yaml +++ b/charts/datadog/templates/_container-process-agent.yaml @@ -28,16 +28,7 @@ {{- include "containers-common-env" . | nindent 4 }} {{- include "containers-cluster-agent-env" . | nindent 4 }} {{- include "fips-envvar" . | nindent 4 }} - {{- if .Values.datadog.processAgent.processCollection }} - - name: DD_PROCESS_AGENT_ENABLED - value: "true" - {{- end }} - - name: DD_PROCESS_AGENT_DISCOVERY_ENABLED - value: {{ .Values.datadog.processAgent.processDiscovery | quote }} - {{- if .Values.datadog.processAgent.stripProcessArguments }} - - name: DD_STRIP_PROCESS_ARGS - value: "true" - {{- end }} + {{- include "processes-common-envs" . | nindent 4 }} - name: DD_LOG_LEVEL value: {{ .Values.agents.containers.processAgent.logLevel | default .Values.datadog.logLevel | quote }} - name: DD_SYSTEM_PROBE_ENABLED diff --git a/charts/datadog/templates/_daemonset-volumes-linux.yaml b/charts/datadog/templates/_daemonset-volumes-linux.yaml index 636503362..92b48ad2b 100644 --- a/charts/datadog/templates/_daemonset-volumes-linux.yaml +++ b/charts/datadog/templates/_daemonset-volumes-linux.yaml @@ -137,7 +137,7 @@ name: btf-path {{- end }} {{- end }} -{{- if or .Values.datadog.processAgent.enabled (eq (include "should-enable-system-probe" .) "true") (eq (include "should-enable-security-agent" .) "true") }} +{{- if or .Values.datadog.processAgent.enabled .Values.datadog.processAgent.runInCoreAgent (eq (include "should-enable-system-probe" .) "true") (eq (include "should-enable-security-agent" .) "true") }} - hostPath: path: /etc/passwd name: passwd diff --git a/charts/datadog/templates/_processes-common-env.yaml b/charts/datadog/templates/_processes-common-env.yaml new file mode 100644 index 000000000..95b249bdf --- /dev/null +++ b/charts/datadog/templates/_processes-common-env.yaml @@ -0,0 +1,17 @@ +# Defines set of environment variables for Processes-related checks. +{{- define "processes-common-envs" -}} +{{- if .Values.datadog.processAgent.processCollection }} +- name: DD_PROCESS_AGENT_ENABLED + value: "true" +{{- end }} +- name: DD_PROCESS_AGENT_DISCOVERY_ENABLED + value: {{ .Values.datadog.processAgent.processDiscovery | quote }} +{{- if .Values.datadog.processAgent.stripProcessArguments }} +- name: DD_STRIP_PROCESS_ARGS + value: "true" +{{- end }} +{{- if eq .Values.targetSystem "linux" }} +- name: DD_PROCESS_CONFIG_RUN_IN_CORE_AGENT_ENABLED + value: {{ .Values.datadog.processAgent.runInCoreAgent | quote }} +{{- end }} +{{- end -}} diff --git a/charts/datadog/values.yaml b/charts/datadog/values.yaml index de9855e1a..f01492d48 100644 --- a/charts/datadog/values.yaml +++ b/charts/datadog/values.yaml @@ -624,6 +624,11 @@ datadog: # datadog.processAgent.processDiscovery -- Enables or disables autodiscovery of integrations processDiscovery: true + # datadog.processAgent.runInCoreAgent -- Set this to true to run the following features in the core agent: Live Processes, Live Containers, Process Discovery. + ## This is an experimental feature requiring Agent 7.53.0+ and Linux. Currently not compatible with APM Single Step Instrumentation. + ## If Network Performance Monitoring is not being used, processAgent.enabled should be set to false to remove the process-agent container. + runInCoreAgent: false + # datadog.osReleasePath -- Specify the path to your os-release file osReleasePath: /etc/os-release From aec9e19084f5f9e1c8aa6d0dab401e13d116b548 Mon Sep 17 00:00:00 2001 From: Steven Blumenthal Date: Mon, 15 Jul 2024 12:34:33 -0400 Subject: [PATCH 082/209] Set default (cluster-)agent version to 7.55.1 (#1456) --- charts/datadog/CHANGELOG.md | 4 ++++ charts/datadog/Chart.yaml | 2 +- charts/datadog/README.md | 8 ++++---- charts/datadog/values.yaml | 6 +++--- 4 files changed, 12 insertions(+), 8 deletions(-) diff --git a/charts/datadog/CHANGELOG.md b/charts/datadog/CHANGELOG.md index 63e58acb7..4f9e16d6d 100644 --- a/charts/datadog/CHANGELOG.md +++ b/charts/datadog/CHANGELOG.md @@ -1,5 +1,9 @@ # Datadog changelog +## 3.68.0 + +* Set default `Agent` and `Cluster-Agent` version to `7.55.1`. + ## 3.67.5 * Add support for `processAgent.runInCoreAgent` as an experimental feature. diff --git a/charts/datadog/Chart.yaml b/charts/datadog/Chart.yaml index 693f1f490..86d99a5c3 100644 --- a/charts/datadog/Chart.yaml +++ b/charts/datadog/Chart.yaml @@ -1,6 +1,6 @@ apiVersion: v1 name: datadog -version: 3.67.5 +version: 3.68.0 appVersion: "7" description: Datadog Agent keywords: diff --git a/charts/datadog/README.md b/charts/datadog/README.md index dbc39b419..0bd9916de 100644 --- a/charts/datadog/README.md +++ b/charts/datadog/README.md @@ -1,6 +1,6 @@ # Datadog -![Version: 3.67.5](https://img.shields.io/badge/Version-3.67.5-informational?style=flat-square) ![AppVersion: 7](https://img.shields.io/badge/AppVersion-7-informational?style=flat-square) +![Version: 3.68.0](https://img.shields.io/badge/Version-3.68.0-informational?style=flat-square) ![AppVersion: 7](https://img.shields.io/badge/AppVersion-7-informational?style=flat-square) [Datadog](https://www.datadoghq.com/) is a hosted infrastructure monitoring platform. This chart adds the Datadog Agent to all nodes in your cluster via a DaemonSet. It also optionally depends on the [kube-state-metrics chart](https://github.com/prometheus-community/helm-charts/tree/main/charts/kube-state-metrics). For more information about monitoring Kubernetes with Datadog, please refer to the [Datadog documentation website](https://docs.datadoghq.com/agent/basic_agent_usage/kubernetes/). @@ -509,7 +509,7 @@ helm install \ | agents.image.pullPolicy | string | `"IfNotPresent"` | Datadog Agent image pull policy | | agents.image.pullSecrets | list | `[]` | Datadog Agent repository pullSecret (ex: specify docker registry credentials) | | agents.image.repository | string | `nil` | Override default registry + image.name for Agent | -| agents.image.tag | string | `"7.54.0"` | Define the Agent version to use | +| agents.image.tag | string | `"7.55.1"` | Define the Agent version to use | | agents.image.tagSuffix | string | `""` | Suffix to append to Agent tag | | agents.localService.forceLocalServiceEnabled | bool | `false` | Force the creation of the internal traffic policy service to target the agent running on the local node. By default, the internal traffic service is created only on Kubernetes 1.22+ where the feature became beta and enabled by default. This option allows to force the creation of the internal traffic service on kubernetes 1.21 where the feature was alpha and required a feature gate to be explicitly enabled. | | agents.localService.overrideName | string | `""` | Name of the internal traffic service to target the agent running on the local node | @@ -584,7 +584,7 @@ helm install \ | clusterAgent.image.pullPolicy | string | `"IfNotPresent"` | Cluster Agent image pullPolicy | | clusterAgent.image.pullSecrets | list | `[]` | Cluster Agent repository pullSecret (ex: specify docker registry credentials) | | clusterAgent.image.repository | string | `nil` | Override default registry + image.name for Cluster Agent | -| clusterAgent.image.tag | string | `"7.54.0"` | Cluster Agent image tag to use | +| clusterAgent.image.tag | string | `"7.55.1"` | Cluster Agent image tag to use | | clusterAgent.livenessProbe | object | Every 15s / 6 KO / 1 OK | Override default Cluster Agent liveness probe settings | | clusterAgent.metricsProvider.aggregator | string | `"avg"` | Define the aggregator the cluster agent will use to process the metrics. The options are (avg, min, max, sum) | | clusterAgent.metricsProvider.createReaderRbac | bool | `true` | Create `external-metrics-reader` RBAC automatically (to allow HPA to read data from Cluster Agent) | @@ -636,7 +636,7 @@ helm install \ | clusterChecksRunner.image.pullPolicy | string | `"IfNotPresent"` | Datadog Agent image pull policy | | clusterChecksRunner.image.pullSecrets | list | `[]` | Datadog Agent repository pullSecret (ex: specify docker registry credentials) | | clusterChecksRunner.image.repository | string | `nil` | Override default registry + image.name for Cluster Check Runners | -| clusterChecksRunner.image.tag | string | `"7.54.0"` | Define the Agent version to use | +| clusterChecksRunner.image.tag | string | `"7.55.1"` | Define the Agent version to use | | clusterChecksRunner.image.tagSuffix | string | `""` | Suffix to append to Agent tag | | clusterChecksRunner.livenessProbe | object | Every 15s / 6 KO / 1 OK | Override default agent liveness probe settings | | clusterChecksRunner.networkPolicy.create | bool | `false` | If true, create a NetworkPolicy for the cluster checks runners. DEPRECATED. Use datadog.networkPolicy.create instead | diff --git a/charts/datadog/values.yaml b/charts/datadog/values.yaml index f01492d48..5a6e72ad7 100644 --- a/charts/datadog/values.yaml +++ b/charts/datadog/values.yaml @@ -940,7 +940,7 @@ clusterAgent: name: cluster-agent # clusterAgent.image.tag -- Cluster Agent image tag to use - tag: 7.54.0 + tag: 7.55.1 # clusterAgent.image.digest -- Cluster Agent image digest to use, takes precedence over tag if specified digest: "" @@ -1433,7 +1433,7 @@ agents: name: agent # agents.image.tag -- Define the Agent version to use - tag: 7.54.0 + tag: 7.55.1 # agents.image.digest -- Define Agent image digest to use, takes precedence over tag if specified digest: "" @@ -1910,7 +1910,7 @@ clusterChecksRunner: name: agent # clusterChecksRunner.image.tag -- Define the Agent version to use - tag: 7.54.0 + tag: 7.55.1 # clusterChecksRunner.image.digest -- Define Agent image digest to use, takes precedence over tag if specified digest: "" From d661a029e9dafb231f703dce5f579256d2e87f2f Mon Sep 17 00:00:00 2001 From: Pavel Storozhenko Date: Wed, 17 Jul 2024 12:16:18 +0200 Subject: [PATCH 083/209] [synthetics] Add support for PDB for private location deployment (#1459) * feat(synthetics): add pdb support for private locations * feat(synthetics): add pdb support for private locations --- charts/synthetics-private-location/CHANGELOG.md | 4 ++++ charts/synthetics-private-location/Chart.yaml | 2 +- charts/synthetics-private-location/README.md | 3 ++- .../templates/_helpers.tpl | 11 +++++++++++ .../templates/pdb.yaml | 17 +++++++++++++++++ charts/synthetics-private-location/values.yaml | 6 ++++++ 6 files changed, 41 insertions(+), 2 deletions(-) create mode 100644 charts/synthetics-private-location/templates/pdb.yaml diff --git a/charts/synthetics-private-location/CHANGELOG.md b/charts/synthetics-private-location/CHANGELOG.md index 174e36ff7..3c657877d 100644 --- a/charts/synthetics-private-location/CHANGELOG.md +++ b/charts/synthetics-private-location/CHANGELOG.md @@ -1,5 +1,9 @@ # Datadog changelog +## 0.17.0 + +* Add `podDisruptionBudget` to allow creating and configuring PodDisruptionBudget for deployment. + ## 0.16.4 * Update private location image version to `1.49.0`. diff --git a/charts/synthetics-private-location/Chart.yaml b/charts/synthetics-private-location/Chart.yaml index 138c43982..903ae6744 100644 --- a/charts/synthetics-private-location/Chart.yaml +++ b/charts/synthetics-private-location/Chart.yaml @@ -1,6 +1,6 @@ apiVersion: v2 name: synthetics-private-location -version: 0.16.4 +version: 0.17.0 appVersion: 1.49.0 description: Datadog Synthetics Private Location keywords: diff --git a/charts/synthetics-private-location/README.md b/charts/synthetics-private-location/README.md index c8a0557e5..f824b1ae2 100644 --- a/charts/synthetics-private-location/README.md +++ b/charts/synthetics-private-location/README.md @@ -1,6 +1,6 @@ # Datadog Synthetics Private Location -![Version: 0.16.4](https://img.shields.io/badge/Version-0.16.4-informational?style=flat-square) ![AppVersion: 1.49.0](https://img.shields.io/badge/AppVersion-1.49.0-informational?style=flat-square) +![Version: 0.17.0](https://img.shields.io/badge/Version-0.17.0-informational?style=flat-square) ![AppVersion: 1.49.0](https://img.shields.io/badge/AppVersion-1.49.0-informational?style=flat-square) [Datadog](https://www.datadoghq.com/) is a hosted infrastructure monitoring platform. This chart adds a Datadog Synthetics Private Location Deployment. For more information about synthetics monitoring with Datadog, please refer to the [Datadog documentation website](https://docs.datadoghq.com/synthetics/private_locations/?tab=helmchart). @@ -46,6 +46,7 @@ helm install datadog/synthetics-private-location --set-file confi | nameOverride | string | `""` | Override name of app | | nodeSelector | object | `{}` | Allows to schedule Datadog Synthetics Private Location on specific nodes | | podAnnotations | object | `{}` | Annotations to set to Datadog Synthetics Private Location PODs | +| podDisruptionBudget | object | `{"enabled":false,"minAvailable":1}` | Allows to create and configure PodDisruptionBudget for Datadog Synthetics Private Location deployment | | podLabels | object | `{}` | Labels to be placed on pods managed by the deployment | | podSecurityContext | object | `{}` | Security context to set to Datadog Synthetics Private Location PODs | | priorityClassName | string | `""` | Allows to specify PriorityClass for Datadog Synthetics Private Location PODs | diff --git a/charts/synthetics-private-location/templates/_helpers.tpl b/charts/synthetics-private-location/templates/_helpers.tpl index 48469bb11..a053a40ce 100644 --- a/charts/synthetics-private-location/templates/_helpers.tpl +++ b/charts/synthetics-private-location/templates/_helpers.tpl @@ -63,3 +63,14 @@ Create the name of the service account to use {{- default "default" .Values.serviceAccount.name }} {{- end }} {{- end }} + +{{/* +Return the appropriate apiVersion for PodDisruptionBudget policy APIs. +*/}} +{{- define "policy.poddisruptionbudget.apiVersion" -}} +{{- if or (.Capabilities.APIVersions.Has "policy/v1/PodDisruptionBudget") (semverCompare ">=1.21" .Capabilities.KubeVersion.Version) -}} +"policy/v1" +{{- else -}} +"policy/v1beta1" +{{- end -}} +{{- end -}} diff --git a/charts/synthetics-private-location/templates/pdb.yaml b/charts/synthetics-private-location/templates/pdb.yaml new file mode 100644 index 000000000..5cc5ed0ae --- /dev/null +++ b/charts/synthetics-private-location/templates/pdb.yaml @@ -0,0 +1,17 @@ +{{- if .Values.podDisruptionBudget.enabled -}} +apiVersion: {{ template "policy.poddisruptionbudget.apiVersion" . }} +kind: PodDisruptionBudget +metadata: + name: {{ include "synthetics-private-location.fullname" . }} + labels: + {{- include "synthetics-private-location.labels" . | nindent 4 }} +spec: +{{- if .Values.podDisruptionBudget.minAvailable }} + minAvailable: {{ .Values.podDisruptionBudget.minAvailable }} +{{- end }} +{{- if .Values.podDisruptionBudget.maxUnavailable }} + maxUnavailable: {{ .Values.podDisruptionBudget.maxUnavailable }} +{{- end }} + selector: + matchLabels: {{- include "synthetics-private-location.selectorLabels" . | nindent 6 }} +{{- end -}} diff --git a/charts/synthetics-private-location/values.yaml b/charts/synthetics-private-location/values.yaml index df9fe525c..dceffe2e3 100644 --- a/charts/synthetics-private-location/values.yaml +++ b/charts/synthetics-private-location/values.yaml @@ -124,3 +124,9 @@ enableStatusProbes: false # priorityClassName -- Allows to specify PriorityClass for Datadog Synthetics Private Location PODs priorityClassName: "" + +# podDisruptionBudget -- Allows to create and configure PodDisruptionBudget for Datadog Synthetics Private Location deployment +podDisruptionBudget: + enabled: false + minAvailable: 1 + # maxUnavailable: 1 From 38a500ea6c40063110d11ba2915c08630eefb950 Mon Sep 17 00:00:00 2001 From: Daniel Tafoya <63120739+daniel-taf@users.noreply.github.com> Date: Thu, 18 Jul 2024 15:43:43 -0400 Subject: [PATCH 084/209] [PROCS-4201] Add automatic detection for enabling the process agent container (#1451) * Support running process checks in core agent * Restore _helpers.tpl * Add process agent helper * Update docs and volume mounts * Update charts/datadog/values.yaml Co-authored-by: Celene * Update charts/datadog/values.yaml Co-authored-by: Celene * Update docs * Add version helper * Update version * combine helpers * fix * Add more version tests --------- Co-authored-by: Celene --- charts/datadog/CHANGELOG.md | 4 + charts/datadog/Chart.yaml | 2 +- charts/datadog/README.md | 11 +- .../templates/_container-process-agent.yaml | 2 +- .../templates/_daemonset-volumes-linux.yaml | 2 +- charts/datadog/templates/_helpers.tpl | 63 ++- .../templates/_processes-common-env.yaml | 12 +- charts/datadog/templates/daemonset.yaml | 2 +- charts/datadog/values.yaml | 16 +- test/datadog/process_agent_test.go | 420 ++++++++++++++++++ 10 files changed, 492 insertions(+), 42 deletions(-) create mode 100644 test/datadog/process_agent_test.go diff --git a/charts/datadog/CHANGELOG.md b/charts/datadog/CHANGELOG.md index 4f9e16d6d..d6e0f9855 100644 --- a/charts/datadog/CHANGELOG.md +++ b/charts/datadog/CHANGELOG.md @@ -1,5 +1,9 @@ # Datadog changelog +## 3.68.1 + +* Add automatic detection for enablement of process agent container. + ## 3.68.0 * Set default `Agent` and `Cluster-Agent` version to `7.55.1`. diff --git a/charts/datadog/Chart.yaml b/charts/datadog/Chart.yaml index 86d99a5c3..749e6a28c 100644 --- a/charts/datadog/Chart.yaml +++ b/charts/datadog/Chart.yaml @@ -1,6 +1,6 @@ apiVersion: v1 name: datadog -version: 3.68.0 +version: 3.68.1 appVersion: "7" description: Datadog Agent keywords: diff --git a/charts/datadog/README.md b/charts/datadog/README.md index 0bd9916de..60bb3427a 100644 --- a/charts/datadog/README.md +++ b/charts/datadog/README.md @@ -1,6 +1,6 @@ # Datadog -![Version: 3.68.0](https://img.shields.io/badge/Version-3.68.0-informational?style=flat-square) ![AppVersion: 7](https://img.shields.io/badge/AppVersion-7-informational?style=flat-square) +![Version: 3.68.1](https://img.shields.io/badge/Version-3.68.1-informational?style=flat-square) ![AppVersion: 7](https://img.shields.io/badge/AppVersion-7-informational?style=flat-square) [Datadog](https://www.datadoghq.com/) is a hosted infrastructure monitoring platform. This chart adds the Datadog Agent to all nodes in your cluster via a DaemonSet. It also optionally depends on the [kube-state-metrics chart](https://github.com/prometheus-community/helm-charts/tree/main/charts/kube-state-metrics). For more information about monitoring Kubernetes with Datadog, please refer to the [Datadog documentation website](https://docs.datadoghq.com/agent/basic_agent_usage/kubernetes/). @@ -772,11 +772,12 @@ helm install \ | datadog.otlp.receiver.protocols.http.useHostPort | bool | `true` | Enable the Host Port for the OTLP/HTTP endpoint | | datadog.podAnnotationsAsTags | object | `{}` | Provide a mapping of Kubernetes Annotations to Datadog Tags | | datadog.podLabelsAsTags | object | `{}` | Provide a mapping of Kubernetes Labels to Datadog Tags | -| datadog.processAgent.enabled | bool | `true` | Set this to true to enable live process monitoring agent | -| datadog.processAgent.processCollection | bool | `false` | Set this to true to enable process collection in process monitoring agent | +| datadog.processAgent.containerCollection | bool | `true` | Set this to true to enable container collection # ref: https://docs.datadoghq.com/infrastructure/containers/?tab=helm | +| datadog.processAgent.enabled | bool | `true` | Set this to true to enable live process monitoring agent DEPRECATED. Set `datadog.processAgent.processCollection` or `datadog.processAgent.containerCollection` instead. # Note: /etc/passwd is automatically mounted when `processCollection`, `processDiscovery`, or `containerCollection` is enabled. # ref: https://docs.datadoghq.com/graphing/infrastructure/process/#kubernetes-daemonset | +| datadog.processAgent.processCollection | bool | `false` | Set this to true to enable process collection | | datadog.processAgent.processDiscovery | bool | `true` | Enables or disables autodiscovery of integrations | -| datadog.processAgent.runInCoreAgent | bool | `false` | Set this to true to run the following features in the core agent: Live Processes, Live Containers, Process Discovery. # This is an experimental feature requiring Agent 7.53.0+ and Linux. Currently not compatible with APM Single Step Instrumentation. # If Network Performance Monitoring is not being used, processAgent.enabled should be set to false to remove the process-agent container. | -| datadog.processAgent.stripProcessArguments | bool | `false` | Set this to scrub all arguments from collected processes | +| datadog.processAgent.runInCoreAgent | bool | `false` | Set this to true to run the following features in the core agent: Live Processes, Live Containers, Process Discovery. # This is an experimental feature requiring Agent 7.53.0+ and Linux. Currently not compatible with APM Single Step Instrumentation. | +| datadog.processAgent.stripProcessArguments | bool | `false` | Set this to scrub all arguments from collected processes # Requires datadog.processAgent.processCollection to be set to true to have any effect # ref: https://docs.datadoghq.com/infrastructure/process/?tab=linuxwindows#process-arguments-scrubbing | | datadog.prometheusScrape.additionalConfigs | list | `[]` | Allows adding advanced openmetrics check configurations with custom discovery rules. (Requires Agent version 7.27+) | | datadog.prometheusScrape.enabled | bool | `false` | Enable autodiscovering pods and services exposing prometheus metrics. | | datadog.prometheusScrape.serviceEndpoints | bool | `false` | Enable generating dedicated checks for service endpoints. | diff --git a/charts/datadog/templates/_container-process-agent.yaml b/charts/datadog/templates/_container-process-agent.yaml index 21114b753..baeccc41a 100644 --- a/charts/datadog/templates/_container-process-agent.yaml +++ b/charts/datadog/templates/_container-process-agent.yaml @@ -79,7 +79,7 @@ mountPath: /host/sys/fs/cgroup mountPropagation: {{ .Values.datadog.hostVolumeMountPropagation }} readOnly: true - {{- if or .Values.datadog.processAgent.processCollection .Values.datadog.processAgent.processDiscovery}} + {{- if or .Values.datadog.processAgent.processCollection .Values.datadog.processAgent.processDiscovery .Values.datadog.processAgent.containerCollection}} - name: passwd mountPath: /etc/passwd readOnly: true diff --git a/charts/datadog/templates/_daemonset-volumes-linux.yaml b/charts/datadog/templates/_daemonset-volumes-linux.yaml index 92b48ad2b..dfada4947 100644 --- a/charts/datadog/templates/_daemonset-volumes-linux.yaml +++ b/charts/datadog/templates/_daemonset-volumes-linux.yaml @@ -137,7 +137,7 @@ name: btf-path {{- end }} {{- end }} -{{- if or .Values.datadog.processAgent.enabled .Values.datadog.processAgent.runInCoreAgent (eq (include "should-enable-system-probe" .) "true") (eq (include "should-enable-security-agent" .) "true") }} +{{- if or (eq (include "process-checks-enabled" .) "true") .Values.datadog.processAgent.runInCoreAgent (eq (include "should-enable-system-probe" .) "true") (eq (include "should-enable-security-agent" .) "true") }} - hostPath: path: /etc/passwd name: passwd diff --git a/charts/datadog/templates/_helpers.tpl b/charts/datadog/templates/_helpers.tpl index 78d6298f9..9b401a4f8 100644 --- a/charts/datadog/templates/_helpers.tpl +++ b/charts/datadog/templates/_helpers.tpl @@ -1,18 +1,24 @@ {{/* vim: set filetype=mustache: */}} -{{- define "check-version" -}} -{{- if not .Values.agents.image.doNotCheckTag -}} +{{/* + Returns node agent version based on image tag. This assumes `agents.image.doNotCheckTag` is false. +*/}} +{{- define "get-agent-version" -}} {{- $version := .Values.agents.image.tag | toString | trimSuffix "-jmx" -}} {{- $length := len (split "." $version) -}} {{- if and (eq $length 1) (eq $version "6") -}} -{{- $version = "6.36.0" -}} +{{- $version = "6.55.1" -}} {{- end -}} -{{- if and (eq $length 1) (eq $version "7") -}} -{{- $version = "7.36.0" -}} +{{- if and (eq $length 1) (or (eq $version "7") (eq $version "latest")) -}} +{{- $version = "7.55.1" -}} {{- end -}} -{{- if and (eq $length 1) (eq $version "latest") -}} -{{- $version = "7.36.0" -}} +{{- $version -}} {{- end -}} + + +{{- define "check-version" -}} +{{- if not .Values.agents.image.doNotCheckTag -}} +{{- $version := (include "get-agent-version" .) -}} {{- if not (semverCompare "^6.36.0-0 || ^7.36.0-0" $version) -}} {{- fail "This version of the chart requires an agent image 7.36.0 or greater. If you want to force and skip this check, use `--set agents.image.doNotCheckTag=true`" -}} {{- end -}} @@ -45,17 +51,7 @@ false {{- define "agent-has-env-ad" -}} {{- if not .Values.agents.image.doNotCheckTag -}} -{{- $version := .Values.agents.image.tag | toString | trimSuffix "-jmx" -}} -{{- $length := len (split "." $version) -}} -{{- if and (eq $length 1) (eq $version "6") -}} -{{- $version = "6.27.0" -}} -{{- end -}} -{{- if and (eq $length 1) (eq $version "7") -}} -{{- $version = "7.27.0" -}} -{{- end -}} -{{- if and (eq $length 1) (eq $version "latest") -}} -{{- $version = "7.27.0" -}} -{{- end -}} +{{- $version := (include "get-agent-version" .) -}} {{- if semverCompare "^6.27.0-0 || ^7.27.0-0" $version -}} true {{- else -}} @@ -914,4 +910,35 @@ Create RBACs for custom resources {{- end -}} {{- end -}} +{{/* + Return true if any process-related check is enabled +*/}} +{{- define "process-checks-enabled" -}} + {{- if or .Values.datadog.processAgent.containerCollection .Values.datadog.processAgent.processCollection .Values.datadog.processAgent.processDiscovery .Values.datadog.apm.instrumentation.language_detection.enabled -}} + true + {{- else -}} + false + {{- end -}} +{{- end -}} +{{/* + Returns true if the process-agent container should be created. +*/}} +{{- define "should-enable-process-agent" -}} + {{- if or .Values.datadog.networkMonitoring.enabled .Values.datadog.serviceMonitoring.enabled -}} + true + {{- else if and (eq .Values.targetSystem "windows") (eq (include "process-checks-enabled" .) "true") -}} + true + {{- else if not .Values.agents.image.doNotCheckTag -}} + {{- $version := (include "get-agent-version" .) -}} + {{- if and (eq (include "should-enable-k8s-resource-monitoring" .) "true") (semverCompare "<=7.51.0-0" $version) -}} + true + {{- else if and .Values.datadog.processAgent.runInCoreAgent (semverCompare ">=7.53.0-0" $version) -}} + false + {{- else -}} + {{- include "process-checks-enabled" . -}} + {{- end -}} + {{- else -}} + {{- include "process-checks-enabled" . -}} + {{- end -}} +{{- end -}} diff --git a/charts/datadog/templates/_processes-common-env.yaml b/charts/datadog/templates/_processes-common-env.yaml index 95b249bdf..016d744ac 100644 --- a/charts/datadog/templates/_processes-common-env.yaml +++ b/charts/datadog/templates/_processes-common-env.yaml @@ -1,15 +1,13 @@ # Defines set of environment variables for Processes-related checks. {{- define "processes-common-envs" -}} -{{- if .Values.datadog.processAgent.processCollection }} -- name: DD_PROCESS_AGENT_ENABLED - value: "true" -{{- end }} +- name: DD_PROCESS_CONFIG_PROCESS_COLLECTION_ENABLED + value: {{ .Values.datadog.processAgent.processCollection | quote }} +- name: DD_PROCESS_CONFIG_CONTAINER_COLLECTION_ENABLED + value: {{ .Values.datadog.processAgent.containerCollection | quote }} - name: DD_PROCESS_AGENT_DISCOVERY_ENABLED value: {{ .Values.datadog.processAgent.processDiscovery | quote }} -{{- if .Values.datadog.processAgent.stripProcessArguments }} - name: DD_STRIP_PROCESS_ARGS - value: "true" -{{- end }} + value: {{ .Values.datadog.processAgent.stripProcessArguments | quote }} {{- if eq .Values.targetSystem "linux" }} - name: DD_PROCESS_CONFIG_RUN_IN_CORE_AGENT_ENABLED value: {{ .Values.datadog.processAgent.runInCoreAgent | quote }} diff --git a/charts/datadog/templates/daemonset.yaml b/charts/datadog/templates/daemonset.yaml index 15c75d96b..a7b11977f 100644 --- a/charts/datadog/templates/daemonset.yaml +++ b/charts/datadog/templates/daemonset.yaml @@ -119,7 +119,7 @@ spec: {{- if eq (include "should-enable-fips" .) "true" }} {{- include "fips-proxy" . | nindent 6 }} {{- end }} - {{- if .Values.datadog.processAgent.enabled }} + {{- if eq (include "should-enable-process-agent" .) "true" }} {{- include "container-process-agent" . | nindent 6 }} {{- end }} {{- if eq (include "should-enable-system-probe" .) "true" }} diff --git a/charts/datadog/values.yaml b/charts/datadog/values.yaml index 5a6e72ad7..c21dbd0cf 100644 --- a/charts/datadog/values.yaml +++ b/charts/datadog/values.yaml @@ -605,19 +605,16 @@ datadog: ## Enable process agent and provide custom configs processAgent: # datadog.processAgent.enabled -- Set this to true to enable live process monitoring agent - - ## Note: /etc/passwd is automatically mounted when `processCollection` or `processDiscovery` is enabled. + # DEPRECATED. Set `datadog.processAgent.processCollection` or `datadog.processAgent.containerCollection` instead. + ## Note: /etc/passwd is automatically mounted when `processCollection`, `processDiscovery`, or `containerCollection` is enabled. ## ref: https://docs.datadoghq.com/graphing/infrastructure/process/#kubernetes-daemonset enabled: true - # datadog.processAgent.processCollection -- Set this to true to enable process collection in process monitoring agent - - ## Requires processAgent.enabled to be set to true to have any effect + # datadog.processAgent.processCollection -- Set this to true to enable process collection processCollection: false # datadog.processAgent.stripProcessArguments -- Set this to scrub all arguments from collected processes - - ## Requires processAgent.enabled and processAgent.processCollection to be set to true to have any effect + ## Requires datadog.processAgent.processCollection to be set to true to have any effect ## ref: https://docs.datadoghq.com/infrastructure/process/?tab=linuxwindows#process-arguments-scrubbing stripProcessArguments: false @@ -626,9 +623,12 @@ datadog: # datadog.processAgent.runInCoreAgent -- Set this to true to run the following features in the core agent: Live Processes, Live Containers, Process Discovery. ## This is an experimental feature requiring Agent 7.53.0+ and Linux. Currently not compatible with APM Single Step Instrumentation. - ## If Network Performance Monitoring is not being used, processAgent.enabled should be set to false to remove the process-agent container. runInCoreAgent: false + # datadog.processAgent.containerCollection -- Set this to true to enable container collection + ## ref: https://docs.datadoghq.com/infrastructure/containers/?tab=helm + containerCollection: true + # datadog.osReleasePath -- Specify the path to your os-release file osReleasePath: /etc/os-release diff --git a/test/datadog/process_agent_test.go b/test/datadog/process_agent_test.go new file mode 100644 index 000000000..1b0693043 --- /dev/null +++ b/test/datadog/process_agent_test.go @@ -0,0 +1,420 @@ +package datadog + +import ( + "testing" + + "github.com/stretchr/testify/assert" + appsv1 "k8s.io/api/apps/v1" + corev1 "k8s.io/api/core/v1" + + "github.com/DataDog/helm-charts/test/common" +) + +const ( + DDProcessCollectionEnabled = "DD_PROCESS_CONFIG_PROCESS_COLLECTION_ENABLED" + DDContainerCollectionEnabled = "DD_PROCESS_CONFIG_CONTAINER_COLLECTION_ENABLED" + DDProcessDiscoveryEnabled = "DD_PROCESS_AGENT_DISCOVERY_ENABLED" + DDStripProcessArgs = "DD_STRIP_PROCESS_ARGS" + DDProcessRunInCoreAgentEnabled = "DD_PROCESS_CONFIG_RUN_IN_CORE_AGENT_ENABLED" + DDSystemProbeEnabled = "DD_SYSTEM_PROBE_ENABLED" + DDNetworkMonitoringEnabled = "DD_SYSTEM_PROBE_NETWORK_ENABLED" + DDOrchestratorEnabled = "DD_ORCHESTRATOR_EXPLORER_ENABLED" +) + +func Test_processAgentConfigs(t *testing.T) { + tests := []struct { + name string + command common.HelmCommand + assertions func(t *testing.T, manifest string) + }{ + { + name: "default", + command: common.HelmCommand{ + ReleaseName: "datadog", + ChartPath: "../../charts/datadog", + ShowOnly: []string{"templates/daemonset.yaml"}, + Values: []string{"../../charts/datadog/values.yaml"}, + Overrides: map[string]string{ + "datadog.apiKeyExistingSecret": "datadog-secret", + "datadog.appKeyExistingSecret": "datadog-secret", + }, + }, + assertions: verifyDaemonsetMinimal, + }, + { + name: "default windows", + command: common.HelmCommand{ + ReleaseName: "datadog", + ChartPath: "../../charts/datadog", + ShowOnly: []string{"templates/daemonset.yaml"}, + Values: []string{"../../charts/datadog/values.yaml"}, + Overrides: map[string]string{ + "datadog.apiKeyExistingSecret": "datadog-secret", + "datadog.appKeyExistingSecret": "datadog-secret", + "targetSystem": "windows", + }, + }, + assertions: verifyDaemonsetMinimalWindows, + }, + { + name: "all checks off", + command: common.HelmCommand{ + ReleaseName: "datadog", + ChartPath: "../../charts/datadog", + ShowOnly: []string{"templates/daemonset.yaml"}, + Values: []string{"../../charts/datadog/values.yaml"}, + Overrides: map[string]string{ + "datadog.apiKeyExistingSecret": "datadog-secret", + "datadog.appKeyExistingSecret": "datadog-secret", + "datadog.processAgent.processCollection": "false", + "datadog.processAgent.containerCollection": "false", + "datadog.processAgent.processDiscovery": "false", + "datadog.apm.instrumentation.language_detection.enabled": "false", + }, + }, + assertions: verifyChecksOff, + }, + { + name: "only network monitoring enabled", + command: common.HelmCommand{ + ReleaseName: "datadog", + ChartPath: "../../charts/datadog", + ShowOnly: []string{"templates/daemonset.yaml"}, + Values: []string{"../../charts/datadog/values.yaml"}, + Overrides: map[string]string{ + "datadog.apiKeyExistingSecret": "datadog-secret", + "datadog.appKeyExistingSecret": "datadog-secret", + "datadog.processAgent.processCollection": "false", + "datadog.processAgent.containerCollection": "false", + "datadog.processAgent.processDiscovery": "false", + "datadog.apm.instrumentation.language_detection.enabled": "false", + "datadog.networkMonitoring.enabled": "true", + }, + }, + assertions: verifyOnlyNetworkMonitoringEnabled, + }, + { + name: "enable process checks in core agent -- linux with default version", + command: common.HelmCommand{ + ReleaseName: "datadog", + ChartPath: "../../charts/datadog", + ShowOnly: []string{"templates/daemonset.yaml"}, + Values: []string{"../../charts/datadog/values.yaml"}, + Overrides: map[string]string{ + "datadog.apiKeyExistingSecret": "datadog-secret", + "datadog.appKeyExistingSecret": "datadog-secret", + "datadog.processAgent.runInCoreAgent": "true", + "datadog.processAgent.processCollection": "true", + }, + }, + assertions: verifyLinuxRunInCoreAgent, + }, + { + name: "enable process checks in core agent -- linux with latest version", + command: common.HelmCommand{ + ReleaseName: "datadog", + ChartPath: "../../charts/datadog", + ShowOnly: []string{"templates/daemonset.yaml"}, + Values: []string{"../../charts/datadog/values.yaml"}, + Overrides: map[string]string{ + "datadog.apiKeyExistingSecret": "datadog-secret", + "datadog.appKeyExistingSecret": "datadog-secret", + "datadog.processAgent.runInCoreAgent": "true", + "datadog.processAgent.processCollection": "true", + "agents.image.tag": "latest", + }, + }, + assertions: verifyLinuxRunInCoreAgent, + }, + { + name: "enable process checks in core agent -- linux with version 7", + command: common.HelmCommand{ + ReleaseName: "datadog", + ChartPath: "../../charts/datadog", + ShowOnly: []string{"templates/daemonset.yaml"}, + Values: []string{"../../charts/datadog/values.yaml"}, + Overrides: map[string]string{ + "datadog.apiKeyExistingSecret": "datadog-secret", + "datadog.appKeyExistingSecret": "datadog-secret", + "datadog.processAgent.runInCoreAgent": "true", + "datadog.processAgent.processCollection": "true", + "agents.image.tag": "7", + }, + }, + assertions: verifyLinuxRunInCoreAgent, + }, + { + name: "enable process checks in core agent -- windows", + command: common.HelmCommand{ + ReleaseName: "datadog", + ChartPath: "../../charts/datadog", + ShowOnly: []string{"templates/daemonset.yaml"}, + Values: []string{"../../charts/datadog/values.yaml"}, + Overrides: map[string]string{ + "datadog.apiKeyExistingSecret": "datadog-secret", + "datadog.appKeyExistingSecret": "datadog-secret", + "targetSystem": "windows", + "datadog.processAgent.runInCoreAgent": "true", + }, + }, + assertions: verifyDaemonsetMinimalWindows, + }, + { + name: "orchestrator enabled - latest version", + command: common.HelmCommand{ + ReleaseName: "datadog", + ChartPath: "../../charts/datadog", + ShowOnly: []string{"templates/daemonset.yaml"}, + Values: []string{"../../charts/datadog/values.yaml"}, + Overrides: map[string]string{ + "datadog.apiKeyExistingSecret": "datadog-secret", + "datadog.appKeyExistingSecret": "datadog-secret", + "datadog.processAgent.processCollection": "false", + "datadog.processAgent.containerCollection": "false", + "datadog.processAgent.processDiscovery": "false", + "datadog.apm.instrumentation.language_detection.enabled": "false", + "datadog.orchestratorExplorer.enabled": "true", + }, + }, + assertions: verifyOrchestratorEnabledLatest, + }, + { + name: "orchestrator enabled - old version", + command: common.HelmCommand{ + ReleaseName: "datadog", + ChartPath: "../../charts/datadog", + ShowOnly: []string{"templates/daemonset.yaml"}, + Values: []string{"../../charts/datadog/values.yaml"}, + Overrides: map[string]string{ + "datadog.apiKeyExistingSecret": "datadog-secret", + "datadog.appKeyExistingSecret": "datadog-secret", + "datadog.processAgent.processCollection": "false", + "datadog.processAgent.containerCollection": "false", + "datadog.processAgent.processDiscovery": "false", + "datadog.apm.instrumentation.language_detection.enabled": "false", + "datadog.orchestratorExplorer.enabled": "true", + "agents.image.tag": "7.50.0", + }, + }, + assertions: verifyOrchestratorEnabledOld, + }, + { + name: "enable process checks in core agent -- old version", + command: common.HelmCommand{ + ReleaseName: "datadog", + ChartPath: "../../charts/datadog", + ShowOnly: []string{"templates/daemonset.yaml"}, + Values: []string{"../../charts/datadog/values.yaml"}, + Overrides: map[string]string{ + "datadog.apiKeyExistingSecret": "datadog-secret", + "datadog.appKeyExistingSecret": "datadog-secret", + "datadog.processAgent.runInCoreAgent": "true", + "agents.image.tag": "7.52.0", + }, + }, + assertions: verifyLinuxRunInCoreAgentOld, + }, + { + name: "enable process checks in core agent -- do not check image tag", + command: common.HelmCommand{ + ReleaseName: "datadog", + ChartPath: "../../charts/datadog", + ShowOnly: []string{"templates/daemonset.yaml"}, + Values: []string{"../../charts/datadog/values.yaml"}, + Overrides: map[string]string{ + "datadog.apiKeyExistingSecret": "datadog-secret", + "datadog.appKeyExistingSecret": "datadog-secret", + "datadog.processAgent.runInCoreAgent": "true", + "agents.image.doNotCheckTag": "true", + }, + }, + assertions: verifyLinuxRunInCoreAgentOld, + }, + } + + for _, tt := range tests { + t.Run(tt.name, func(t *testing.T) { + manifest, err := common.RenderChart(t, tt.command) + assert.Nil(t, err, "couldn't render template") + tt.assertions(t, manifest) + }) + } +} + +func verifyDaemonsetMinimal(t *testing.T, manifest string) { + var deployment appsv1.DaemonSet + common.Unmarshal(t, manifest, &deployment) + coreAgentContainer, ok := getContainer(t, deployment.Spec.Template.Spec.Containers, "agent") + assert.True(t, ok) + coreEnvs := getEnvVarMap(coreAgentContainer.Env) + assertDefaultCommonProcessEnvs(t, coreEnvs) + assert.Equal(t, "false", coreEnvs[DDProcessRunInCoreAgentEnabled]) + assert.False(t, getPasswdMount(t, coreAgentContainer.VolumeMounts)) + + processAgentContainer, ok := getContainer(t, deployment.Spec.Template.Spec.Containers, "process-agent") + assert.True(t, ok) + processEnvs := getEnvVarMap(processAgentContainer.Env) + assertDefaultCommonProcessEnvs(t, processEnvs) + assert.Equal(t, "false", coreEnvs[DDProcessRunInCoreAgentEnabled]) + assert.True(t, getPasswdMount(t, processAgentContainer.VolumeMounts)) +} + +func verifyDaemonsetMinimalWindows(t *testing.T, manifest string) { + var deployment appsv1.DaemonSet + common.Unmarshal(t, manifest, &deployment) + coreAgentContainer, ok := getContainer(t, deployment.Spec.Template.Spec.Containers, "agent") + assert.True(t, ok) + coreEnvs := getEnvVarMap(coreAgentContainer.Env) + assertDefaultCommonProcessEnvs(t, coreEnvs) + assert.Equal(t, "", coreEnvs[DDProcessRunInCoreAgentEnabled]) + + processAgentContainer, ok := getContainer(t, deployment.Spec.Template.Spec.Containers, "process-agent") + assert.True(t, ok) + processEnvs := getEnvVarMap(processAgentContainer.Env) + assertDefaultCommonProcessEnvs(t, processEnvs) + assert.Equal(t, "", processEnvs[DDProcessRunInCoreAgentEnabled]) +} + +func verifyLinuxRunInCoreAgent(t *testing.T, manifest string) { + var deployment appsv1.DaemonSet + common.Unmarshal(t, manifest, &deployment) + coreAgentContainer, ok := getContainer(t, deployment.Spec.Template.Spec.Containers, "agent") + assert.True(t, ok) + coreEnvs := getEnvVarMap(coreAgentContainer.Env) + assert.Equal(t, "true", coreEnvs[DDContainerCollectionEnabled]) + assert.Equal(t, "true", coreEnvs[DDProcessCollectionEnabled]) + assert.Equal(t, "true", coreEnvs[DDProcessDiscoveryEnabled]) + assert.Equal(t, "false", coreEnvs[DDStripProcessArgs]) + assert.Equal(t, "true", coreEnvs[DDProcessRunInCoreAgentEnabled]) + assert.True(t, getPasswdMount(t, coreAgentContainer.VolumeMounts)) + + _, ok = getContainer(t, deployment.Spec.Template.Spec.Containers, "process-agent") + assert.False(t, ok) +} + +func verifyChecksOff(t *testing.T, manifest string) { + var deployment appsv1.DaemonSet + common.Unmarshal(t, manifest, &deployment) + coreAgentContainer, ok := getContainer(t, deployment.Spec.Template.Spec.Containers, "agent") + assert.True(t, ok) + coreEnvs := getEnvVarMap(coreAgentContainer.Env) + assertFalseCommonProcessEnvs(t, coreEnvs) + assert.Equal(t, "false", coreEnvs[DDProcessRunInCoreAgentEnabled]) + assert.False(t, getPasswdMount(t, coreAgentContainer.VolumeMounts)) + + _, ok = getContainer(t, deployment.Spec.Template.Spec.Containers, "process-agent") + assert.False(t, ok) +} + +func verifyOnlyNetworkMonitoringEnabled(t *testing.T, manifest string) { + var deployment appsv1.DaemonSet + common.Unmarshal(t, manifest, &deployment) + coreAgentContainer, ok := getContainer(t, deployment.Spec.Template.Spec.Containers, "agent") + assert.True(t, ok) + coreEnvs := getEnvVarMap(coreAgentContainer.Env) + assertFalseCommonProcessEnvs(t, coreEnvs) + assert.Equal(t, "false", coreEnvs[DDProcessRunInCoreAgentEnabled]) + assert.False(t, getPasswdMount(t, coreAgentContainer.VolumeMounts)) + + processAgentContainer, ok := getContainer(t, deployment.Spec.Template.Spec.Containers, "process-agent") + assert.True(t, ok) + processEnvs := getEnvVarMap(processAgentContainer.Env) + assertFalseCommonProcessEnvs(t, processEnvs) + assert.Equal(t, "false", coreEnvs[DDProcessRunInCoreAgentEnabled]) + assert.Equal(t, "true", processEnvs[DDSystemProbeEnabled]) + assert.Equal(t, "true", processEnvs[DDNetworkMonitoringEnabled]) + assert.False(t, getPasswdMount(t, processAgentContainer.VolumeMounts)) +} + +func verifyOrchestratorEnabledLatest(t *testing.T, manifest string) { + var deployment appsv1.DaemonSet + common.Unmarshal(t, manifest, &deployment) + coreAgentContainer, ok := getContainer(t, deployment.Spec.Template.Spec.Containers, "agent") + assert.True(t, ok) + coreEnvs := getEnvVarMap(coreAgentContainer.Env) + assertFalseCommonProcessEnvs(t, coreEnvs) + assert.Equal(t, "false", coreEnvs[DDProcessRunInCoreAgentEnabled]) + assert.Equal(t, "true", coreEnvs[DDOrchestratorEnabled]) + assert.False(t, getPasswdMount(t, coreAgentContainer.VolumeMounts)) + + _, ok = getContainer(t, deployment.Spec.Template.Spec.Containers, "process-agent") + assert.False(t, ok) +} + +func verifyOrchestratorEnabledOld(t *testing.T, manifest string) { + var deployment appsv1.DaemonSet + common.Unmarshal(t, manifest, &deployment) + coreAgentContainer, ok := getContainer(t, deployment.Spec.Template.Spec.Containers, "agent") + assert.True(t, ok) + coreEnvs := getEnvVarMap(coreAgentContainer.Env) + assertFalseCommonProcessEnvs(t, coreEnvs) + assert.Equal(t, "false", coreEnvs[DDProcessRunInCoreAgentEnabled]) + assert.Equal(t, "true", coreEnvs[DDOrchestratorEnabled]) + assert.False(t, getPasswdMount(t, coreAgentContainer.VolumeMounts)) + + processAgentContainer, ok := getContainer(t, deployment.Spec.Template.Spec.Containers, "process-agent") + assert.True(t, ok) + processEnvs := getEnvVarMap(processAgentContainer.Env) + assertFalseCommonProcessEnvs(t, processEnvs) + assert.Equal(t, "false", coreEnvs[DDProcessRunInCoreAgentEnabled]) + assert.Equal(t, "true", processEnvs[DDOrchestratorEnabled]) + assert.False(t, getPasswdMount(t, processAgentContainer.VolumeMounts)) +} + +func verifyLinuxRunInCoreAgentOld(t *testing.T, manifest string) { + var deployment appsv1.DaemonSet + common.Unmarshal(t, manifest, &deployment) + coreAgentContainer, ok := getContainer(t, deployment.Spec.Template.Spec.Containers, "agent") + assert.True(t, ok) + coreEnvs := getEnvVarMap(coreAgentContainer.Env) + assertDefaultCommonProcessEnvs(t, coreEnvs) + assert.Equal(t, "true", coreEnvs[DDProcessRunInCoreAgentEnabled]) + assert.True(t, getPasswdMount(t, coreAgentContainer.VolumeMounts)) + + processAgentContainer, ok := getContainer(t, deployment.Spec.Template.Spec.Containers, "process-agent") + assert.True(t, ok) + processEnvs := getEnvVarMap(processAgentContainer.Env) + assertDefaultCommonProcessEnvs(t, processEnvs) + assert.Equal(t, "true", coreEnvs[DDProcessRunInCoreAgentEnabled]) + assert.True(t, getPasswdMount(t, processAgentContainer.VolumeMounts)) +} + +func getContainer(t *testing.T, containers []corev1.Container, name string) (corev1.Container, bool) { + for _, container := range containers { + if container.Name == name { + return container, true + } + } + return corev1.Container{}, false +} + +func assertDefaultCommonProcessEnvs(t *testing.T, envs map[string]string) { + assert.Equal(t, "true", envs[DDContainerCollectionEnabled]) + assert.Equal(t, "false", envs[DDProcessCollectionEnabled]) + assert.Equal(t, "true", envs[DDProcessDiscoveryEnabled]) + assert.Equal(t, "false", envs[DDStripProcessArgs]) +} + +func assertFalseCommonProcessEnvs(t *testing.T, envs map[string]string) { + assert.Equal(t, "false", envs[DDContainerCollectionEnabled]) + assert.Equal(t, "false", envs[DDProcessCollectionEnabled]) + assert.Equal(t, "false", envs[DDProcessDiscoveryEnabled]) + assert.Equal(t, "false", envs[DDStripProcessArgs]) +} + +func getPasswdMount(t *testing.T, volumeMounts []corev1.VolumeMount) bool { + for _, vm := range volumeMounts { + if vm.Name == "passwd" { + return true + } + } + return false +} + +func getEnvVarMap(envVars []corev1.EnvVar) map[string]string { + envVarMap := map[string]string{} + for _, envVar := range envVars { + envVarMap[envVar.Name] = envVar.Value + } + return envVarMap +} From b46720a3384eaabe658a8747a4134a99479cddd4 Mon Sep 17 00:00:00 2001 From: Tim Reddehase <697338+0robustus1@users.noreply.github.com> Date: Fri, 19 Jul 2024 09:21:22 +0200 Subject: [PATCH 085/209] support setting annotations on datadog-operator deployment (#1449) * support setting annotations on datadog-operator deployment This can be useful when interested in utilizing automatic restarter/rescheduler tools like stakater/reloader to perform a fresh rollout when a secret value (e.g. app key or api key) changes. --- charts/datadog-operator/CHANGELOG.md | 4 + charts/datadog-operator/Chart.yaml | 2 +- charts/datadog-operator/README.md | 3 +- .../templates/deployment.yaml | 4 + charts/datadog-operator/values.yaml | 3 + .../baseline/Operator_Deployment_default.yaml | 2 +- .../Operator_Deployment_with_certManager.yaml | 2 +- ...gent-clusterchecks-deployment_default.yaml | 12 +- .../cluster-agent-deployment_default.yaml | 14 +-- ...loyment_default_advanced_AC_injection.yaml | 14 +-- ...ployment_default_minimal_AC_injection.yaml | 16 +-- test/datadog/baseline/daemonset_default.yaml | 24 ++-- test/datadog/baseline/other_default.yaml | 112 ++++++++++-------- test/datadog/dca_AC_sidecar_test.go | 2 +- 14 files changed, 121 insertions(+), 93 deletions(-) diff --git a/charts/datadog-operator/CHANGELOG.md b/charts/datadog-operator/CHANGELOG.md index 2c144a368..942f0819d 100644 --- a/charts/datadog-operator/CHANGELOG.md +++ b/charts/datadog-operator/CHANGELOG.md @@ -1,5 +1,9 @@ # Changelog +## 1.8.4 + +* Add option to specify `deployment.annotations`. + ## 1.8.3 * Add `image.doNotCheckTag` option to permit skipping operator image tag compatibility. diff --git a/charts/datadog-operator/Chart.yaml b/charts/datadog-operator/Chart.yaml index 63d3e7430..33552f6a7 100644 --- a/charts/datadog-operator/Chart.yaml +++ b/charts/datadog-operator/Chart.yaml @@ -1,6 +1,6 @@ apiVersion: v2 name: datadog-operator -version: 1.8.3 +version: 1.8.4 appVersion: 1.7.0 description: Datadog Operator keywords: diff --git a/charts/datadog-operator/README.md b/charts/datadog-operator/README.md index 84ccef466..d7f4d11ba 100644 --- a/charts/datadog-operator/README.md +++ b/charts/datadog-operator/README.md @@ -1,6 +1,6 @@ # Datadog Operator -![Version: 1.8.3](https://img.shields.io/badge/Version-1.8.3-informational?style=flat-square) ![AppVersion: 1.7.0](https://img.shields.io/badge/AppVersion-1.7.0-informational?style=flat-square) +![Version: 1.8.4](https://img.shields.io/badge/Version-1.8.4-informational?style=flat-square) ![AppVersion: 1.7.0](https://img.shields.io/badge/AppVersion-1.7.0-informational?style=flat-square) ## Values @@ -28,6 +28,7 @@ | datadogMonitor.enabled | bool | `false` | Enables the Datadog Monitor controller | | datadogSLO.enabled | bool | `false` | Enables the Datadog SLO controller | | dd_url | string | `nil` | The host of the Datadog intake server to send Agent data to, only set this option if you need the Agent to send data to a custom URL | +| deployment.annotations | object | `{}` | Allows setting additional annotations for the deployment resource | | env | list | `[]` | Define any environment variables to be passed to the operator. | | fullnameOverride | string | `""` | | | image.doNotCheckTag | bool | `false` | Permit skipping operator image tag compatibility with the chart. | diff --git a/charts/datadog-operator/templates/deployment.yaml b/charts/datadog-operator/templates/deployment.yaml index a9db0535f..f4ee14e9b 100644 --- a/charts/datadog-operator/templates/deployment.yaml +++ b/charts/datadog-operator/templates/deployment.yaml @@ -3,6 +3,10 @@ kind: Deployment metadata: name: {{ include "datadog-operator.fullname" . }} namespace: {{ .Release.Namespace }} +{{- if .Values.deployment.annotations }} + annotations: +{{ toYaml .Values.deployment.annotations | indent 4 }} +{{- end }} labels: {{ include "datadog-operator.labels" . | indent 4 }} spec: diff --git a/charts/datadog-operator/values.yaml b/charts/datadog-operator/values.yaml index 63d8c985c..1b88d5cc7 100644 --- a/charts/datadog-operator/values.yaml +++ b/charts/datadog-operator/values.yaml @@ -94,6 +94,9 @@ remoteConfiguration: # remoteConfiguration.enabled -- If true, enables Remote Configuration in the Datadog Operator (beta). Requires clusterName, API and App keys to be set. enabled: false +deployment: + # deployment.annotations -- Allows setting additional annotations for the deployment resource + annotations: {} rbac: # rbac.create -- Specifies whether the RBAC resources should be created create: true diff --git a/test/datadog-operator/baseline/Operator_Deployment_default.yaml b/test/datadog-operator/baseline/Operator_Deployment_default.yaml index 85c4b265a..053b5291e 100644 --- a/test/datadog-operator/baseline/Operator_Deployment_default.yaml +++ b/test/datadog-operator/baseline/Operator_Deployment_default.yaml @@ -7,7 +7,7 @@ metadata: namespace: datadog-agent labels: app.kubernetes.io/name: datadog-operator - helm.sh/chart: datadog-operator-1.8.3 + helm.sh/chart: datadog-operator-1.8.4 app.kubernetes.io/instance: datadog-operator app.kubernetes.io/version: "1.7.0" app.kubernetes.io/managed-by: Helm diff --git a/test/datadog-operator/baseline/Operator_Deployment_with_certManager.yaml b/test/datadog-operator/baseline/Operator_Deployment_with_certManager.yaml index 9b8f96395..9e064e9e4 100644 --- a/test/datadog-operator/baseline/Operator_Deployment_with_certManager.yaml +++ b/test/datadog-operator/baseline/Operator_Deployment_with_certManager.yaml @@ -7,7 +7,7 @@ metadata: namespace: datadog-agent labels: app.kubernetes.io/name: datadog-operator - helm.sh/chart: datadog-operator-1.8.3 + helm.sh/chart: datadog-operator-1.8.4 app.kubernetes.io/instance: datadog-operator app.kubernetes.io/version: "1.7.0" app.kubernetes.io/managed-by: Helm diff --git a/test/datadog/baseline/agent-clusterchecks-deployment_default.yaml b/test/datadog/baseline/agent-clusterchecks-deployment_default.yaml index 6643d7b8e..a455a0780 100644 --- a/test/datadog/baseline/agent-clusterchecks-deployment_default.yaml +++ b/test/datadog/baseline/agent-clusterchecks-deployment_default.yaml @@ -6,7 +6,7 @@ metadata: name: datadog-clusterchecks namespace: datadog-agent labels: - helm.sh/chart: 'datadog-3.67.3' + helm.sh/chart: 'datadog-3.68.0' app.kubernetes.io/name: "datadog" app.kubernetes.io/instance: "datadog" app.kubernetes.io/managed-by: Helm @@ -36,8 +36,8 @@ spec: name: datadog-clusterchecks annotations: - checksum/clusteragent_token: 940bb7a00150569c15840feeeaa4ec5f054ab8a9c543fd9c717853ef86408928 - checksum/install_info: f50ea8a79f0564dc664ff870e2b565a24e874dd107024252b8439ef2771dc70c + checksum/clusteragent_token: b6f86c2f5bedfdb5004c60faa7201e578be2b0be3818cd517e958f3b76a07ae3 + checksum/install_info: 9a6b3a0afdc7e755915a24989677c6d492582d562fdd38a2270518ae18310357 spec: serviceAccountName: datadog-cluster-checks automountServiceAccountToken: true @@ -45,7 +45,7 @@ spec: [] initContainers: - name: init-volume - image: "gcr.io/datadoghq/agent:7.54.0" + image: "gcr.io/datadoghq/agent:7.55.1" imagePullPolicy: IfNotPresent command: ["bash", "-c"] args: @@ -57,7 +57,7 @@ spec: resources: {} - name: init-config - image: "gcr.io/datadoghq/agent:7.54.0" + image: "gcr.io/datadoghq/agent:7.55.1" imagePullPolicy: IfNotPresent command: ["bash", "-c"] args: @@ -70,7 +70,7 @@ spec: {} containers: - name: agent - image: "gcr.io/datadoghq/agent:7.54.0" + image: "gcr.io/datadoghq/agent:7.55.1" command: ["bash", "-c"] args: - rm -rf /etc/datadog-agent/conf.d && touch /etc/datadog-agent/datadog.yaml && exec agent run diff --git a/test/datadog/baseline/cluster-agent-deployment_default.yaml b/test/datadog/baseline/cluster-agent-deployment_default.yaml index 4029874cb..b8edde200 100644 --- a/test/datadog/baseline/cluster-agent-deployment_default.yaml +++ b/test/datadog/baseline/cluster-agent-deployment_default.yaml @@ -6,7 +6,7 @@ metadata: name: datadog-cluster-agent namespace: datadog-agent labels: - helm.sh/chart: 'datadog-3.67.3' + helm.sh/chart: 'datadog-3.68.0' app.kubernetes.io/name: "datadog" app.kubernetes.io/instance: "datadog" app.kubernetes.io/managed-by: Helm @@ -36,17 +36,17 @@ spec: name: datadog-cluster-agent annotations: - checksum/clusteragent_token: 41016e2dccdc8ec14bc77b12fa837798cf9b49d6ec33b982f38a9357bfcdb015 - checksum/clusteragent-configmap: fc0dc6008f97f0f0bbf7ff0d570e8f2aa1fe695c1d6e2ca0d4d014040fbdb06e - checksum/api_key: d625c7eeff65b2ba930348cd0cccd7158d616f7e71f4befd49eb3734387f2388 + checksum/clusteragent_token: 459abf22e9c0b7c33f45f92b6e33f2f95b1d7a196953d49defa4dbf5559716db + checksum/clusteragent-configmap: 1870b1d37dffa2a9ff20295dd22d1ce1a0c508d09e47e7143bea43fbf3e6939e + checksum/api_key: 28e63a1c4b64c11f42208b7a22e1a9cac1e2c837cea1ca56788b8b748b370e5c checksum/application_key: 01ba4719c80b6fe911b091a7c05124b64eeece964e09c058ef8f9805daca546b - checksum/install_info: f50ea8a79f0564dc664ff870e2b565a24e874dd107024252b8439ef2771dc70c + checksum/install_info: 9a6b3a0afdc7e755915a24989677c6d492582d562fdd38a2270518ae18310357 spec: serviceAccountName: datadog-cluster-agent automountServiceAccountToken: true initContainers: - name: init-volume - image: "gcr.io/datadoghq/cluster-agent:7.54.0" + image: "gcr.io/datadoghq/cluster-agent:7.55.1" imagePullPolicy: IfNotPresent command: - cp @@ -59,7 +59,7 @@ spec: mountPath: /opt/datadog-agent containers: - name: cluster-agent - image: "gcr.io/datadoghq/cluster-agent:7.54.0" + image: "gcr.io/datadoghq/cluster-agent:7.55.1" imagePullPolicy: IfNotPresent resources: {} diff --git a/test/datadog/baseline/cluster-agent-deployment_default_advanced_AC_injection.yaml b/test/datadog/baseline/cluster-agent-deployment_default_advanced_AC_injection.yaml index b97ac6ed9..e46646e69 100644 --- a/test/datadog/baseline/cluster-agent-deployment_default_advanced_AC_injection.yaml +++ b/test/datadog/baseline/cluster-agent-deployment_default_advanced_AC_injection.yaml @@ -6,7 +6,7 @@ metadata: name: datadog-cluster-agent namespace: datadog-agent labels: - helm.sh/chart: 'datadog-3.67.3' + helm.sh/chart: 'datadog-3.68.0' app.kubernetes.io/name: "datadog" app.kubernetes.io/instance: "datadog" app.kubernetes.io/managed-by: Helm @@ -36,17 +36,17 @@ spec: name: datadog-cluster-agent annotations: - checksum/clusteragent_token: e49cae63816f935069ef6f12fb6355438b1303e5e141b5a7141baacf2d5d819b - checksum/clusteragent-configmap: fc0dc6008f97f0f0bbf7ff0d570e8f2aa1fe695c1d6e2ca0d4d014040fbdb06e - checksum/api_key: d625c7eeff65b2ba930348cd0cccd7158d616f7e71f4befd49eb3734387f2388 + checksum/clusteragent_token: b30c3fd9a0ddb5efc2ce81df6b5668148dda9e587e2877e60ab5a98176fe1fa5 + checksum/clusteragent-configmap: 1870b1d37dffa2a9ff20295dd22d1ce1a0c508d09e47e7143bea43fbf3e6939e + checksum/api_key: 28e63a1c4b64c11f42208b7a22e1a9cac1e2c837cea1ca56788b8b748b370e5c checksum/application_key: 01ba4719c80b6fe911b091a7c05124b64eeece964e09c058ef8f9805daca546b - checksum/install_info: f50ea8a79f0564dc664ff870e2b565a24e874dd107024252b8439ef2771dc70c + checksum/install_info: 9a6b3a0afdc7e755915a24989677c6d492582d562fdd38a2270518ae18310357 spec: serviceAccountName: datadog-cluster-agent automountServiceAccountToken: true initContainers: - name: init-volume - image: "gcr.io/datadoghq/cluster-agent:7.54.0" + image: "gcr.io/datadoghq/cluster-agent:7.55.1" imagePullPolicy: IfNotPresent command: - cp @@ -59,7 +59,7 @@ spec: mountPath: /opt/datadog-agent containers: - name: cluster-agent - image: "gcr.io/datadoghq/cluster-agent:7.54.0" + image: "gcr.io/datadoghq/cluster-agent:7.55.1" imagePullPolicy: IfNotPresent resources: {} diff --git a/test/datadog/baseline/cluster-agent-deployment_default_minimal_AC_injection.yaml b/test/datadog/baseline/cluster-agent-deployment_default_minimal_AC_injection.yaml index a836c6d99..c17bcad9d 100644 --- a/test/datadog/baseline/cluster-agent-deployment_default_minimal_AC_injection.yaml +++ b/test/datadog/baseline/cluster-agent-deployment_default_minimal_AC_injection.yaml @@ -6,7 +6,7 @@ metadata: name: datadog-cluster-agent namespace: datadog-agent labels: - helm.sh/chart: 'datadog-3.67.3' + helm.sh/chart: 'datadog-3.68.0' app.kubernetes.io/name: "datadog" app.kubernetes.io/instance: "datadog" app.kubernetes.io/managed-by: Helm @@ -36,17 +36,17 @@ spec: name: datadog-cluster-agent annotations: - checksum/clusteragent_token: 7a0ca4e15723140df2c3fc4bf3aac52589061ce45538b1db674ddcc72273e0b4 - checksum/clusteragent-configmap: fc0dc6008f97f0f0bbf7ff0d570e8f2aa1fe695c1d6e2ca0d4d014040fbdb06e - checksum/api_key: d625c7eeff65b2ba930348cd0cccd7158d616f7e71f4befd49eb3734387f2388 + checksum/clusteragent_token: 9970ddeb0c78cac061f61440e3235abd3701e14f4e3e4adbd5bd8ccf7b171042 + checksum/clusteragent-configmap: 1870b1d37dffa2a9ff20295dd22d1ce1a0c508d09e47e7143bea43fbf3e6939e + checksum/api_key: 28e63a1c4b64c11f42208b7a22e1a9cac1e2c837cea1ca56788b8b748b370e5c checksum/application_key: 01ba4719c80b6fe911b091a7c05124b64eeece964e09c058ef8f9805daca546b - checksum/install_info: f50ea8a79f0564dc664ff870e2b565a24e874dd107024252b8439ef2771dc70c + checksum/install_info: 9a6b3a0afdc7e755915a24989677c6d492582d562fdd38a2270518ae18310357 spec: serviceAccountName: datadog-cluster-agent automountServiceAccountToken: true initContainers: - name: init-volume - image: "gcr.io/datadoghq/cluster-agent:7.54.0" + image: "gcr.io/datadoghq/cluster-agent:7.55.1" imagePullPolicy: IfNotPresent command: - cp @@ -59,7 +59,7 @@ spec: mountPath: /opt/datadog-agent containers: - name: cluster-agent - image: "gcr.io/datadoghq/cluster-agent:7.54.0" + image: "gcr.io/datadoghq/cluster-agent:7.55.1" imagePullPolicy: IfNotPresent resources: {} @@ -119,7 +119,7 @@ spec: - name: DD_ADMISSION_CONTROLLER_AGENT_SIDECAR_IMAGE_NAME value: agent - name: DD_ADMISSION_CONTROLLER_AGENT_SIDECAR_IMAGE_TAG - value: 7.54.0 + value: 7.55.1 - name: DD_REMOTE_CONFIGURATION_ENABLED value: "false" - name: DD_CLUSTER_CHECKS_ENABLED diff --git a/test/datadog/baseline/daemonset_default.yaml b/test/datadog/baseline/daemonset_default.yaml index 38ded4ac3..964f555c5 100644 --- a/test/datadog/baseline/daemonset_default.yaml +++ b/test/datadog/baseline/daemonset_default.yaml @@ -6,7 +6,7 @@ metadata: name: datadog namespace: datadog-agent labels: - helm.sh/chart: 'datadog-3.67.3' + helm.sh/chart: 'datadog-3.68.0' app.kubernetes.io/name: "datadog" app.kubernetes.io/instance: "datadog" app.kubernetes.io/managed-by: Helm @@ -30,8 +30,8 @@ spec: name: datadog annotations: - checksum/clusteragent_token: 287b49c857ea99e60a036ce189b6d1b59cb4a00baae0607a6b1b463ba2ea6613 - checksum/install_info: f50ea8a79f0564dc664ff870e2b565a24e874dd107024252b8439ef2771dc70c + checksum/clusteragent_token: 179d0baafb25372e797d4253ad5e40a628e62ad44086dcb4401a466741784615 + checksum/install_info: 9a6b3a0afdc7e755915a24989677c6d492582d562fdd38a2270518ae18310357 checksum/autoconf-config: 74234e98afe7498fb5daf1f36ac2d78acc339464f950703b8c019892f982b90b checksum/confd-config: 44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a checksum/checksd-config: 44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a @@ -42,7 +42,7 @@ spec: hostPID: true containers: - name: agent - image: "gcr.io/datadoghq/agent:7.54.0" + image: "gcr.io/datadoghq/agent:7.55.1" imagePullPolicy: IfNotPresent command: ["agent", "run"] @@ -76,6 +76,11 @@ spec: value: "false" + + - name: DD_PROCESS_AGENT_DISCOVERY_ENABLED + value: "true" + - name: DD_PROCESS_CONFIG_RUN_IN_CORE_AGENT_ENABLED + value: "false" - name: DD_LOG_LEVEL value: "INFO" - name: DD_DOGSTATSD_PORT @@ -192,7 +197,7 @@ spec: successThreshold: 1 timeoutSeconds: 5 - name: trace-agent - image: "gcr.io/datadoghq/agent:7.54.0" + image: "gcr.io/datadoghq/agent:7.55.1" imagePullPolicy: IfNotPresent command: ["trace-agent", "-config=/etc/datadog-agent/datadog.yaml"] resources: @@ -298,7 +303,7 @@ spec: port: 8126 timeoutSeconds: 5 - name: process-agent - image: "gcr.io/datadoghq/agent:7.54.0" + image: "gcr.io/datadoghq/agent:7.55.1" imagePullPolicy: IfNotPresent command: ["process-agent", "--cfgpath=/etc/datadog-agent/datadog.yaml"] resources: @@ -336,8 +341,11 @@ spec: name: datadog-cluster-agent key: token + - name: DD_PROCESS_AGENT_DISCOVERY_ENABLED value: "true" + - name: DD_PROCESS_CONFIG_RUN_IN_CORE_AGENT_ENABLED + value: "false" - name: DD_LOG_LEVEL value: "INFO" - name: DD_SYSTEM_PROBE_ENABLED @@ -387,7 +395,7 @@ spec: - name: init-volume - image: "gcr.io/datadoghq/agent:7.54.0" + image: "gcr.io/datadoghq/agent:7.55.1" imagePullPolicy: IfNotPresent command: ["bash", "-c"] args: @@ -400,7 +408,7 @@ spec: {} - name: init-config - image: "gcr.io/datadoghq/agent:7.54.0" + image: "gcr.io/datadoghq/agent:7.55.1" imagePullPolicy: IfNotPresent command: - bash diff --git a/test/datadog/baseline/other_default.yaml b/test/datadog/baseline/other_default.yaml index b0ced5846..f2b1944eb 100644 --- a/test/datadog/baseline/other_default.yaml +++ b/test/datadog/baseline/other_default.yaml @@ -6,7 +6,7 @@ metadata: name: datadog-clusterchecks namespace: datadog-agent labels: - helm.sh/chart: 'datadog-3.67.3' + helm.sh/chart: 'datadog-3.68.0' app.kubernetes.io/name: "datadog" app.kubernetes.io/instance: "datadog" app.kubernetes.io/managed-by: Helm @@ -24,7 +24,7 @@ metadata: name: datadog-cluster-agent namespace: datadog-agent labels: - helm.sh/chart: 'datadog-3.67.3' + helm.sh/chart: 'datadog-3.68.0' app.kubernetes.io/name: "datadog" app.kubernetes.io/instance: "datadog" app.kubernetes.io/managed-by: Helm @@ -41,13 +41,13 @@ kind: ServiceAccount automountServiceAccountToken: true metadata: labels: - helm.sh/chart: 'datadog-3.67.3' + helm.sh/chart: 'datadog-3.68.0' app.kubernetes.io/name: "datadog" app.kubernetes.io/instance: "datadog" app.kubernetes.io/managed-by: Helm app.kubernetes.io/version: "7" app: "datadog" - chart: "datadog-3.67.3" + chart: "datadog-3.68.0" heritage: "Helm" release: "datadog" name: datadog-cluster-checks @@ -60,10 +60,10 @@ automountServiceAccountToken: true metadata: labels: app: "datadog" - chart: "datadog-3.67.3" + chart: "datadog-3.68.0" heritage: "Helm" release: "datadog" - helm.sh/chart: 'datadog-3.67.3' + helm.sh/chart: 'datadog-3.68.0' app.kubernetes.io/name: "datadog" app.kubernetes.io/instance: "datadog" app.kubernetes.io/managed-by: Helm @@ -79,7 +79,7 @@ metadata: name: datadog namespace: datadog-agent labels: - helm.sh/chart: 'datadog-3.67.3' + helm.sh/chart: 'datadog-3.68.0' app.kubernetes.io/name: "datadog" app.kubernetes.io/instance: "datadog" app.kubernetes.io/managed-by: Helm @@ -92,14 +92,14 @@ metadata: name: datadog-cluster-agent namespace: datadog-agent labels: - helm.sh/chart: 'datadog-3.67.3' + helm.sh/chart: 'datadog-3.68.0' app.kubernetes.io/name: "datadog" app.kubernetes.io/instance: "datadog" app.kubernetes.io/managed-by: Helm app.kubernetes.io/version: "7" type: Opaque data: - token: "QUFveTdyd21RNU1ZUUhkTlJxSVRZSkJFdTdwdnVrVHQ=" + token: "VEw0RnJvVnp3RkJUNXFtcDcwbGgySDNkV2d3VkNGbUs=" --- # Source: datadog/templates/cluster-agent-confd-configmap.yaml apiVersion: v1 @@ -108,7 +108,7 @@ metadata: name: datadog-cluster-agent-confd namespace: datadog-agent labels: - helm.sh/chart: 'datadog-3.67.3' + helm.sh/chart: 'datadog-3.68.0' app.kubernetes.io/name: "datadog" app.kubernetes.io/instance: "datadog" app.kubernetes.io/managed-by: Helm @@ -157,20 +157,20 @@ metadata: name: datadog-installinfo namespace: datadog-agent labels: - helm.sh/chart: 'datadog-3.67.3' + helm.sh/chart: 'datadog-3.68.0' app.kubernetes.io/name: "datadog" app.kubernetes.io/instance: "datadog" app.kubernetes.io/managed-by: Helm app.kubernetes.io/version: "7" annotations: - checksum/install_info: f50ea8a79f0564dc664ff870e2b565a24e874dd107024252b8439ef2771dc70c + checksum/install_info: 9a6b3a0afdc7e755915a24989677c6d492582d562fdd38a2270518ae18310357 data: install_info: | --- install_method: tool: helm tool_version: Helm - installer_version: datadog-3.67.3 + installer_version: datadog-3.68.0 --- # Source: datadog/templates/kpi-telemetry-configmap.yaml apiVersion: v1 @@ -179,22 +179,22 @@ metadata: name: datadog-kpi-telemetry-configmap namespace: datadog-agent labels: - helm.sh/chart: 'datadog-3.67.3' + helm.sh/chart: 'datadog-3.68.0' app.kubernetes.io/name: "datadog" app.kubernetes.io/instance: "datadog" app.kubernetes.io/managed-by: Helm app.kubernetes.io/version: "7" data: install_type: k8s_manual - install_id: "4e30aa1a-8ec7-4190-808c-beaa484cd1be" - install_time: "1720546349" + install_id: "50096d3c-dfdd-4dcd-b22a-b547b24cd97a" + install_time: "1721285287" --- # Source: datadog/templates/cluster-agent-rbac.yaml apiVersion: "rbac.authorization.k8s.io/v1" kind: ClusterRole metadata: labels: - helm.sh/chart: 'datadog-3.67.3' + helm.sh/chart: 'datadog-3.68.0' app.kubernetes.io/name: "datadog" app.kubernetes.io/instance: "datadog" app.kubernetes.io/managed-by: Helm @@ -409,7 +409,7 @@ apiVersion: "rbac.authorization.k8s.io/v1" kind: ClusterRole metadata: labels: - helm.sh/chart: 'datadog-3.67.3' + helm.sh/chart: 'datadog-3.68.0' app.kubernetes.io/name: "datadog" app.kubernetes.io/instance: "datadog" app.kubernetes.io/managed-by: Helm @@ -505,7 +505,7 @@ kind: ClusterRole metadata: name: datadog labels: - helm.sh/chart: 'datadog-3.67.3' + helm.sh/chart: 'datadog-3.68.0' app.kubernetes.io/name: "datadog" app.kubernetes.io/instance: "datadog" app.kubernetes.io/managed-by: Helm @@ -553,7 +553,7 @@ apiVersion: "rbac.authorization.k8s.io/v1" kind: ClusterRoleBinding metadata: labels: - helm.sh/chart: 'datadog-3.67.3' + helm.sh/chart: 'datadog-3.68.0' app.kubernetes.io/name: "datadog" app.kubernetes.io/instance: "datadog" app.kubernetes.io/managed-by: Helm @@ -573,7 +573,7 @@ apiVersion: "rbac.authorization.k8s.io/v1" kind: ClusterRoleBinding metadata: labels: - helm.sh/chart: 'datadog-3.67.3' + helm.sh/chart: 'datadog-3.68.0' app.kubernetes.io/name: "datadog" app.kubernetes.io/instance: "datadog" app.kubernetes.io/managed-by: Helm @@ -593,7 +593,7 @@ apiVersion: "rbac.authorization.k8s.io/v1" kind: ClusterRoleBinding metadata: labels: - helm.sh/chart: 'datadog-3.67.3' + helm.sh/chart: 'datadog-3.68.0' app.kubernetes.io/name: "datadog" app.kubernetes.io/instance: "datadog" app.kubernetes.io/managed-by: Helm @@ -614,7 +614,7 @@ kind: ClusterRoleBinding metadata: name: datadog labels: - helm.sh/chart: 'datadog-3.67.3' + helm.sh/chart: 'datadog-3.68.0' app.kubernetes.io/name: "datadog" app.kubernetes.io/instance: "datadog" app.kubernetes.io/managed-by: Helm @@ -633,7 +633,7 @@ apiVersion: "rbac.authorization.k8s.io/v1" kind: Role metadata: labels: - helm.sh/chart: 'datadog-3.67.3' + helm.sh/chart: 'datadog-3.68.0' app.kubernetes.io/name: "datadog" app.kubernetes.io/instance: "datadog" app.kubernetes.io/managed-by: Helm @@ -650,7 +650,7 @@ apiVersion: "rbac.authorization.k8s.io/v1" kind: Role metadata: labels: - helm.sh/chart: 'datadog-3.67.3' + helm.sh/chart: 'datadog-3.68.0' app.kubernetes.io/name: "datadog" app.kubernetes.io/instance: "datadog" app.kubernetes.io/managed-by: Helm @@ -672,7 +672,7 @@ apiVersion: "rbac.authorization.k8s.io/v1" kind: RoleBinding metadata: labels: - helm.sh/chart: 'datadog-3.67.3' + helm.sh/chart: 'datadog-3.68.0' app.kubernetes.io/name: "datadog" app.kubernetes.io/instance: "datadog" app.kubernetes.io/managed-by: Helm @@ -693,7 +693,7 @@ apiVersion: "rbac.authorization.k8s.io/v1" kind: RoleBinding metadata: labels: - helm.sh/chart: 'datadog-3.67.3' + helm.sh/chart: 'datadog-3.68.0' app.kubernetes.io/name: "datadog" app.kubernetes.io/instance: "datadog" app.kubernetes.io/managed-by: Helm @@ -716,7 +716,7 @@ metadata: name: datadog-cluster-agent namespace: datadog-agent labels: - helm.sh/chart: 'datadog-3.67.3' + helm.sh/chart: 'datadog-3.68.0' app.kubernetes.io/name: "datadog" app.kubernetes.io/instance: "datadog" app.kubernetes.io/managed-by: Helm @@ -738,10 +738,10 @@ metadata: namespace: datadog-agent labels: app: "datadog" - chart: "datadog-3.67.3" + chart: "datadog-3.68.0" release: "datadog" heritage: "Helm" - helm.sh/chart: 'datadog-3.67.3' + helm.sh/chart: 'datadog-3.68.0' app.kubernetes.io/name: "datadog" app.kubernetes.io/instance: "datadog" app.kubernetes.io/managed-by: Helm @@ -764,10 +764,10 @@ metadata: namespace: datadog-agent labels: app: "datadog" - chart: "datadog-3.67.3" + chart: "datadog-3.68.0" release: "datadog" heritage: "Helm" - helm.sh/chart: 'datadog-3.67.3' + helm.sh/chart: 'datadog-3.68.0' app.kubernetes.io/name: "datadog" app.kubernetes.io/instance: "datadog" app.kubernetes.io/managed-by: Helm @@ -793,7 +793,7 @@ metadata: name: datadog namespace: datadog-agent labels: - helm.sh/chart: 'datadog-3.67.3' + helm.sh/chart: 'datadog-3.68.0' app.kubernetes.io/name: "datadog" app.kubernetes.io/instance: "datadog" app.kubernetes.io/managed-by: Helm @@ -817,8 +817,8 @@ spec: name: datadog annotations: - checksum/clusteragent_token: 9ef97dddd1e5b1a58467f956443bb44b5cc254b773babc64f396c7084c983245 - checksum/install_info: f50ea8a79f0564dc664ff870e2b565a24e874dd107024252b8439ef2771dc70c + checksum/clusteragent_token: e14d4eae995370df8bff980ef455f891a9e141e06368fe62958554c779d31766 + checksum/install_info: 9a6b3a0afdc7e755915a24989677c6d492582d562fdd38a2270518ae18310357 checksum/autoconf-config: 74234e98afe7498fb5daf1f36ac2d78acc339464f950703b8c019892f982b90b checksum/confd-config: 44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a checksum/checksd-config: 44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a @@ -829,7 +829,7 @@ spec: hostPID: true containers: - name: agent - image: "gcr.io/datadoghq/agent:7.54.0" + image: "gcr.io/datadoghq/agent:7.55.1" imagePullPolicy: IfNotPresent command: ["agent", "run"] @@ -863,6 +863,11 @@ spec: value: "false" + + - name: DD_PROCESS_AGENT_DISCOVERY_ENABLED + value: "true" + - name: DD_PROCESS_CONFIG_RUN_IN_CORE_AGENT_ENABLED + value: "false" - name: DD_LOG_LEVEL value: "INFO" - name: DD_DOGSTATSD_PORT @@ -980,7 +985,7 @@ spec: successThreshold: 1 timeoutSeconds: 5 - name: trace-agent - image: "gcr.io/datadoghq/agent:7.54.0" + image: "gcr.io/datadoghq/agent:7.55.1" imagePullPolicy: IfNotPresent command: ["trace-agent", "-config=/etc/datadog-agent/datadog.yaml"] resources: @@ -1086,7 +1091,7 @@ spec: port: 8126 timeoutSeconds: 5 - name: process-agent - image: "gcr.io/datadoghq/agent:7.54.0" + image: "gcr.io/datadoghq/agent:7.55.1" imagePullPolicy: IfNotPresent command: ["process-agent", "--cfgpath=/etc/datadog-agent/datadog.yaml"] resources: @@ -1124,8 +1129,11 @@ spec: name: datadog-cluster-agent key: token + - name: DD_PROCESS_AGENT_DISCOVERY_ENABLED value: "true" + - name: DD_PROCESS_CONFIG_RUN_IN_CORE_AGENT_ENABLED + value: "false" - name: DD_LOG_LEVEL value: "INFO" - name: DD_SYSTEM_PROBE_ENABLED @@ -1175,7 +1183,7 @@ spec: - name: init-volume - image: "gcr.io/datadoghq/agent:7.54.0" + image: "gcr.io/datadoghq/agent:7.55.1" imagePullPolicy: IfNotPresent command: ["bash", "-c"] args: @@ -1188,7 +1196,7 @@ spec: {} - name: init-config - image: "gcr.io/datadoghq/agent:7.54.0" + image: "gcr.io/datadoghq/agent:7.55.1" imagePullPolicy: IfNotPresent command: - bash @@ -1293,7 +1301,7 @@ metadata: name: datadog-clusterchecks namespace: datadog-agent labels: - helm.sh/chart: 'datadog-3.67.3' + helm.sh/chart: 'datadog-3.68.0' app.kubernetes.io/name: "datadog" app.kubernetes.io/instance: "datadog" app.kubernetes.io/managed-by: Helm @@ -1323,8 +1331,8 @@ spec: name: datadog-clusterchecks annotations: - checksum/clusteragent_token: 34e2ad428259e9338b0aba3854c49fe82fca0bf62a56104652c011f6381d5140 - checksum/install_info: f50ea8a79f0564dc664ff870e2b565a24e874dd107024252b8439ef2771dc70c + checksum/clusteragent_token: 6236d64c33330168fac8f433ce53e171946653cfee9bbedc10708f4bffd12237 + checksum/install_info: 9a6b3a0afdc7e755915a24989677c6d492582d562fdd38a2270518ae18310357 spec: serviceAccountName: datadog-cluster-checks automountServiceAccountToken: true @@ -1332,7 +1340,7 @@ spec: [] initContainers: - name: init-volume - image: "gcr.io/datadoghq/agent:7.54.0" + image: "gcr.io/datadoghq/agent:7.55.1" imagePullPolicy: IfNotPresent command: ["bash", "-c"] args: @@ -1344,7 +1352,7 @@ spec: resources: {} - name: init-config - image: "gcr.io/datadoghq/agent:7.54.0" + image: "gcr.io/datadoghq/agent:7.55.1" imagePullPolicy: IfNotPresent command: ["bash", "-c"] args: @@ -1357,7 +1365,7 @@ spec: {} containers: - name: agent - image: "gcr.io/datadoghq/agent:7.54.0" + image: "gcr.io/datadoghq/agent:7.55.1" command: ["bash", "-c"] args: - rm -rf /etc/datadog-agent/conf.d && touch /etc/datadog-agent/datadog.yaml && exec agent run @@ -1484,7 +1492,7 @@ metadata: name: datadog-cluster-agent namespace: datadog-agent labels: - helm.sh/chart: 'datadog-3.67.3' + helm.sh/chart: 'datadog-3.68.0' app.kubernetes.io/name: "datadog" app.kubernetes.io/instance: "datadog" app.kubernetes.io/managed-by: Helm @@ -1514,15 +1522,15 @@ spec: name: datadog-cluster-agent annotations: - checksum/clusteragent_token: f4606476ef366e0c3fab79dde5c5c9bd3970824b6e48d4dd61dce484d892a491 - checksum/clusteragent-configmap: 3e05961e3055e7f00a5c6765d16eb843b13277b0201f232957d2fb832d7a2f64 - checksum/install_info: f50ea8a79f0564dc664ff870e2b565a24e874dd107024252b8439ef2771dc70c + checksum/clusteragent_token: 982e3679f4d216c771b4be67a945049a92c86c024fc7fe3b3715ea293b599ccd + checksum/clusteragent-configmap: da78943b0a2b4039c8db933c5af5009ba72516f8625b14b5815a83e4080f38ac + checksum/install_info: 9a6b3a0afdc7e755915a24989677c6d492582d562fdd38a2270518ae18310357 spec: serviceAccountName: datadog-cluster-agent automountServiceAccountToken: true initContainers: - name: init-volume - image: "gcr.io/datadoghq/cluster-agent:7.54.0" + image: "gcr.io/datadoghq/cluster-agent:7.55.1" imagePullPolicy: IfNotPresent command: - cp @@ -1535,7 +1543,7 @@ spec: mountPath: /opt/datadog-agent containers: - name: cluster-agent - image: "gcr.io/datadoghq/cluster-agent:7.54.0" + image: "gcr.io/datadoghq/cluster-agent:7.55.1" imagePullPolicy: IfNotPresent resources: {} diff --git a/test/datadog/dca_AC_sidecar_test.go b/test/datadog/dca_AC_sidecar_test.go index 3d4f288ea..52479187a 100644 --- a/test/datadog/dca_AC_sidecar_test.go +++ b/test/datadog/dca_AC_sidecar_test.go @@ -91,7 +91,7 @@ func verifyDeploymentFargateMinimal(t *testing.T, manifest string) { // Default will be set by DCA assert.Empty(t, acConfigEnv[DDSidecarRegistry]) assert.Equal(t, "agent", acConfigEnv[DDSidecarImageName]) - assert.Equal(t, "7.54.0", acConfigEnv[DDSidecarImageTag]) + assert.Equal(t, "7.55.1", acConfigEnv[DDSidecarImageTag]) assert.Empty(t, acConfigEnv[DDSidecarSelectors]) assert.Empty(t, acConfigEnv[DDSidecarProfiles]) } From 7509d6bcf6633d68fb970f8055cc9581aa771b59 Mon Sep 17 00:00:00 2001 From: Minyi Zhu Date: Sun, 21 Jul 2024 01:47:13 -0400 Subject: [PATCH 086/209] fix datadog.containerLifecycle.enabled flag setting (#1460) --- charts/datadog/CHANGELOG.md | 3 +++ charts/datadog/Chart.yaml | 2 +- charts/datadog/README.md | 2 +- charts/datadog/templates/_container-agent.yaml | 4 +--- 4 files changed, 6 insertions(+), 5 deletions(-) diff --git a/charts/datadog/CHANGELOG.md b/charts/datadog/CHANGELOG.md index d6e0f9855..f6a65ae3a 100644 --- a/charts/datadog/CHANGELOG.md +++ b/charts/datadog/CHANGELOG.md @@ -1,5 +1,8 @@ # Datadog changelog +## 3.68.2 +* Fix datadog.containerLifecycle.enabled conditional statement to accept flase value + ## 3.68.1 * Add automatic detection for enablement of process agent container. diff --git a/charts/datadog/Chart.yaml b/charts/datadog/Chart.yaml index 749e6a28c..4e963bb05 100644 --- a/charts/datadog/Chart.yaml +++ b/charts/datadog/Chart.yaml @@ -1,6 +1,6 @@ apiVersion: v1 name: datadog -version: 3.68.1 +version: 3.68.2 appVersion: "7" description: Datadog Agent keywords: diff --git a/charts/datadog/README.md b/charts/datadog/README.md index 60bb3427a..fa16f8601 100644 --- a/charts/datadog/README.md +++ b/charts/datadog/README.md @@ -1,6 +1,6 @@ # Datadog -![Version: 3.68.1](https://img.shields.io/badge/Version-3.68.1-informational?style=flat-square) ![AppVersion: 7](https://img.shields.io/badge/AppVersion-7-informational?style=flat-square) +![Version: 3.68.2](https://img.shields.io/badge/Version-3.68.2-informational?style=flat-square) ![AppVersion: 7](https://img.shields.io/badge/AppVersion-7-informational?style=flat-square) [Datadog](https://www.datadoghq.com/) is a hosted infrastructure monitoring platform. This chart adds the Datadog Agent to all nodes in your cluster via a DaemonSet. It also optionally depends on the [kube-state-metrics chart](https://github.com/prometheus-community/helm-charts/tree/main/charts/kube-state-metrics). For more information about monitoring Kubernetes with Datadog, please refer to the [Datadog documentation website](https://docs.datadoghq.com/agent/basic_agent_usage/kubernetes/). diff --git a/charts/datadog/templates/_container-agent.yaml b/charts/datadog/templates/_container-agent.yaml index c74281d14..85ec9c746 100644 --- a/charts/datadog/templates/_container-agent.yaml +++ b/charts/datadog/templates/_container-agent.yaml @@ -157,10 +157,8 @@ - name: DD_CHECKS_TAG_CARDINALITY value: {{ .Values.datadog.checksCardinality | quote }} {{- end }} - {{- if .Values.datadog.containerLifecycle.enabled }} - name: DD_CONTAINER_LIFECYCLE_ENABLED - value: {{ .Values.datadog.containerLifecycle.enabled | quote }} - {{- end }} + value: {{ .Values.datadog.containerLifecycle.enabled | quote | default "true" }} - name: DD_ORCHESTRATOR_EXPLORER_ENABLED value: {{ (include "should-enable-k8s-resource-monitoring" .) | quote }} - name: DD_EXPVAR_PORT From e29dbe82c923d9db7fba15c6b3292e3f5e34bd97 Mon Sep 17 00:00:00 2001 From: Tess Neau Date: Mon, 22 Jul 2024 11:40:44 +0200 Subject: [PATCH 087/209] add opw version 2.1.1 (#1461) --- charts/observability-pipelines-worker/CHANGELOG.md | 4 ++++ charts/observability-pipelines-worker/Chart.yaml | 4 ++-- charts/observability-pipelines-worker/README.md | 4 ++-- charts/observability-pipelines-worker/values.yaml | 2 +- 4 files changed, 9 insertions(+), 5 deletions(-) diff --git a/charts/observability-pipelines-worker/CHANGELOG.md b/charts/observability-pipelines-worker/CHANGELOG.md index a2558f499..3b3f71c65 100644 --- a/charts/observability-pipelines-worker/CHANGELOG.md +++ b/charts/observability-pipelines-worker/CHANGELOG.md @@ -1,5 +1,9 @@ # Changelog +## 2.1.1 + +* Official image `2.1.1` + ## 2.1.0 * Official image `2.1.0` diff --git a/charts/observability-pipelines-worker/Chart.yaml b/charts/observability-pipelines-worker/Chart.yaml index ec520d387..c5607101a 100644 --- a/charts/observability-pipelines-worker/Chart.yaml +++ b/charts/observability-pipelines-worker/Chart.yaml @@ -1,6 +1,6 @@ apiVersion: v2 name: observability-pipelines-worker -version: "2.1.0" +version: "2.1.1" description: Observability Pipelines Worker type: application keywords: @@ -13,7 +13,7 @@ icon: https://datadog-live.imgix.net/img/dd_logo_70x75.png maintainers: - name: Datadog email: support@datadoghq.com -appVersion: "2.1.0" +appVersion: "2.1.1" annotations: artifacthub.io/links: | - name: Chart Source diff --git a/charts/observability-pipelines-worker/README.md b/charts/observability-pipelines-worker/README.md index 54d70c4f0..26862674c 100644 --- a/charts/observability-pipelines-worker/README.md +++ b/charts/observability-pipelines-worker/README.md @@ -1,6 +1,6 @@ # Observability Pipelines Worker -![Version: 2.1.0](https://img.shields.io/badge/Version-2.1.0-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 2.1.0](https://img.shields.io/badge/AppVersion-2.1.0-informational?style=flat-square) +![Version: 2.1.1](https://img.shields.io/badge/Version-2.1.1-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 2.1.1](https://img.shields.io/badge/AppVersion-2.1.1-informational?style=flat-square) ## How to use Datadog Helm repository @@ -110,7 +110,7 @@ The command removes all the Kubernetes components associated with the chart and | image.pullPolicy | string | `"IfNotPresent"` | Specify the [pullPolicy](https://kubernetes.io/docs/concepts/containers/images/#image-pull-policy). | | image.pullSecrets | list | `[]` | Specify the [imagePullSecrets](https://kubernetes.io/docs/concepts/containers/images/#specifying-imagepullsecrets-on-a-pod). | | image.repository | string | `"gcr.io/datadoghq"` | Specify the image repository to use. | -| image.tag | string | `"2.1.0"` | Specify the image tag to use. | +| image.tag | string | `"2.1.1"` | Specify the image tag to use. | | ingress.annotations | object | `{}` | Specify annotations for the Ingress. | | ingress.className | string | `""` | Specify the [ingressClassName](https://kubernetes.io/blog/2020/04/02/improvements-to-the-ingress-api-in-kubernetes-1.18/#specifying-the-class-of-an-ingress), requires Kubernetes >= 1.18. | | ingress.enabled | bool | `false` | If **true**, create an Ingress resource. | diff --git a/charts/observability-pipelines-worker/values.yaml b/charts/observability-pipelines-worker/values.yaml index 248ec3f00..480904e3c 100644 --- a/charts/observability-pipelines-worker/values.yaml +++ b/charts/observability-pipelines-worker/values.yaml @@ -42,7 +42,7 @@ image: # image.name -- Specify the image name to use (relative to `image.repository`). name: observability-pipelines-worker # image.tag -- Specify the image tag to use. - tag: 2.1.0 + tag: 2.1.1 # image.digest -- (string) Specify the image digest to use; takes precedence over `image.tag`. digest: ## Currently, we offer images at: From 97c1f224a56cb0ff15d26f25571d12de08222740 Mon Sep 17 00:00:00 2001 From: Dinesh Gurumurthy Date: Tue, 23 Jul 2024 16:19:13 -0400 Subject: [PATCH 088/209] squash commits for signed commits (#1429) --- charts/datadog/CHANGELOG.md | 4 + charts/datadog/Chart.yaml | 2 +- charts/datadog/README.md | 11 ++- ...agent-otel-collector-no-config-values.yaml | 16 ++++ .../ci/agent-otel-collector-ports-values.yaml | 41 ++++++++++ .../ci/agent-otel-collector-values.yaml | 34 ++++++++ charts/datadog/templates/NOTES.txt | 9 +++ .../datadog/templates/_container-agent.yaml | 6 ++ .../templates/_container-otel-agent.yaml | 81 +++++++++++++++++++ charts/datadog/templates/_helpers.tpl | 39 +++++++++ .../datadog/templates/_otel_agent_config.yaml | 55 +++++++++++++ charts/datadog/templates/agent-services.yaml | 8 ++ charts/datadog/templates/daemonset.yaml | 14 ++++ charts/datadog/templates/otel-configmap.yaml | 12 +++ charts/datadog/values.yaml | 44 ++++++++++ examples/datadog/agent_otel_collector.yaml | 29 +++++++ examples/datadog/otel_collector_config.yaml | 58 +++++++++++++ 17 files changed, 461 insertions(+), 2 deletions(-) create mode 100644 charts/datadog/ci/agent-otel-collector-no-config-values.yaml create mode 100644 charts/datadog/ci/agent-otel-collector-ports-values.yaml create mode 100644 charts/datadog/ci/agent-otel-collector-values.yaml create mode 100644 charts/datadog/templates/_container-otel-agent.yaml create mode 100644 charts/datadog/templates/_otel_agent_config.yaml create mode 100644 charts/datadog/templates/otel-configmap.yaml create mode 100644 examples/datadog/agent_otel_collector.yaml create mode 100644 examples/datadog/otel_collector_config.yaml diff --git a/charts/datadog/CHANGELOG.md b/charts/datadog/CHANGELOG.md index f6a65ae3a..36bf81720 100644 --- a/charts/datadog/CHANGELOG.md +++ b/charts/datadog/CHANGELOG.md @@ -1,5 +1,9 @@ # Datadog changelog +## 3.69.0 + +* Add support OTel Agent container. OTel Agent is Datadog's distribution of OTel collector. + ## 3.68.2 * Fix datadog.containerLifecycle.enabled conditional statement to accept flase value diff --git a/charts/datadog/Chart.yaml b/charts/datadog/Chart.yaml index 4e963bb05..7971a81fc 100644 --- a/charts/datadog/Chart.yaml +++ b/charts/datadog/Chart.yaml @@ -1,6 +1,6 @@ apiVersion: v1 name: datadog -version: 3.68.2 +version: 3.69.0 appVersion: "7" description: Datadog Agent keywords: diff --git a/charts/datadog/README.md b/charts/datadog/README.md index fa16f8601..aa2fecfab 100644 --- a/charts/datadog/README.md +++ b/charts/datadog/README.md @@ -1,6 +1,6 @@ # Datadog -![Version: 3.68.2](https://img.shields.io/badge/Version-3.68.2-informational?style=flat-square) ![AppVersion: 7](https://img.shields.io/badge/AppVersion-7-informational?style=flat-square) +![Version: 3.69.0](https://img.shields.io/badge/Version-3.69.0-informational?style=flat-square) ![AppVersion: 7](https://img.shields.io/badge/AppVersion-7-informational?style=flat-square) [Datadog](https://www.datadoghq.com/) is a hosted infrastructure monitoring platform. This chart adds the Datadog Agent to all nodes in your cluster via a DaemonSet. It also optionally depends on the [kube-state-metrics chart](https://github.com/prometheus-community/helm-charts/tree/main/charts/kube-state-metrics). For more information about monitoring Kubernetes with Datadog, please refer to the [Datadog documentation website](https://docs.datadoghq.com/agent/basic_agent_usage/kubernetes/). @@ -471,6 +471,12 @@ helm install \ | agents.containers.initContainers.resources | object | `{}` | Resource requests and limits for the init containers | | agents.containers.initContainers.securityContext | object | `{}` | Allows you to overwrite the default container SecurityContext for the init containers. | | agents.containers.initContainers.volumeMounts | list | `[]` | Specify additional volumes to mount for the init containers | +| agents.containers.otelAgent.env | list | `[]` | Additional environment variables for the trace-agent container | +| agents.containers.otelAgent.envDict | object | `{}` | Set environment variables specific to trace-agent defined in a dict | +| agents.containers.otelAgent.envFrom | list | `[]` | Set environment variables specific to trace-agent from configMaps and/or secrets | +| agents.containers.otelAgent.ports | list | `[]` | Allows to specify extra ports (hostPorts for instance) for this container | +| agents.containers.otelAgent.resources | object | `{}` | Resource requests and limits for the trace-agent container | +| agents.containers.otelAgent.securityContext | object | `{}` | Allows you to overwrite the default container SecurityContext for the trace-agent container. | | agents.containers.processAgent.env | list | `[]` | Additional environment variables for the process-agent container | | agents.containers.processAgent.envDict | object | `{}` | Set environment variables specific to process-agent defined in a dict | | agents.containers.processAgent.envFrom | list | `[]` | Set environment variables specific to process-agent from configMaps and/or secrets | @@ -763,6 +769,9 @@ helm install \ | datadog.orchestratorExplorer.enabled | bool | `true` | Set this to false to disable the orchestrator explorer | | datadog.originDetectionUnified.enabled | bool | `false` | Enabled enables unified mechanism for origin detection. Default: false. (Requires Agent 7.54.0+). | | datadog.osReleasePath | string | `"/etc/os-release"` | Specify the path to your os-release file | +| datadog.otelCollector.config | object | `{}` | OTel collector configuration | +| datadog.otelCollector.enabled | bool | `false` | Enable the OTel Collector | +| datadog.otelCollector.ports | list | `[{"containerPort":"4317","name":"otel-grpc"},{"containerPort":"4318","name":"otel-http"}]` | Ports that OTel Collector is listening | | datadog.otlp.logs.enabled | bool | `false` | Enable logs support in the OTLP ingest endpoint | | datadog.otlp.receiver.protocols.grpc.enabled | bool | `false` | Enable the OTLP/gRPC endpoint | | datadog.otlp.receiver.protocols.grpc.endpoint | string | `"0.0.0.0:4317"` | OTLP/gRPC endpoint | diff --git a/charts/datadog/ci/agent-otel-collector-no-config-values.yaml b/charts/datadog/ci/agent-otel-collector-no-config-values.yaml new file mode 100644 index 000000000..f62b4cb66 --- /dev/null +++ b/charts/datadog/ci/agent-otel-collector-no-config-values.yaml @@ -0,0 +1,16 @@ +targetSystem: "linux" +agents: + image: + repository: datadog/agent-dev + tag: nightly-ot-beta-main + doNotCheckTag: true + containers: + agent: + env: + - name: DD_HOSTNAME + value: "datadog" +datadog: + apiKey: "00000000000000000000000000000000" + appKey: "0000000000000000000000000000000000000000" + otelCollector: + enabled: true diff --git a/charts/datadog/ci/agent-otel-collector-ports-values.yaml b/charts/datadog/ci/agent-otel-collector-ports-values.yaml new file mode 100644 index 000000000..5e82a3350 --- /dev/null +++ b/charts/datadog/ci/agent-otel-collector-ports-values.yaml @@ -0,0 +1,41 @@ +targetSystem: "linux" +agents: + image: + repository: datadog/agent-dev + tag: nightly-ot-beta-main + doNotCheckTag: true + containers: + agent: + env: + - name: DD_HOSTNAME + value: "datadog" +datadog: + apiKey: "00000000000000000000000000000000" + appKey: "0000000000000000000000000000000000000000" + otelCollector: + enabled: true + ports: + - containerPort: "5317" + hostPort: "5317" + name: "otel-grpc" + config: | + receivers: + otlp: + protocols: + grpc: + endpoint: "localhost:5317" + exporters: + datadog: + api: + key: "00000000000000000000000000000000" + service: + pipelines: + traces: + receivers: [otlp] + exporters: [datadog] + metrics: + receivers: [otlp] + exporters: [datadog] + logs: + receivers: [otlp] + exporters: [datadog] diff --git a/charts/datadog/ci/agent-otel-collector-values.yaml b/charts/datadog/ci/agent-otel-collector-values.yaml new file mode 100644 index 000000000..1f845f2d9 --- /dev/null +++ b/charts/datadog/ci/agent-otel-collector-values.yaml @@ -0,0 +1,34 @@ +targetSystem: "linux" +agents: + image: + repository: datadog/agent-dev + tag: nightly-ot-beta-main + doNotCheckTag: true + containers: + agent: + env: + - name: DD_HOSTNAME + value: "datadog" +datadog: + apiKey: "00000000000000000000000000000000" + appKey: "0000000000000000000000000000000000000000" + otelCollector: + enabled: true + config: | + receivers: + otlp: + exporters: + datadog: + api: + key: "00000000000000000000000000000000" + service: + pipelines: + traces: + receivers: [otlp] + exporters: [datadog] + metrics: + receivers: [otlp] + exporters: [datadog] + logs: + receivers: [otlp] + exporters: [datadog] diff --git a/charts/datadog/templates/NOTES.txt b/charts/datadog/templates/NOTES.txt index c716cd630..aa525817e 100644 --- a/charts/datadog/templates/NOTES.txt +++ b/charts/datadog/templates/NOTES.txt @@ -580,3 +580,12 @@ You are using the datadog.securityAgent.compliance.xccdf.enabled parameter which This version still supports both but the support of the old name will be dropped in the next major version of our Helm chart. More information about this change: https://github.com/DataDog/helm-charts/pull/1161 {{- end }} + + +{{- if and (eq (include "should-enable-otel-agent" .) "true") .Values.providers.gke.autopilot }} +################################################################# +#### WARNING: Configuration notice #### +################################################################# +OTel collector is not supported on GKE Autopilot. +{{- fail "The OTel collector cannot be run on GKE Autopilot." }} +{{- end }} diff --git a/charts/datadog/templates/_container-agent.yaml b/charts/datadog/templates/_container-agent.yaml index 85ec9c746..7bc011e1c 100644 --- a/charts/datadog/templates/_container-agent.yaml +++ b/charts/datadog/templates/_container-agent.yaml @@ -59,6 +59,7 @@ {{- include "containers-common-env" . | nindent 4 }} {{- include "fips-envvar" . | nindent 4 }} {{- include "processes-common-envs" . | nindent 4 }} + {{- if .Values.datadog.logLevel }} - name: DD_LOG_LEVEL value: {{ .Values.agents.containers.agent.logLevel | default .Values.datadog.logLevel | quote }} @@ -180,6 +181,7 @@ - name: DD_SBOM_CONTAINER_IMAGE_USE_MOUNT value: "true" {{- end }} + {{- if .Values.datadog.sbom.host.enabled }} - name: DD_SBOM_HOST_ENABLED value: "true" @@ -191,6 +193,10 @@ - name: DD_KUBELET_CORE_CHECK_ENABLED value: {{ .Values.datadog.kubelet.coreCheckEnabled | quote }} {{- end }} + {{- if eq (include "should-enable-otel-agent" .) "true" }} + - name: DD_OTELCOLLECTOR_ENABLED + value: "true" + {{- end }} {{- include "additional-env-entries" .Values.agents.containers.agent.env | indent 4 }} {{- include "additional-env-dict-entries" .Values.agents.containers.agent.envDict | indent 4 }} volumeMounts: diff --git a/charts/datadog/templates/_container-otel-agent.yaml b/charts/datadog/templates/_container-otel-agent.yaml new file mode 100644 index 000000000..16e56bbe2 --- /dev/null +++ b/charts/datadog/templates/_container-otel-agent.yaml @@ -0,0 +1,81 @@ +{{- define "container-otel-agent" -}} +- name: otel-agent + image: "{{ include "image-path" (dict "root" .Values "image" .Values.agents.image) }}" + imagePullPolicy: {{ .Values.agents.image.pullPolicy }} + {{- if eq .Values.targetSystem "linux" }} + command: ["otel-agent", "--config={{ template "datadog.otelconfPath" . }}/otel-config.yaml"] + {{- end -}} + {{- if eq .Values.targetSystem "windows" }} + command: ["otel-agent", "-foreground", "-config={{ template "datadog.otelconfPath" . }}/datadog.yaml"] + {{- end -}} +{{ include "generate-security-context" (dict "securityContext" .Values.agents.containers.otelAgent.securityContext "targetSystem" .Values.targetSystem "seccomp" "" "kubeversion" .Capabilities.KubeVersion.Version) | indent 2 }} + resources: +{{ toYaml .Values.agents.containers.otelAgent.resources | indent 4 }} + ports: + {{- range .Values.datadog.otelCollector.ports }} + - containerPort: {{ .containerPort }} + {{- if .hostPort }} + hostPort: {{ .hostPort }} + {{- end }} + protocol: TCP + name: {{ .name }} + {{- end }} +{{- if or .Values.datadog.envFrom .Values.agents.containers.otelAgent.envFrom }} + envFrom: +{{- if .Values.datadog.envFrom }} +{{ .Values.datadog.envFrom | toYaml | indent 4 }} +{{- end }} +{{- if .Values.agents.containers.otelAgent.envFrom }} +{{ .Values.agents.containers.otelAgent.envFrom | toYaml | indent 4 }} +{{- end }} +{{- end }} + env: + {{- include "containers-common-env" . | nindent 4 }} + {{- include "containers-cluster-agent-env" . | nindent 4 }} + {{- include "fips-envvar" . | nindent 4 }} + - name: DD_LOG_LEVEL + value: {{ .Values.agents.containers.otelAgent.logLevel | default .Values.datadog.logLevel | quote }} + {{- include "additional-env-entries" .Values.agents.containers.otelAgent.env | indent 4 }} + {{- include "additional-env-dict-entries" .Values.agents.containers.otelAgent.envDict | indent 4 }} + volumeMounts: + - name: config + mountPath: {{ template "datadog.confPath" . }} + readOnly: true + - name: logdatadog + mountPath: {{ template "datadog.logDirectoryPath" . }} + readOnly: false # Need RW to write logs + {{- if (not .Values.providers.gke.autopilot) }} + - name: auth-token + mountPath: {{ template "datadog.confPath" . }}/auth + readOnly: true + {{- end }} + - name: otelconfig + mountPath: {{ template "datadog.otelconfPath" . }} + readOnly: true + {{- if eq .Values.targetSystem "linux" }} + {{- if not .Values.providers.gke.autopilot }} + - name: procdir + mountPath: /host/proc + mountPropagation: {{ .Values.datadog.hostVolumeMountPropagation }} + readOnly: true + - name: cgroups + mountPath: /host/sys/fs/cgroup + mountPropagation: {{ .Values.datadog.hostVolumeMountPropagation }} + readOnly: true + {{- end }} + - name: tmpdir + mountPath: /tmp + readOnly: false # Need RW for tmp directory + - name: dsdsocket + mountPath: {{ (dir .Values.datadog.dogstatsd.socketPath) }} + readOnly: true + {{- end }} + {{- include "container-crisocket-volumemounts" . | nindent 4 }} + {{- include "container-cloudinit-volumemounts" . | nindent 4 }} + {{- if .Values.datadog.kubelet.hostCAPath }} +{{ include "datadog.kubelet.volumeMount" . | indent 4 }} + {{- end }} +{{- if .Values.agents.volumeMounts }} +{{ toYaml .Values.agents.volumeMounts | indent 4 }} +{{- end }} +{{- end -}} diff --git a/charts/datadog/templates/_helpers.tpl b/charts/datadog/templates/_helpers.tpl index 9b401a4f8..001f98e9d 100644 --- a/charts/datadog/templates/_helpers.tpl +++ b/charts/datadog/templates/_helpers.tpl @@ -106,6 +106,19 @@ Create chart name and version as used by the chart label. {{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}} {{- end -}} +{{/* +Return true if the OTelAgent needs to be deployed +*/}} +{{- define "should-enable-otel-agent" -}} +{{- if and .Values.datadog.otelCollector.enabled -}} +true +{{- else -}} +false +{{- end -}} +{{- end -}} + + + {{/* Return secret name to be used based on provided values. */}} @@ -206,6 +219,18 @@ C:/ProgramData/Datadog {{- end -}} {{- end -}} +{{/* +Return agent config path +*/}} +{{- define "datadog.otelconfPath" -}} +{{- if eq .Values.targetSystem "linux" -}} +/etc/otel-agent +{{- end -}} +{{- if eq .Values.targetSystem "windows" -}} +C:/ProgramData/Datadog +{{- end -}} +{{- end -}} + {{/* Return agent host mount root */}} @@ -570,6 +595,10 @@ datadog-agent-fips-config {{- end -}} {{- end -}} +{{- define "agents-install-otel-configmap-name" -}} +{{ template "datadog.fullname" . }}-otel-config +{{- end -}} + {{/* Common template labels */}} @@ -942,3 +971,13 @@ Create RBACs for custom resources {{- include "process-checks-enabled" . -}} {{- end -}} {{- end -}} + + +{{- define "get-port-number-from-name" -}} +{{- $portName := .portName -}} +{{- range .ports -}} + {{- if eq .name $portName -}} + {{ .containerPort }} + {{- end -}} +{{- end -}} +{{- end -}} diff --git a/charts/datadog/templates/_otel_agent_config.yaml b/charts/datadog/templates/_otel_agent_config.yaml new file mode 100644 index 000000000..6c455b21b --- /dev/null +++ b/charts/datadog/templates/_otel_agent_config.yaml @@ -0,0 +1,55 @@ +{{- define "otel-agent-config-configmap-content" -}} +otel-config.yaml: {{- if .Values.datadog.otelCollector.config }} {{ toYaml .Values.datadog.otelCollector.config | indent 4 }} + {{- else }} | + receivers: + prometheus: + config: + scrape_configs: + - job_name: "otelcol" + scrape_interval: 10s + static_configs: + - targets: ["0.0.0.0:8888"] + otlp: + protocols: + grpc: + endpoint: 0.0.0.0:{{ include "get-port-number-from-name" (dict "ports" .Values.datadog.otelCollector.ports "portName" "otel-grpc") }} + http: + endpoint: 0.0.0.0:{{ include "get-port-number-from-name" (dict "ports" .Values.datadog.otelCollector.ports "portName" "otel-http") }} + exporters: + debug: + verbosity: detailed + datadog: + api: + key: ${env:DD_API_KEY} + processors: + infraattributes: + cardinality: 2 + batch: + timeout: 10s + connectors: + datadog/connector: + traces: + compute_top_level_by_span_kind: true + peer_tags_aggregation: true + compute_stats_by_span_kind: true + service: + pipelines: + traces: + receivers: [otlp] + processors: [batch] + exporters: [datadog/connector] + traces/otlp: + receivers: [otlp] + processors: [infraattributes, batch] + exporters: [datadog] + metrics: + receivers: [otlp, datadog/connector, prometheus] + processors: [infraattributes, batch] + exporters: [datadog] + logs: + receivers: [otlp] + processors: [infraattributes, batch] + exporters: [datadog] +{{- end -}} +{{- end -}} + diff --git a/charts/datadog/templates/agent-services.yaml b/charts/datadog/templates/agent-services.yaml index 491a87862..ce6080d04 100644 --- a/charts/datadog/templates/agent-services.yaml +++ b/charts/datadog/templates/agent-services.yaml @@ -100,5 +100,13 @@ spec: targetPort: {{ .Values.datadog.otlp.receiver.protocols.http.endpoint | regexFind ":[0-9]+$" | trimPrefix ":" }} name: otlphttpport {{- end }} +{{- if eq (include "should-enable-otel-agent" .) "true" }} +{{- range .Values.datadog.otelCollector.ports }} + - protocol: TCP + port: {{ .containerPort }} + targetPort: {{ .containerPort }} + name: {{ .name }} +{{- end }} +{{- end }} internalTrafficPolicy: Local {{ end }} diff --git a/charts/datadog/templates/daemonset.yaml b/charts/datadog/templates/daemonset.yaml index a7b11977f..ba95268cf 100644 --- a/charts/datadog/templates/daemonset.yaml +++ b/charts/datadog/templates/daemonset.yaml @@ -48,6 +48,9 @@ spec: checksum/autoconf-config: {{ tpl (toYaml .Values.datadog.autoconf) . | sha256sum }} checksum/confd-config: {{ tpl (toYaml .Values.datadog.confd) . | sha256sum }} checksum/checksd-config: {{ tpl (toYaml .Values.datadog.checksd) . | sha256sum }} + {{- if eq (include "should-enable-otel-agent" .) "true" }} + checksum/otel-config: {{ include "otel-agent-config-configmap-content" . | sha256sum }} + {{- end }} {{- if .Values.agents.customAgentConfig }} checksum/agent-config: {{ tpl (toYaml .Values.agents.customAgentConfig) . | sha256sum }} {{- end }} @@ -128,6 +131,9 @@ spec: {{- if eq (include "should-enable-security-agent" .) "true" }} {{- include "container-security-agent" . | nindent 6 }} {{- end }} + {{- if eq (include "should-enable-otel-agent" .) "true" }} + {{- include "container-otel-agent" . | nindent 6 }} + {{- end }} initContainers: {{- if eq .Values.targetSystem "windows" }} {{ include "containers-init-windows" . | nindent 6 }} @@ -164,6 +170,14 @@ spec: {{- if eq .Values.targetSystem "linux" }} {{ include "daemonset-volumes-linux" . | nindent 6 }} {{- end }} + {{- if eq (include "should-enable-otel-agent" .) "true" }} + - name: otelconfig + configMap: + name: {{ include "agents-install-otel-configmap-name" . }} + items: + - key: otel-config.yaml + path: otel-config.yaml + {{- end }} {{- if .Values.agents.volumes }} {{ toYaml .Values.agents.volumes | indent 6 }} {{- end }} diff --git a/charts/datadog/templates/otel-configmap.yaml b/charts/datadog/templates/otel-configmap.yaml new file mode 100644 index 000000000..0e7fbb162 --- /dev/null +++ b/charts/datadog/templates/otel-configmap.yaml @@ -0,0 +1,12 @@ +{{- if eq (include "should-enable-otel-agent" .) "true" }} +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ include "agents-install-otel-configmap-name" . }} + namespace: {{ .Release.Namespace }} + labels: + {{ include "datadog.labels" . | nindent 4 }} + annotations: + checksum/otel-config: {{ printf "%s-%s" .Chart.Name .Chart.Version | sha256sum }} +data: {{ include "otel-agent-config-configmap-content" . | nindent 2 }} +{{- end }} diff --git a/charts/datadog/values.yaml b/charts/datadog/values.yaml index c21dbd0cf..2e7396e5f 100644 --- a/charts/datadog/values.yaml +++ b/charts/datadog/values.yaml @@ -520,6 +520,21 @@ datadog: # datadog.asm.iast.enabled -- Enable Application Security Management Interactive Application Security Testing by injecting `DD_IAST_ENABLED=true` environment variable to all pods in the cluster enabled: false + ## OTel collector related configuration + otelCollector: + # datadog.otelCollector.enabled -- Enable the OTel Collector + enabled: false + # datadog.otelCollector.ports -- Ports that OTel Collector is listening + ports: + + # Default GRPC port of OTLP receiver + - containerPort: "4317" + name: otel-grpc + # Default HTTP port of OTLP receiver + - containerPort: "4318" + name: otel-http + # datadog.otelCollector.config -- OTel collector configuration + config: {} ## OTLP ingest related configuration otlp: receiver: @@ -1648,6 +1663,35 @@ agents: # agents.containers.processAgent.ports -- Allows to specify extra ports (hostPorts for instance) for this container ports: [] + otelAgent: + # agents.containers.otelAgent.env -- Additional environment variables for the trace-agent container + env: [] + + # agents.containers.otelAgent.envFrom -- Set environment variables specific to trace-agent from configMaps and/or secrets + envFrom: [] + # - configMapRef: + # name: + # - secretRef: + # name: + + # agents.containers.otelAgent.envDict -- Set environment variables specific to trace-agent defined in a dict + envDict: {} + # : + + # agents.containers.otelAgent.resources -- Resource requests and limits for the trace-agent container + resources: {} + # requests: + # cpu: 100m + # memory: 200Mi + # limits: + # cpu: 100m + # memory: 200Mi + + # agents.containers.otelAgent.securityContext -- Allows you to overwrite the default container SecurityContext for the trace-agent container. + securityContext: {} + + # agents.containers.otelAgent.ports -- Allows to specify extra ports (hostPorts for instance) for this container + ports: [] traceAgent: # agents.containers.traceAgent.env -- Additional environment variables for the trace-agent container env: [] diff --git a/examples/datadog/agent_otel_collector.yaml b/examples/datadog/agent_otel_collector.yaml new file mode 100644 index 000000000..ca711e74b --- /dev/null +++ b/examples/datadog/agent_otel_collector.yaml @@ -0,0 +1,29 @@ +agents: + image: + repository: datadog/agent-dev + tag: nightly-ot-beta-main + doNotCheckTag: true + containers: + agent: + env: + - name: DD_HOSTNAME + value: "my-hostname" +datadog: + apiKey: $DD_API_KEY + otelCollector: + enabled: true + logs: + enabled: true + containerCollectAll: true + orchestratorExplorer: + enabled: true + processAgent: + enabled: true + processCollection: true + networkMonitoring: + enabled: true + apm: + portEnabled: true + peer_tags_aggregation: true + compute_stats_by_span_kind: true + peer_service_aggregation: true diff --git a/examples/datadog/otel_collector_config.yaml b/examples/datadog/otel_collector_config.yaml new file mode 100644 index 000000000..00e691208 --- /dev/null +++ b/examples/datadog/otel_collector_config.yaml @@ -0,0 +1,58 @@ +receivers: + prometheus: + config: + scrape_configs: + - job_name: "otel-agent" + scrape_interval: 10s + static_configs: + - targets: ["0.0.0.0:8888"] + otlp: + protocols: + grpc: + endpoint: 0.0.0.0:4317 + http: + endpoint: 0.0.0.0:4318 +exporters: + debug: + verbosity: detailed + datadog: + api: + key: ${env:DD_API_KEY} +processors: + infraattributes: + cardinality: 2 + probabilistic_sampler: + hash_seed: 22 + sampling_percentage: 15.3 + batch: + timeout: 10s +connectors: + datadog/connector: + traces: + compute_top_level_by_span_kind: true + peer_tags_aggregation: true + compute_stats_by_span_kind: true +extensions: + health_check: +service: + extensions: [health_check] + telemetry: + logs: + level: debug + pipelines: + traces: + receivers: [otlp] + processors: [batch] + exporters: [datadog/connector] + traces/sampled: + receivers: [otlp] + processors: [probabilistic_sampler, infraattributes, batch] + exporters: [datadog] + metrics: + receivers: [otlp, datadog/connector, prometheus] + processors: [infraattributes, batch] + exporters: [datadog] + logs: + receivers: [otlp] + processors: [infraattributes, batch] + exporters: [datadog] From e1ec85127de74c8b876eef6a81bb1579d17b49bf Mon Sep 17 00:00:00 2001 From: neuronull Date: Wed, 24 Jul 2024 09:01:27 -0600 Subject: [PATCH 089/209] add opw version 2.1.2 (#1466) --- charts/observability-pipelines-worker/CHANGELOG.md | 4 ++++ charts/observability-pipelines-worker/Chart.yaml | 4 ++-- charts/observability-pipelines-worker/README.md | 4 ++-- charts/observability-pipelines-worker/values.yaml | 2 +- 4 files changed, 9 insertions(+), 5 deletions(-) diff --git a/charts/observability-pipelines-worker/CHANGELOG.md b/charts/observability-pipelines-worker/CHANGELOG.md index 3b3f71c65..ab4fb398f 100644 --- a/charts/observability-pipelines-worker/CHANGELOG.md +++ b/charts/observability-pipelines-worker/CHANGELOG.md @@ -1,5 +1,9 @@ # Changelog +## 2.1.2 + +* Official image `2.1.2` + ## 2.1.1 * Official image `2.1.1` diff --git a/charts/observability-pipelines-worker/Chart.yaml b/charts/observability-pipelines-worker/Chart.yaml index c5607101a..1d399d9d9 100644 --- a/charts/observability-pipelines-worker/Chart.yaml +++ b/charts/observability-pipelines-worker/Chart.yaml @@ -1,6 +1,6 @@ apiVersion: v2 name: observability-pipelines-worker -version: "2.1.1" +version: "2.1.2" description: Observability Pipelines Worker type: application keywords: @@ -13,7 +13,7 @@ icon: https://datadog-live.imgix.net/img/dd_logo_70x75.png maintainers: - name: Datadog email: support@datadoghq.com -appVersion: "2.1.1" +appVersion: "2.1.2" annotations: artifacthub.io/links: | - name: Chart Source diff --git a/charts/observability-pipelines-worker/README.md b/charts/observability-pipelines-worker/README.md index 26862674c..5917c6f62 100644 --- a/charts/observability-pipelines-worker/README.md +++ b/charts/observability-pipelines-worker/README.md @@ -1,6 +1,6 @@ # Observability Pipelines Worker -![Version: 2.1.1](https://img.shields.io/badge/Version-2.1.1-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 2.1.1](https://img.shields.io/badge/AppVersion-2.1.1-informational?style=flat-square) +![Version: 2.1.2](https://img.shields.io/badge/Version-2.1.2-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 2.1.2](https://img.shields.io/badge/AppVersion-2.1.2-informational?style=flat-square) ## How to use Datadog Helm repository @@ -110,7 +110,7 @@ The command removes all the Kubernetes components associated with the chart and | image.pullPolicy | string | `"IfNotPresent"` | Specify the [pullPolicy](https://kubernetes.io/docs/concepts/containers/images/#image-pull-policy). | | image.pullSecrets | list | `[]` | Specify the [imagePullSecrets](https://kubernetes.io/docs/concepts/containers/images/#specifying-imagepullsecrets-on-a-pod). | | image.repository | string | `"gcr.io/datadoghq"` | Specify the image repository to use. | -| image.tag | string | `"2.1.1"` | Specify the image tag to use. | +| image.tag | string | `"2.1.2"` | Specify the image tag to use. | | ingress.annotations | object | `{}` | Specify annotations for the Ingress. | | ingress.className | string | `""` | Specify the [ingressClassName](https://kubernetes.io/blog/2020/04/02/improvements-to-the-ingress-api-in-kubernetes-1.18/#specifying-the-class-of-an-ingress), requires Kubernetes >= 1.18. | | ingress.enabled | bool | `false` | If **true**, create an Ingress resource. | diff --git a/charts/observability-pipelines-worker/values.yaml b/charts/observability-pipelines-worker/values.yaml index 480904e3c..a01b2b500 100644 --- a/charts/observability-pipelines-worker/values.yaml +++ b/charts/observability-pipelines-worker/values.yaml @@ -42,7 +42,7 @@ image: # image.name -- Specify the image name to use (relative to `image.repository`). name: observability-pipelines-worker # image.tag -- Specify the image tag to use. - tag: 2.1.1 + tag: 2.1.2 # image.digest -- (string) Specify the image digest to use; takes precedence over `image.tag`. digest: ## Currently, we offer images at: From 92beb9a2522e72dad4a55659bca7dc7cff119412 Mon Sep 17 00:00:00 2001 From: Steven Blumenthal Date: Mon, 29 Jul 2024 11:52:00 -0400 Subject: [PATCH 090/209] Set default `Agent` and `Cluster-Agent` version to `7.55.2` (#1468) --- charts/datadog/CHANGELOG.md | 5 +++++ charts/datadog/Chart.yaml | 2 +- charts/datadog/README.md | 8 ++++---- charts/datadog/values.yaml | 6 +++--- 4 files changed, 13 insertions(+), 8 deletions(-) diff --git a/charts/datadog/CHANGELOG.md b/charts/datadog/CHANGELOG.md index 36bf81720..f39630cc9 100644 --- a/charts/datadog/CHANGELOG.md +++ b/charts/datadog/CHANGELOG.md @@ -1,10 +1,15 @@ # Datadog changelog +## 3.69.1 + +* Set default `Agent` and `Cluster-Agent` version to `7.55.2`. + ## 3.69.0 * Add support OTel Agent container. OTel Agent is Datadog's distribution of OTel collector. ## 3.68.2 + * Fix datadog.containerLifecycle.enabled conditional statement to accept flase value ## 3.68.1 diff --git a/charts/datadog/Chart.yaml b/charts/datadog/Chart.yaml index 7971a81fc..3dd9eba68 100644 --- a/charts/datadog/Chart.yaml +++ b/charts/datadog/Chart.yaml @@ -1,6 +1,6 @@ apiVersion: v1 name: datadog -version: 3.69.0 +version: 3.69.1 appVersion: "7" description: Datadog Agent keywords: diff --git a/charts/datadog/README.md b/charts/datadog/README.md index aa2fecfab..5f7851fbb 100644 --- a/charts/datadog/README.md +++ b/charts/datadog/README.md @@ -1,6 +1,6 @@ # Datadog -![Version: 3.69.0](https://img.shields.io/badge/Version-3.69.0-informational?style=flat-square) ![AppVersion: 7](https://img.shields.io/badge/AppVersion-7-informational?style=flat-square) +![Version: 3.69.1](https://img.shields.io/badge/Version-3.69.1-informational?style=flat-square) ![AppVersion: 7](https://img.shields.io/badge/AppVersion-7-informational?style=flat-square) [Datadog](https://www.datadoghq.com/) is a hosted infrastructure monitoring platform. This chart adds the Datadog Agent to all nodes in your cluster via a DaemonSet. It also optionally depends on the [kube-state-metrics chart](https://github.com/prometheus-community/helm-charts/tree/main/charts/kube-state-metrics). For more information about monitoring Kubernetes with Datadog, please refer to the [Datadog documentation website](https://docs.datadoghq.com/agent/basic_agent_usage/kubernetes/). @@ -515,7 +515,7 @@ helm install \ | agents.image.pullPolicy | string | `"IfNotPresent"` | Datadog Agent image pull policy | | agents.image.pullSecrets | list | `[]` | Datadog Agent repository pullSecret (ex: specify docker registry credentials) | | agents.image.repository | string | `nil` | Override default registry + image.name for Agent | -| agents.image.tag | string | `"7.55.1"` | Define the Agent version to use | +| agents.image.tag | string | `"7.55.2"` | Define the Agent version to use | | agents.image.tagSuffix | string | `""` | Suffix to append to Agent tag | | agents.localService.forceLocalServiceEnabled | bool | `false` | Force the creation of the internal traffic policy service to target the agent running on the local node. By default, the internal traffic service is created only on Kubernetes 1.22+ where the feature became beta and enabled by default. This option allows to force the creation of the internal traffic service on kubernetes 1.21 where the feature was alpha and required a feature gate to be explicitly enabled. | | agents.localService.overrideName | string | `""` | Name of the internal traffic service to target the agent running on the local node | @@ -590,7 +590,7 @@ helm install \ | clusterAgent.image.pullPolicy | string | `"IfNotPresent"` | Cluster Agent image pullPolicy | | clusterAgent.image.pullSecrets | list | `[]` | Cluster Agent repository pullSecret (ex: specify docker registry credentials) | | clusterAgent.image.repository | string | `nil` | Override default registry + image.name for Cluster Agent | -| clusterAgent.image.tag | string | `"7.55.1"` | Cluster Agent image tag to use | +| clusterAgent.image.tag | string | `"7.55.2"` | Cluster Agent image tag to use | | clusterAgent.livenessProbe | object | Every 15s / 6 KO / 1 OK | Override default Cluster Agent liveness probe settings | | clusterAgent.metricsProvider.aggregator | string | `"avg"` | Define the aggregator the cluster agent will use to process the metrics. The options are (avg, min, max, sum) | | clusterAgent.metricsProvider.createReaderRbac | bool | `true` | Create `external-metrics-reader` RBAC automatically (to allow HPA to read data from Cluster Agent) | @@ -642,7 +642,7 @@ helm install \ | clusterChecksRunner.image.pullPolicy | string | `"IfNotPresent"` | Datadog Agent image pull policy | | clusterChecksRunner.image.pullSecrets | list | `[]` | Datadog Agent repository pullSecret (ex: specify docker registry credentials) | | clusterChecksRunner.image.repository | string | `nil` | Override default registry + image.name for Cluster Check Runners | -| clusterChecksRunner.image.tag | string | `"7.55.1"` | Define the Agent version to use | +| clusterChecksRunner.image.tag | string | `"7.55.2"` | Define the Agent version to use | | clusterChecksRunner.image.tagSuffix | string | `""` | Suffix to append to Agent tag | | clusterChecksRunner.livenessProbe | object | Every 15s / 6 KO / 1 OK | Override default agent liveness probe settings | | clusterChecksRunner.networkPolicy.create | bool | `false` | If true, create a NetworkPolicy for the cluster checks runners. DEPRECATED. Use datadog.networkPolicy.create instead | diff --git a/charts/datadog/values.yaml b/charts/datadog/values.yaml index 2e7396e5f..d0d1ded04 100644 --- a/charts/datadog/values.yaml +++ b/charts/datadog/values.yaml @@ -955,7 +955,7 @@ clusterAgent: name: cluster-agent # clusterAgent.image.tag -- Cluster Agent image tag to use - tag: 7.55.1 + tag: 7.55.2 # clusterAgent.image.digest -- Cluster Agent image digest to use, takes precedence over tag if specified digest: "" @@ -1448,7 +1448,7 @@ agents: name: agent # agents.image.tag -- Define the Agent version to use - tag: 7.55.1 + tag: 7.55.2 # agents.image.digest -- Define Agent image digest to use, takes precedence over tag if specified digest: "" @@ -1954,7 +1954,7 @@ clusterChecksRunner: name: agent # clusterChecksRunner.image.tag -- Define the Agent version to use - tag: 7.55.1 + tag: 7.55.2 # clusterChecksRunner.image.digest -- Define Agent image digest to use, takes precedence over tag if specified digest: "" From 72fdf7f859ed2b4d69118e244084034439239c14 Mon Sep 17 00:00:00 2001 From: Kelly Sun <42001404+ksun154@users.noreply.github.com> Date: Thu, 1 Aug 2024 13:47:12 -0400 Subject: [PATCH 091/209] [APF-14][APPS-1875] Add Private Action Runner helm chart (#1465) * add private-action-runner * fix description * add CODEOWNER * fix * let customer name the namespace * udpate chart name * address comments * fixes * more fixes * change namespace back * fix namespace and rename override * missed change * update README * Apply suggestions from code review apply doc suggestions Co-authored-by: Sandra (neko) <165049174+neko-dd@users.noreply.github.com> * clean up values * more cleanup * fix comment * title and version * versions * address comment --------- Co-authored-by: Sandra (neko) <165049174+neko-dd@users.noreply.github.com> Co-authored-by: Fanny Jiang --- .github/CODEOWNERS | 1 + charts/private-action-runner/.helmignore | 23 ++++ charts/private-action-runner/CHANGELOG.md | 5 + charts/private-action-runner/Chart.yaml | 18 +++ charts/private-action-runner/README.md | 54 +++++++++ charts/private-action-runner/README.md.gotmpl | 40 +++++++ .../ci/kubeconform-values.yaml | 0 .../examples/config.yaml | 33 ++++++ .../private-action-runner/templates/NOTES.txt | 0 .../templates/_helpers.tpl | 6 + .../templates/deployment.yaml | 57 +++++++++ .../private-action-runner/templates/role.yaml | 9 ++ .../templates/rolebinding.yaml | 16 +++ .../templates/secrets.yaml | 23 ++++ .../templates/service.yaml | 15 +++ .../templates/serviceaccount.yaml | 8 ++ charts/private-action-runner/values.yaml | 108 ++++++++++++++++++ 17 files changed, 416 insertions(+) create mode 100644 charts/private-action-runner/.helmignore create mode 100644 charts/private-action-runner/CHANGELOG.md create mode 100644 charts/private-action-runner/Chart.yaml create mode 100644 charts/private-action-runner/README.md create mode 100644 charts/private-action-runner/README.md.gotmpl create mode 100644 charts/private-action-runner/ci/kubeconform-values.yaml create mode 100644 charts/private-action-runner/examples/config.yaml create mode 100644 charts/private-action-runner/templates/NOTES.txt create mode 100644 charts/private-action-runner/templates/_helpers.tpl create mode 100644 charts/private-action-runner/templates/deployment.yaml create mode 100644 charts/private-action-runner/templates/role.yaml create mode 100644 charts/private-action-runner/templates/rolebinding.yaml create mode 100644 charts/private-action-runner/templates/secrets.yaml create mode 100644 charts/private-action-runner/templates/service.yaml create mode 100644 charts/private-action-runner/templates/serviceaccount.yaml create mode 100644 charts/private-action-runner/values.yaml diff --git a/.github/CODEOWNERS b/.github/CODEOWNERS index 262d861ec..24d14b28a 100644 --- a/.github/CODEOWNERS +++ b/.github/CODEOWNERS @@ -17,3 +17,4 @@ charts/datadog/templates/_system-probe-init.yaml @DataDog/ebpf-platform @D charts/datadog/templates/system-probe-configmap.yaml @DataDog/ebpf-platform @DataDog/container-helm-chart-maintainers charts/synthetics-private-location/ @Datadog/synthetics charts/observability-pipelines-worker @DataDog/observability-pipelines +charts/private-action-runner @DataDog/action-platform diff --git a/charts/private-action-runner/.helmignore b/charts/private-action-runner/.helmignore new file mode 100644 index 000000000..691fa13d6 --- /dev/null +++ b/charts/private-action-runner/.helmignore @@ -0,0 +1,23 @@ +# Patterns to ignore when building packages. +# This supports shell glob matching, relative path matching, and +# negation (prefixed with !). Only one pattern per line. +.DS_Store +# Common VCS dirs +.git/ +.gitignore +.bzr/ +.bzrignore +.hg/ +.hgignore +.svn/ +# Common backup files +*.swp +*.bak +*.tmp +*.orig +*~ +# Various IDEs +.project +.idea/ +*.tmproj +.vscode/ \ No newline at end of file diff --git a/charts/private-action-runner/CHANGELOG.md b/charts/private-action-runner/CHANGELOG.md new file mode 100644 index 000000000..6d0fc4185 --- /dev/null +++ b/charts/private-action-runner/CHANGELOG.md @@ -0,0 +1,5 @@ +# Datadog changelog + +### 0.1.0 + +* Initial version diff --git a/charts/private-action-runner/Chart.yaml b/charts/private-action-runner/Chart.yaml new file mode 100644 index 000000000..b7303372c --- /dev/null +++ b/charts/private-action-runner/Chart.yaml @@ -0,0 +1,18 @@ +apiVersion: v2 +name: private-action-runner +description: A Helm chart to deploy the private action runner + +type: application +version: 0.1.0 +appVersion: "1.22.0" +keywords: +- app builder +- workflow automation +home: https://www.datadoghq.com +icon: https://datadog-live.imgix.net/img/dd_logo_70x75.png +sources: +- https://docs.datadoghq.com/service_management/workflows/private_actions +- https://app.datadoghq.com/app-builder/private-action-runners +maintainers: +- name: Datadog + email: support@datadoghq.com diff --git a/charts/private-action-runner/README.md b/charts/private-action-runner/README.md new file mode 100644 index 000000000..871a0c003 --- /dev/null +++ b/charts/private-action-runner/README.md @@ -0,0 +1,54 @@ +# Datadog Private Action Runner + +![Version: 0.1.0](https://img.shields.io/badge/Version-0.1.0-informational?style=flat-square) ![AppVersion: v0.0.1-alpha23](https://img.shields.io/badge/AppVersion-v0.0.1--alpha23-informational?style=flat-square) + +This Helm Chart deploys the Datadog Private Action runner inside a Kubernetes cluster. It allows you to use private actions from the Datadog Workflow and Datadog App Builder products. When deploying this chart, you can give permissions to the runner in order to be able to run Kubernetes actions. + +## Requirements +* A Datadog account with private actions enabled +* The `kubectl` cli +* Helm +* Sufficient permissions to the Kubernetes cluster + +## Use this chart + +1. Go to the [private action runner tab](https://app.datadoghq.com/workflow/private-action-runners). +2. Create a new private action runner. +3. Follow the instructions. You now have a running docker container and `config/config.yaml` file. +4. Stop the docker container (`docker stop ` or `docker compose stop`). +5. Create a `config.yaml` file with the appropriate values. An example `config.yaml` file is provided in the `examples` directory for you to copy. + * Replace the `URN_FROM_CONFIG` and the `PRIVATE_KEY_FROM_CONFIG` in the example file with with the `urn` and the `privateKey` from the `config/config.yaml` of the docker container. + * You can reconfigure other values or use the defaults in the example. +6. Add this repository to your Helm repositories: + ``` + helm repo add datadog https://helm.datadoghq.com + helm repo update + ``` +7. Install the Helm chart: + ```bash + helm install datadog/private-action-runner -f ./config.yaml + ``` +8. Go to the [Workflow connections page](https://app.datadoghq.com/workflow/connections). +9. Create a new connection, select your private action runner, and use **Service account authentication**. +10. Create a new workflow and use a Kubernetes action like **List pod** or **List deployment**. + +## Going further +* Adjust the service account permissions according to your needs. Learn more about [Kubernetes RBAC](https://kubernetes.io/docs/reference/access-authn-authz/rbac). +* Deploy several runners with different permissions or create different connections according to your needs. +* Learn more about [Private actions](https://docs.datadoghq.com/service_management/app_builder/private_actions). + +## Values + +| Key | Type | Default | Description | +|-----|------|---------|-------------| +| common.image | string | `"us-east4-docker.pkg.dev/datadog-sandbox/apps-on-prem/onprem-runner:v0.0.1-alpha23"` | Current Datadog Private Action Runner image | +| runners[0].config | object | `{"actionsAllowlist":["com.datadoghq.kubernetes.core.listPod"],"appBuilder":{"port":9016},"ddBaseURL":"https://app.datadoghq.com","modes":["workflowAutomation","appBuilder"],"privateKey":"PRIVATE_KEY_FROM_CONFIG","urn":"URN_FROM_CONFIG"}` | Configuration for the Datadog Private Action Runner | +| runners[0].config.actionsAllowlist | list | `["com.datadoghq.kubernetes.core.listPod"]` | List of actions that the Datadog Private Action Runner is allowed to execute | +| runners[0].config.appBuilder.port | int | `9016` | Required port for App Builder Mode | +| runners[0].config.ddBaseURL | string | `"https://app.datadoghq.com"` | Base URL of the Datadog app | +| runners[0].config.modes | list | `["workflowAutomation","appBuilder"]` | Modes that the runner can run in | +| runners[0].config.privateKey | string | `"PRIVATE_KEY_FROM_CONFIG"` | The runner's privateKey from the enrollment page | +| runners[0].config.urn | string | `"URN_FROM_CONFIG"` | The runner's URN from the enrollment page | +| runners[0].kubernetesPermissions | list | `[{"apiGroups":[""],"resources":["pods"],"verbs":["list","get"]},{"apiGroups":["apps"],"resources":["deployments"],"verbs":["list","get"]}]` | List of Kubernetes permissions that the Datadog Private Action Runner has | +| runners[0].name | string | `"default"` | Name of the Datadog Private Action Runner | +| runners[0].replicas | int | `1` | Number of pod instances for the Datadog Private Action Runner | \ No newline at end of file diff --git a/charts/private-action-runner/README.md.gotmpl b/charts/private-action-runner/README.md.gotmpl new file mode 100644 index 000000000..0b9484bca --- /dev/null +++ b/charts/private-action-runner/README.md.gotmpl @@ -0,0 +1,40 @@ +# Datadog Private Action Runner + +![Version: 0.1.0](https://img.shields.io/badge/Version-0.1.0-informational?style=flat-square) ![AppVersion: v0.0.1-alpha23](https://img.shields.io/badge/AppVersion-v0.0.1--alpha23-informational?style=flat-square) + +This Helm Chart deploys the Datadog Private Action runner inside a Kubernetes cluster. It allows you to use private actions from the Datadog Workflow and Datadog App Builder products. When deploying this chart, you can give permissions to the runner in order to be able to run Kubernetes actions. + +## Requirements +* A Datadog account with private actions enabled +* The `kubectl` cli +* Helm +* Sufficient permissions to the Kubernetes cluster + +## Use this chart + +1. Go to the [private action runner tab](https://app.datadoghq.com/workflow/private-action-runners). +2. Create a new private action runner. +3. Follow the instructions. You now have a running docker container and `config/config.yaml` file. +4. Stop the docker container (`docker stop ` or `docker compose stop`). +5. Create a `config.yaml` file with the appropriate values. An example `config.yaml` file is provided in the `examples` directory for you to copy. + * Replace the `URN_FROM_CONFIG` and the `PRIVATE_KEY_FROM_CONFIG` in the example file with with the `urn` and the `privateKey` from the `config/config.yaml` of the docker container. + * You can reconfigure other values or use the defaults in the example. +6. Add this repository to your Helm repositories: + ``` + helm repo add datadog https://helm.datadoghq.com + helm repo update + ``` +7. Install the Helm chart: + ```bash + helm install datadog/private-action-runner -f ./config.yaml + ``` +8. Go to the [Workflow connections page](https://app.datadoghq.com/workflow/connections). +9. Create a new connection, select your private action runner, and use **Service account authentication**. +10. Create a new workflow and use a Kubernetes action like **List pod** or **List deployment**. + +## Going further +* Adjust the service account permissions according to your needs. Learn more about [Kubernetes RBAC](https://kubernetes.io/docs/reference/access-authn-authz/rbac). +* Deploy several runners with different permissions or create different connections according to your needs. +* Learn more about [Private actions](https://docs.datadoghq.com/service_management/app_builder/private_actions). + +{{ template "chart.valuesSection" . }} \ No newline at end of file diff --git a/charts/private-action-runner/ci/kubeconform-values.yaml b/charts/private-action-runner/ci/kubeconform-values.yaml new file mode 100644 index 000000000..e69de29bb diff --git a/charts/private-action-runner/examples/config.yaml b/charts/private-action-runner/examples/config.yaml new file mode 100644 index 000000000..dd59c8f20 --- /dev/null +++ b/charts/private-action-runner/examples/config.yaml @@ -0,0 +1,33 @@ +runners: + - name: "custom-runner" + kubernetesPermissions: + - apiGroups: + - "" + resources: + - "pods" + verbs: + - "list" + - "get" + - "create" + - "patch" + - "update" + - "delete" + - apiGroups: + - "apps" + resources: + - "deployments" + verbs: + - "list" + - "get" + - "create" + - "patch" + - "update" + - "delete" + config: + urn: "URN_FROM_CONFIG" + privateKey: "PRIVATE_KEY_FROM_CONFIG" + modes: ["workflowAutomation", "appBuilder"] + actionsAllowlist: + - com.datadoghq.kubernetes.core.listPod + - com.datadoghq.http.request + - com.datadoghq.jenkins.buildJenkinsJob \ No newline at end of file diff --git a/charts/private-action-runner/templates/NOTES.txt b/charts/private-action-runner/templates/NOTES.txt new file mode 100644 index 000000000..e69de29bb diff --git a/charts/private-action-runner/templates/_helpers.tpl b/charts/private-action-runner/templates/_helpers.tpl new file mode 100644 index 000000000..4d801c7ab --- /dev/null +++ b/charts/private-action-runner/templates/_helpers.tpl @@ -0,0 +1,6 @@ +{{- define "chart.deploymentName" }} "private-action-runner-{{.}}" {{ end }} +{{- define "chart.serviceAccountName" }} "private-action-runner-{{.}}-serviceaccount" {{ end }} +{{- define "chart.roleName" }} "private-action-runner-{{.}}-role" {{ end }} +{{- define "chart.roleBindingName" }} "private-action-runner-{{.}}-rolebinding" {{ end }} +{{- define "chart.serviceName" }} "private-action-runner-{{.}}-service" {{ end }} +{{- define "chart.secretName" }} "private-action-runner-{{.}}-secrets" {{ end }} diff --git a/charts/private-action-runner/templates/deployment.yaml b/charts/private-action-runner/templates/deployment.yaml new file mode 100644 index 000000000..1d90e8e37 --- /dev/null +++ b/charts/private-action-runner/templates/deployment.yaml @@ -0,0 +1,57 @@ +{{- range $_, $runner := $.Values.runners }} +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + name: {{ include "chart.deploymentName" $runner.name }} + namespace: {{ $.Release.Namespace }} + labels: + service: {{ include "chart.deploymentName" $runner.name }} + app: {{ include "chart.deploymentName" $runner.name }} +spec: + minReadySeconds: 10 + replicas: {{ $runner.replicas }} + selector: + matchLabels: + service: {{ include "chart.deploymentName" $runner.name }} + template: + metadata: + labels: + service: {{ include "chart.deploymentName" $runner.name }} + annotations: + config-hash: {{ $runner.config | toJson | sha256sum }} + spec: + serviceAccountName: {{ include "chart.serviceAccountName" $runner.name }} + tolerations: + - effect: NoSchedule + key: node + operator: Equal + value: nodeless + containers: + - name: runner + image: {{ $.Values.common.image }} + imagePullPolicy: IfNotPresent + ports: + - name: http + containerPort: 9016 + resources: + limits: + cpu: 250m + memory: 2Gi + requests: + cpu: 250m + memory: 2Gi + volumeMounts: + - name: secrets + mountPath: /etc/dd-action-runner + env: + # Node memory limits + - name: NODE_OPTIONS + # See https://nodejs.org/docs/latest-v16.x/api/cli.html#--max-old-space-sizesize-in-megabytes + # 75% of memory limit/request + value: "--max-old-space-size=1536" + volumes: + - name: secrets + secret: + secretName: {{ include "chart.secretName" $runner.name }} +{{- end }} diff --git a/charts/private-action-runner/templates/role.yaml b/charts/private-action-runner/templates/role.yaml new file mode 100644 index 000000000..33aebe741 --- /dev/null +++ b/charts/private-action-runner/templates/role.yaml @@ -0,0 +1,9 @@ +{{- range $_, $runner := $.Values.runners }} +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + namespace: {{ $.Release.Namespace }} + name: {{ include "chart.roleName" $runner.name }} +rules: {{ $runner.kubernetesPermissions | toJson }} +{{- end }} \ No newline at end of file diff --git a/charts/private-action-runner/templates/rolebinding.yaml b/charts/private-action-runner/templates/rolebinding.yaml new file mode 100644 index 000000000..380dad8e5 --- /dev/null +++ b/charts/private-action-runner/templates/rolebinding.yaml @@ -0,0 +1,16 @@ +{{- range $_, $runner := $.Values.runners }} +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: {{ include "chart.roleBindingName" $runner.name }} + namespace: {{ $.Release.Namespace }} +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: {{ include "chart.roleName" $runner.name }} +subjects: + - kind: ServiceAccount + name: {{ include "chart.serviceAccountName" $runner.name }} + namespace: {{ $.Release.Namespace }} +{{- end }} \ No newline at end of file diff --git a/charts/private-action-runner/templates/secrets.yaml b/charts/private-action-runner/templates/secrets.yaml new file mode 100644 index 000000000..bf38ba52b --- /dev/null +++ b/charts/private-action-runner/templates/secrets.yaml @@ -0,0 +1,23 @@ +{{- range $_, $runner := $.Values.runners }} +--- +apiVersion: v1 +kind: Secret +metadata: + name: {{ include "chart.secretName" $runner.name }} + namespace: {{ $.Release.Namespace }} +stringData: + config.yaml: | + ddBaseURL: {{ $runner.config.ddBaseURL }} + urn: {{ $runner.config.urn }} + privateKey: {{ $runner.config.privateKey }} + modes: + {{- range $mode := $runner.config.modes }} + - {{ $mode }} + {{- end }} + appBuilder: + port: {{ $runner.config.appBuilder.port }} + actionsAllowlist: + {{- range $action := $runner.config.actionsAllowlist }} + - {{ $action }} + {{- end }} +{{- end }} \ No newline at end of file diff --git a/charts/private-action-runner/templates/service.yaml b/charts/private-action-runner/templates/service.yaml new file mode 100644 index 000000000..fc1e4e189 --- /dev/null +++ b/charts/private-action-runner/templates/service.yaml @@ -0,0 +1,15 @@ +{{- range $_, $runner := $.Values.runners }} +--- +apiVersion: v1 +kind: Service +metadata: + name: {{ include "chart.serviceName" $runner.name }} + namespace: {{ $.Release.Namespace }} +spec: + selector: + service: {{ include "chart.serviceName" $runner.name }} + ports: + - name: http + port: 9016 + targetPort: 9016 +{{- end }} \ No newline at end of file diff --git a/charts/private-action-runner/templates/serviceaccount.yaml b/charts/private-action-runner/templates/serviceaccount.yaml new file mode 100644 index 000000000..d42eab1e5 --- /dev/null +++ b/charts/private-action-runner/templates/serviceaccount.yaml @@ -0,0 +1,8 @@ +{{- range $_, $runner := $.Values.runners }} +--- +apiVersion: v1 +kind: ServiceAccount +metadata: + name: {{ include "chart.serviceAccountName" $runner.name }} + namespace: {{ $.Release.Namespace }} +{{- end }} \ No newline at end of file diff --git a/charts/private-action-runner/values.yaml b/charts/private-action-runner/values.yaml new file mode 100644 index 000000000..67d7cf5cc --- /dev/null +++ b/charts/private-action-runner/values.yaml @@ -0,0 +1,108 @@ +# Default values for private-action-runner. +# This is a YAML-formatted file. +# Declare variables to be passed into your templates. + +common: + # -- Current Datadog Private Action Runner image + image: us-east4-docker.pkg.dev/datadog-sandbox/apps-on-prem/onprem-runner:v0.0.1-alpha23 + +runners: + # runners[0].name -- Name of the Datadog Private Action Runner + - name: "default" + # -- Number of pod instances for the Datadog Private Action Runner + replicas: 1 + # -- List of Kubernetes permissions that the Datadog Private Action Runner has + kubernetesPermissions: + - apiGroups: + - "" + resources: + - "pods" + verbs: + - "list" + - "get" + # - "create" + # - "patch" + # - "update" + # - "delete" + - apiGroups: + - "apps" + resources: + - "deployments" + verbs: + - "list" + - "get" + # - "create" + # - "patch" + # - "update" + # - "delete" + # -- Configuration for the Datadog Private Action Runner + config: + # -- Base URL of the Datadog app + ddBaseURL: "https://app.datadoghq.com" + # -- The runner's URN from the enrollment page + urn: "URN_FROM_CONFIG" + # -- The runner's privateKey from the enrollment page + privateKey: "PRIVATE_KEY_FROM_CONFIG" + # -- Modes that the runner can run in + modes: ["workflowAutomation", "appBuilder"] + appBuilder: + # -- Required port for App Builder Mode + port: 9016 + # -- List of actions that the Datadog Private Action Runner is allowed to execute + actionsAllowlist: + - com.datadoghq.kubernetes.core.listPod + # you can also add from the following list + # - com.datadoghq.http.request + # - com.datadoghq.jenkins.buildJenkinsJob + # - com.datadoghq.jenkins.deleteJenkinsJob + # - com.datadoghq.jenkins.getJobStatus + # - com.datadoghq.kubernetes.apps.createDeployment + # - com.datadoghq.kubernetes.apps.getControllerRevision + # - com.datadoghq.kubernetes.apps.getDaemonSet + # - com.datadoghq.kubernetes.apps.getDeployment + # - com.datadoghq.kubernetes.apps.getReplicaSet + # - com.datadoghq.kubernetes.apps.getStatefulSet + # - com.datadoghq.kubernetes.apps.listControllerRevision + # - com.datadoghq.kubernetes.apps.listDaemonSet + # - com.datadoghq.kubernetes.apps.listDeployment + # - com.datadoghq.kubernetes.apps.listReplicaSet + # - com.datadoghq.kubernetes.apps.listStatefulSet + # - com.datadoghq.kubernetes.apps.restartDeployment + # - com.datadoghq.kubernetes.apps.updateDeployment + # - com.datadoghq.kubernetes.apps.updateReplicaSet + # - com.datadoghq.kubernetes.core.createNode + # - com.datadoghq.kubernetes.core.createPod + # - com.datadoghq.kubernetes.core.deleteMultiplePods + # - com.datadoghq.kubernetes.core.deletePod + # - com.datadoghq.kubernetes.core.getConfigMap + # - com.datadoghq.kubernetes.core.getEndpoints + # - com.datadoghq.kubernetes.core.getEvent + # - com.datadoghq.kubernetes.core.getLimitRange + # - com.datadoghq.kubernetes.core.getNamespace + # - com.datadoghq.kubernetes.core.getNode + # - com.datadoghq.kubernetes.core.getPersistentVolume + # - com.datadoghq.kubernetes.core.getPersistentVolumeClaim + # - com.datadoghq.kubernetes.core.getPod + # - com.datadoghq.kubernetes.core.getPodTemplate + # - com.datadoghq.kubernetes.core.getReplicationController + # - com.datadoghq.kubernetes.core.getResourceQuota + # - com.datadoghq.kubernetes.core.getService + # - com.datadoghq.kubernetes.core.getServiceAccount + # - com.datadoghq.kubernetes.core.listConfigMap + # - com.datadoghq.kubernetes.core.listEndpoints + # - com.datadoghq.kubernetes.core.listEvent + # - com.datadoghq.kubernetes.core.listLimitRange + # - com.datadoghq.kubernetes.core.listNamespace + # - com.datadoghq.kubernetes.core.listNode + # - com.datadoghq.kubernetes.core.listPersistentVolume + # - com.datadoghq.kubernetes.core.listPersistentVolumeClaim + # - com.datadoghq.kubernetes.core.listPodTemplate + # - com.datadoghq.kubernetes.core.listReplicationController + # - com.datadoghq.kubernetes.core.listResourceQuota + # - com.datadoghq.kubernetes.core.listService + # - com.datadoghq.kubernetes.core.listServiceAccount + # - com.datadoghq.kubernetes.core.updatePod + # - com.datadoghq.postgresql.select + # - com.datadoghq.temporal.getWorkflowResult + # - com.datadoghq.temporal.listWorkflows + # - com.datadoghq.temporal.runWorkflow From 42c66c6a28f0c08f38e810fe3e3436e881b42cfd Mon Sep 17 00:00:00 2001 From: Vincent Boulineau <58430298+vboulineau@users.noreply.github.com> Date: Thu, 1 Aug 2024 20:53:09 +0200 Subject: [PATCH 092/209] Add support for enabling autoscaling (#1442) --- charts/datadog-crds/Chart.yaml | 2 +- charts/datadog-crds/README.md | 3 +- ...atadoghq.com_datadogpodautoscalers_v1.yaml | 613 ++++++++++++++++++ charts/datadog-crds/update-crds.sh | 1 + charts/datadog-crds/values.yaml | 2 + charts/datadog-operator/Chart.yaml | 2 +- charts/datadog-operator/README.md | 3 +- charts/datadog-operator/values.yaml | 2 + charts/datadog/CHANGELOG.md | 4 + charts/datadog/Chart.yaml | 2 +- charts/datadog/README.md | 7 +- charts/datadog/ci/autoscaling.yaml | 14 + ...s.yaml => no-hardened-seccomp-values.yaml} | 0 charts/datadog/requirements.lock | 4 +- charts/datadog/requirements.yaml | 2 +- charts/datadog/templates/NOTES.txt | 10 + charts/datadog/templates/_helpers.tpl | 2 +- .../templates/cluster-agent-deployment.yaml | 6 +- .../datadog/templates/cluster-agent-rbac.yaml | 67 +- charts/datadog/values.yaml | 6 +- crds/datadoghq.com_datadogpodautoscalers.yaml | 606 +++++++++++++++++ 21 files changed, 1342 insertions(+), 16 deletions(-) create mode 100644 charts/datadog-crds/templates/datadoghq.com_datadogpodautoscalers_v1.yaml create mode 100644 charts/datadog/ci/autoscaling.yaml rename charts/datadog/ci/{no_hardened_seccomp-values.yaml => no-hardened-seccomp-values.yaml} (100%) create mode 100644 crds/datadoghq.com_datadogpodautoscalers.yaml diff --git a/charts/datadog-crds/Chart.yaml b/charts/datadog-crds/Chart.yaml index 8a12c195c..e5fd9edc4 100644 --- a/charts/datadog-crds/Chart.yaml +++ b/charts/datadog-crds/Chart.yaml @@ -1,7 +1,7 @@ apiVersion: v1 name: datadog-crds description: Datadog Kubernetes CRDs chart -version: 1.7.0 +version: 1.7.1 appVersion: "1" keywords: - monitoring diff --git a/charts/datadog-crds/README.md b/charts/datadog-crds/README.md index e26fde96d..eb1de55d5 100644 --- a/charts/datadog-crds/README.md +++ b/charts/datadog-crds/README.md @@ -1,6 +1,6 @@ # Datadog CRDs -![Version: 1.7.0](https://img.shields.io/badge/Version-1.7.0-informational?style=flat-square) ![AppVersion: 1](https://img.shields.io/badge/AppVersion-1-informational?style=flat-square) +![Version: 1.7.1](https://img.shields.io/badge/Version-1.7.1-informational?style=flat-square) ![AppVersion: 1](https://img.shields.io/badge/AppVersion-1-informational?style=flat-square) This chart was designed to allow other "datadog" charts to share `CustomResourceDefinitions` such as the `DatadogMetric`. @@ -26,6 +26,7 @@ But the recommended Kubernetes versions are `1.16+`. | crds.datadogAgents | bool | `false` | Set to true to deploy the DatadogAgents CRD | | crds.datadogMetrics | bool | `false` | Set to true to deploy the DatadogMetrics CRD | | crds.datadogMonitors | bool | `false` | Set to true to deploy the DatadogMonitors CRD | +| crds.datadogPodAutoscalers | bool | `false` | Set to true to deploy the DatadogPodAutoscalers CRD | | crds.datadogSLOs | bool | `false` | Set to true to deploy the DatadogSLO CRD | | fullnameOverride | string | `""` | Override the fully qualified app name | | migration.datadogAgents.conversionWebhook.enabled | bool | `false` | | diff --git a/charts/datadog-crds/templates/datadoghq.com_datadogpodautoscalers_v1.yaml b/charts/datadog-crds/templates/datadoghq.com_datadogpodautoscalers_v1.yaml new file mode 100644 index 000000000..ca602ddda --- /dev/null +++ b/charts/datadog-crds/templates/datadoghq.com_datadogpodautoscalers_v1.yaml @@ -0,0 +1,613 @@ +{{- if and .Values.crds.datadogPodAutoscalers (semverCompare ">1.21-0" .Capabilities.KubeVersion.GitVersion ) }} +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.14.0 + name: datadogpodautoscalers.datadoghq.com + labels: + helm.sh/chart: '{{ include "datadog-crds.chart" . }}' + app.kubernetes.io/managed-by: '{{ .Release.Service }}' + app.kubernetes.io/name: '{{ include "datadog-crds.name" . }}' + app.kubernetes.io/instance: '{{ .Release.Name }}' +spec: + group: datadoghq.com + names: + kind: DatadogPodAutoscaler + listKind: DatadogPodAutoscalerList + plural: datadogpodautoscalers + shortNames: + - dpa + singular: datadogpodautoscaler + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .spec.policy.applyMode + name: Apply Mode + type: string + - jsonPath: .status.conditions[?(@.type=='Active')].status + name: Active + type: string + - jsonPath: .status.conditions[?(@.type=='Error')].status + name: In Error + type: string + - jsonPath: .status.horizontal.target.desiredReplicas + name: Desired Replicas + type: integer + - jsonPath: .status.horizontal.target.generatedAt + name: Generated + type: date + - jsonPath: .status.conditions[?(@.type=='HorizontalAbleToScale')].status + name: Able to Scale + type: string + - jsonPath: .status.horizontal.lastAction.time + name: Last Scale + type: date + - jsonPath: .status.vertical.target.podCPURequest + name: Target CPU Req + type: string + - jsonPath: .status.vertical.target.podMemoryRequest + name: Target Memory Req + type: string + - jsonPath: .status.vertical.target.generatedAt + name: Generated + type: date + - jsonPath: .status.conditions[?(@.type=='VerticalAbleToApply')].status + name: Able to Apply + type: string + - jsonPath: .status.vertical.lastAction.time + name: Last Trigger + type: date + name: v1alpha1 + schema: + openAPIV3Schema: + description: DatadogPodAutoscaler is the Schema for the datadogpodautoscalers API + properties: + apiVersion: + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + type: string + kind: + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + metadata: + type: object + spec: + description: DatadogPodAutoscalerSpec defines the desired state of DatadogPodAutoscaler + properties: + constraints: + description: Constraints defines constraints that should always be respected. + properties: + containers: + description: Containers defines constraints for the containers. + items: + description: |- + DatadogPodAutoscalerContainerConstraints defines constraints that should always be respected for a container. + If no constraints are set, it enables resources scaling for all containers without any constraints. + properties: + enabled: + description: Enabled false allows to disable resources autoscaling for the container. Default to true. + type: boolean + limits: + description: Limits defines the constraints for the limits of the container. + properties: + maxAllowed: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: MaxAllowed is the upper limit for the requests of the container. + type: object + minAllowed: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: MinAllowed is the lower limit for the requests of the container. + type: object + type: object + name: + description: Name is the name of the container. Can be "*" to apply to all containers. + type: string + requests: + description: Requests defines the constraints for the requests of the container. + properties: + maxAllowed: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: MaxAllowed is the upper limit for the requests of the container. + type: object + minAllowed: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: MinAllowed is the lower limit for the requests of the container. + type: object + type: object + required: + - name + type: object + type: array + maxReplicas: + description: MaxReplicas is the upper limit for the number of POD replicas. Needs to be >= minReplicas. + format: int32 + type: integer + minReplicas: + description: MinReplicas is the lower limit for the number of POD replicas. Needs to be >= 1. Default to 1. + format: int32 + minimum: 1 + type: integer + required: + - maxReplicas + type: object + owner: + description: |- + Owner defines the source of truth for this object (local or remote) + Value needs to be set when a DatadogPodAutoscaler object is created. + enum: + - Local + - Remote + type: string + policy: + default: {} + description: Policy defines how recommendations should be applied. + properties: + applyMode: + default: All + description: |- + ApplyMode determines recommendations that should be applied by the controller: + - All: Apply all recommendations (regular and manual). + - Manual: Apply only manual recommendations (recommendations manually validated by user in the Datadog app). + - None: Prevent the controller to apply any recommendations. + It's also possible to selectively deactivate upscale, downscale or update actions thanks to the `Upscale`, `Downscale` and `Update` fields. + enum: + - All + - Manual + - None + type: string + downscale: + description: Downscale defines the policy to scale down the target resource. + properties: + rules: + description: |- + Rules is a list of potential scaling polices which can be used during scaling. + At least one policy must be specified, otherwise the DatadogPodAutoscalerScalingPolicy will be discarded as invalid + items: + description: DatadogPodAutoscalerScalingRule define rules for horizontal that should be true for a certain amount of time. + properties: + match: + description: |- + Match defines if the rule should be considered or not in the calculation. + Default to Always if not set. + enum: + - Always + - IfScalingEvent + type: string + periodSeconds: + description: |- + PeriodSeconds specifies the window of time for which the policy should hold true. + PeriodSeconds must be greater than zero and less than or equal to 1800 (30 min). + format: int32 + maximum: 1800 + minimum: 1 + type: integer + type: + description: Type is used to specify the scaling policy. + enum: + - Pods + - Percent + type: string + value: + description: |- + Value contains the amount of change which is permitted by the policy. + Setting it to 0 will prevent any scaling in this direction and should not be used unless Match is set to IfScalingEvent. + format: int32 + minimum: 0 + type: integer + required: + - periodSeconds + - type + - value + type: object + type: array + x-kubernetes-list-type: atomic + strategy: + description: |- + Strategy is used to specify which policy should be used. + If not set, the default value Max is used. + enum: + - Max + - Min + - Disabled + type: string + type: object + update: + description: Update defines the policy to update target resource. + properties: + strategy: + description: Mode defines the mode of the update policy. + enum: + - Auto + - Disabled + type: string + type: object + upscale: + description: Upscale defines the policy to scale up the target resource. + properties: + rules: + description: |- + Rules is a list of potential scaling polices which can be used during scaling. + At least one policy must be specified, otherwise the DatadogPodAutoscalerScalingPolicy will be discarded as invalid + items: + description: DatadogPodAutoscalerScalingRule define rules for horizontal that should be true for a certain amount of time. + properties: + match: + description: |- + Match defines if the rule should be considered or not in the calculation. + Default to Always if not set. + enum: + - Always + - IfScalingEvent + type: string + periodSeconds: + description: |- + PeriodSeconds specifies the window of time for which the policy should hold true. + PeriodSeconds must be greater than zero and less than or equal to 1800 (30 min). + format: int32 + maximum: 1800 + minimum: 1 + type: integer + type: + description: Type is used to specify the scaling policy. + enum: + - Pods + - Percent + type: string + value: + description: |- + Value contains the amount of change which is permitted by the policy. + Setting it to 0 will prevent any scaling in this direction and should not be used unless Match is set to IfScalingEvent. + format: int32 + minimum: 0 + type: integer + required: + - periodSeconds + - type + - value + type: object + type: array + x-kubernetes-list-type: atomic + strategy: + description: |- + Strategy is used to specify which policy should be used. + If not set, the default value Max is used. + enum: + - Max + - Min + - Disabled + type: string + type: object + type: object + remoteVersion: + description: |- + RemoteVersion is the version of the .Spec currently store in this object. + Only set if the owner is Remote. + format: int64 + type: integer + targetRef: + description: TargetRef is the reference to the resource to scale. + properties: + apiVersion: + description: apiVersion is the API version of the referent + type: string + kind: + description: 'kind is the kind of the referent; More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + name: + description: 'name is the name of the referent; More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + required: + - kind + - name + type: object + x-kubernetes-validations: + - message: Modifying the targetRef is not allowed. Please delete and re-create the DatadogPodAutoscaler object. + rule: self == oldSelf + targets: + description: |- + Targets are objectives to reach and maintain for the target resource. + Default to a single target to maintain 80% POD CPU utilization. + items: + description: DatadogPodAutoscalerTarget defines the objectives to reach and maintain for the target resource. + properties: + containerResource: + description: ContainerResource allows to set a container-level resource target. + properties: + container: + description: Container is the name of the container. + type: string + name: + description: Name is the name of the resource. + enum: + - cpu + type: string + value: + description: Value is the value of the target. + properties: + absolute: + anyOf: + - type: integer + - type: string + description: Absolute defines the absolute value of the target (for instance 500 millicores). + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: + description: Type specifies how the value is expressed (Absolute or Utilization). + type: string + utilization: + description: Utilization defines a percentage of the target compared to requested resource + format: int32 + maximum: 100 + minimum: 0 + type: integer + required: + - type + type: object + required: + - container + - name + - value + type: object + podResource: + description: PodResource allows to set a POD-level resource target. + properties: + name: + description: Name is the name of the resource. + enum: + - cpu + type: string + value: + description: Value is the value of the target. + properties: + absolute: + anyOf: + - type: integer + - type: string + description: Absolute defines the absolute value of the target (for instance 500 millicores). + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: + description: Type specifies how the value is expressed (Absolute or Utilization). + type: string + utilization: + description: Utilization defines a percentage of the target compared to requested resource + format: int32 + maximum: 100 + minimum: 0 + type: integer + required: + - type + type: object + required: + - name + - value + type: object + type: + description: Type sets the type of the target. + enum: + - PodResource + - ContainerResource + type: string + required: + - type + type: object + type: array + x-kubernetes-list-type: atomic + required: + - owner + - targetRef + type: object + status: + description: DatadogPodAutoscalerStatus defines the observed state of DatadogPodAutoscaler + properties: + conditions: + description: Conditions describe the current state of the DatadogPodAutoscaler operations. + items: + description: DatadogPodAutoscalerCondition describes the state of DatadogPodAutoscaler. + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status to another. + format: date-time + type: string + message: + description: A human readable message indicating details about the transition. + type: string + reason: + description: The reason for the condition's last transition. + type: string + status: + description: Status of the condition, one of True, False, Unknown. + type: string + type: + description: Type of DatadogMetric condition. + type: string + required: + - status + - type + type: object + type: array + x-kubernetes-list-map-keys: + - type + x-kubernetes-list-type: map + currentReplicas: + description: CurrentReplicas is the current number of PODs for the targetRef observed by the controller. + format: int32 + type: integer + horizontal: + description: Horizontal is the status of the horizontal scaling, if activated. + properties: + lastActions: + description: LastActions are the last successful actions done by the controller + items: + description: DatadogPodAutoscalerHorizontalAction represents an horizontal action done by the controller + properties: + limitedReason: + description: LimitedReason is the reason why the action was limited (ToReplicas != RecommendedReplicas) + type: string + recommendedReplicas: + description: RecommendedReplicas is the original number of replicas recommended by Datadog + format: int32 + type: integer + replicas: + description: FromReplicas is the number of replicas before the action + format: int32 + type: integer + time: + description: Time is the timestamp of the action + format: date-time + type: string + toReplicas: + description: ToReplicas is the effective number of replicas after the action + format: int32 + type: integer + required: + - replicas + - time + - toReplicas + type: object + type: array + target: + description: Target is the current target of the horizontal scaling + properties: + desiredReplicas: + description: Replicas is the desired number of replicas for the resource + format: int32 + type: integer + generatedAt: + description: GeneratedAt is the timestamp at which the recommendation was generated + format: date-time + type: string + source: + description: Source is the source of the value used to scale the target resource + type: string + required: + - desiredReplicas + - source + type: object + type: object + vertical: + description: Vertical is the status of the vertical scaling, if activated. + properties: + lastAction: + description: LastAction is the last successful action done by the controller + properties: + time: + description: Time is the timestamp of the action + format: date-time + type: string + type: + description: Type is the type of action + type: string + version: + description: Version is the recommendation version used for the action + type: string + required: + - time + - type + - version + type: object + target: + description: Target is the current target of the vertical scaling + properties: + desiredResources: + description: DesiredResources is the desired resources for containers + items: + properties: + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: Limits describes the maximum amount of compute resources allowed. + type: object + name: + description: Name is the name of the container + type: string + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: Requests describes target resources of compute resources allowed. + type: object + required: + - name + type: object + type: array + generatedAt: + description: GeneratedAt is the timestamp at which the recommendation was generated + format: date-time + type: string + podCPURequest: + anyOf: + - type: integer + - type: string + description: PODCPURequest is the sum of CPU requests for all containers (used for display) + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + podMemoryRequest: + anyOf: + - type: integer + - type: string + description: PODMemoryRequest is the sum of memory requests for all containers (used for display) + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + scaled: + description: Scaled is the current number of PODs having desired resources + format: int32 + type: integer + source: + description: Source is the source of the value used to scale the target resource + type: string + version: + description: Version is the current version of the received recommendation + type: string + required: + - desiredResources + - podCPURequest + - podMemoryRequest + - source + - version + type: object + type: object + type: object + type: object + served: true + storage: true + subresources: + status: {} +{{- end }} diff --git a/charts/datadog-crds/update-crds.sh b/charts/datadog-crds/update-crds.sh index a0f5be4e9..78565a243 100755 --- a/charts/datadog-crds/update-crds.sh +++ b/charts/datadog-crds/update-crds.sh @@ -63,3 +63,4 @@ download_crd "$DATADOG_OPERATOR_REPO" "$DATADOG_OPERATOR_TAG" datadogslos datado download_crd "$DATADOG_OPERATOR_REPO" "$DATADOG_OPERATOR_TAG" datadogslos datadogSLOs v1 download_crd "$DATADOG_OPERATOR_REPO" "$DATADOG_OPERATOR_TAG" datadogagentprofiles datadogAgentProfiles v1beta1 download_crd "$DATADOG_OPERATOR_REPO" "$DATADOG_OPERATOR_TAG" datadogagentprofiles datadogAgentProfiles v1 +download_crd "$DATADOG_OPERATOR_REPO" "$DATADOG_OPERATOR_TAG" datadogpodautoscalers datadogPodAutoscalers v1 diff --git a/charts/datadog-crds/values.yaml b/charts/datadog-crds/values.yaml index 3151e3d94..773a93f1b 100644 --- a/charts/datadog-crds/values.yaml +++ b/charts/datadog-crds/values.yaml @@ -13,6 +13,8 @@ crds: datadogSLOs: false # crds.datadogAgentProfiles -- Set to true to deploy the DatadogAgentProfiles CRD datadogAgentProfiles: false + # crds.datadogPodAutoscalers -- Set to true to deploy the DatadogPodAutoscalers CRD + datadogPodAutoscalers: false migration: datadogAgents: diff --git a/charts/datadog-operator/Chart.yaml b/charts/datadog-operator/Chart.yaml index 33552f6a7..28e7867a8 100644 --- a/charts/datadog-operator/Chart.yaml +++ b/charts/datadog-operator/Chart.yaml @@ -1,6 +1,6 @@ apiVersion: v2 name: datadog-operator -version: 1.8.4 +version: 1.8.5 appVersion: 1.7.0 description: Datadog Operator keywords: diff --git a/charts/datadog-operator/README.md b/charts/datadog-operator/README.md index d7f4d11ba..8d7a35394 100644 --- a/charts/datadog-operator/README.md +++ b/charts/datadog-operator/README.md @@ -1,6 +1,6 @@ # Datadog Operator -![Version: 1.8.4](https://img.shields.io/badge/Version-1.8.4-informational?style=flat-square) ![AppVersion: 1.7.0](https://img.shields.io/badge/AppVersion-1.7.0-informational?style=flat-square) +![Version: 1.8.5](https://img.shields.io/badge/Version-1.8.5-informational?style=flat-square) ![AppVersion: 1.7.0](https://img.shields.io/badge/AppVersion-1.7.0-informational?style=flat-square) ## Values @@ -19,6 +19,7 @@ | datadogCRDs.crds.datadogAgents | bool | `true` | Set to true to deploy the DatadogAgents CRD | | datadogCRDs.crds.datadogMetrics | bool | `true` | Set to true to deploy the DatadogMetrics CRD | | datadogCRDs.crds.datadogMonitors | bool | `true` | Set to true to deploy the DatadogMonitors CRD | +| datadogCRDs.crds.datadogPodAutoscalers | bool | `true` | Set to true to deploy the DatadogPodAutoscalers CRD | | datadogCRDs.crds.datadogSLOs | bool | `false` | Set to true to deploy the DatadogSLO CRD | | datadogCRDs.migration.datadogAgents.conversionWebhook.enabled | bool | `false` | | | datadogCRDs.migration.datadogAgents.conversionWebhook.name | string | `"datadog-operator-webhook-service"` | | diff --git a/charts/datadog-operator/values.yaml b/charts/datadog-operator/values.yaml index 1b88d5cc7..22b156036 100644 --- a/charts/datadog-operator/values.yaml +++ b/charts/datadog-operator/values.yaml @@ -136,6 +136,8 @@ datadogCRDs: datadogAgents: true # datadogCRDs.crds.datadogMetrics -- Set to true to deploy the DatadogMetrics CRD datadogMetrics: true + # datadogCRDs.crds.datadogPodAutoscalers -- Set to true to deploy the DatadogPodAutoscalers CRD + datadogPodAutoscalers: true # datadogCRDs.crds.datadogMonitors -- Set to true to deploy the DatadogMonitors CRD datadogMonitors: true # datadogCRDs.crds.datadogSLOs -- Set to true to deploy the DatadogSLO CRD diff --git a/charts/datadog/CHANGELOG.md b/charts/datadog/CHANGELOG.md index f39630cc9..c761a6bcb 100644 --- a/charts/datadog/CHANGELOG.md +++ b/charts/datadog/CHANGELOG.md @@ -1,5 +1,9 @@ # Datadog changelog +## 3.69.2 + +* Allow activation of autoscaling. + ## 3.69.1 * Set default `Agent` and `Cluster-Agent` version to `7.55.2`. diff --git a/charts/datadog/Chart.yaml b/charts/datadog/Chart.yaml index 3dd9eba68..c4a19524f 100644 --- a/charts/datadog/Chart.yaml +++ b/charts/datadog/Chart.yaml @@ -1,6 +1,6 @@ apiVersion: v1 name: datadog -version: 3.69.1 +version: 3.69.2 appVersion: "7" description: Datadog Agent keywords: diff --git a/charts/datadog/README.md b/charts/datadog/README.md index 5f7851fbb..bac360df1 100644 --- a/charts/datadog/README.md +++ b/charts/datadog/README.md @@ -1,6 +1,6 @@ # Datadog -![Version: 3.69.1](https://img.shields.io/badge/Version-3.69.1-informational?style=flat-square) ![AppVersion: 7](https://img.shields.io/badge/AppVersion-7-informational?style=flat-square) +![Version: 3.69.2](https://img.shields.io/badge/Version-3.69.2-informational?style=flat-square) ![AppVersion: 7](https://img.shields.io/badge/AppVersion-7-informational?style=flat-square) [Datadog](https://www.datadoghq.com/) is a hosted infrastructure monitoring platform. This chart adds the Datadog Agent to all nodes in your cluster via a DaemonSet. It also optionally depends on the [kube-state-metrics chart](https://github.com/prometheus-community/helm-charts/tree/main/charts/kube-state-metrics). For more information about monitoring Kubernetes with Datadog, please refer to the [Datadog documentation website](https://docs.datadoghq.com/agent/basic_agent_usage/kubernetes/). @@ -668,6 +668,7 @@ helm install \ | clusterChecksRunner.volumes | list | `[]` | Specify additional volumes to mount in the cluster checks container | | commonLabels | object | `{}` | Labels to apply to all resources | | datadog-crds.crds.datadogMetrics | bool | `true` | Set to true to deploy the DatadogMetrics CRD | +| datadog-crds.crds.datadogPodAutoscalers | bool | `true` | Set to true to deploy the DatadogPodAutoscalers CRD | | datadog.apiKey | string | `nil` | Your Datadog API key | | datadog.apiKeyExistingSecret | string | `nil` | Use existing Secret which stores API key instead of creating a new one. The value should be set with the `api-key` key inside the secret. | | datadog.apm.enabled | bool | `false` | Enable this to enable APM and tracing, on port 8126 DEPRECATED. Use datadog.apm.portEnabled instead | @@ -791,7 +792,7 @@ helm install \ | datadog.prometheusScrape.enabled | bool | `false` | Enable autodiscovering pods and services exposing prometheus metrics. | | datadog.prometheusScrape.serviceEndpoints | bool | `false` | Enable generating dedicated checks for service endpoints. | | datadog.prometheusScrape.version | int | `2` | Version of the openmetrics check to schedule by default. | -| datadog.remoteConfiguration.enabled | bool | `true` | Set to true to enable remote configuration. Consider using remoteConfiguration.enabled instead | +| datadog.remoteConfiguration.enabled | bool | `true` | Set to true to enable remote configuration. DEPRECATED: Consider using remoteConfiguration.enabled instead | | datadog.sbom.containerImage.enabled | bool | `false` | Enable SBOM collection for container images | | datadog.sbom.containerImage.uncompressedLayersSupport | bool | `false` | Use container runtime snapshotter This should be set to true when using EKS, GKE or if containerd is configured to discard uncompressed layers. This feature will cause the SYS_ADMIN capability to be added to the Agent container. | | datadog.sbom.host.enabled | bool | `false` | Enable SBOM collection for host filesystems | @@ -871,7 +872,7 @@ helm install \ | providers.gke.autopilot | bool | `false` | Enables Datadog Agent deployment on GKE Autopilot | | providers.gke.cos | bool | `false` | Enables Datadog Agent deployment on GKE with Container-Optimized OS (COS) | | registry | string | `nil` | Registry to use for all Agent images (default to [gcr.io | eu.gcr.io | asia.gcr.io | public.ecr.aws/datadog] depending on datadog.site value) | -| remoteConfiguration.enabled | bool | `true` | Set to true to enable remote configuration on the Cluster Agent (if set) and the node agent. Can be overridden if `datadog.remoteConfiguration.enabled` or `clusterAgent.admissionController.remoteInstrumentation.enabled` is set to `false`. Preferred way to enable Remote Configuration. | +| remoteConfiguration.enabled | bool | `true` | Set to true to enable remote configuration on the Cluster Agent (if set) and the node agent. Can be overridden if `datadog.remoteConfiguration.enabled` Preferred way to enable Remote Configuration. | | targetSystem | string | `"linux"` | Target OS for this deployment (possible values: linux, windows) | ## Configuration options for Windows deployments diff --git a/charts/datadog/ci/autoscaling.yaml b/charts/datadog/ci/autoscaling.yaml new file mode 100644 index 000000000..1c2602297 --- /dev/null +++ b/charts/datadog/ci/autoscaling.yaml @@ -0,0 +1,14 @@ +datadog: + apiKey: "00000000000000000000000000000000" + appKey: "0000000000000000000000000000000000000000" + orchestratorExplorer: + customResources: + - datadoghq.com/v1alpha1/datadogpodautoscalers + autoscaling: + workload: + enabled: true + kubernetesEvents: + unbundleEvents: true +clusterAgent: + image: + tag: beta diff --git a/charts/datadog/ci/no_hardened_seccomp-values.yaml b/charts/datadog/ci/no-hardened-seccomp-values.yaml similarity index 100% rename from charts/datadog/ci/no_hardened_seccomp-values.yaml rename to charts/datadog/ci/no-hardened-seccomp-values.yaml diff --git a/charts/datadog/requirements.lock b/charts/datadog/requirements.lock index 6455e2890..7f63989e7 100644 --- a/charts/datadog/requirements.lock +++ b/charts/datadog/requirements.lock @@ -5,5 +5,5 @@ dependencies: - name: kube-state-metrics repository: https://prometheus-community.github.io/helm-charts version: 2.13.2 -digest: sha256:10386038ff3fcdc2e2402135f2b94a587bdd4c2f13f5a3ff0eba381942e84bdc -generated: "2023-07-12T12:26:01.725393+02:00" +digest: sha256:f80b7ec7cf479f699430a431badb997bf0f026cb8508b956d39eb37c12d39bd1 +generated: "2024-07-23T19:26:55.589909+02:00" diff --git a/charts/datadog/requirements.yaml b/charts/datadog/requirements.yaml index 18ca3dc6c..03f7076f8 100644 --- a/charts/datadog/requirements.yaml +++ b/charts/datadog/requirements.yaml @@ -2,7 +2,7 @@ dependencies: - name: datadog-crds version: 1.0.1 repository: https://helm.datadoghq.com - condition: clusterAgent.metricsProvider.useDatadogMetrics + condition: datadog.autoscaling.workload.enabled,clusterAgent.metricsProvider.useDatadogMetrics tags: - install-crds - name: kube-state-metrics diff --git a/charts/datadog/templates/NOTES.txt b/charts/datadog/templates/NOTES.txt index aa525817e..f179df69a 100644 --- a/charts/datadog/templates/NOTES.txt +++ b/charts/datadog/templates/NOTES.txt @@ -177,6 +177,16 @@ The Datadog Agent is listening on port {{ $apmPort }} for APM service. {{- end }} +{{- if and (((.Values.datadog.autoscaling).workload).enabled) (not .Values.remoteConfiguration.enabled) }} + +################################################################################### +#### ERROR: Container Autoscaling misconfiguration #### +################################################################################### + +{{- fail "Workload autoscaling is activated without remote configuration. Remote configuration is required (remoteConfiguration.enabled = true)" }} + +{{- end }} + {{- if and .Values.datadog.apm.instrumentation.enabled (eq (include "cluster-agent-enabled" .) "false")}} ################################################################# diff --git a/charts/datadog/templates/_helpers.tpl b/charts/datadog/templates/_helpers.tpl index 001f98e9d..a45cdadb7 100644 --- a/charts/datadog/templates/_helpers.tpl +++ b/charts/datadog/templates/_helpers.tpl @@ -877,7 +877,7 @@ false Returns whether Remote Configuration should be enabled in the cluster agent */}} {{- define "clusterAgent-remoteConfiguration-enabled" -}} -{{- if and (.Values.remoteConfiguration.enabled) (.Values.clusterAgent.admissionController.remoteInstrumentation.enabled) -}} +{{- if and .Values.remoteConfiguration.enabled (or .Values.clusterAgent.admissionController.remoteInstrumentation.enabled (((.Values.datadog.autoscaling).workload).enabled)) -}} true {{- else -}} false diff --git a/charts/datadog/templates/cluster-agent-deployment.yaml b/charts/datadog/templates/cluster-agent-deployment.yaml index 9c1dd636a..134f8a3c6 100644 --- a/charts/datadog/templates/cluster-agent-deployment.yaml +++ b/charts/datadog/templates/cluster-agent-deployment.yaml @@ -231,7 +231,7 @@ spec: - name: DD_ADMISSION_CONTROLLER_PORT value: {{ .Values.clusterAgent.admissionController.port | quote }} {{- end }} - {{- if eq (include "clusterAgent-remoteConfiguration-enabled" .) "true" }} + {{- if .Values.clusterAgent.admissionController.remoteInstrumentation.enabled }} - name: DD_ADMISSION_CONTROLLER_AUTO_INSTRUMENTATION_PATCHER_ENABLED value: "true" {{- end }} @@ -344,6 +344,10 @@ spec: value: {{ .Values.datadog.prometheusScrape.version | quote }} {{- end }} {{- end }} + {{- if (((.Values.datadog.autoscaling).workload).enabled) }} + - name: DD_AUTOSCALING_WORKLOAD_ENABLED + value: {{ (((.Values.datadog.autoscaling).workload).enabled) | quote }} + {{- end }} - name: DD_INSTRUMENTATION_INSTALL_TIME valueFrom: configMapKeyRef: diff --git a/charts/datadog/templates/cluster-agent-rbac.yaml b/charts/datadog/templates/cluster-agent-rbac.yaml index 35b87c548..bcdd6e53e 100644 --- a/charts/datadog/templates/cluster-agent-rbac.yaml +++ b/charts/datadog/templates/cluster-agent-rbac.yaml @@ -167,7 +167,7 @@ rules: - list - get - watch -{{- if eq (include "clusterAgent-remoteConfiguration-enabled" .) "true" }} +{{- if .Values.clusterAgent.admissionController.remoteInstrumentation.enabled }} - patch {{- end }} - apiGroups: @@ -422,3 +422,68 @@ subjects: name: {{ template "datadog.fullname" . }}-cluster-agent namespace: {{ .Release.Namespace }} {{- end -}} + +{{- if (((.Values.datadog.autoscaling).workload).enabled) }} +--- +apiVersion: {{ template "rbac.apiVersion" . }} +kind: ClusterRole +metadata: + labels: +{{ include "datadog.labels" . | indent 4 }} + name: {{ template "datadog.fullname" . }}-cluster-agent-autoscaling + namespace: {{ .Release.Namespace }} +rules: +# Access to own CRD +- apiGroups: + - "datadoghq.com" + resources: + - "datadogpodautoscalers" + - "datadogpodautoscalers/status" + verbs: + - "*" +# Scale subresource for all resources +- apiGroups: + - "*" + resources: + - "*/scale" + verbs: + - 'update' + - 'get' +# Ability to generate events +- apiGroups: + - "" + resources: + - events + verbs: + - create + - patch +# Patching POD to add annotations. TODO: Remove when we have a better way to generate single event +- apiGroups: + - "" + resources: + - pods + verbs: + - patch +# Triggering rollout on Deployments +- apiGroups: + - apps + resources: + - deployments + verbs: + - patch +--- +apiVersion: {{ template "rbac.apiVersion" . }} +kind: ClusterRoleBinding +metadata: + labels: +{{ include "datadog.labels" . | indent 4 }} + name: {{ template "datadog.fullname" . }}-cluster-agent-autoscaling +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: {{ template "datadog.fullname" . }}-cluster-agent-autoscaling +subjects: + - kind: ServiceAccount + name: {{ template "datadog.fullname" . }}-cluster-agent + namespace: {{ .Release.Namespace }} +{{- end -}} diff --git a/charts/datadog/values.yaml b/charts/datadog/values.yaml index d0d1ded04..bfcb12367 100644 --- a/charts/datadog/values.yaml +++ b/charts/datadog/values.yaml @@ -414,7 +414,7 @@ datadog: remoteConfiguration: # datadog.remoteConfiguration.enabled -- Set to true to enable remote configuration. - # Consider using remoteConfiguration.enabled instead + # DEPRECATED: Consider using remoteConfiguration.enabled instead enabled: true ## Enable logs agent and provide custom configs @@ -2172,6 +2172,8 @@ datadog-crds: crds: # datadog-crds.crds.datadogMetrics -- Set to true to deploy the DatadogMetrics CRD datadogMetrics: true + # datadog-crds.crds.datadogPodAutoscalers -- Set to true to deploy the DatadogPodAutoscalers CRD + datadogPodAutoscalers: true kube-state-metrics: # kube-state-metrics.image.repository -- Default kube-state-metrics image repository. @@ -2226,6 +2228,6 @@ providers: remoteConfiguration: # remoteConfiguration.enabled -- Set to true to enable remote configuration on the Cluster Agent (if set) and the node agent. - # Can be overridden if `datadog.remoteConfiguration.enabled` or `clusterAgent.admissionController.remoteInstrumentation.enabled` is set to `false`. + # Can be overridden if `datadog.remoteConfiguration.enabled` # Preferred way to enable Remote Configuration. enabled: true diff --git a/crds/datadoghq.com_datadogpodautoscalers.yaml b/crds/datadoghq.com_datadogpodautoscalers.yaml new file mode 100644 index 000000000..1007b3abc --- /dev/null +++ b/crds/datadoghq.com_datadogpodautoscalers.yaml @@ -0,0 +1,606 @@ +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.14.0 + name: datadogpodautoscalers.datadoghq.com +spec: + group: datadoghq.com + names: + kind: DatadogPodAutoscaler + listKind: DatadogPodAutoscalerList + plural: datadogpodautoscalers + shortNames: + - dpa + singular: datadogpodautoscaler + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .spec.policy.applyMode + name: Apply Mode + type: string + - jsonPath: .status.conditions[?(@.type=='Active')].status + name: Active + type: string + - jsonPath: .status.conditions[?(@.type=='Error')].status + name: In Error + type: string + - jsonPath: .status.horizontal.target.desiredReplicas + name: Desired Replicas + type: integer + - jsonPath: .status.horizontal.target.generatedAt + name: Generated + type: date + - jsonPath: .status.conditions[?(@.type=='HorizontalAbleToScale')].status + name: Able to Scale + type: string + - jsonPath: .status.horizontal.lastAction.time + name: Last Scale + type: date + - jsonPath: .status.vertical.target.podCPURequest + name: Target CPU Req + type: string + - jsonPath: .status.vertical.target.podMemoryRequest + name: Target Memory Req + type: string + - jsonPath: .status.vertical.target.generatedAt + name: Generated + type: date + - jsonPath: .status.conditions[?(@.type=='VerticalAbleToApply')].status + name: Able to Apply + type: string + - jsonPath: .status.vertical.lastAction.time + name: Last Trigger + type: date + name: v1alpha1 + schema: + openAPIV3Schema: + description: DatadogPodAutoscaler is the Schema for the datadogpodautoscalers API + properties: + apiVersion: + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + type: string + kind: + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + metadata: + type: object + spec: + description: DatadogPodAutoscalerSpec defines the desired state of DatadogPodAutoscaler + properties: + constraints: + description: Constraints defines constraints that should always be respected. + properties: + containers: + description: Containers defines constraints for the containers. + items: + description: |- + DatadogPodAutoscalerContainerConstraints defines constraints that should always be respected for a container. + If no constraints are set, it enables resources scaling for all containers without any constraints. + properties: + enabled: + description: Enabled false allows to disable resources autoscaling for the container. Default to true. + type: boolean + limits: + description: Limits defines the constraints for the limits of the container. + properties: + maxAllowed: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: MaxAllowed is the upper limit for the requests of the container. + type: object + minAllowed: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: MinAllowed is the lower limit for the requests of the container. + type: object + type: object + name: + description: Name is the name of the container. Can be "*" to apply to all containers. + type: string + requests: + description: Requests defines the constraints for the requests of the container. + properties: + maxAllowed: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: MaxAllowed is the upper limit for the requests of the container. + type: object + minAllowed: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: MinAllowed is the lower limit for the requests of the container. + type: object + type: object + required: + - name + type: object + type: array + maxReplicas: + description: MaxReplicas is the upper limit for the number of POD replicas. Needs to be >= minReplicas. + format: int32 + type: integer + minReplicas: + description: MinReplicas is the lower limit for the number of POD replicas. Needs to be >= 1. Default to 1. + format: int32 + minimum: 1 + type: integer + required: + - maxReplicas + type: object + owner: + description: |- + Owner defines the source of truth for this object (local or remote) + Value needs to be set when a DatadogPodAutoscaler object is created. + enum: + - Local + - Remote + type: string + policy: + default: {} + description: Policy defines how recommendations should be applied. + properties: + applyMode: + default: All + description: |- + ApplyMode determines recommendations that should be applied by the controller: + - All: Apply all recommendations (regular and manual). + - Manual: Apply only manual recommendations (recommendations manually validated by user in the Datadog app). + - None: Prevent the controller to apply any recommendations. + It's also possible to selectively deactivate upscale, downscale or update actions thanks to the `Upscale`, `Downscale` and `Update` fields. + enum: + - All + - Manual + - None + type: string + downscale: + description: Downscale defines the policy to scale down the target resource. + properties: + rules: + description: |- + Rules is a list of potential scaling polices which can be used during scaling. + At least one policy must be specified, otherwise the DatadogPodAutoscalerScalingPolicy will be discarded as invalid + items: + description: DatadogPodAutoscalerScalingRule define rules for horizontal that should be true for a certain amount of time. + properties: + match: + description: |- + Match defines if the rule should be considered or not in the calculation. + Default to Always if not set. + enum: + - Always + - IfScalingEvent + type: string + periodSeconds: + description: |- + PeriodSeconds specifies the window of time for which the policy should hold true. + PeriodSeconds must be greater than zero and less than or equal to 1800 (30 min). + format: int32 + maximum: 1800 + minimum: 1 + type: integer + type: + description: Type is used to specify the scaling policy. + enum: + - Pods + - Percent + type: string + value: + description: |- + Value contains the amount of change which is permitted by the policy. + Setting it to 0 will prevent any scaling in this direction and should not be used unless Match is set to IfScalingEvent. + format: int32 + minimum: 0 + type: integer + required: + - periodSeconds + - type + - value + type: object + type: array + x-kubernetes-list-type: atomic + strategy: + description: |- + Strategy is used to specify which policy should be used. + If not set, the default value Max is used. + enum: + - Max + - Min + - Disabled + type: string + type: object + update: + description: Update defines the policy to update target resource. + properties: + strategy: + description: Mode defines the mode of the update policy. + enum: + - Auto + - Disabled + type: string + type: object + upscale: + description: Upscale defines the policy to scale up the target resource. + properties: + rules: + description: |- + Rules is a list of potential scaling polices which can be used during scaling. + At least one policy must be specified, otherwise the DatadogPodAutoscalerScalingPolicy will be discarded as invalid + items: + description: DatadogPodAutoscalerScalingRule define rules for horizontal that should be true for a certain amount of time. + properties: + match: + description: |- + Match defines if the rule should be considered or not in the calculation. + Default to Always if not set. + enum: + - Always + - IfScalingEvent + type: string + periodSeconds: + description: |- + PeriodSeconds specifies the window of time for which the policy should hold true. + PeriodSeconds must be greater than zero and less than or equal to 1800 (30 min). + format: int32 + maximum: 1800 + minimum: 1 + type: integer + type: + description: Type is used to specify the scaling policy. + enum: + - Pods + - Percent + type: string + value: + description: |- + Value contains the amount of change which is permitted by the policy. + Setting it to 0 will prevent any scaling in this direction and should not be used unless Match is set to IfScalingEvent. + format: int32 + minimum: 0 + type: integer + required: + - periodSeconds + - type + - value + type: object + type: array + x-kubernetes-list-type: atomic + strategy: + description: |- + Strategy is used to specify which policy should be used. + If not set, the default value Max is used. + enum: + - Max + - Min + - Disabled + type: string + type: object + type: object + remoteVersion: + description: |- + RemoteVersion is the version of the .Spec currently store in this object. + Only set if the owner is Remote. + format: int64 + type: integer + targetRef: + description: TargetRef is the reference to the resource to scale. + properties: + apiVersion: + description: apiVersion is the API version of the referent + type: string + kind: + description: 'kind is the kind of the referent; More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + name: + description: 'name is the name of the referent; More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + required: + - kind + - name + type: object + x-kubernetes-validations: + - message: Modifying the targetRef is not allowed. Please delete and re-create the DatadogPodAutoscaler object. + rule: self == oldSelf + targets: + description: |- + Targets are objectives to reach and maintain for the target resource. + Default to a single target to maintain 80% POD CPU utilization. + items: + description: DatadogPodAutoscalerTarget defines the objectives to reach and maintain for the target resource. + properties: + containerResource: + description: ContainerResource allows to set a container-level resource target. + properties: + container: + description: Container is the name of the container. + type: string + name: + description: Name is the name of the resource. + enum: + - cpu + type: string + value: + description: Value is the value of the target. + properties: + absolute: + anyOf: + - type: integer + - type: string + description: Absolute defines the absolute value of the target (for instance 500 millicores). + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: + description: Type specifies how the value is expressed (Absolute or Utilization). + type: string + utilization: + description: Utilization defines a percentage of the target compared to requested resource + format: int32 + maximum: 100 + minimum: 0 + type: integer + required: + - type + type: object + required: + - container + - name + - value + type: object + podResource: + description: PodResource allows to set a POD-level resource target. + properties: + name: + description: Name is the name of the resource. + enum: + - cpu + type: string + value: + description: Value is the value of the target. + properties: + absolute: + anyOf: + - type: integer + - type: string + description: Absolute defines the absolute value of the target (for instance 500 millicores). + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: + description: Type specifies how the value is expressed (Absolute or Utilization). + type: string + utilization: + description: Utilization defines a percentage of the target compared to requested resource + format: int32 + maximum: 100 + minimum: 0 + type: integer + required: + - type + type: object + required: + - name + - value + type: object + type: + description: Type sets the type of the target. + enum: + - PodResource + - ContainerResource + type: string + required: + - type + type: object + type: array + x-kubernetes-list-type: atomic + required: + - owner + - targetRef + type: object + status: + description: DatadogPodAutoscalerStatus defines the observed state of DatadogPodAutoscaler + properties: + conditions: + description: Conditions describe the current state of the DatadogPodAutoscaler operations. + items: + description: DatadogPodAutoscalerCondition describes the state of DatadogPodAutoscaler. + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status to another. + format: date-time + type: string + message: + description: A human readable message indicating details about the transition. + type: string + reason: + description: The reason for the condition's last transition. + type: string + status: + description: Status of the condition, one of True, False, Unknown. + type: string + type: + description: Type of DatadogMetric condition. + type: string + required: + - status + - type + type: object + type: array + x-kubernetes-list-map-keys: + - type + x-kubernetes-list-type: map + currentReplicas: + description: CurrentReplicas is the current number of PODs for the targetRef observed by the controller. + format: int32 + type: integer + horizontal: + description: Horizontal is the status of the horizontal scaling, if activated. + properties: + lastActions: + description: LastActions are the last successful actions done by the controller + items: + description: DatadogPodAutoscalerHorizontalAction represents an horizontal action done by the controller + properties: + limitedReason: + description: LimitedReason is the reason why the action was limited (ToReplicas != RecommendedReplicas) + type: string + recommendedReplicas: + description: RecommendedReplicas is the original number of replicas recommended by Datadog + format: int32 + type: integer + replicas: + description: FromReplicas is the number of replicas before the action + format: int32 + type: integer + time: + description: Time is the timestamp of the action + format: date-time + type: string + toReplicas: + description: ToReplicas is the effective number of replicas after the action + format: int32 + type: integer + required: + - replicas + - time + - toReplicas + type: object + type: array + target: + description: Target is the current target of the horizontal scaling + properties: + desiredReplicas: + description: Replicas is the desired number of replicas for the resource + format: int32 + type: integer + generatedAt: + description: GeneratedAt is the timestamp at which the recommendation was generated + format: date-time + type: string + source: + description: Source is the source of the value used to scale the target resource + type: string + required: + - desiredReplicas + - source + type: object + type: object + vertical: + description: Vertical is the status of the vertical scaling, if activated. + properties: + lastAction: + description: LastAction is the last successful action done by the controller + properties: + time: + description: Time is the timestamp of the action + format: date-time + type: string + type: + description: Type is the type of action + type: string + version: + description: Version is the recommendation version used for the action + type: string + required: + - time + - type + - version + type: object + target: + description: Target is the current target of the vertical scaling + properties: + desiredResources: + description: DesiredResources is the desired resources for containers + items: + properties: + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: Limits describes the maximum amount of compute resources allowed. + type: object + name: + description: Name is the name of the container + type: string + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: Requests describes target resources of compute resources allowed. + type: object + required: + - name + type: object + type: array + generatedAt: + description: GeneratedAt is the timestamp at which the recommendation was generated + format: date-time + type: string + podCPURequest: + anyOf: + - type: integer + - type: string + description: PODCPURequest is the sum of CPU requests for all containers (used for display) + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + podMemoryRequest: + anyOf: + - type: integer + - type: string + description: PODMemoryRequest is the sum of memory requests for all containers (used for display) + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + scaled: + description: Scaled is the current number of PODs having desired resources + format: int32 + type: integer + source: + description: Source is the source of the value used to scale the target resource + type: string + version: + description: Version is the current version of the received recommendation + type: string + required: + - desiredResources + - podCPURequest + - podMemoryRequest + - source + - version + type: object + type: object + type: object + type: object + served: true + storage: true + subresources: + status: {} From c3d14e618cdfa71ad40c3835ea74c5032e424409 Mon Sep 17 00:00:00 2001 From: Vincent Boulineau <58430298+vboulineau@users.noreply.github.com> Date: Fri, 2 Aug 2024 09:16:23 +0200 Subject: [PATCH 093/209] Remove XValidation rule from DPA CRD as requires K8S >= 1.25 (#1473) --- charts/datadog-crds/CHANGELOG.md | 8 ++++++++ charts/datadog-crds/Chart.yaml | 2 +- charts/datadog-crds/README.md | 2 +- charts/datadog-crds/ci/kubeconform-values.yaml | 3 +++ .../templates/datadoghq.com_datadogpodautoscalers_v1.yaml | 3 --- 5 files changed, 13 insertions(+), 5 deletions(-) diff --git a/charts/datadog-crds/CHANGELOG.md b/charts/datadog-crds/CHANGELOG.md index 4d6630675..082efe0cb 100644 --- a/charts/datadog-crds/CHANGELOG.md +++ b/charts/datadog-crds/CHANGELOG.md @@ -1,5 +1,13 @@ # Changelog +## 1.7.2 + +* Remove XValidation as requires K8S >= 1.25. + +## 1.7.1 + +* Add DPA CRD. + ## 1.7.0 * Update CRDs from Datadog Operator v1.7.0 tag. diff --git a/charts/datadog-crds/Chart.yaml b/charts/datadog-crds/Chart.yaml index e5fd9edc4..12d280a64 100644 --- a/charts/datadog-crds/Chart.yaml +++ b/charts/datadog-crds/Chart.yaml @@ -1,7 +1,7 @@ apiVersion: v1 name: datadog-crds description: Datadog Kubernetes CRDs chart -version: 1.7.1 +version: 1.7.2 appVersion: "1" keywords: - monitoring diff --git a/charts/datadog-crds/README.md b/charts/datadog-crds/README.md index eb1de55d5..19d214d1c 100644 --- a/charts/datadog-crds/README.md +++ b/charts/datadog-crds/README.md @@ -1,6 +1,6 @@ # Datadog CRDs -![Version: 1.7.1](https://img.shields.io/badge/Version-1.7.1-informational?style=flat-square) ![AppVersion: 1](https://img.shields.io/badge/AppVersion-1-informational?style=flat-square) +![Version: 1.7.2](https://img.shields.io/badge/Version-1.7.2-informational?style=flat-square) ![AppVersion: 1](https://img.shields.io/badge/AppVersion-1-informational?style=flat-square) This chart was designed to allow other "datadog" charts to share `CustomResourceDefinitions` such as the `DatadogMetric`. diff --git a/charts/datadog-crds/ci/kubeconform-values.yaml b/charts/datadog-crds/ci/kubeconform-values.yaml index 1cc095b47..5fd2c50b1 100644 --- a/charts/datadog-crds/ci/kubeconform-values.yaml +++ b/charts/datadog-crds/ci/kubeconform-values.yaml @@ -2,3 +2,6 @@ crds: datadogMetrics: true datadogAgents: true datadogMonitors: true + datadogSLOs: true + datadogAgentProfiles: true + datadogPodAutoscalers: true diff --git a/charts/datadog-crds/templates/datadoghq.com_datadogpodautoscalers_v1.yaml b/charts/datadog-crds/templates/datadoghq.com_datadogpodautoscalers_v1.yaml index ca602ddda..ecbfd2c37 100644 --- a/charts/datadog-crds/templates/datadoghq.com_datadogpodautoscalers_v1.yaml +++ b/charts/datadog-crds/templates/datadoghq.com_datadogpodautoscalers_v1.yaml @@ -330,9 +330,6 @@ spec: - kind - name type: object - x-kubernetes-validations: - - message: Modifying the targetRef is not allowed. Please delete and re-create the DatadogPodAutoscaler object. - rule: self == oldSelf targets: description: |- Targets are objectives to reach and maintain for the target resource. From fda502fc08713a6561a4f5f6cc455da991f8c3ba Mon Sep 17 00:00:00 2001 From: Vincent Boulineau <58430298+vboulineau@users.noreply.github.com> Date: Fri, 2 Aug 2024 10:07:25 +0200 Subject: [PATCH 094/209] Update datadog-crds chart to latest version (#1472) --- charts/datadog-operator/CHANGELOG.md | 4 ++++ charts/datadog-operator/Chart.lock | 6 +++--- charts/datadog-operator/Chart.yaml | 4 ++-- charts/datadog-operator/README.md | 2 +- charts/datadog/CHANGELOG.md | 4 ++++ charts/datadog/Chart.yaml | 2 +- charts/datadog/README.md | 4 ++-- charts/datadog/requirements.lock | 6 +++--- charts/datadog/requirements.yaml | 2 +- 9 files changed, 21 insertions(+), 13 deletions(-) diff --git a/charts/datadog-operator/CHANGELOG.md b/charts/datadog-operator/CHANGELOG.md index 942f0819d..76904d65a 100644 --- a/charts/datadog-operator/CHANGELOG.md +++ b/charts/datadog-operator/CHANGELOG.md @@ -1,5 +1,9 @@ # Changelog +## 1.8.5 + +* Update `datadog-crds` dependency to `1.7.2`. + ## 1.8.4 * Add option to specify `deployment.annotations`. diff --git a/charts/datadog-operator/Chart.lock b/charts/datadog-operator/Chart.lock index 74314d791..d1816c469 100644 --- a/charts/datadog-operator/Chart.lock +++ b/charts/datadog-operator/Chart.lock @@ -1,6 +1,6 @@ dependencies: - name: datadog-crds repository: https://helm.datadoghq.com - version: 1.7.0 -digest: sha256:30edb3c96a953b123604997bffdd2e4f52d2634d60b102c5fe7d532327c26c27 -generated: "2024-06-17T10:48:12.316395-04:00" + version: 1.7.2 +digest: sha256:256e0d475f434d840d83c6ef94a7290ad1e8d74c76c1f1058e6cd4f919435872 +generated: "2024-08-02T09:24:41.011919+02:00" diff --git a/charts/datadog-operator/Chart.yaml b/charts/datadog-operator/Chart.yaml index 28e7867a8..a68caf648 100644 --- a/charts/datadog-operator/Chart.yaml +++ b/charts/datadog-operator/Chart.yaml @@ -1,6 +1,6 @@ apiVersion: v2 name: datadog-operator -version: 1.8.5 +version: 1.8.6 appVersion: 1.7.0 description: Datadog Operator keywords: @@ -17,7 +17,7 @@ maintainers: email: support@datadoghq.com dependencies: - name: datadog-crds - version: "=1.7.0" + version: "=1.7.2" alias: datadogCRDs repository: https://helm.datadoghq.com condition: installCRDs diff --git a/charts/datadog-operator/README.md b/charts/datadog-operator/README.md index 8d7a35394..ba4ade3c5 100644 --- a/charts/datadog-operator/README.md +++ b/charts/datadog-operator/README.md @@ -1,6 +1,6 @@ # Datadog Operator -![Version: 1.8.5](https://img.shields.io/badge/Version-1.8.5-informational?style=flat-square) ![AppVersion: 1.7.0](https://img.shields.io/badge/AppVersion-1.7.0-informational?style=flat-square) +![Version: 1.8.6](https://img.shields.io/badge/Version-1.8.6-informational?style=flat-square) ![AppVersion: 1.7.0](https://img.shields.io/badge/AppVersion-1.7.0-informational?style=flat-square) ## Values diff --git a/charts/datadog/CHANGELOG.md b/charts/datadog/CHANGELOG.md index c761a6bcb..24989cd5f 100644 --- a/charts/datadog/CHANGELOG.md +++ b/charts/datadog/CHANGELOG.md @@ -1,5 +1,9 @@ # Datadog changelog +## 3.69.3 + +* Update `datadog-crds` dependency to `1.7.2`. + ## 3.69.2 * Allow activation of autoscaling. diff --git a/charts/datadog/Chart.yaml b/charts/datadog/Chart.yaml index c4a19524f..f189e2844 100644 --- a/charts/datadog/Chart.yaml +++ b/charts/datadog/Chart.yaml @@ -1,6 +1,6 @@ apiVersion: v1 name: datadog -version: 3.69.2 +version: 3.69.3 appVersion: "7" description: Datadog Agent keywords: diff --git a/charts/datadog/README.md b/charts/datadog/README.md index bac360df1..cfad6fd18 100644 --- a/charts/datadog/README.md +++ b/charts/datadog/README.md @@ -1,6 +1,6 @@ # Datadog -![Version: 3.69.2](https://img.shields.io/badge/Version-3.69.2-informational?style=flat-square) ![AppVersion: 7](https://img.shields.io/badge/AppVersion-7-informational?style=flat-square) +![Version: 3.69.3](https://img.shields.io/badge/Version-3.69.3-informational?style=flat-square) ![AppVersion: 7](https://img.shields.io/badge/AppVersion-7-informational?style=flat-square) [Datadog](https://www.datadoghq.com/) is a hosted infrastructure monitoring platform. This chart adds the Datadog Agent to all nodes in your cluster via a DaemonSet. It also optionally depends on the [kube-state-metrics chart](https://github.com/prometheus-community/helm-charts/tree/main/charts/kube-state-metrics). For more information about monitoring Kubernetes with Datadog, please refer to the [Datadog documentation website](https://docs.datadoghq.com/agent/basic_agent_usage/kubernetes/). @@ -28,7 +28,7 @@ Kubernetes 1.10+ or OpenShift 3.10+, note that: | Repository | Name | Version | |------------|------|---------| -| https://helm.datadoghq.com | datadog-crds | 1.0.1 | +| https://helm.datadoghq.com | datadog-crds | 1.7.2 | | https://prometheus-community.github.io/helm-charts | kube-state-metrics | 2.13.2 | ## Quick start diff --git a/charts/datadog/requirements.lock b/charts/datadog/requirements.lock index 7f63989e7..87e35aad2 100644 --- a/charts/datadog/requirements.lock +++ b/charts/datadog/requirements.lock @@ -1,9 +1,9 @@ dependencies: - name: datadog-crds repository: https://helm.datadoghq.com - version: 1.0.1 + version: 1.7.2 - name: kube-state-metrics repository: https://prometheus-community.github.io/helm-charts version: 2.13.2 -digest: sha256:f80b7ec7cf479f699430a431badb997bf0f026cb8508b956d39eb37c12d39bd1 -generated: "2024-07-23T19:26:55.589909+02:00" +digest: sha256:ffe3215351a645d08a42bdb49ea28563f77f63372f4ed926e5bae5b5dc1511c6 +generated: "2024-08-02T09:23:56.854712+02:00" diff --git a/charts/datadog/requirements.yaml b/charts/datadog/requirements.yaml index 03f7076f8..a80b3b360 100644 --- a/charts/datadog/requirements.yaml +++ b/charts/datadog/requirements.yaml @@ -1,6 +1,6 @@ dependencies: - name: datadog-crds - version: 1.0.1 + version: 1.7.2 repository: https://helm.datadoghq.com condition: datadog.autoscaling.workload.enabled,clusterAgent.metricsProvider.useDatadogMetrics tags: From 3e25516a0553118f6943637f39a852be3f0ffef8 Mon Sep 17 00:00:00 2001 From: Kelly Sun <42001404+ksun154@users.noreply.github.com> Date: Fri, 2 Aug 2024 10:33:38 -0400 Subject: [PATCH 095/209] [APF-14] Bump image version and fix example config (#1474) * updates * update chart version --- charts/private-action-runner/CHANGELOG.md | 4 ++++ charts/private-action-runner/Chart.yaml | 2 +- charts/private-action-runner/README.md | 4 ++-- charts/private-action-runner/README.md.gotmpl | 2 +- charts/private-action-runner/examples/config.yaml | 2 ++ charts/private-action-runner/values.yaml | 2 +- 6 files changed, 11 insertions(+), 5 deletions(-) diff --git a/charts/private-action-runner/CHANGELOG.md b/charts/private-action-runner/CHANGELOG.md index 6d0fc4185..7b8ef17fa 100644 --- a/charts/private-action-runner/CHANGELOG.md +++ b/charts/private-action-runner/CHANGELOG.md @@ -1,5 +1,9 @@ # Datadog changelog +### 0.2.0 + +* Update private action image version to `v0.0.1-alpha24` and add port to example config. + ### 0.1.0 * Initial version diff --git a/charts/private-action-runner/Chart.yaml b/charts/private-action-runner/Chart.yaml index b7303372c..12011301c 100644 --- a/charts/private-action-runner/Chart.yaml +++ b/charts/private-action-runner/Chart.yaml @@ -3,7 +3,7 @@ name: private-action-runner description: A Helm chart to deploy the private action runner type: application -version: 0.1.0 +version: 0.2.0 appVersion: "1.22.0" keywords: - app builder diff --git a/charts/private-action-runner/README.md b/charts/private-action-runner/README.md index 871a0c003..0fc7ea9cf 100644 --- a/charts/private-action-runner/README.md +++ b/charts/private-action-runner/README.md @@ -1,6 +1,6 @@ # Datadog Private Action Runner -![Version: 0.1.0](https://img.shields.io/badge/Version-0.1.0-informational?style=flat-square) ![AppVersion: v0.0.1-alpha23](https://img.shields.io/badge/AppVersion-v0.0.1--alpha23-informational?style=flat-square) +![Version: 0.2.0](https://img.shields.io/badge/Version-0.2.0-informational?style=flat-square) ![AppVersion: v0.0.1-alpha24](https://img.shields.io/badge/AppVersion-v0.0.1--alpha24-informational?style=flat-square) This Helm Chart deploys the Datadog Private Action runner inside a Kubernetes cluster. It allows you to use private actions from the Datadog Workflow and Datadog App Builder products. When deploying this chart, you can give permissions to the runner in order to be able to run Kubernetes actions. @@ -41,7 +41,7 @@ This Helm Chart deploys the Datadog Private Action runner inside a Kubernetes cl | Key | Type | Default | Description | |-----|------|---------|-------------| -| common.image | string | `"us-east4-docker.pkg.dev/datadog-sandbox/apps-on-prem/onprem-runner:v0.0.1-alpha23"` | Current Datadog Private Action Runner image | +| common.image | string | `"us-east4-docker.pkg.dev/datadog-sandbox/apps-on-prem/onprem-runner:v0.0.1-alpha24"` | Current Datadog Private Action Runner image | | runners[0].config | object | `{"actionsAllowlist":["com.datadoghq.kubernetes.core.listPod"],"appBuilder":{"port":9016},"ddBaseURL":"https://app.datadoghq.com","modes":["workflowAutomation","appBuilder"],"privateKey":"PRIVATE_KEY_FROM_CONFIG","urn":"URN_FROM_CONFIG"}` | Configuration for the Datadog Private Action Runner | | runners[0].config.actionsAllowlist | list | `["com.datadoghq.kubernetes.core.listPod"]` | List of actions that the Datadog Private Action Runner is allowed to execute | | runners[0].config.appBuilder.port | int | `9016` | Required port for App Builder Mode | diff --git a/charts/private-action-runner/README.md.gotmpl b/charts/private-action-runner/README.md.gotmpl index 0b9484bca..2081245be 100644 --- a/charts/private-action-runner/README.md.gotmpl +++ b/charts/private-action-runner/README.md.gotmpl @@ -1,6 +1,6 @@ # Datadog Private Action Runner -![Version: 0.1.0](https://img.shields.io/badge/Version-0.1.0-informational?style=flat-square) ![AppVersion: v0.0.1-alpha23](https://img.shields.io/badge/AppVersion-v0.0.1--alpha23-informational?style=flat-square) +![Version: 0.2.0](https://img.shields.io/badge/Version-0.2.0-informational?style=flat-square) ![AppVersion: v0.0.1-alpha24](https://img.shields.io/badge/AppVersion-v0.0.1--alpha24-informational?style=flat-square) This Helm Chart deploys the Datadog Private Action runner inside a Kubernetes cluster. It allows you to use private actions from the Datadog Workflow and Datadog App Builder products. When deploying this chart, you can give permissions to the runner in order to be able to run Kubernetes actions. diff --git a/charts/private-action-runner/examples/config.yaml b/charts/private-action-runner/examples/config.yaml index dd59c8f20..a52ca147d 100644 --- a/charts/private-action-runner/examples/config.yaml +++ b/charts/private-action-runner/examples/config.yaml @@ -27,6 +27,8 @@ runners: urn: "URN_FROM_CONFIG" privateKey: "PRIVATE_KEY_FROM_CONFIG" modes: ["workflowAutomation", "appBuilder"] + appBuilder: + port: 9016 actionsAllowlist: - com.datadoghq.kubernetes.core.listPod - com.datadoghq.http.request diff --git a/charts/private-action-runner/values.yaml b/charts/private-action-runner/values.yaml index 67d7cf5cc..6b594ddee 100644 --- a/charts/private-action-runner/values.yaml +++ b/charts/private-action-runner/values.yaml @@ -4,7 +4,7 @@ common: # -- Current Datadog Private Action Runner image - image: us-east4-docker.pkg.dev/datadog-sandbox/apps-on-prem/onprem-runner:v0.0.1-alpha23 + image: us-east4-docker.pkg.dev/datadog-sandbox/apps-on-prem/onprem-runner:v0.0.1-alpha24 runners: # runners[0].name -- Name of the Datadog Private Action Runner From 815ab85248e99fdcb0161d65280c3207786f64eb Mon Sep 17 00:00:00 2001 From: Sergio Najm <169740405+SergioNajm@users.noreply.github.com> Date: Fri, 2 Aug 2024 13:15:21 -0400 Subject: [PATCH 096/209] update image version (#1475) --- charts/private-action-runner/CHANGELOG.md | 4 ++++ charts/private-action-runner/Chart.yaml | 2 +- charts/private-action-runner/README.md | 4 ++-- charts/private-action-runner/README.md.gotmpl | 2 +- charts/private-action-runner/values.yaml | 2 +- 5 files changed, 9 insertions(+), 5 deletions(-) diff --git a/charts/private-action-runner/CHANGELOG.md b/charts/private-action-runner/CHANGELOG.md index 7b8ef17fa..c77dca294 100644 --- a/charts/private-action-runner/CHANGELOG.md +++ b/charts/private-action-runner/CHANGELOG.md @@ -1,5 +1,9 @@ # Datadog changelog +### 0.3.0 + +* Update private action image version to `v0.0.1-alpha25`. + ### 0.2.0 * Update private action image version to `v0.0.1-alpha24` and add port to example config. diff --git a/charts/private-action-runner/Chart.yaml b/charts/private-action-runner/Chart.yaml index 12011301c..b7061a96a 100644 --- a/charts/private-action-runner/Chart.yaml +++ b/charts/private-action-runner/Chart.yaml @@ -3,7 +3,7 @@ name: private-action-runner description: A Helm chart to deploy the private action runner type: application -version: 0.2.0 +version: 0.3.0 appVersion: "1.22.0" keywords: - app builder diff --git a/charts/private-action-runner/README.md b/charts/private-action-runner/README.md index 0fc7ea9cf..2704156e0 100644 --- a/charts/private-action-runner/README.md +++ b/charts/private-action-runner/README.md @@ -1,6 +1,6 @@ # Datadog Private Action Runner -![Version: 0.2.0](https://img.shields.io/badge/Version-0.2.0-informational?style=flat-square) ![AppVersion: v0.0.1-alpha24](https://img.shields.io/badge/AppVersion-v0.0.1--alpha24-informational?style=flat-square) +![Version: 0.2.0](https://img.shields.io/badge/Version-0.2.0-informational?style=flat-square) ![AppVersion: v0.0.1-alpha25](https://img.shields.io/badge/AppVersion-v0.0.1--alpha25-informational?style=flat-square) This Helm Chart deploys the Datadog Private Action runner inside a Kubernetes cluster. It allows you to use private actions from the Datadog Workflow and Datadog App Builder products. When deploying this chart, you can give permissions to the runner in order to be able to run Kubernetes actions. @@ -41,7 +41,7 @@ This Helm Chart deploys the Datadog Private Action runner inside a Kubernetes cl | Key | Type | Default | Description | |-----|------|---------|-------------| -| common.image | string | `"us-east4-docker.pkg.dev/datadog-sandbox/apps-on-prem/onprem-runner:v0.0.1-alpha24"` | Current Datadog Private Action Runner image | +| common.image | string | `"us-east4-docker.pkg.dev/datadog-sandbox/apps-on-prem/onprem-runner:v0.0.1-alpha25"` | Current Datadog Private Action Runner image | | runners[0].config | object | `{"actionsAllowlist":["com.datadoghq.kubernetes.core.listPod"],"appBuilder":{"port":9016},"ddBaseURL":"https://app.datadoghq.com","modes":["workflowAutomation","appBuilder"],"privateKey":"PRIVATE_KEY_FROM_CONFIG","urn":"URN_FROM_CONFIG"}` | Configuration for the Datadog Private Action Runner | | runners[0].config.actionsAllowlist | list | `["com.datadoghq.kubernetes.core.listPod"]` | List of actions that the Datadog Private Action Runner is allowed to execute | | runners[0].config.appBuilder.port | int | `9016` | Required port for App Builder Mode | diff --git a/charts/private-action-runner/README.md.gotmpl b/charts/private-action-runner/README.md.gotmpl index 2081245be..3a0cb0cfb 100644 --- a/charts/private-action-runner/README.md.gotmpl +++ b/charts/private-action-runner/README.md.gotmpl @@ -1,6 +1,6 @@ # Datadog Private Action Runner -![Version: 0.2.0](https://img.shields.io/badge/Version-0.2.0-informational?style=flat-square) ![AppVersion: v0.0.1-alpha24](https://img.shields.io/badge/AppVersion-v0.0.1--alpha24-informational?style=flat-square) +![Version: 0.2.0](https://img.shields.io/badge/Version-0.2.0-informational?style=flat-square) ![AppVersion: v0.0.1-alpha25](https://img.shields.io/badge/AppVersion-v0.0.1--alpha25-informational?style=flat-square) This Helm Chart deploys the Datadog Private Action runner inside a Kubernetes cluster. It allows you to use private actions from the Datadog Workflow and Datadog App Builder products. When deploying this chart, you can give permissions to the runner in order to be able to run Kubernetes actions. diff --git a/charts/private-action-runner/values.yaml b/charts/private-action-runner/values.yaml index 6b594ddee..5a941d088 100644 --- a/charts/private-action-runner/values.yaml +++ b/charts/private-action-runner/values.yaml @@ -4,7 +4,7 @@ common: # -- Current Datadog Private Action Runner image - image: us-east4-docker.pkg.dev/datadog-sandbox/apps-on-prem/onprem-runner:v0.0.1-alpha24 + image: us-east4-docker.pkg.dev/datadog-sandbox/apps-on-prem/onprem-runner:v0.0.1-alpha25 runners: # runners[0].name -- Name of the Datadog Private Action Runner From 49c4abe456314466c40ae9348bf2866f2be107b1 Mon Sep 17 00:00:00 2001 From: Sergio Najm <169740405+SergioNajm@users.noreply.github.com> Date: Mon, 5 Aug 2024 10:37:12 -0400 Subject: [PATCH 097/209] updated version from 0.2.0 to 0.3.0 (#1476) --- charts/private-action-runner/README.md | 2 +- charts/private-action-runner/README.md.gotmpl | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/charts/private-action-runner/README.md b/charts/private-action-runner/README.md index 2704156e0..6e912de95 100644 --- a/charts/private-action-runner/README.md +++ b/charts/private-action-runner/README.md @@ -1,6 +1,6 @@ # Datadog Private Action Runner -![Version: 0.2.0](https://img.shields.io/badge/Version-0.2.0-informational?style=flat-square) ![AppVersion: v0.0.1-alpha25](https://img.shields.io/badge/AppVersion-v0.0.1--alpha25-informational?style=flat-square) +![Version: 0.3.0](https://img.shields.io/badge/Version-0.3.0-informational?style=flat-square) ![AppVersion: v0.0.1-alpha25](https://img.shields.io/badge/AppVersion-v0.0.1--alpha25-informational?style=flat-square) This Helm Chart deploys the Datadog Private Action runner inside a Kubernetes cluster. It allows you to use private actions from the Datadog Workflow and Datadog App Builder products. When deploying this chart, you can give permissions to the runner in order to be able to run Kubernetes actions. diff --git a/charts/private-action-runner/README.md.gotmpl b/charts/private-action-runner/README.md.gotmpl index 3a0cb0cfb..befd29375 100644 --- a/charts/private-action-runner/README.md.gotmpl +++ b/charts/private-action-runner/README.md.gotmpl @@ -1,6 +1,6 @@ # Datadog Private Action Runner -![Version: 0.2.0](https://img.shields.io/badge/Version-0.2.0-informational?style=flat-square) ![AppVersion: v0.0.1-alpha25](https://img.shields.io/badge/AppVersion-v0.0.1--alpha25-informational?style=flat-square) +![Version: 0.3.0](https://img.shields.io/badge/Version-0.3.0-informational?style=flat-square) ![AppVersion: v0.0.1-alpha25](https://img.shields.io/badge/AppVersion-v0.0.1--alpha25-informational?style=flat-square) This Helm Chart deploys the Datadog Private Action runner inside a Kubernetes cluster. It allows you to use private actions from the Datadog Workflow and Datadog App Builder products. When deploying this chart, you can give permissions to the runner in order to be able to run Kubernetes actions. From b949cce9a3fac04c1af9ca3c1a9dd7bcdfae8a22 Mon Sep 17 00:00:00 2001 From: Kelly Sun <42001404+ksun154@users.noreply.github.com> Date: Tue, 6 Aug 2024 10:26:03 -0400 Subject: [PATCH 098/209] apply patch and fixes (#1478) --- charts/private-action-runner/CHANGELOG.md | 4 ++++ charts/private-action-runner/Chart.yaml | 2 +- charts/private-action-runner/README.md | 4 ++-- charts/private-action-runner/README.md.gotmpl | 2 +- charts/private-action-runner/examples/config.yaml | 2 +- charts/private-action-runner/templates/deployment.yaml | 7 ++++--- charts/private-action-runner/templates/role.yaml | 2 +- charts/private-action-runner/templates/rolebinding.yaml | 2 +- charts/private-action-runner/templates/secrets.yaml | 2 +- charts/private-action-runner/templates/service.yaml | 2 +- charts/private-action-runner/templates/serviceaccount.yaml | 2 +- charts/private-action-runner/values.yaml | 2 +- 12 files changed, 19 insertions(+), 14 deletions(-) diff --git a/charts/private-action-runner/CHANGELOG.md b/charts/private-action-runner/CHANGELOG.md index c77dca294..0f3000a6a 100644 --- a/charts/private-action-runner/CHANGELOG.md +++ b/charts/private-action-runner/CHANGELOG.md @@ -1,5 +1,9 @@ # Datadog changelog +### 0.4.0 + +* Revert private action image version to `v0.0.1-alpha24`, apply patch to fix labels in `deployments.yaml`, and add newlines to end of all yaml files. + ### 0.3.0 * Update private action image version to `v0.0.1-alpha25`. diff --git a/charts/private-action-runner/Chart.yaml b/charts/private-action-runner/Chart.yaml index b7061a96a..17b38ed4c 100644 --- a/charts/private-action-runner/Chart.yaml +++ b/charts/private-action-runner/Chart.yaml @@ -3,7 +3,7 @@ name: private-action-runner description: A Helm chart to deploy the private action runner type: application -version: 0.3.0 +version: 0.4.0 appVersion: "1.22.0" keywords: - app builder diff --git a/charts/private-action-runner/README.md b/charts/private-action-runner/README.md index 6e912de95..762264f78 100644 --- a/charts/private-action-runner/README.md +++ b/charts/private-action-runner/README.md @@ -1,6 +1,6 @@ # Datadog Private Action Runner -![Version: 0.3.0](https://img.shields.io/badge/Version-0.3.0-informational?style=flat-square) ![AppVersion: v0.0.1-alpha25](https://img.shields.io/badge/AppVersion-v0.0.1--alpha25-informational?style=flat-square) +![Version: 0.4.0](https://img.shields.io/badge/Version-0.4.0-informational?style=flat-square) ![AppVersion: v0.0.1-alpha24](https://img.shields.io/badge/AppVersion-v0.0.1--alpha24-informational?style=flat-square) This Helm Chart deploys the Datadog Private Action runner inside a Kubernetes cluster. It allows you to use private actions from the Datadog Workflow and Datadog App Builder products. When deploying this chart, you can give permissions to the runner in order to be able to run Kubernetes actions. @@ -41,7 +41,7 @@ This Helm Chart deploys the Datadog Private Action runner inside a Kubernetes cl | Key | Type | Default | Description | |-----|------|---------|-------------| -| common.image | string | `"us-east4-docker.pkg.dev/datadog-sandbox/apps-on-prem/onprem-runner:v0.0.1-alpha25"` | Current Datadog Private Action Runner image | +| common.image | string | `"us-east4-docker.pkg.dev/datadog-sandbox/apps-on-prem/onprem-runner:v0.0.1-alpha24"` | Current Datadog Private Action Runner image | | runners[0].config | object | `{"actionsAllowlist":["com.datadoghq.kubernetes.core.listPod"],"appBuilder":{"port":9016},"ddBaseURL":"https://app.datadoghq.com","modes":["workflowAutomation","appBuilder"],"privateKey":"PRIVATE_KEY_FROM_CONFIG","urn":"URN_FROM_CONFIG"}` | Configuration for the Datadog Private Action Runner | | runners[0].config.actionsAllowlist | list | `["com.datadoghq.kubernetes.core.listPod"]` | List of actions that the Datadog Private Action Runner is allowed to execute | | runners[0].config.appBuilder.port | int | `9016` | Required port for App Builder Mode | diff --git a/charts/private-action-runner/README.md.gotmpl b/charts/private-action-runner/README.md.gotmpl index befd29375..0c668ef46 100644 --- a/charts/private-action-runner/README.md.gotmpl +++ b/charts/private-action-runner/README.md.gotmpl @@ -1,6 +1,6 @@ # Datadog Private Action Runner -![Version: 0.3.0](https://img.shields.io/badge/Version-0.3.0-informational?style=flat-square) ![AppVersion: v0.0.1-alpha25](https://img.shields.io/badge/AppVersion-v0.0.1--alpha25-informational?style=flat-square) +![Version: 0.4.0](https://img.shields.io/badge/Version-0.4.0-informational?style=flat-square) ![AppVersion: v0.0.1-alpha24](https://img.shields.io/badge/AppVersion-v0.0.1--alpha24-informational?style=flat-square) This Helm Chart deploys the Datadog Private Action runner inside a Kubernetes cluster. It allows you to use private actions from the Datadog Workflow and Datadog App Builder products. When deploying this chart, you can give permissions to the runner in order to be able to run Kubernetes actions. diff --git a/charts/private-action-runner/examples/config.yaml b/charts/private-action-runner/examples/config.yaml index a52ca147d..d3e58d25b 100644 --- a/charts/private-action-runner/examples/config.yaml +++ b/charts/private-action-runner/examples/config.yaml @@ -32,4 +32,4 @@ runners: actionsAllowlist: - com.datadoghq.kubernetes.core.listPod - com.datadoghq.http.request - - com.datadoghq.jenkins.buildJenkinsJob \ No newline at end of file + - com.datadoghq.jenkins.buildJenkinsJob diff --git a/charts/private-action-runner/templates/deployment.yaml b/charts/private-action-runner/templates/deployment.yaml index 1d90e8e37..1c6a2aaaf 100644 --- a/charts/private-action-runner/templates/deployment.yaml +++ b/charts/private-action-runner/templates/deployment.yaml @@ -6,18 +6,19 @@ metadata: name: {{ include "chart.deploymentName" $runner.name }} namespace: {{ $.Release.Namespace }} labels: - service: {{ include "chart.deploymentName" $runner.name }} + service: {{ include "chart.serviceName" $runner.name }} app: {{ include "chart.deploymentName" $runner.name }} spec: minReadySeconds: 10 replicas: {{ $runner.replicas }} selector: matchLabels: - service: {{ include "chart.deploymentName" $runner.name }} + app: {{ include "chart.deploymentName" $runner.name }} template: metadata: labels: - service: {{ include "chart.deploymentName" $runner.name }} + app: {{ include "chart.deploymentName" $runner.name }} + service: {{ include "chart.serviceName" $runner.name }} annotations: config-hash: {{ $runner.config | toJson | sha256sum }} spec: diff --git a/charts/private-action-runner/templates/role.yaml b/charts/private-action-runner/templates/role.yaml index 33aebe741..a32f58e8f 100644 --- a/charts/private-action-runner/templates/role.yaml +++ b/charts/private-action-runner/templates/role.yaml @@ -6,4 +6,4 @@ metadata: namespace: {{ $.Release.Namespace }} name: {{ include "chart.roleName" $runner.name }} rules: {{ $runner.kubernetesPermissions | toJson }} -{{- end }} \ No newline at end of file +{{- end }} diff --git a/charts/private-action-runner/templates/rolebinding.yaml b/charts/private-action-runner/templates/rolebinding.yaml index 380dad8e5..213e421a2 100644 --- a/charts/private-action-runner/templates/rolebinding.yaml +++ b/charts/private-action-runner/templates/rolebinding.yaml @@ -13,4 +13,4 @@ subjects: - kind: ServiceAccount name: {{ include "chart.serviceAccountName" $runner.name }} namespace: {{ $.Release.Namespace }} -{{- end }} \ No newline at end of file +{{- end }} diff --git a/charts/private-action-runner/templates/secrets.yaml b/charts/private-action-runner/templates/secrets.yaml index bf38ba52b..ed3eb8fb8 100644 --- a/charts/private-action-runner/templates/secrets.yaml +++ b/charts/private-action-runner/templates/secrets.yaml @@ -20,4 +20,4 @@ stringData: {{- range $action := $runner.config.actionsAllowlist }} - {{ $action }} {{- end }} -{{- end }} \ No newline at end of file +{{- end }} diff --git a/charts/private-action-runner/templates/service.yaml b/charts/private-action-runner/templates/service.yaml index fc1e4e189..27d69cbb2 100644 --- a/charts/private-action-runner/templates/service.yaml +++ b/charts/private-action-runner/templates/service.yaml @@ -12,4 +12,4 @@ spec: - name: http port: 9016 targetPort: 9016 -{{- end }} \ No newline at end of file +{{- end }} diff --git a/charts/private-action-runner/templates/serviceaccount.yaml b/charts/private-action-runner/templates/serviceaccount.yaml index d42eab1e5..4b66d43f1 100644 --- a/charts/private-action-runner/templates/serviceaccount.yaml +++ b/charts/private-action-runner/templates/serviceaccount.yaml @@ -5,4 +5,4 @@ kind: ServiceAccount metadata: name: {{ include "chart.serviceAccountName" $runner.name }} namespace: {{ $.Release.Namespace }} -{{- end }} \ No newline at end of file +{{- end }} diff --git a/charts/private-action-runner/values.yaml b/charts/private-action-runner/values.yaml index 5a941d088..6b594ddee 100644 --- a/charts/private-action-runner/values.yaml +++ b/charts/private-action-runner/values.yaml @@ -4,7 +4,7 @@ common: # -- Current Datadog Private Action Runner image - image: us-east4-docker.pkg.dev/datadog-sandbox/apps-on-prem/onprem-runner:v0.0.1-alpha25 + image: us-east4-docker.pkg.dev/datadog-sandbox/apps-on-prem/onprem-runner:v0.0.1-alpha24 runners: # runners[0].name -- Name of the Datadog Private Action Runner From 11ecc0be05e68004acbeb4462582212bc623881e Mon Sep 17 00:00:00 2001 From: Sergio Najm <169740405+SergioNajm@users.noreply.github.com> Date: Wed, 7 Aug 2024 09:52:26 -0400 Subject: [PATCH 099/209] bumped runner version to alpha26 (#1479) --- charts/private-action-runner/CHANGELOG.md | 4 ++++ charts/private-action-runner/Chart.yaml | 2 +- charts/private-action-runner/README.md | 4 ++-- charts/private-action-runner/README.md.gotmpl | 2 +- charts/private-action-runner/values.yaml | 2 +- 5 files changed, 9 insertions(+), 5 deletions(-) diff --git a/charts/private-action-runner/CHANGELOG.md b/charts/private-action-runner/CHANGELOG.md index 0f3000a6a..0c31dd9ac 100644 --- a/charts/private-action-runner/CHANGELOG.md +++ b/charts/private-action-runner/CHANGELOG.md @@ -1,5 +1,9 @@ # Datadog changelog +### 0.5.0 + +* Update private action image version to `v0.0.1-alpha26`. + ### 0.4.0 * Revert private action image version to `v0.0.1-alpha24`, apply patch to fix labels in `deployments.yaml`, and add newlines to end of all yaml files. diff --git a/charts/private-action-runner/Chart.yaml b/charts/private-action-runner/Chart.yaml index 17b38ed4c..3a39d1ad5 100644 --- a/charts/private-action-runner/Chart.yaml +++ b/charts/private-action-runner/Chart.yaml @@ -3,7 +3,7 @@ name: private-action-runner description: A Helm chart to deploy the private action runner type: application -version: 0.4.0 +version: 0.5.0 appVersion: "1.22.0" keywords: - app builder diff --git a/charts/private-action-runner/README.md b/charts/private-action-runner/README.md index 762264f78..cb91f4551 100644 --- a/charts/private-action-runner/README.md +++ b/charts/private-action-runner/README.md @@ -1,6 +1,6 @@ # Datadog Private Action Runner -![Version: 0.4.0](https://img.shields.io/badge/Version-0.4.0-informational?style=flat-square) ![AppVersion: v0.0.1-alpha24](https://img.shields.io/badge/AppVersion-v0.0.1--alpha24-informational?style=flat-square) +![Version: 0.5.0](https://img.shields.io/badge/Version-0.5.0-informational?style=flat-square) ![AppVersion: v0.0.1-alpha26](https://img.shields.io/badge/AppVersion-v0.0.1--alpha26-informational?style=flat-square) This Helm Chart deploys the Datadog Private Action runner inside a Kubernetes cluster. It allows you to use private actions from the Datadog Workflow and Datadog App Builder products. When deploying this chart, you can give permissions to the runner in order to be able to run Kubernetes actions. @@ -41,7 +41,7 @@ This Helm Chart deploys the Datadog Private Action runner inside a Kubernetes cl | Key | Type | Default | Description | |-----|------|---------|-------------| -| common.image | string | `"us-east4-docker.pkg.dev/datadog-sandbox/apps-on-prem/onprem-runner:v0.0.1-alpha24"` | Current Datadog Private Action Runner image | +| common.image | string | `"us-east4-docker.pkg.dev/datadog-sandbox/apps-on-prem/onprem-runner:v0.0.1-alpha26"` | Current Datadog Private Action Runner image | | runners[0].config | object | `{"actionsAllowlist":["com.datadoghq.kubernetes.core.listPod"],"appBuilder":{"port":9016},"ddBaseURL":"https://app.datadoghq.com","modes":["workflowAutomation","appBuilder"],"privateKey":"PRIVATE_KEY_FROM_CONFIG","urn":"URN_FROM_CONFIG"}` | Configuration for the Datadog Private Action Runner | | runners[0].config.actionsAllowlist | list | `["com.datadoghq.kubernetes.core.listPod"]` | List of actions that the Datadog Private Action Runner is allowed to execute | | runners[0].config.appBuilder.port | int | `9016` | Required port for App Builder Mode | diff --git a/charts/private-action-runner/README.md.gotmpl b/charts/private-action-runner/README.md.gotmpl index 0c668ef46..2316581ff 100644 --- a/charts/private-action-runner/README.md.gotmpl +++ b/charts/private-action-runner/README.md.gotmpl @@ -1,6 +1,6 @@ # Datadog Private Action Runner -![Version: 0.4.0](https://img.shields.io/badge/Version-0.4.0-informational?style=flat-square) ![AppVersion: v0.0.1-alpha24](https://img.shields.io/badge/AppVersion-v0.0.1--alpha24-informational?style=flat-square) +![Version: 0.5.0](https://img.shields.io/badge/Version-0.5.0-informational?style=flat-square) ![AppVersion: v0.0.1-alpha26](https://img.shields.io/badge/AppVersion-v0.0.1--alpha26-informational?style=flat-square) This Helm Chart deploys the Datadog Private Action runner inside a Kubernetes cluster. It allows you to use private actions from the Datadog Workflow and Datadog App Builder products. When deploying this chart, you can give permissions to the runner in order to be able to run Kubernetes actions. diff --git a/charts/private-action-runner/values.yaml b/charts/private-action-runner/values.yaml index 6b594ddee..aa9847a55 100644 --- a/charts/private-action-runner/values.yaml +++ b/charts/private-action-runner/values.yaml @@ -4,7 +4,7 @@ common: # -- Current Datadog Private Action Runner image - image: us-east4-docker.pkg.dev/datadog-sandbox/apps-on-prem/onprem-runner:v0.0.1-alpha24 + image: us-east4-docker.pkg.dev/datadog-sandbox/apps-on-prem/onprem-runner:v0.0.1-alpha26 runners: # runners[0].name -- Name of the Datadog Private Action Runner From 303ac588ad61e4a9199b9a7fdfa0c5c36ce50bfc Mon Sep 17 00:00:00 2001 From: Ilya Rubnich Date: Wed, 7 Aug 2024 16:37:24 -0400 Subject: [PATCH 100/209] bump PAR to alpha27 (#1482) --- charts/private-action-runner/CHANGELOG.md | 4 ++++ charts/private-action-runner/Chart.yaml | 2 +- charts/private-action-runner/README.md | 6 +++--- charts/private-action-runner/README.md.gotmpl | 4 ++-- charts/private-action-runner/values.yaml | 2 +- 5 files changed, 11 insertions(+), 7 deletions(-) diff --git a/charts/private-action-runner/CHANGELOG.md b/charts/private-action-runner/CHANGELOG.md index 0c31dd9ac..6d0885a6d 100644 --- a/charts/private-action-runner/CHANGELOG.md +++ b/charts/private-action-runner/CHANGELOG.md @@ -1,5 +1,9 @@ # Datadog changelog +### 0.6.0 + +* Update private action image version to `v0.0.1-alpha27`. + ### 0.5.0 * Update private action image version to `v0.0.1-alpha26`. diff --git a/charts/private-action-runner/Chart.yaml b/charts/private-action-runner/Chart.yaml index 3a39d1ad5..6698d7a62 100644 --- a/charts/private-action-runner/Chart.yaml +++ b/charts/private-action-runner/Chart.yaml @@ -3,7 +3,7 @@ name: private-action-runner description: A Helm chart to deploy the private action runner type: application -version: 0.5.0 +version: 0.6.0 appVersion: "1.22.0" keywords: - app builder diff --git a/charts/private-action-runner/README.md b/charts/private-action-runner/README.md index cb91f4551..6b42b1ef5 100644 --- a/charts/private-action-runner/README.md +++ b/charts/private-action-runner/README.md @@ -1,6 +1,6 @@ # Datadog Private Action Runner -![Version: 0.5.0](https://img.shields.io/badge/Version-0.5.0-informational?style=flat-square) ![AppVersion: v0.0.1-alpha26](https://img.shields.io/badge/AppVersion-v0.0.1--alpha26-informational?style=flat-square) +![Version: 0.6.0](https://img.shields.io/badge/Version-0.6.0-informational?style=flat-square) ![AppVersion: v0.0.1-alpha27](https://img.shields.io/badge/AppVersion-v0.0.1--alpha27-informational?style=flat-square) This Helm Chart deploys the Datadog Private Action runner inside a Kubernetes cluster. It allows you to use private actions from the Datadog Workflow and Datadog App Builder products. When deploying this chart, you can give permissions to the runner in order to be able to run Kubernetes actions. @@ -41,7 +41,7 @@ This Helm Chart deploys the Datadog Private Action runner inside a Kubernetes cl | Key | Type | Default | Description | |-----|------|---------|-------------| -| common.image | string | `"us-east4-docker.pkg.dev/datadog-sandbox/apps-on-prem/onprem-runner:v0.0.1-alpha26"` | Current Datadog Private Action Runner image | +| common.image | string | `"us-east4-docker.pkg.dev/datadog-sandbox/apps-on-prem/onprem-runner:v0.0.1-alpha27"` | Current Datadog Private Action Runner image | | runners[0].config | object | `{"actionsAllowlist":["com.datadoghq.kubernetes.core.listPod"],"appBuilder":{"port":9016},"ddBaseURL":"https://app.datadoghq.com","modes":["workflowAutomation","appBuilder"],"privateKey":"PRIVATE_KEY_FROM_CONFIG","urn":"URN_FROM_CONFIG"}` | Configuration for the Datadog Private Action Runner | | runners[0].config.actionsAllowlist | list | `["com.datadoghq.kubernetes.core.listPod"]` | List of actions that the Datadog Private Action Runner is allowed to execute | | runners[0].config.appBuilder.port | int | `9016` | Required port for App Builder Mode | @@ -51,4 +51,4 @@ This Helm Chart deploys the Datadog Private Action runner inside a Kubernetes cl | runners[0].config.urn | string | `"URN_FROM_CONFIG"` | The runner's URN from the enrollment page | | runners[0].kubernetesPermissions | list | `[{"apiGroups":[""],"resources":["pods"],"verbs":["list","get"]},{"apiGroups":["apps"],"resources":["deployments"],"verbs":["list","get"]}]` | List of Kubernetes permissions that the Datadog Private Action Runner has | | runners[0].name | string | `"default"` | Name of the Datadog Private Action Runner | -| runners[0].replicas | int | `1` | Number of pod instances for the Datadog Private Action Runner | \ No newline at end of file +| runners[0].replicas | int | `1` | Number of pod instances for the Datadog Private Action Runner | diff --git a/charts/private-action-runner/README.md.gotmpl b/charts/private-action-runner/README.md.gotmpl index 2316581ff..94948c775 100644 --- a/charts/private-action-runner/README.md.gotmpl +++ b/charts/private-action-runner/README.md.gotmpl @@ -1,6 +1,6 @@ # Datadog Private Action Runner -![Version: 0.5.0](https://img.shields.io/badge/Version-0.5.0-informational?style=flat-square) ![AppVersion: v0.0.1-alpha26](https://img.shields.io/badge/AppVersion-v0.0.1--alpha26-informational?style=flat-square) +![Version: 0.6.0](https://img.shields.io/badge/Version-0.6.0-informational?style=flat-square) ![AppVersion: v0.0.1-alpha27](https://img.shields.io/badge/AppVersion-v0.0.1--alpha27-informational?style=flat-square) This Helm Chart deploys the Datadog Private Action runner inside a Kubernetes cluster. It allows you to use private actions from the Datadog Workflow and Datadog App Builder products. When deploying this chart, you can give permissions to the runner in order to be able to run Kubernetes actions. @@ -37,4 +37,4 @@ This Helm Chart deploys the Datadog Private Action runner inside a Kubernetes cl * Deploy several runners with different permissions or create different connections according to your needs. * Learn more about [Private actions](https://docs.datadoghq.com/service_management/app_builder/private_actions). -{{ template "chart.valuesSection" . }} \ No newline at end of file +{{ template "chart.valuesSection" . }} diff --git a/charts/private-action-runner/values.yaml b/charts/private-action-runner/values.yaml index aa9847a55..c881a0e63 100644 --- a/charts/private-action-runner/values.yaml +++ b/charts/private-action-runner/values.yaml @@ -4,7 +4,7 @@ common: # -- Current Datadog Private Action Runner image - image: us-east4-docker.pkg.dev/datadog-sandbox/apps-on-prem/onprem-runner:v0.0.1-alpha26 + image: us-east4-docker.pkg.dev/datadog-sandbox/apps-on-prem/onprem-runner:v0.0.1-alpha27 runners: # runners[0].name -- Name of the Datadog Private Action Runner From ab49c85613c63bd974199ae90342f90c5c33888f Mon Sep 17 00:00:00 2001 From: Kelly Sun <42001404+ksun154@users.noreply.github.com> Date: Thu, 15 Aug 2024 12:41:15 -0400 Subject: [PATCH 101/209] [APF-14] Update chart instructions to reflect new UI and split image value (#1484) * update README * update PR labeler * add to merge queue config * break up image in values * fix * doc gen * section k8s actions * add connection credential directions and fix port bug * format * ^ * copy edits * more edits * ^ * fix readonly * use initContainers * fix * remove subpath * Revert "remove subpath" This reverts commits making fs readonly * copy change --- .github/workflows/labeler/labels.yaml | 4 + charts/private-action-runner/CHANGELOG.md | 4 + charts/private-action-runner/Chart.yaml | 2 +- charts/private-action-runner/README.md | 108 ++++++++++++++---- charts/private-action-runner/README.md.gotmpl | 106 +++++++++++++---- .../templates/deployment.yaml | 2 +- .../templates/secrets.yaml | 2 + charts/private-action-runner/values.yaml | 4 +- repository.datadog.yml | 1 + 9 files changed, 181 insertions(+), 52 deletions(-) diff --git a/.github/workflows/labeler/labels.yaml b/.github/workflows/labeler/labels.yaml index e520ab3d1..b5250ad26 100644 --- a/.github/workflows/labeler/labels.yaml +++ b/.github/workflows/labeler/labels.yaml @@ -27,6 +27,10 @@ chart/synthetics-private-location: - changed-files: - any-glob-to-any-file: "charts/synthetics-private-location/**" +chart/private-action-runner: + - changed-files: + - any-glob-to-any-file: "charts/private-action-runner/**" + tools/tests: - changed-files: - any-glob-to-any-file: "tests/**" diff --git a/charts/private-action-runner/CHANGELOG.md b/charts/private-action-runner/CHANGELOG.md index 6d0885a6d..fd2ae1e75 100644 --- a/charts/private-action-runner/CHANGELOG.md +++ b/charts/private-action-runner/CHANGELOG.md @@ -1,5 +1,9 @@ # Datadog changelog +### 0.7.0 + +* Simplify README instructions to reflect the new Kubernetes UI. Split image value to be consistent with other charts. Fix bug requiring port for Workflow mode. + ### 0.6.0 * Update private action image version to `v0.0.1-alpha27`. diff --git a/charts/private-action-runner/Chart.yaml b/charts/private-action-runner/Chart.yaml index 6698d7a62..5a3cefd92 100644 --- a/charts/private-action-runner/Chart.yaml +++ b/charts/private-action-runner/Chart.yaml @@ -3,7 +3,7 @@ name: private-action-runner description: A Helm chart to deploy the private action runner type: application -version: 0.6.0 +version: 0.7.0 appVersion: "1.22.0" keywords: - app builder diff --git a/charts/private-action-runner/README.md b/charts/private-action-runner/README.md index 6b42b1ef5..c0786249a 100644 --- a/charts/private-action-runner/README.md +++ b/charts/private-action-runner/README.md @@ -1,36 +1,94 @@ # Datadog Private Action Runner -![Version: 0.6.0](https://img.shields.io/badge/Version-0.6.0-informational?style=flat-square) ![AppVersion: v0.0.1-alpha27](https://img.shields.io/badge/AppVersion-v0.0.1--alpha27-informational?style=flat-square) +![Version: 0.7.0](https://img.shields.io/badge/Version-0.7.0-informational?style=flat-square) ![AppVersion: v0.0.1-alpha27](https://img.shields.io/badge/AppVersion-v0.0.1--alpha27-informational?style=flat-square) This Helm Chart deploys the Datadog Private Action runner inside a Kubernetes cluster. It allows you to use private actions from the Datadog Workflow and Datadog App Builder products. When deploying this chart, you can give permissions to the runner in order to be able to run Kubernetes actions. +## How to use Datadog Helm repository + +You need to add this repository to your Helm repositories: + +``` +helm repo add datadog https://helm.datadoghq.com +helm repo update +``` + ## Requirements -* A Datadog account with private actions enabled -* The `kubectl` cli -* Helm -* Sufficient permissions to the Kubernetes cluster +* `kubectl` CLI is installed on my machine +* Helm is installed on my machine +* The permissions of my Kubernetes environment allow the Datadog Private Action Runner to read and write using a Kubernetes service account ## Use this chart +1. Go to the [Private Action Runner tab](https://app.datadoghq.com/workflow/private-action-runners). +2. Create a new Private Action Runner and follow the instructions for Kubernetes. + +## Use this chart with connection credentials +1. Go to the [Private Action Runner tab](https://app.datadoghq.com/workflow/private-action-runners). +2. Set up a new Private Action runner by following the Kubernetes instructions. When you reach step 4, instead of running `helm install`, make the following changes to the Helm chart. +3. Download the chart locally. +```bash +helm pull datadog/private-action-runner --untar +``` +4. Add connection credential json file to `templates/secrets.yaml` in the format corresponding to the credential and action types you want to use. + +HTTP Basic Auth: +``` +{ + auth_type: 'Basic Auth', + credentials: [ + { + username: 'USERNAME', + password: 'PASSWORD', + }, + ], +} +``` +HTTP Token Auth: +``` +{ + auth_type: 'Token Auth', + credentials: [ + { + tokenName: 'TOKEN1', + tokenValue: 'VALUE1', + }, + ], +} +``` +Jenkins: +``` +{ + auth_type: 'Token Auth', + credentials: [ + { + username: 'USERNAME', + token: 'TOKEN', + domain: 'DOMAIN', + }, + ], +} +``` +Postgres: +``` +{ + auth_type: 'Token Auth', + credentials: [ + { + tokenName: 'connectionUri', + tokenValue: 'postgres://usr:password@example_host:5432/example_db', + }, + ], +} +``` +5. Install the chart. +```bash +helm install ./private-action-runner -f ./config.yaml +``` -1. Go to the [private action runner tab](https://app.datadoghq.com/workflow/private-action-runners). -2. Create a new private action runner. -3. Follow the instructions. You now have a running docker container and `config/config.yaml` file. -4. Stop the docker container (`docker stop ` or `docker compose stop`). -5. Create a `config.yaml` file with the appropriate values. An example `config.yaml` file is provided in the `examples` directory for you to copy. - * Replace the `URN_FROM_CONFIG` and the `PRIVATE_KEY_FROM_CONFIG` in the example file with with the `urn` and the `privateKey` from the `config/config.yaml` of the docker container. - * You can reconfigure other values or use the defaults in the example. -6. Add this repository to your Helm repositories: - ``` - helm repo add datadog https://helm.datadoghq.com - helm repo update - ``` -7. Install the Helm chart: - ```bash - helm install datadog/private-action-runner -f ./config.yaml - ``` -8. Go to the [Workflow connections page](https://app.datadoghq.com/workflow/connections). -9. Create a new connection, select your private action runner, and use **Service account authentication**. -10. Create a new workflow and use a Kubernetes action like **List pod** or **List deployment**. +## To use Kubernetes actions +1. Go to the [Workflow connections page](https://app.datadoghq.com/workflow/connections). +2. Create a new connection, select your private action runner, and use **Service account authentication**. +3. Create a new workflow and use a Kubernetes action like **List pod** or **List deployment**. ## Going further * Adjust the service account permissions according to your needs. Learn more about [Kubernetes RBAC](https://kubernetes.io/docs/reference/access-authn-authz/rbac). @@ -41,7 +99,7 @@ This Helm Chart deploys the Datadog Private Action runner inside a Kubernetes cl | Key | Type | Default | Description | |-----|------|---------|-------------| -| common.image | string | `"us-east4-docker.pkg.dev/datadog-sandbox/apps-on-prem/onprem-runner:v0.0.1-alpha27"` | Current Datadog Private Action Runner image | +| common.image | object | `{"repository":"us-east4-docker.pkg.dev/datadog-sandbox/apps-on-prem/onprem-runner","tag":"v0.0.1-alpha27"}` | Current Datadog Private Action Runner image | | runners[0].config | object | `{"actionsAllowlist":["com.datadoghq.kubernetes.core.listPod"],"appBuilder":{"port":9016},"ddBaseURL":"https://app.datadoghq.com","modes":["workflowAutomation","appBuilder"],"privateKey":"PRIVATE_KEY_FROM_CONFIG","urn":"URN_FROM_CONFIG"}` | Configuration for the Datadog Private Action Runner | | runners[0].config.actionsAllowlist | list | `["com.datadoghq.kubernetes.core.listPod"]` | List of actions that the Datadog Private Action Runner is allowed to execute | | runners[0].config.appBuilder.port | int | `9016` | Required port for App Builder Mode | diff --git a/charts/private-action-runner/README.md.gotmpl b/charts/private-action-runner/README.md.gotmpl index 94948c775..cc5bde9cd 100644 --- a/charts/private-action-runner/README.md.gotmpl +++ b/charts/private-action-runner/README.md.gotmpl @@ -1,36 +1,94 @@ # Datadog Private Action Runner -![Version: 0.6.0](https://img.shields.io/badge/Version-0.6.0-informational?style=flat-square) ![AppVersion: v0.0.1-alpha27](https://img.shields.io/badge/AppVersion-v0.0.1--alpha27-informational?style=flat-square) +![Version: 0.7.0](https://img.shields.io/badge/Version-0.7.0-informational?style=flat-square) ![AppVersion: v0.0.1-alpha27](https://img.shields.io/badge/AppVersion-v0.0.1--alpha27-informational?style=flat-square) This Helm Chart deploys the Datadog Private Action runner inside a Kubernetes cluster. It allows you to use private actions from the Datadog Workflow and Datadog App Builder products. When deploying this chart, you can give permissions to the runner in order to be able to run Kubernetes actions. +## How to use Datadog Helm repository + +You need to add this repository to your Helm repositories: + +``` +helm repo add datadog https://helm.datadoghq.com +helm repo update +``` + ## Requirements -* A Datadog account with private actions enabled -* The `kubectl` cli -* Helm -* Sufficient permissions to the Kubernetes cluster +* `kubectl` CLI is installed on my machine +* Helm is installed on my machine +* The permissions of my Kubernetes environment allow the Datadog Private Action Runner to read and write using a Kubernetes service account ## Use this chart +1. Go to the [Private Action Runner tab](https://app.datadoghq.com/workflow/private-action-runners). +2. Create a new Private Action Runner and follow the instructions for Kubernetes. + +## Use this chart with connection credentials +1. Go to the [Private Action Runner tab](https://app.datadoghq.com/workflow/private-action-runners). +2. Set up a new Private Action runner by following the Kubernetes instructions. When you reach step 4, instead of running `helm install`, make the following changes to the Helm chart. +3. Download the chart locally. +```bash +helm pull datadog/private-action-runner --untar +``` +4. Add connection credential json file to `templates/secrets.yaml` in the format corresponding to the credential and action types you want to use. + +HTTP Basic Auth: +``` +{ + auth_type: 'Basic Auth', + credentials: [ + { + username: 'USERNAME', + password: 'PASSWORD', + }, + ], +} +``` +HTTP Token Auth: +``` +{ + auth_type: 'Token Auth', + credentials: [ + { + tokenName: 'TOKEN1', + tokenValue: 'VALUE1', + }, + ], +} +``` +Jenkins: +``` +{ + auth_type: 'Token Auth', + credentials: [ + { + username: 'USERNAME', + token: 'TOKEN', + domain: 'DOMAIN', + }, + ], +} +``` +Postgres: +``` +{ + auth_type: 'Token Auth', + credentials: [ + { + tokenName: 'connectionUri', + tokenValue: 'postgres://usr:password@example_host:5432/example_db', + }, + ], +} +``` +5. Install the chart. +```bash +helm install ./private-action-runner -f ./config.yaml +``` -1. Go to the [private action runner tab](https://app.datadoghq.com/workflow/private-action-runners). -2. Create a new private action runner. -3. Follow the instructions. You now have a running docker container and `config/config.yaml` file. -4. Stop the docker container (`docker stop ` or `docker compose stop`). -5. Create a `config.yaml` file with the appropriate values. An example `config.yaml` file is provided in the `examples` directory for you to copy. - * Replace the `URN_FROM_CONFIG` and the `PRIVATE_KEY_FROM_CONFIG` in the example file with with the `urn` and the `privateKey` from the `config/config.yaml` of the docker container. - * You can reconfigure other values or use the defaults in the example. -6. Add this repository to your Helm repositories: - ``` - helm repo add datadog https://helm.datadoghq.com - helm repo update - ``` -7. Install the Helm chart: - ```bash - helm install datadog/private-action-runner -f ./config.yaml - ``` -8. Go to the [Workflow connections page](https://app.datadoghq.com/workflow/connections). -9. Create a new connection, select your private action runner, and use **Service account authentication**. -10. Create a new workflow and use a Kubernetes action like **List pod** or **List deployment**. +## To use Kubernetes actions +1. Go to the [Workflow connections page](https://app.datadoghq.com/workflow/connections). +2. Create a new connection, select your private action runner, and use **Service account authentication**. +3. Create a new workflow and use a Kubernetes action like **List pod** or **List deployment**. ## Going further * Adjust the service account permissions according to your needs. Learn more about [Kubernetes RBAC](https://kubernetes.io/docs/reference/access-authn-authz/rbac). diff --git a/charts/private-action-runner/templates/deployment.yaml b/charts/private-action-runner/templates/deployment.yaml index 1c6a2aaaf..ea6583cef 100644 --- a/charts/private-action-runner/templates/deployment.yaml +++ b/charts/private-action-runner/templates/deployment.yaml @@ -30,7 +30,7 @@ spec: value: nodeless containers: - name: runner - image: {{ $.Values.common.image }} + image: "{{ $.Values.common.image.repository }}:{{ $.Values.common.image.tag }}" imagePullPolicy: IfNotPresent ports: - name: http diff --git a/charts/private-action-runner/templates/secrets.yaml b/charts/private-action-runner/templates/secrets.yaml index ed3eb8fb8..4b85b102b 100644 --- a/charts/private-action-runner/templates/secrets.yaml +++ b/charts/private-action-runner/templates/secrets.yaml @@ -14,8 +14,10 @@ stringData: {{- range $mode := $runner.config.modes }} - {{ $mode }} {{- end }} + {{- if $runner.config.appBuilder }} appBuilder: port: {{ $runner.config.appBuilder.port }} + {{- end }} actionsAllowlist: {{- range $action := $runner.config.actionsAllowlist }} - {{ $action }} diff --git a/charts/private-action-runner/values.yaml b/charts/private-action-runner/values.yaml index c881a0e63..e90291811 100644 --- a/charts/private-action-runner/values.yaml +++ b/charts/private-action-runner/values.yaml @@ -4,7 +4,9 @@ common: # -- Current Datadog Private Action Runner image - image: us-east4-docker.pkg.dev/datadog-sandbox/apps-on-prem/onprem-runner:v0.0.1-alpha27 + image: + repository: us-east4-docker.pkg.dev/datadog-sandbox/apps-on-prem/onprem-runner + tag: v0.0.1-alpha27 runners: # runners[0].name -- Name of the Datadog Private Action Runner diff --git a/repository.datadog.yml b/repository.datadog.yml index ddd5aaca6..b49e10d17 100644 --- a/repository.datadog.yml +++ b/repository.datadog.yml @@ -3,6 +3,7 @@ schema-version: v1 kind: mergequeue gitlab_check_enable: false github_teams_restrictions: + - action-platform - agent-all - container-app - container-ecosystems From db2b99aa625ccd08e75a8ff4bf287d360c97349e Mon Sep 17 00:00:00 2001 From: Kelly Sun <42001404+ksun154@users.noreply.github.com> Date: Fri, 16 Aug 2024 14:13:53 -0400 Subject: [PATCH 102/209] [APF-14] Send MANAGED_BY environment variable (#1492) * add variable * bump chart version * change var name * bump version * bump runner image --- charts/private-action-runner/CHANGELOG.md | 4 ++++ charts/private-action-runner/Chart.yaml | 2 +- charts/private-action-runner/README.md | 4 ++-- charts/private-action-runner/README.md.gotmpl | 2 +- charts/private-action-runner/templates/deployment.yaml | 2 ++ charts/private-action-runner/values.yaml | 2 +- 6 files changed, 11 insertions(+), 5 deletions(-) diff --git a/charts/private-action-runner/CHANGELOG.md b/charts/private-action-runner/CHANGELOG.md index fd2ae1e75..8867e61e1 100644 --- a/charts/private-action-runner/CHANGELOG.md +++ b/charts/private-action-runner/CHANGELOG.md @@ -1,5 +1,9 @@ # Datadog changelog +### 0.8.0 + +* Send MANAGED_BY environment variable to container. Update private action image version to `v0.0.1-alpha28`. + ### 0.7.0 * Simplify README instructions to reflect the new Kubernetes UI. Split image value to be consistent with other charts. Fix bug requiring port for Workflow mode. diff --git a/charts/private-action-runner/Chart.yaml b/charts/private-action-runner/Chart.yaml index 5a3cefd92..39c06eaa1 100644 --- a/charts/private-action-runner/Chart.yaml +++ b/charts/private-action-runner/Chart.yaml @@ -3,7 +3,7 @@ name: private-action-runner description: A Helm chart to deploy the private action runner type: application -version: 0.7.0 +version: 0.8.0 appVersion: "1.22.0" keywords: - app builder diff --git a/charts/private-action-runner/README.md b/charts/private-action-runner/README.md index c0786249a..c6ac82999 100644 --- a/charts/private-action-runner/README.md +++ b/charts/private-action-runner/README.md @@ -1,6 +1,6 @@ # Datadog Private Action Runner -![Version: 0.7.0](https://img.shields.io/badge/Version-0.7.0-informational?style=flat-square) ![AppVersion: v0.0.1-alpha27](https://img.shields.io/badge/AppVersion-v0.0.1--alpha27-informational?style=flat-square) +![Version: 0.8.0](https://img.shields.io/badge/Version-0.8.0-informational?style=flat-square) ![AppVersion: v0.0.1-alpha28](https://img.shields.io/badge/AppVersion-v0.0.1--alpha28-informational?style=flat-square) This Helm Chart deploys the Datadog Private Action runner inside a Kubernetes cluster. It allows you to use private actions from the Datadog Workflow and Datadog App Builder products. When deploying this chart, you can give permissions to the runner in order to be able to run Kubernetes actions. @@ -99,7 +99,7 @@ helm install ./private-action-runner -f ./config.yaml | Key | Type | Default | Description | |-----|------|---------|-------------| -| common.image | object | `{"repository":"us-east4-docker.pkg.dev/datadog-sandbox/apps-on-prem/onprem-runner","tag":"v0.0.1-alpha27"}` | Current Datadog Private Action Runner image | +| common.image | object | `{"repository":"us-east4-docker.pkg.dev/datadog-sandbox/apps-on-prem/onprem-runner","tag":"v0.0.1-alpha28"}` | Current Datadog Private Action Runner image | | runners[0].config | object | `{"actionsAllowlist":["com.datadoghq.kubernetes.core.listPod"],"appBuilder":{"port":9016},"ddBaseURL":"https://app.datadoghq.com","modes":["workflowAutomation","appBuilder"],"privateKey":"PRIVATE_KEY_FROM_CONFIG","urn":"URN_FROM_CONFIG"}` | Configuration for the Datadog Private Action Runner | | runners[0].config.actionsAllowlist | list | `["com.datadoghq.kubernetes.core.listPod"]` | List of actions that the Datadog Private Action Runner is allowed to execute | | runners[0].config.appBuilder.port | int | `9016` | Required port for App Builder Mode | diff --git a/charts/private-action-runner/README.md.gotmpl b/charts/private-action-runner/README.md.gotmpl index cc5bde9cd..aab9b83f9 100644 --- a/charts/private-action-runner/README.md.gotmpl +++ b/charts/private-action-runner/README.md.gotmpl @@ -1,6 +1,6 @@ # Datadog Private Action Runner -![Version: 0.7.0](https://img.shields.io/badge/Version-0.7.0-informational?style=flat-square) ![AppVersion: v0.0.1-alpha27](https://img.shields.io/badge/AppVersion-v0.0.1--alpha27-informational?style=flat-square) +![Version: 0.8.0](https://img.shields.io/badge/Version-0.8.0-informational?style=flat-square) ![AppVersion: v0.0.1-alpha28](https://img.shields.io/badge/AppVersion-v0.0.1--alpha28-informational?style=flat-square) This Helm Chart deploys the Datadog Private Action runner inside a Kubernetes cluster. It allows you to use private actions from the Datadog Workflow and Datadog App Builder products. When deploying this chart, you can give permissions to the runner in order to be able to run Kubernetes actions. diff --git a/charts/private-action-runner/templates/deployment.yaml b/charts/private-action-runner/templates/deployment.yaml index ea6583cef..b7b3eeb4d 100644 --- a/charts/private-action-runner/templates/deployment.yaml +++ b/charts/private-action-runner/templates/deployment.yaml @@ -51,6 +51,8 @@ spec: # See https://nodejs.org/docs/latest-v16.x/api/cli.html#--max-old-space-sizesize-in-megabytes # 75% of memory limit/request value: "--max-old-space-size=1536" + - name: MANAGED_BY + value: "helm" volumes: - name: secrets secret: diff --git a/charts/private-action-runner/values.yaml b/charts/private-action-runner/values.yaml index e90291811..6f03266d9 100644 --- a/charts/private-action-runner/values.yaml +++ b/charts/private-action-runner/values.yaml @@ -6,7 +6,7 @@ common: # -- Current Datadog Private Action Runner image image: repository: us-east4-docker.pkg.dev/datadog-sandbox/apps-on-prem/onprem-runner - tag: v0.0.1-alpha27 + tag: v0.0.1-alpha28 runners: # runners[0].name -- Name of the Datadog Private Action Runner From de8f82ca8bddf776bea6114e68f5af3f45a82305 Mon Sep 17 00:00:00 2001 From: levan-m <116471169+levan-m@users.noreply.github.com> Date: Fri, 16 Aug 2024 14:32:17 -0400 Subject: [PATCH 103/209] [datadog-crds] update CRDs following datadog operator 1.8.0 release (#1491) * [datadog-crds] update CRDs following datadog operator 1.8.0 release * Remove conversion properties * Update charts/datadog-crds/CHANGELOG.md Co-authored-by: Celene --------- Co-authored-by: Celene --- charts/datadog-crds/CHANGELOG.md | 6 + charts/datadog-crds/Chart.yaml | 2 +- charts/datadog-crds/README.md | 7 +- ...datadoghq.com_datadogagentprofiles_v1.yaml | 251 +- ...oghq.com_datadogagentprofiles_v1beta1.yaml | 104 +- .../datadoghq.com_datadogagents_v1.yaml | 6084 +----------- .../datadoghq.com_datadogagents_v1beta1.yaml | 8135 ++++++----------- .../datadoghq.com_datadogmetrics_v1.yaml | 27 +- .../datadoghq.com_datadogmonitors_v1.yaml | 84 +- .../datadoghq.com_datadogslos_v1.yaml | 91 +- .../datadoghq.com_datadogslos_v1beta1.yaml | 2 +- charts/datadog-crds/update-crds.sh | 5 - charts/datadog-crds/values.yaml | 9 - crds/datadoghq.com_datadogagentprofiles.yaml | 251 +- crds/datadoghq.com_datadogagents.yaml | 6064 +----------- crds/datadoghq.com_datadogmetrics.yaml | 27 +- crds/datadoghq.com_datadogmonitors.yaml | 84 +- crds/datadoghq.com_datadogpodautoscalers.yaml | 3 - crds/datadoghq.com_datadogslos.yaml | 91 +- 19 files changed, 3970 insertions(+), 17357 deletions(-) diff --git a/charts/datadog-crds/CHANGELOG.md b/charts/datadog-crds/CHANGELOG.md index 082efe0cb..23e68d1cf 100644 --- a/charts/datadog-crds/CHANGELOG.md +++ b/charts/datadog-crds/CHANGELOG.md @@ -1,5 +1,11 @@ # Changelog +## 2.0.0 + +* Update CRDs from Datadog Operator v1.8.0 tag. +* Remove support for DatadogAgent `v1alpha1` and conversion webhook. +* Final update of Datadog CRDs with the `apiextensions.k8s.io/v1beta1` version of CustomResourceDefinition. + ## 1.7.2 * Remove XValidation as requires K8S >= 1.25. diff --git a/charts/datadog-crds/Chart.yaml b/charts/datadog-crds/Chart.yaml index 12d280a64..95a8aefaf 100644 --- a/charts/datadog-crds/Chart.yaml +++ b/charts/datadog-crds/Chart.yaml @@ -1,7 +1,7 @@ apiVersion: v1 name: datadog-crds description: Datadog Kubernetes CRDs chart -version: 1.7.2 +version: 2.0.0 appVersion: "1" keywords: - monitoring diff --git a/charts/datadog-crds/README.md b/charts/datadog-crds/README.md index 19d214d1c..07cd7d0d2 100644 --- a/charts/datadog-crds/README.md +++ b/charts/datadog-crds/README.md @@ -1,6 +1,6 @@ # Datadog CRDs -![Version: 1.7.2](https://img.shields.io/badge/Version-1.7.2-informational?style=flat-square) ![AppVersion: 1](https://img.shields.io/badge/AppVersion-1-informational?style=flat-square) +![Version: 2.0.0](https://img.shields.io/badge/Version-2.0.0-informational?style=flat-square) ![AppVersion: 1](https://img.shields.io/badge/AppVersion-1-informational?style=flat-square) This chart was designed to allow other "datadog" charts to share `CustomResourceDefinitions` such as the `DatadogMetric`. @@ -29,11 +29,6 @@ But the recommended Kubernetes versions are `1.16+`. | crds.datadogPodAutoscalers | bool | `false` | Set to true to deploy the DatadogPodAutoscalers CRD | | crds.datadogSLOs | bool | `false` | Set to true to deploy the DatadogSLO CRD | | fullnameOverride | string | `""` | Override the fully qualified app name | -| migration.datadogAgents.conversionWebhook.enabled | bool | `false` | | -| migration.datadogAgents.conversionWebhook.name | string | `"datadog-operator-webhook-service"` | | -| migration.datadogAgents.conversionWebhook.namespace | string | `"default"` | | -| migration.datadogAgents.useCertManager | bool | `false` | | -| migration.datadogAgents.version | string | `"v2alpha1"` | | | nameOverride | string | `""` | Override name of app | ## Developers diff --git a/charts/datadog-crds/templates/datadoghq.com_datadogagentprofiles_v1.yaml b/charts/datadog-crds/templates/datadoghq.com_datadogagentprofiles_v1.yaml index 53c4e0674..09f81c4e2 100644 --- a/charts/datadog-crds/templates/datadoghq.com_datadogagentprofiles_v1.yaml +++ b/charts/datadog-crds/templates/datadoghq.com_datadogagentprofiles_v1.yaml @@ -1,12 +1,10 @@ {{- if and .Values.crds.datadogAgentProfiles (semverCompare ">1.21-0" .Capabilities.KubeVersion.GitVersion ) }} - --- apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.6.1 - creationTimestamp: null + controller-gen.kubebuilder.io/version: v0.14.0 name: datadogagentprofiles.datadoghq.com labels: helm.sh/chart: '{{ include "datadog-crds.chart" . }}' @@ -40,10 +38,19 @@ spec: description: DatadogAgentProfile is the Schema for the datadogagentprofiles API properties: apiVersion: - description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources type: string kind: - description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds type: string metadata: type: object @@ -58,9 +65,147 @@ spec: containers: additionalProperties: properties: + env: + description: |- + Specify additional environment variables in the container. + See also: https://docs.datadoghq.com/agent/guide/environment-variables/ + items: + description: EnvVar represents an environment variable present in a Container. + properties: + name: + description: Name of the environment variable. Must be a C_IDENTIFIER. + type: string + value: + description: |- + Variable references $(VAR_NAME) are expanded + using the previously defined environment variables in the container and + any service environment variables. If a variable cannot be resolved, + the reference in the input string will be unchanged. Double $$ are reduced + to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. + "$$(VAR_NAME)" will produce the string literal "$(VAR_NAME)". + Escaped references will never be expanded, regardless of whether the variable + exists or not. + Defaults to "". + type: string + valueFrom: + description: Source for the environment variable's value. Cannot be used if value is not empty. + properties: + configMapKeyRef: + description: Selects a key of a ConfigMap. + properties: + key: + description: The key to select. + type: string + name: + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid? + type: string + optional: + description: Specify whether the ConfigMap or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + fieldRef: + description: |- + Selects a field of the pod: supports metadata.name, metadata.namespace, `metadata.labels['']`, `metadata.annotations['']`, + spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs. + properties: + apiVersion: + description: Version of the schema the FieldPath is written in terms of, defaults to "v1". + type: string + fieldPath: + description: Path of the field to select in the specified API version. + type: string + required: + - fieldPath + type: object + x-kubernetes-map-type: atomic + resourceFieldRef: + description: |- + Selects a resource of the container: only resources limits and requests + (limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported. + properties: + containerName: + description: 'Container name: required for volumes, optional for env vars' + type: string + divisor: + anyOf: + - type: integer + - type: string + description: Specifies the output format of the exposed resources, defaults to "1" + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + description: 'Required: resource to select' + type: string + required: + - resource + type: object + x-kubernetes-map-type: atomic + secretKeyRef: + description: Selects a key of a secret in the pod's namespace + properties: + key: + description: The key of the secret to select from. Must be a valid secret key. + type: string + name: + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid? + type: string + optional: + description: Specify whether the Secret or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map resources: - description: ResourceRequirements describes the compute resource requirements. + description: |- + Specify the Request and Limits of the pods. + To get guaranteed QoS class, specify requests and limits equal. + See also: http://kubernetes.io/docs/user-guide/compute-resources/ properties: + claims: + description: |- + Claims lists the names of resources, defined in spec.resourceClaims, + that are used by this container. + + + This is an alpha field and requires enabling the + DynamicResourceAllocation feature gate. + + + This field is immutable. It can only be set for containers. + items: + description: ResourceClaim references one entry in PodSpec.ResourceClaims. + properties: + name: + description: |- + Name must match the name of one entry in pod.spec.resourceClaims of + the Pod where this field is used. It makes that resource available + inside a container. + type: string + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map limits: additionalProperties: anyOf: @@ -68,7 +213,9 @@ spec: - type: string pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ x-kubernetes-int-or-string: true - description: 'Limits describes the maximum amount of compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + description: |- + Limits describes the maximum amount of compute resources allowed. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ type: object requests: additionalProperties: @@ -77,14 +224,31 @@ spec: - type: string pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ x-kubernetes-int-or-string: true - description: 'Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + description: |- + Requests describes the minimum amount of compute resources required. + If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, + otherwise to an implementation-defined value. Requests cannot exceed Limits. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ type: object type: object type: object - description: 'Configure the basic configurations for an Agent container Valid Agent container names are: `agent`' + description: |- + Configure the basic configurations for an Agent container + Valid Agent container names are: `agent` + type: object + labels: + additionalProperties: + type: string + description: Labels provide labels that are added to the Datadog Agent pods. type: object priorityClassName: - description: If specified, indicates the pod's priority. "system-node-critical" and "system-cluster-critical" are two special keywords which indicate the highest priorities with the former being the highest priority. Any other name must be defined by creating a PriorityClass object with that name. If not specified, the pod priority will be default or zero if there is no default. + description: |- + If specified, indicates the pod's priority. "system-node-critical" and + "system-cluster-critical" are two special keywords which indicate the + highest priorities with the former being the highest priority. Any other + name must be defined by creating a PriorityClass object with that name. + If not specified, the pod priority will be default or zero if there is no + default. type: string type: object type: object @@ -93,16 +257,25 @@ spec: properties: profileNodeAffinity: items: - description: A node selector requirement is a selector that contains values, a key, and an operator that relates the key and values. + description: |- + A node selector requirement is a selector that contains values, a key, and an operator + that relates the key and values. properties: key: description: The label key that the selector applies to. type: string operator: - description: Represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. + description: |- + Represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. type: string values: - description: An array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. If the operator is Gt or Lt, the values array must have a single element, which will be interpreted as an integer. This array is replaced during a strategic merge patch. + description: |- + An array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. If the operator is Gt or Lt, the values + array must have a single element, which will be interpreted as an integer. + This array is replaced during a strategic merge patch. items: type: string type: array @@ -122,23 +295,52 @@ spec: conditions: description: Conditions represents the latest available observations of a DatadogAgentProfile's current state. items: - description: "Condition contains details for one aspect of the current state of this API Resource. --- This struct is intended for direct use as an array at the field path .status.conditions. For example, type FooStatus struct{ // Represents the observations of a foo's current state. // Known .status.conditions.type are: \"Available\", \"Progressing\", and \"Degraded\" // +patchMergeKey=type // +patchStrategy=merge // +listType=map // +listMapKey=type Conditions []metav1.Condition `json:\"conditions,omitempty\" patchStrategy:\"merge\" patchMergeKey:\"type\" protobuf:\"bytes,1,rep,name=conditions\"` \n // other fields }" + description: |- + Condition contains details for one aspect of the current state of this API Resource. + --- + This struct is intended for direct use as an array at the field path .status.conditions. For example, + + + type FooStatus struct{ + // Represents the observations of a foo's current state. + // Known .status.conditions.type are: "Available", "Progressing", and "Degraded" + // +patchMergeKey=type + // +patchStrategy=merge + // +listType=map + // +listMapKey=type + Conditions []metav1.Condition `json:"conditions,omitempty" patchStrategy:"merge" patchMergeKey:"type" protobuf:"bytes,1,rep,name=conditions"` + + + // other fields + } properties: lastTransitionTime: - description: lastTransitionTime is the last time the condition transitioned from one status to another. This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable. + description: |- + lastTransitionTime is the last time the condition transitioned from one status to another. + This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable. format: date-time type: string message: - description: message is a human readable message indicating details about the transition. This may be an empty string. + description: |- + message is a human readable message indicating details about the transition. + This may be an empty string. maxLength: 32768 type: string observedGeneration: - description: observedGeneration represents the .metadata.generation that the condition was set based upon. For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date with respect to the current state of the instance. + description: |- + observedGeneration represents the .metadata.generation that the condition was set based upon. + For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date + with respect to the current state of the instance. format: int64 minimum: 0 type: integer reason: - description: reason contains a programmatic identifier indicating the reason for the condition's last transition. Producers of specific condition types may define expected values and meanings for this field, and whether the values are considered a guaranteed API. The value should be a CamelCase string. This field may not be empty. + description: |- + reason contains a programmatic identifier indicating the reason for the condition's last transition. + Producers of specific condition types may define expected values and meanings for this field, + and whether the values are considered a guaranteed API. + The value should be a CamelCase string. + This field may not be empty. maxLength: 1024 minLength: 1 pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$ @@ -151,7 +353,12 @@ spec: - Unknown type: string type: - description: type of condition in CamelCase or in foo.example.com/CamelCase. --- Many .condition.type values are consistent across resources like Available, but because arbitrary conditions can be useful (see .node.status.conditions), the ability to deconflict is important. The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt) + description: |- + type of condition in CamelCase or in foo.example.com/CamelCase. + --- + Many .condition.type values are consistent across resources like Available, but because arbitrary conditions can be + useful (see .node.status.conditions), the ability to deconflict is important. + The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt) maxLength: 316 pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ type: string @@ -182,10 +389,4 @@ spec: storage: true subresources: status: {} -status: - acceptedNames: - kind: "" - plural: "" - conditions: [] - storedVersions: [] {{- end }} diff --git a/charts/datadog-crds/templates/datadoghq.com_datadogagentprofiles_v1beta1.yaml b/charts/datadog-crds/templates/datadoghq.com_datadogagentprofiles_v1beta1.yaml index 5222cbb22..3f7ab4dcb 100644 --- a/charts/datadog-crds/templates/datadoghq.com_datadogagentprofiles_v1beta1.yaml +++ b/charts/datadog-crds/templates/datadoghq.com_datadogagentprofiles_v1beta1.yaml @@ -58,9 +58,107 @@ spec: containers: additionalProperties: properties: + env: + description: 'Specify additional environment variables in the container. See also: https://docs.datadoghq.com/agent/kubernetes/?tab=helm#environment-variables' + items: + description: EnvVar represents an environment variable present in a Container. + properties: + name: + description: Name of the environment variable. Must be a C_IDENTIFIER. + type: string + value: + description: 'Variable references $(VAR_NAME) are expanded using the previously defined environment variables in the container and any service environment variables. If a variable cannot be resolved, the reference in the input string will be unchanged. Double $$ are reduced to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" will produce the string literal "$(VAR_NAME)". Escaped references will never be expanded, regardless of whether the variable exists or not. Defaults to "".' + type: string + valueFrom: + description: Source for the environment variable's value. Cannot be used if value is not empty. + properties: + configMapKeyRef: + description: Selects a key of a ConfigMap. + properties: + key: + description: The key to select. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the ConfigMap or its key must be defined + type: boolean + required: + - key + type: object + fieldRef: + description: 'Selects a field of the pod: supports metadata.name, metadata.namespace, `metadata.labels['''']`, `metadata.annotations['''']`, spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs.' + properties: + apiVersion: + description: Version of the schema the FieldPath is written in terms of, defaults to "v1". + type: string + fieldPath: + description: Path of the field to select in the specified API version. + type: string + required: + - fieldPath + type: object + resourceFieldRef: + description: 'Selects a resource of the container: only resources limits and requests (limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported.' + properties: + containerName: + description: 'Container name: required for volumes, optional for env vars' + type: string + divisor: + anyOf: + - type: integer + - type: string + description: Specifies the output format of the exposed resources, defaults to "1" + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + description: 'Required: resource to select' + type: string + required: + - resource + type: object + secretKeyRef: + description: Selects a key of a secret in the pod's namespace + properties: + key: + description: The key of the secret to select from. Must be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the Secret or its key must be defined + type: boolean + required: + - key + type: object + type: object + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map resources: - description: ResourceRequirements describes the compute resource requirements. + description: 'Specify the Request and Limits of the pods To get guaranteed QoS class, specify requests and limits equal. See also: http://kubernetes.io/docs/user-guide/compute-resources/' properties: + claims: + description: "Claims lists the names of resources, defined in spec.resourceClaims, that are used by this container. \n This is an alpha field and requires enabling the DynamicResourceAllocation feature gate. \n This field is immutable. It can only be set for containers." + items: + description: ResourceClaim references one entry in PodSpec.ResourceClaims. + properties: + name: + description: Name must match the name of one entry in pod.spec.resourceClaims of the Pod where this field is used. It makes that resource available inside a container. + type: string + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map limits: additionalProperties: anyOf: @@ -77,7 +175,7 @@ spec: - type: string pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ x-kubernetes-int-or-string: true - description: 'Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + description: 'Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. Requests cannot exceed Limits. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' type: object type: object type: object @@ -122,7 +220,7 @@ spec: conditions: description: Conditions represents the latest available observations of a DatadogAgentProfile's current state. items: - description: "Condition contains details for one aspect of the current state of this API Resource. --- This struct is intended for direct use as an array at the field path .status.conditions. For example, type FooStatus struct{ // Represents the observations of a foo's current state. // Known .status.conditions.type are: \"Available\", \"Progressing\", and \"Degraded\" // +patchMergeKey=type // +patchStrategy=merge // +listType=map // +listMapKey=type Conditions []metav1.Condition `json:\"conditions,omitempty\" patchStrategy:\"merge\" patchMergeKey:\"type\" protobuf:\"bytes,1,rep,name=conditions\"` \n // other fields }" + description: "Condition contains details for one aspect of the current state of this API Resource. --- This struct is intended for direct use as an array at the field path .status.conditions. For example, \n \ttype FooStatus struct{ \t // Represents the observations of a foo's current state. \t // Known .status.conditions.type are: \"Available\", \"Progressing\", and \"Degraded\" \t // +patchMergeKey=type \t // +patchStrategy=merge \t // +listType=map \t // +listMapKey=type \t Conditions []metav1.Condition `json:\"conditions,omitempty\" patchStrategy:\"merge\" patchMergeKey:\"type\" protobuf:\"bytes,1,rep,name=conditions\"` \n \t // other fields \t}" properties: lastTransitionTime: description: lastTransitionTime is the last time the condition transitioned from one status to another. This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable. diff --git a/charts/datadog-crds/templates/datadoghq.com_datadogagents_v1.yaml b/charts/datadog-crds/templates/datadoghq.com_datadogagents_v1.yaml index 61e162729..a0c10a59a 100644 --- a/charts/datadog-crds/templates/datadoghq.com_datadogagents_v1.yaml +++ b/charts/datadog-crds/templates/datadoghq.com_datadogagents_v1.yaml @@ -1,15 +1,10 @@ {{- if and .Values.crds.datadogAgents (semverCompare ">1.21-0" .Capabilities.KubeVersion.GitVersion ) }} - --- apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.6.1 - {{- if .Values.migration.datadogAgents.useCertManager }} - cert-manager.io/inject-ca-from: {{ .Release.Namespace }}/{{ .Release.Name }}-serving-cert - {{- end }} - creationTimestamp: null + controller-gen.kubebuilder.io/version: v0.14.0 name: datadogagents.datadoghq.com labels: helm.sh/chart: '{{ include "datadog-crds.chart" . }}' @@ -17,18 +12,6 @@ metadata: app.kubernetes.io/name: '{{ include "datadog-crds.name" . }}' app.kubernetes.io/instance: '{{ .Release.Name }}' spec: - {{- if .Values.migration.datadogAgents.conversionWebhook.enabled }} - conversion: - strategy: Webhook - webhook: - clientConfig: - service: - namespace: {{ .Values.migration.datadogAgents.conversionWebhook.namespace }} - name: {{ .Values.migration.datadogAgents.conversionWebhook.name }} - path: /convert - conversionReviewVersions: - - v1 - {{- end }} group: datadoghq.com names: kind: DatadogAgent @@ -39,5832 +22,6 @@ spec: singular: datadogagent scope: Namespaced versions: - - additionalPrinterColumns: - - jsonPath: .status.conditions[?(@.type=='Active')].status - name: active - type: string - - jsonPath: .status.agent.status - name: agent - type: string - - jsonPath: .status.clusterAgent.status - name: cluster-agent - type: string - - jsonPath: .status.clusterChecksRunner.status - name: cluster-checks-runner - type: string - - jsonPath: .metadata.creationTimestamp - name: age - type: date - name: v1alpha1 - schema: - openAPIV3Schema: - properties: - apiVersion: - type: string - kind: - type: string - metadata: - type: object - spec: - properties: - agent: - properties: - additionalAnnotations: - additionalProperties: - type: string - type: object - additionalLabels: - additionalProperties: - type: string - type: object - affinity: - properties: - nodeAffinity: - properties: - preferredDuringSchedulingIgnoredDuringExecution: - items: - properties: - preference: - properties: - matchExpressions: - items: - properties: - key: - type: string - operator: - type: string - values: - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchFields: - items: - properties: - key: - type: string - operator: - type: string - values: - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - type: object - weight: - format: int32 - type: integer - required: - - preference - - weight - type: object - type: array - requiredDuringSchedulingIgnoredDuringExecution: - properties: - nodeSelectorTerms: - items: - properties: - matchExpressions: - items: - properties: - key: - type: string - operator: - type: string - values: - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchFields: - items: - properties: - key: - type: string - operator: - type: string - values: - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - type: object - type: array - required: - - nodeSelectorTerms - type: object - type: object - podAffinity: - properties: - preferredDuringSchedulingIgnoredDuringExecution: - items: - properties: - podAffinityTerm: - properties: - labelSelector: - properties: - matchExpressions: - items: - properties: - key: - type: string - operator: - type: string - values: - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - type: object - type: object - namespaceSelector: - properties: - matchExpressions: - items: - properties: - key: - type: string - operator: - type: string - values: - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - type: object - type: object - namespaces: - items: - type: string - type: array - topologyKey: - type: string - required: - - topologyKey - type: object - weight: - format: int32 - type: integer - required: - - podAffinityTerm - - weight - type: object - type: array - requiredDuringSchedulingIgnoredDuringExecution: - items: - properties: - labelSelector: - properties: - matchExpressions: - items: - properties: - key: - type: string - operator: - type: string - values: - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - type: object - type: object - namespaceSelector: - properties: - matchExpressions: - items: - properties: - key: - type: string - operator: - type: string - values: - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - type: object - type: object - namespaces: - items: - type: string - type: array - topologyKey: - type: string - required: - - topologyKey - type: object - type: array - type: object - podAntiAffinity: - properties: - preferredDuringSchedulingIgnoredDuringExecution: - items: - properties: - podAffinityTerm: - properties: - labelSelector: - properties: - matchExpressions: - items: - properties: - key: - type: string - operator: - type: string - values: - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - type: object - type: object - namespaceSelector: - properties: - matchExpressions: - items: - properties: - key: - type: string - operator: - type: string - values: - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - type: object - type: object - namespaces: - items: - type: string - type: array - topologyKey: - type: string - required: - - topologyKey - type: object - weight: - format: int32 - type: integer - required: - - podAffinityTerm - - weight - type: object - type: array - requiredDuringSchedulingIgnoredDuringExecution: - items: - properties: - labelSelector: - properties: - matchExpressions: - items: - properties: - key: - type: string - operator: - type: string - values: - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - type: object - type: object - namespaceSelector: - properties: - matchExpressions: - items: - properties: - key: - type: string - operator: - type: string - values: - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - type: object - type: object - namespaces: - items: - type: string - type: array - topologyKey: - type: string - required: - - topologyKey - type: object - type: array - type: object - type: object - apm: - properties: - args: - items: - type: string - type: array - x-kubernetes-list-type: atomic - command: - items: - type: string - type: array - x-kubernetes-list-type: atomic - enabled: - type: boolean - env: - items: - properties: - name: - type: string - value: - type: string - valueFrom: - properties: - configMapKeyRef: - properties: - key: - type: string - name: - type: string - optional: - type: boolean - required: - - key - type: object - fieldRef: - properties: - apiVersion: - type: string - fieldPath: - type: string - required: - - fieldPath - type: object - resourceFieldRef: - properties: - containerName: - type: string - divisor: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - resource: - type: string - required: - - resource - type: object - secretKeyRef: - properties: - key: - type: string - name: - type: string - optional: - type: boolean - required: - - key - type: object - type: object - required: - - name - type: object - type: array - x-kubernetes-list-map-keys: - - name - x-kubernetes-list-type: map - hostPort: - format: int32 - type: integer - livenessProbe: - properties: - exec: - properties: - command: - items: - type: string - type: array - type: object - failureThreshold: - format: int32 - type: integer - grpc: - properties: - port: - format: int32 - type: integer - service: - type: string - required: - - port - type: object - httpGet: - properties: - host: - type: string - httpHeaders: - items: - properties: - name: - type: string - value: - type: string - required: - - name - - value - type: object - type: array - path: - type: string - port: - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - scheme: - type: string - required: - - port - type: object - initialDelaySeconds: - format: int32 - type: integer - periodSeconds: - format: int32 - type: integer - successThreshold: - format: int32 - type: integer - tcpSocket: - properties: - host: - type: string - port: - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - required: - - port - type: object - terminationGracePeriodSeconds: - format: int64 - type: integer - timeoutSeconds: - format: int32 - type: integer - type: object - resources: - properties: - limits: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - type: object - requests: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - type: object - type: object - unixDomainSocket: - properties: - enabled: - type: boolean - hostFilepath: - type: string - type: object - volumeMounts: - items: - properties: - mountPath: - type: string - mountPropagation: - type: string - name: - type: string - readOnly: - type: boolean - subPath: - type: string - subPathExpr: - type: string - required: - - mountPath - - name - type: object - type: array - x-kubernetes-list-map-keys: - - name - - mountPath - x-kubernetes-list-type: map - type: object - config: - properties: - args: - items: - type: string - type: array - x-kubernetes-list-type: atomic - checksd: - properties: - configMapName: - type: string - items: - items: - properties: - key: - type: string - mode: - format: int32 - type: integer - path: - type: string - required: - - key - - path - type: object - type: array - x-kubernetes-list-map-keys: - - key - x-kubernetes-list-type: map - type: object - collectEvents: - type: boolean - command: - items: - type: string - type: array - x-kubernetes-list-type: atomic - confd: - properties: - configMapName: - type: string - items: - items: - properties: - key: - type: string - mode: - format: int32 - type: integer - path: - type: string - required: - - key - - path - type: object - type: array - x-kubernetes-list-map-keys: - - key - x-kubernetes-list-type: map - type: object - criSocket: - properties: - criSocketPath: - type: string - dockerSocketPath: - type: string - type: object - ddUrl: - type: string - dogstatsd: - properties: - dogstatsdOriginDetection: - type: boolean - mapperProfiles: - properties: - configData: - type: string - configMap: - properties: - fileKey: - type: string - name: - type: string - type: object - type: object - unixDomainSocket: - properties: - enabled: - type: boolean - hostFilepath: - type: string - type: object - type: object - env: - items: - properties: - name: - type: string - value: - type: string - valueFrom: - properties: - configMapKeyRef: - properties: - key: - type: string - name: - type: string - optional: - type: boolean - required: - - key - type: object - fieldRef: - properties: - apiVersion: - type: string - fieldPath: - type: string - required: - - fieldPath - type: object - resourceFieldRef: - properties: - containerName: - type: string - divisor: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - resource: - type: string - required: - - resource - type: object - secretKeyRef: - properties: - key: - type: string - name: - type: string - optional: - type: boolean - required: - - key - type: object - type: object - required: - - name - type: object - type: array - x-kubernetes-list-map-keys: - - name - x-kubernetes-list-type: map - healthPort: - format: int32 - type: integer - hostPort: - format: int32 - type: integer - kubelet: - properties: - agentCAPath: - type: string - host: - properties: - configMapKeyRef: - properties: - key: - type: string - name: - type: string - optional: - type: boolean - required: - - key - type: object - fieldRef: - properties: - apiVersion: - type: string - fieldPath: - type: string - required: - - fieldPath - type: object - resourceFieldRef: - properties: - containerName: - type: string - divisor: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - resource: - type: string - required: - - resource - type: object - secretKeyRef: - properties: - key: - type: string - name: - type: string - optional: - type: boolean - required: - - key - type: object - type: object - hostCAPath: - type: string - tlsVerify: - type: boolean - type: object - leaderElection: - type: boolean - livenessProbe: - properties: - exec: - properties: - command: - items: - type: string - type: array - type: object - failureThreshold: - format: int32 - type: integer - grpc: - properties: - port: - format: int32 - type: integer - service: - type: string - required: - - port - type: object - httpGet: - properties: - host: - type: string - httpHeaders: - items: - properties: - name: - type: string - value: - type: string - required: - - name - - value - type: object - type: array - path: - type: string - port: - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - scheme: - type: string - required: - - port - type: object - initialDelaySeconds: - format: int32 - type: integer - periodSeconds: - format: int32 - type: integer - successThreshold: - format: int32 - type: integer - tcpSocket: - properties: - host: - type: string - port: - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - required: - - port - type: object - terminationGracePeriodSeconds: - format: int64 - type: integer - timeoutSeconds: - format: int32 - type: integer - type: object - logLevel: - type: string - namespaceLabelsAsTags: - additionalProperties: - type: string - type: object - nodeLabelsAsTags: - additionalProperties: - type: string - type: object - podAnnotationsAsTags: - additionalProperties: - type: string - type: object - podLabelsAsTags: - additionalProperties: - type: string - type: object - readinessProbe: - properties: - exec: - properties: - command: - items: - type: string - type: array - type: object - failureThreshold: - format: int32 - type: integer - grpc: - properties: - port: - format: int32 - type: integer - service: - type: string - required: - - port - type: object - httpGet: - properties: - host: - type: string - httpHeaders: - items: - properties: - name: - type: string - value: - type: string - required: - - name - - value - type: object - type: array - path: - type: string - port: - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - scheme: - type: string - required: - - port - type: object - initialDelaySeconds: - format: int32 - type: integer - periodSeconds: - format: int32 - type: integer - successThreshold: - format: int32 - type: integer - tcpSocket: - properties: - host: - type: string - port: - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - required: - - port - type: object - terminationGracePeriodSeconds: - format: int64 - type: integer - timeoutSeconds: - format: int32 - type: integer - type: object - resources: - properties: - limits: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - type: object - requests: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - type: object - type: object - securityContext: - properties: - fsGroup: - format: int64 - type: integer - fsGroupChangePolicy: - type: string - runAsGroup: - format: int64 - type: integer - runAsNonRoot: - type: boolean - runAsUser: - format: int64 - type: integer - seLinuxOptions: - properties: - level: - type: string - role: - type: string - type: - type: string - user: - type: string - type: object - seccompProfile: - properties: - localhostProfile: - type: string - type: - type: string - required: - - type - type: object - supplementalGroups: - items: - format: int64 - type: integer - type: array - sysctls: - items: - properties: - name: - type: string - value: - type: string - required: - - name - - value - type: object - type: array - windowsOptions: - properties: - gmsaCredentialSpec: - type: string - gmsaCredentialSpecName: - type: string - hostProcess: - type: boolean - runAsUserName: - type: string - type: object - type: object - tags: - items: - type: string - type: array - x-kubernetes-list-type: set - tolerations: - items: - properties: - effect: - type: string - key: - type: string - operator: - type: string - tolerationSeconds: - format: int64 - type: integer - value: - type: string - type: object - type: array - x-kubernetes-list-type: atomic - volumeMounts: - items: - properties: - mountPath: - type: string - mountPropagation: - type: string - name: - type: string - readOnly: - type: boolean - subPath: - type: string - subPathExpr: - type: string - required: - - mountPath - - name - type: object - type: array - x-kubernetes-list-map-keys: - - name - - mountPath - x-kubernetes-list-type: map - volumes: - items: - properties: - awsElasticBlockStore: - properties: - fsType: - type: string - partition: - format: int32 - type: integer - readOnly: - type: boolean - volumeID: - type: string - required: - - volumeID - type: object - azureDisk: - properties: - cachingMode: - type: string - diskName: - type: string - diskURI: - type: string - fsType: - type: string - kind: - type: string - readOnly: - type: boolean - required: - - diskName - - diskURI - type: object - azureFile: - properties: - readOnly: - type: boolean - secretName: - type: string - shareName: - type: string - required: - - secretName - - shareName - type: object - cephfs: - properties: - monitors: - items: - type: string - type: array - path: - type: string - readOnly: - type: boolean - secretFile: - type: string - secretRef: - properties: - name: - type: string - type: object - user: - type: string - required: - - monitors - type: object - cinder: - properties: - fsType: - type: string - readOnly: - type: boolean - secretRef: - properties: - name: - type: string - type: object - volumeID: - type: string - required: - - volumeID - type: object - configMap: - properties: - defaultMode: - format: int32 - type: integer - items: - items: - properties: - key: - type: string - mode: - format: int32 - type: integer - path: - type: string - required: - - key - - path - type: object - type: array - name: - type: string - optional: - type: boolean - type: object - csi: - properties: - driver: - type: string - fsType: - type: string - nodePublishSecretRef: - properties: - name: - type: string - type: object - readOnly: - type: boolean - volumeAttributes: - additionalProperties: - type: string - type: object - required: - - driver - type: object - downwardAPI: - properties: - defaultMode: - format: int32 - type: integer - items: - items: - properties: - fieldRef: - properties: - apiVersion: - type: string - fieldPath: - type: string - required: - - fieldPath - type: object - mode: - format: int32 - type: integer - path: - type: string - resourceFieldRef: - properties: - containerName: - type: string - divisor: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - resource: - type: string - required: - - resource - type: object - required: - - path - type: object - type: array - type: object - emptyDir: - properties: - medium: - type: string - sizeLimit: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - type: object - ephemeral: - properties: - volumeClaimTemplate: - properties: - metadata: - type: object - spec: - properties: - accessModes: - items: - type: string - type: array - dataSource: - properties: - apiGroup: - type: string - kind: - type: string - name: - type: string - required: - - kind - - name - type: object - dataSourceRef: - properties: - apiGroup: - type: string - kind: - type: string - name: - type: string - required: - - kind - - name - type: object - resources: - properties: - limits: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - type: object - requests: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - type: object - type: object - selector: - properties: - matchExpressions: - items: - properties: - key: - type: string - operator: - type: string - values: - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - type: object - type: object - storageClassName: - type: string - volumeMode: - type: string - volumeName: - type: string - type: object - required: - - spec - type: object - type: object - fc: - properties: - fsType: - type: string - lun: - format: int32 - type: integer - readOnly: - type: boolean - targetWWNs: - items: - type: string - type: array - wwids: - items: - type: string - type: array - type: object - flexVolume: - properties: - driver: - type: string - fsType: - type: string - options: - additionalProperties: - type: string - type: object - readOnly: - type: boolean - secretRef: - properties: - name: - type: string - type: object - required: - - driver - type: object - flocker: - properties: - datasetName: - type: string - datasetUUID: - type: string - type: object - gcePersistentDisk: - properties: - fsType: - type: string - partition: - format: int32 - type: integer - pdName: - type: string - readOnly: - type: boolean - required: - - pdName - type: object - gitRepo: - properties: - directory: - type: string - repository: - type: string - revision: - type: string - required: - - repository - type: object - glusterfs: - properties: - endpoints: - type: string - path: - type: string - readOnly: - type: boolean - required: - - endpoints - - path - type: object - hostPath: - properties: - path: - type: string - type: - type: string - required: - - path - type: object - iscsi: - properties: - chapAuthDiscovery: - type: boolean - chapAuthSession: - type: boolean - fsType: - type: string - initiatorName: - type: string - iqn: - type: string - iscsiInterface: - type: string - lun: - format: int32 - type: integer - portals: - items: - type: string - type: array - readOnly: - type: boolean - secretRef: - properties: - name: - type: string - type: object - targetPortal: - type: string - required: - - iqn - - lun - - targetPortal - type: object - name: - type: string - nfs: - properties: - path: - type: string - readOnly: - type: boolean - server: - type: string - required: - - path - - server - type: object - persistentVolumeClaim: - properties: - claimName: - type: string - readOnly: - type: boolean - required: - - claimName - type: object - photonPersistentDisk: - properties: - fsType: - type: string - pdID: - type: string - required: - - pdID - type: object - portworxVolume: - properties: - fsType: - type: string - readOnly: - type: boolean - volumeID: - type: string - required: - - volumeID - type: object - projected: - properties: - defaultMode: - format: int32 - type: integer - sources: - items: - properties: - configMap: - properties: - items: - items: - properties: - key: - type: string - mode: - format: int32 - type: integer - path: - type: string - required: - - key - - path - type: object - type: array - name: - type: string - optional: - type: boolean - type: object - downwardAPI: - properties: - items: - items: - properties: - fieldRef: - properties: - apiVersion: - type: string - fieldPath: - type: string - required: - - fieldPath - type: object - mode: - format: int32 - type: integer - path: - type: string - resourceFieldRef: - properties: - containerName: - type: string - divisor: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - resource: - type: string - required: - - resource - type: object - required: - - path - type: object - type: array - type: object - secret: - properties: - items: - items: - properties: - key: - type: string - mode: - format: int32 - type: integer - path: - type: string - required: - - key - - path - type: object - type: array - name: - type: string - optional: - type: boolean - type: object - serviceAccountToken: - properties: - audience: - type: string - expirationSeconds: - format: int64 - type: integer - path: - type: string - required: - - path - type: object - type: object - type: array - type: object - quobyte: - properties: - group: - type: string - readOnly: - type: boolean - registry: - type: string - tenant: - type: string - user: - type: string - volume: - type: string - required: - - registry - - volume - type: object - rbd: - properties: - fsType: - type: string - image: - type: string - keyring: - type: string - monitors: - items: - type: string - type: array - pool: - type: string - readOnly: - type: boolean - secretRef: - properties: - name: - type: string - type: object - user: - type: string - required: - - image - - monitors - type: object - scaleIO: - properties: - fsType: - type: string - gateway: - type: string - protectionDomain: - type: string - readOnly: - type: boolean - secretRef: - properties: - name: - type: string - type: object - sslEnabled: - type: boolean - storageMode: - type: string - storagePool: - type: string - system: - type: string - volumeName: - type: string - required: - - gateway - - secretRef - - system - type: object - secret: - properties: - defaultMode: - format: int32 - type: integer - items: - items: - properties: - key: - type: string - mode: - format: int32 - type: integer - path: - type: string - required: - - key - - path - type: object - type: array - optional: - type: boolean - secretName: - type: string - type: object - storageos: - properties: - fsType: - type: string - readOnly: - type: boolean - secretRef: - properties: - name: - type: string - type: object - volumeName: - type: string - volumeNamespace: - type: string - type: object - vsphereVolume: - properties: - fsType: - type: string - storagePolicyID: - type: string - storagePolicyName: - type: string - volumePath: - type: string - required: - - volumePath - type: object - required: - - name - type: object - type: array - x-kubernetes-list-map-keys: - - name - x-kubernetes-list-type: map - type: object - customConfig: - properties: - configData: - type: string - configMap: - properties: - fileKey: - type: string - name: - type: string - type: object - type: object - daemonsetName: - type: string - deploymentStrategy: - properties: - canary: - properties: - autoFail: - properties: - canaryTimeout: - type: string - enabled: - type: boolean - maxRestarts: - format: int32 - type: integer - maxRestartsDuration: - type: string - type: object - autoPause: - properties: - enabled: - type: boolean - maxRestarts: - format: int32 - type: integer - maxSlowStartDuration: - type: string - type: object - duration: - type: string - noRestartsDuration: - type: string - nodeAntiAffinityKeys: - items: - type: string - type: array - x-kubernetes-list-type: set - nodeSelector: - properties: - matchExpressions: - items: - properties: - key: - type: string - operator: - type: string - values: - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - type: object - type: object - replicas: - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - validationMode: - enum: - - auto - - manual - type: string - type: object - reconcileFrequency: - type: string - rollingUpdate: - properties: - maxParallelPodCreation: - format: int32 - type: integer - maxPodSchedulerFailure: - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - maxUnavailable: - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - slowStartAdditiveIncrease: - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - slowStartIntervalDuration: - type: string - type: object - updateStrategyType: - type: string - type: object - dnsConfig: - properties: - nameservers: - items: - type: string - type: array - options: - items: - properties: - name: - type: string - value: - type: string - type: object - type: array - searches: - items: - type: string - type: array - type: object - dnsPolicy: - type: string - enabled: - type: boolean - env: - items: - properties: - name: - type: string - value: - type: string - valueFrom: - properties: - configMapKeyRef: - properties: - key: - type: string - name: - type: string - optional: - type: boolean - required: - - key - type: object - fieldRef: - properties: - apiVersion: - type: string - fieldPath: - type: string - required: - - fieldPath - type: object - resourceFieldRef: - properties: - containerName: - type: string - divisor: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - resource: - type: string - required: - - resource - type: object - secretKeyRef: - properties: - key: - type: string - name: - type: string - optional: - type: boolean - required: - - key - type: object - type: object - required: - - name - type: object - type: array - x-kubernetes-list-map-keys: - - name - x-kubernetes-list-type: map - hostNetwork: - type: boolean - hostPID: - type: boolean - image: - properties: - jmxEnabled: - type: boolean - name: - type: string - pullPolicy: - type: string - pullSecrets: - items: - properties: - name: - type: string - type: object - type: array - tag: - type: string - type: object - keepAnnotations: - type: string - keepLabels: - type: string - localService: - properties: - forceLocalServiceEnable: - type: boolean - overrideName: - type: string - type: object - log: - properties: - containerCollectUsingFiles: - type: boolean - containerLogsPath: - type: string - containerSymlinksPath: - type: string - enabled: - type: boolean - logsConfigContainerCollectAll: - type: boolean - openFilesLimit: - format: int32 - type: integer - podLogsPath: - type: string - tempStoragePath: - type: string - type: object - networkPolicy: - properties: - create: - type: boolean - dnsSelectorEndpoints: - items: - properties: - matchExpressions: - items: - properties: - key: - type: string - operator: - type: string - values: - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - type: object - type: object - type: array - x-kubernetes-list-type: atomic - flavor: - type: string - type: object - otlp: - properties: - receiver: - properties: - protocols: - properties: - grpc: - properties: - enabled: - type: boolean - endpoint: - type: string - type: object - http: - properties: - enabled: - type: boolean - endpoint: - type: string - type: object - type: object - type: object - type: object - priorityClassName: - type: string - process: - properties: - args: - items: - type: string - type: array - x-kubernetes-list-type: atomic - command: - items: - type: string - type: array - x-kubernetes-list-type: atomic - enabled: - type: boolean - env: - items: - properties: - name: - type: string - value: - type: string - valueFrom: - properties: - configMapKeyRef: - properties: - key: - type: string - name: - type: string - optional: - type: boolean - required: - - key - type: object - fieldRef: - properties: - apiVersion: - type: string - fieldPath: - type: string - required: - - fieldPath - type: object - resourceFieldRef: - properties: - containerName: - type: string - divisor: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - resource: - type: string - required: - - resource - type: object - secretKeyRef: - properties: - key: - type: string - name: - type: string - optional: - type: boolean - required: - - key - type: object - type: object - required: - - name - type: object - type: array - x-kubernetes-list-map-keys: - - name - x-kubernetes-list-type: map - processCollectionEnabled: - type: boolean - resources: - properties: - limits: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - type: object - requests: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - type: object - type: object - volumeMounts: - items: - properties: - mountPath: - type: string - mountPropagation: - type: string - name: - type: string - readOnly: - type: boolean - subPath: - type: string - subPathExpr: - type: string - required: - - mountPath - - name - type: object - type: array - x-kubernetes-list-map-keys: - - name - - mountPath - x-kubernetes-list-type: map - type: object - rbac: - properties: - create: - type: boolean - serviceAccountName: - type: string - type: object - security: - properties: - args: - items: - type: string - type: array - x-kubernetes-list-type: atomic - command: - items: - type: string - type: array - x-kubernetes-list-type: atomic - compliance: - properties: - checkInterval: - type: string - configDir: - properties: - configMapName: - type: string - items: - items: - properties: - key: - type: string - mode: - format: int32 - type: integer - path: - type: string - required: - - key - - path - type: object - type: array - x-kubernetes-list-map-keys: - - key - x-kubernetes-list-type: map - type: object - enabled: - type: boolean - type: object - env: - items: - properties: - name: - type: string - value: - type: string - valueFrom: - properties: - configMapKeyRef: - properties: - key: - type: string - name: - type: string - optional: - type: boolean - required: - - key - type: object - fieldRef: - properties: - apiVersion: - type: string - fieldPath: - type: string - required: - - fieldPath - type: object - resourceFieldRef: - properties: - containerName: - type: string - divisor: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - resource: - type: string - required: - - resource - type: object - secretKeyRef: - properties: - key: - type: string - name: - type: string - optional: - type: boolean - required: - - key - type: object - type: object - required: - - name - type: object - type: array - x-kubernetes-list-map-keys: - - name - x-kubernetes-list-type: map - resources: - properties: - limits: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - type: object - requests: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - type: object - type: object - runtime: - properties: - enabled: - type: boolean - policiesDir: - properties: - configMapName: - type: string - items: - items: - properties: - key: - type: string - mode: - format: int32 - type: integer - path: - type: string - required: - - key - - path - type: object - type: array - x-kubernetes-list-map-keys: - - key - x-kubernetes-list-type: map - type: object - syscallMonitor: - properties: - enabled: - type: boolean - type: object - type: object - volumeMounts: - items: - properties: - mountPath: - type: string - mountPropagation: - type: string - name: - type: string - readOnly: - type: boolean - subPath: - type: string - subPathExpr: - type: string - required: - - mountPath - - name - type: object - type: array - x-kubernetes-list-map-keys: - - name - - mountPath - x-kubernetes-list-type: map - type: object - systemProbe: - properties: - appArmorProfileName: - type: string - args: - items: - type: string - type: array - x-kubernetes-list-type: atomic - bpfDebugEnabled: - type: boolean - collectDNSStats: - type: boolean - command: - items: - type: string - type: array - x-kubernetes-list-type: atomic - conntrackEnabled: - type: boolean - customConfig: - properties: - configData: - type: string - configMap: - properties: - fileKey: - type: string - name: - type: string - type: object - type: object - debugPort: - format: int32 - type: integer - enableOOMKill: - type: boolean - enableTCPQueueLength: - type: boolean - enabled: - type: boolean - env: - items: - properties: - name: - type: string - value: - type: string - valueFrom: - properties: - configMapKeyRef: - properties: - key: - type: string - name: - type: string - optional: - type: boolean - required: - - key - type: object - fieldRef: - properties: - apiVersion: - type: string - fieldPath: - type: string - required: - - fieldPath - type: object - resourceFieldRef: - properties: - containerName: - type: string - divisor: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - resource: - type: string - required: - - resource - type: object - secretKeyRef: - properties: - key: - type: string - name: - type: string - optional: - type: boolean - required: - - key - type: object - type: object - required: - - name - type: object - type: array - x-kubernetes-list-map-keys: - - name - x-kubernetes-list-type: map - resources: - properties: - limits: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - type: object - requests: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - type: object - type: object - secCompCustomProfileConfigMap: - type: string - secCompProfileName: - type: string - secCompRootPath: - type: string - securityContext: - properties: - allowPrivilegeEscalation: - type: boolean - capabilities: - properties: - add: - items: - type: string - type: array - drop: - items: - type: string - type: array - type: object - privileged: - type: boolean - procMount: - type: string - readOnlyRootFilesystem: - type: boolean - runAsGroup: - format: int64 - type: integer - runAsNonRoot: - type: boolean - runAsUser: - format: int64 - type: integer - seLinuxOptions: - properties: - level: - type: string - role: - type: string - type: - type: string - user: - type: string - type: object - seccompProfile: - properties: - localhostProfile: - type: string - type: - type: string - required: - - type - type: object - windowsOptions: - properties: - gmsaCredentialSpec: - type: string - gmsaCredentialSpecName: - type: string - hostProcess: - type: boolean - runAsUserName: - type: string - type: object - type: object - volumeMounts: - items: - properties: - mountPath: - type: string - mountPropagation: - type: string - name: - type: string - readOnly: - type: boolean - subPath: - type: string - subPathExpr: - type: string - required: - - mountPath - - name - type: object - type: array - x-kubernetes-list-map-keys: - - name - - mountPath - x-kubernetes-list-type: map - type: object - useExtendedDaemonset: - type: boolean - type: object - clusterAgent: - properties: - additionalAnnotations: - additionalProperties: - type: string - type: object - additionalLabels: - additionalProperties: - type: string - type: object - affinity: - properties: - nodeAffinity: - properties: - preferredDuringSchedulingIgnoredDuringExecution: - items: - properties: - preference: - properties: - matchExpressions: - items: - properties: - key: - type: string - operator: - type: string - values: - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchFields: - items: - properties: - key: - type: string - operator: - type: string - values: - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - type: object - weight: - format: int32 - type: integer - required: - - preference - - weight - type: object - type: array - requiredDuringSchedulingIgnoredDuringExecution: - properties: - nodeSelectorTerms: - items: - properties: - matchExpressions: - items: - properties: - key: - type: string - operator: - type: string - values: - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchFields: - items: - properties: - key: - type: string - operator: - type: string - values: - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - type: object - type: array - required: - - nodeSelectorTerms - type: object - type: object - podAffinity: - properties: - preferredDuringSchedulingIgnoredDuringExecution: - items: - properties: - podAffinityTerm: - properties: - labelSelector: - properties: - matchExpressions: - items: - properties: - key: - type: string - operator: - type: string - values: - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - type: object - type: object - namespaceSelector: - properties: - matchExpressions: - items: - properties: - key: - type: string - operator: - type: string - values: - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - type: object - type: object - namespaces: - items: - type: string - type: array - topologyKey: - type: string - required: - - topologyKey - type: object - weight: - format: int32 - type: integer - required: - - podAffinityTerm - - weight - type: object - type: array - requiredDuringSchedulingIgnoredDuringExecution: - items: - properties: - labelSelector: - properties: - matchExpressions: - items: - properties: - key: - type: string - operator: - type: string - values: - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - type: object - type: object - namespaceSelector: - properties: - matchExpressions: - items: - properties: - key: - type: string - operator: - type: string - values: - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - type: object - type: object - namespaces: - items: - type: string - type: array - topologyKey: - type: string - required: - - topologyKey - type: object - type: array - type: object - podAntiAffinity: - properties: - preferredDuringSchedulingIgnoredDuringExecution: - items: - properties: - podAffinityTerm: - properties: - labelSelector: - properties: - matchExpressions: - items: - properties: - key: - type: string - operator: - type: string - values: - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - type: object - type: object - namespaceSelector: - properties: - matchExpressions: - items: - properties: - key: - type: string - operator: - type: string - values: - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - type: object - type: object - namespaces: - items: - type: string - type: array - topologyKey: - type: string - required: - - topologyKey - type: object - weight: - format: int32 - type: integer - required: - - podAffinityTerm - - weight - type: object - type: array - requiredDuringSchedulingIgnoredDuringExecution: - items: - properties: - labelSelector: - properties: - matchExpressions: - items: - properties: - key: - type: string - operator: - type: string - values: - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - type: object - type: object - namespaceSelector: - properties: - matchExpressions: - items: - properties: - key: - type: string - operator: - type: string - values: - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - type: object - type: object - namespaces: - items: - type: string - type: array - topologyKey: - type: string - required: - - topologyKey - type: object - type: array - type: object - type: object - config: - properties: - admissionController: - properties: - agentCommunicationMode: - type: string - enabled: - type: boolean - mutateUnlabelled: - type: boolean - serviceName: - type: string - type: object - args: - items: - type: string - type: array - x-kubernetes-list-type: atomic - clusterChecksEnabled: - type: boolean - collectEvents: - type: boolean - command: - items: - type: string - type: array - x-kubernetes-list-type: atomic - confd: - properties: - configMapName: - type: string - items: - items: - properties: - key: - type: string - mode: - format: int32 - type: integer - path: - type: string - required: - - key - - path - type: object - type: array - x-kubernetes-list-map-keys: - - key - x-kubernetes-list-type: map - type: object - env: - items: - properties: - name: - type: string - value: - type: string - valueFrom: - properties: - configMapKeyRef: - properties: - key: - type: string - name: - type: string - optional: - type: boolean - required: - - key - type: object - fieldRef: - properties: - apiVersion: - type: string - fieldPath: - type: string - required: - - fieldPath - type: object - resourceFieldRef: - properties: - containerName: - type: string - divisor: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - resource: - type: string - required: - - resource - type: object - secretKeyRef: - properties: - key: - type: string - name: - type: string - optional: - type: boolean - required: - - key - type: object - type: object - required: - - name - type: object - type: array - x-kubernetes-list-map-keys: - - name - x-kubernetes-list-type: map - externalMetrics: - properties: - credentials: - properties: - apiKey: - type: string - apiKeyExistingSecret: - type: string - apiSecret: - properties: - keyName: - type: string - secretName: - type: string - required: - - secretName - type: object - appKey: - type: string - appKeyExistingSecret: - type: string - appSecret: - properties: - keyName: - type: string - secretName: - type: string - required: - - secretName - type: object - type: object - enabled: - type: boolean - endpoint: - type: string - port: - format: int32 - type: integer - useDatadogMetrics: - type: boolean - wpaController: - type: boolean - type: object - healthPort: - format: int32 - type: integer - logLevel: - type: string - resources: - properties: - limits: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - type: object - requests: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - type: object - type: object - securityContext: - properties: - fsGroup: - format: int64 - type: integer - fsGroupChangePolicy: - type: string - runAsGroup: - format: int64 - type: integer - runAsNonRoot: - type: boolean - runAsUser: - format: int64 - type: integer - seLinuxOptions: - properties: - level: - type: string - role: - type: string - type: - type: string - user: - type: string - type: object - seccompProfile: - properties: - localhostProfile: - type: string - type: - type: string - required: - - type - type: object - supplementalGroups: - items: - format: int64 - type: integer - type: array - sysctls: - items: - properties: - name: - type: string - value: - type: string - required: - - name - - value - type: object - type: array - windowsOptions: - properties: - gmsaCredentialSpec: - type: string - gmsaCredentialSpecName: - type: string - hostProcess: - type: boolean - runAsUserName: - type: string - type: object - type: object - volumeMounts: - items: - properties: - mountPath: - type: string - mountPropagation: - type: string - name: - type: string - readOnly: - type: boolean - subPath: - type: string - subPathExpr: - type: string - required: - - mountPath - - name - type: object - type: array - x-kubernetes-list-map-keys: - - name - - mountPath - x-kubernetes-list-type: map - volumes: - items: - properties: - awsElasticBlockStore: - properties: - fsType: - type: string - partition: - format: int32 - type: integer - readOnly: - type: boolean - volumeID: - type: string - required: - - volumeID - type: object - azureDisk: - properties: - cachingMode: - type: string - diskName: - type: string - diskURI: - type: string - fsType: - type: string - kind: - type: string - readOnly: - type: boolean - required: - - diskName - - diskURI - type: object - azureFile: - properties: - readOnly: - type: boolean - secretName: - type: string - shareName: - type: string - required: - - secretName - - shareName - type: object - cephfs: - properties: - monitors: - items: - type: string - type: array - path: - type: string - readOnly: - type: boolean - secretFile: - type: string - secretRef: - properties: - name: - type: string - type: object - user: - type: string - required: - - monitors - type: object - cinder: - properties: - fsType: - type: string - readOnly: - type: boolean - secretRef: - properties: - name: - type: string - type: object - volumeID: - type: string - required: - - volumeID - type: object - configMap: - properties: - defaultMode: - format: int32 - type: integer - items: - items: - properties: - key: - type: string - mode: - format: int32 - type: integer - path: - type: string - required: - - key - - path - type: object - type: array - name: - type: string - optional: - type: boolean - type: object - csi: - properties: - driver: - type: string - fsType: - type: string - nodePublishSecretRef: - properties: - name: - type: string - type: object - readOnly: - type: boolean - volumeAttributes: - additionalProperties: - type: string - type: object - required: - - driver - type: object - downwardAPI: - properties: - defaultMode: - format: int32 - type: integer - items: - items: - properties: - fieldRef: - properties: - apiVersion: - type: string - fieldPath: - type: string - required: - - fieldPath - type: object - mode: - format: int32 - type: integer - path: - type: string - resourceFieldRef: - properties: - containerName: - type: string - divisor: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - resource: - type: string - required: - - resource - type: object - required: - - path - type: object - type: array - type: object - emptyDir: - properties: - medium: - type: string - sizeLimit: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - type: object - ephemeral: - properties: - volumeClaimTemplate: - properties: - metadata: - type: object - spec: - properties: - accessModes: - items: - type: string - type: array - dataSource: - properties: - apiGroup: - type: string - kind: - type: string - name: - type: string - required: - - kind - - name - type: object - dataSourceRef: - properties: - apiGroup: - type: string - kind: - type: string - name: - type: string - required: - - kind - - name - type: object - resources: - properties: - limits: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - type: object - requests: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - type: object - type: object - selector: - properties: - matchExpressions: - items: - properties: - key: - type: string - operator: - type: string - values: - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - type: object - type: object - storageClassName: - type: string - volumeMode: - type: string - volumeName: - type: string - type: object - required: - - spec - type: object - type: object - fc: - properties: - fsType: - type: string - lun: - format: int32 - type: integer - readOnly: - type: boolean - targetWWNs: - items: - type: string - type: array - wwids: - items: - type: string - type: array - type: object - flexVolume: - properties: - driver: - type: string - fsType: - type: string - options: - additionalProperties: - type: string - type: object - readOnly: - type: boolean - secretRef: - properties: - name: - type: string - type: object - required: - - driver - type: object - flocker: - properties: - datasetName: - type: string - datasetUUID: - type: string - type: object - gcePersistentDisk: - properties: - fsType: - type: string - partition: - format: int32 - type: integer - pdName: - type: string - readOnly: - type: boolean - required: - - pdName - type: object - gitRepo: - properties: - directory: - type: string - repository: - type: string - revision: - type: string - required: - - repository - type: object - glusterfs: - properties: - endpoints: - type: string - path: - type: string - readOnly: - type: boolean - required: - - endpoints - - path - type: object - hostPath: - properties: - path: - type: string - type: - type: string - required: - - path - type: object - iscsi: - properties: - chapAuthDiscovery: - type: boolean - chapAuthSession: - type: boolean - fsType: - type: string - initiatorName: - type: string - iqn: - type: string - iscsiInterface: - type: string - lun: - format: int32 - type: integer - portals: - items: - type: string - type: array - readOnly: - type: boolean - secretRef: - properties: - name: - type: string - type: object - targetPortal: - type: string - required: - - iqn - - lun - - targetPortal - type: object - name: - type: string - nfs: - properties: - path: - type: string - readOnly: - type: boolean - server: - type: string - required: - - path - - server - type: object - persistentVolumeClaim: - properties: - claimName: - type: string - readOnly: - type: boolean - required: - - claimName - type: object - photonPersistentDisk: - properties: - fsType: - type: string - pdID: - type: string - required: - - pdID - type: object - portworxVolume: - properties: - fsType: - type: string - readOnly: - type: boolean - volumeID: - type: string - required: - - volumeID - type: object - projected: - properties: - defaultMode: - format: int32 - type: integer - sources: - items: - properties: - configMap: - properties: - items: - items: - properties: - key: - type: string - mode: - format: int32 - type: integer - path: - type: string - required: - - key - - path - type: object - type: array - name: - type: string - optional: - type: boolean - type: object - downwardAPI: - properties: - items: - items: - properties: - fieldRef: - properties: - apiVersion: - type: string - fieldPath: - type: string - required: - - fieldPath - type: object - mode: - format: int32 - type: integer - path: - type: string - resourceFieldRef: - properties: - containerName: - type: string - divisor: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - resource: - type: string - required: - - resource - type: object - required: - - path - type: object - type: array - type: object - secret: - properties: - items: - items: - properties: - key: - type: string - mode: - format: int32 - type: integer - path: - type: string - required: - - key - - path - type: object - type: array - name: - type: string - optional: - type: boolean - type: object - serviceAccountToken: - properties: - audience: - type: string - expirationSeconds: - format: int64 - type: integer - path: - type: string - required: - - path - type: object - type: object - type: array - type: object - quobyte: - properties: - group: - type: string - readOnly: - type: boolean - registry: - type: string - tenant: - type: string - user: - type: string - volume: - type: string - required: - - registry - - volume - type: object - rbd: - properties: - fsType: - type: string - image: - type: string - keyring: - type: string - monitors: - items: - type: string - type: array - pool: - type: string - readOnly: - type: boolean - secretRef: - properties: - name: - type: string - type: object - user: - type: string - required: - - image - - monitors - type: object - scaleIO: - properties: - fsType: - type: string - gateway: - type: string - protectionDomain: - type: string - readOnly: - type: boolean - secretRef: - properties: - name: - type: string - type: object - sslEnabled: - type: boolean - storageMode: - type: string - storagePool: - type: string - system: - type: string - volumeName: - type: string - required: - - gateway - - secretRef - - system - type: object - secret: - properties: - defaultMode: - format: int32 - type: integer - items: - items: - properties: - key: - type: string - mode: - format: int32 - type: integer - path: - type: string - required: - - key - - path - type: object - type: array - optional: - type: boolean - secretName: - type: string - type: object - storageos: - properties: - fsType: - type: string - readOnly: - type: boolean - secretRef: - properties: - name: - type: string - type: object - volumeName: - type: string - volumeNamespace: - type: string - type: object - vsphereVolume: - properties: - fsType: - type: string - storagePolicyID: - type: string - storagePolicyName: - type: string - volumePath: - type: string - required: - - volumePath - type: object - required: - - name - type: object - type: array - x-kubernetes-list-map-keys: - - name - x-kubernetes-list-type: map - type: object - customConfig: - properties: - configData: - type: string - configMap: - properties: - fileKey: - type: string - name: - type: string - type: object - type: object - deploymentName: - type: string - enabled: - type: boolean - image: - properties: - jmxEnabled: - type: boolean - name: - type: string - pullPolicy: - type: string - pullSecrets: - items: - properties: - name: - type: string - type: object - type: array - tag: - type: string - type: object - keepAnnotations: - type: string - keepLabels: - type: string - networkPolicy: - properties: - create: - type: boolean - dnsSelectorEndpoints: - items: - properties: - matchExpressions: - items: - properties: - key: - type: string - operator: - type: string - values: - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - type: object - type: object - type: array - x-kubernetes-list-type: atomic - flavor: - type: string - type: object - nodeSelector: - additionalProperties: - type: string - type: object - priorityClassName: - type: string - rbac: - properties: - create: - type: boolean - serviceAccountName: - type: string - type: object - replicas: - format: int32 - type: integer - tolerations: - items: - properties: - effect: - type: string - key: - type: string - operator: - type: string - tolerationSeconds: - format: int64 - type: integer - value: - type: string - type: object - type: array - x-kubernetes-list-type: atomic - type: object - clusterChecksRunner: - properties: - additionalAnnotations: - additionalProperties: - type: string - type: object - additionalLabels: - additionalProperties: - type: string - type: object - affinity: - properties: - nodeAffinity: - properties: - preferredDuringSchedulingIgnoredDuringExecution: - items: - properties: - preference: - properties: - matchExpressions: - items: - properties: - key: - type: string - operator: - type: string - values: - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchFields: - items: - properties: - key: - type: string - operator: - type: string - values: - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - type: object - weight: - format: int32 - type: integer - required: - - preference - - weight - type: object - type: array - requiredDuringSchedulingIgnoredDuringExecution: - properties: - nodeSelectorTerms: - items: - properties: - matchExpressions: - items: - properties: - key: - type: string - operator: - type: string - values: - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchFields: - items: - properties: - key: - type: string - operator: - type: string - values: - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - type: object - type: array - required: - - nodeSelectorTerms - type: object - type: object - podAffinity: - properties: - preferredDuringSchedulingIgnoredDuringExecution: - items: - properties: - podAffinityTerm: - properties: - labelSelector: - properties: - matchExpressions: - items: - properties: - key: - type: string - operator: - type: string - values: - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - type: object - type: object - namespaceSelector: - properties: - matchExpressions: - items: - properties: - key: - type: string - operator: - type: string - values: - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - type: object - type: object - namespaces: - items: - type: string - type: array - topologyKey: - type: string - required: - - topologyKey - type: object - weight: - format: int32 - type: integer - required: - - podAffinityTerm - - weight - type: object - type: array - requiredDuringSchedulingIgnoredDuringExecution: - items: - properties: - labelSelector: - properties: - matchExpressions: - items: - properties: - key: - type: string - operator: - type: string - values: - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - type: object - type: object - namespaceSelector: - properties: - matchExpressions: - items: - properties: - key: - type: string - operator: - type: string - values: - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - type: object - type: object - namespaces: - items: - type: string - type: array - topologyKey: - type: string - required: - - topologyKey - type: object - type: array - type: object - podAntiAffinity: - properties: - preferredDuringSchedulingIgnoredDuringExecution: - items: - properties: - podAffinityTerm: - properties: - labelSelector: - properties: - matchExpressions: - items: - properties: - key: - type: string - operator: - type: string - values: - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - type: object - type: object - namespaceSelector: - properties: - matchExpressions: - items: - properties: - key: - type: string - operator: - type: string - values: - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - type: object - type: object - namespaces: - items: - type: string - type: array - topologyKey: - type: string - required: - - topologyKey - type: object - weight: - format: int32 - type: integer - required: - - podAffinityTerm - - weight - type: object - type: array - requiredDuringSchedulingIgnoredDuringExecution: - items: - properties: - labelSelector: - properties: - matchExpressions: - items: - properties: - key: - type: string - operator: - type: string - values: - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - type: object - type: object - namespaceSelector: - properties: - matchExpressions: - items: - properties: - key: - type: string - operator: - type: string - values: - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - type: object - type: object - namespaces: - items: - type: string - type: array - topologyKey: - type: string - required: - - topologyKey - type: object - type: array - type: object - type: object - config: - properties: - args: - items: - type: string - type: array - x-kubernetes-list-type: atomic - command: - items: - type: string - type: array - x-kubernetes-list-type: atomic - env: - items: - properties: - name: - type: string - value: - type: string - valueFrom: - properties: - configMapKeyRef: - properties: - key: - type: string - name: - type: string - optional: - type: boolean - required: - - key - type: object - fieldRef: - properties: - apiVersion: - type: string - fieldPath: - type: string - required: - - fieldPath - type: object - resourceFieldRef: - properties: - containerName: - type: string - divisor: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - resource: - type: string - required: - - resource - type: object - secretKeyRef: - properties: - key: - type: string - name: - type: string - optional: - type: boolean - required: - - key - type: object - type: object - required: - - name - type: object - type: array - x-kubernetes-list-map-keys: - - name - x-kubernetes-list-type: map - healthPort: - format: int32 - type: integer - livenessProbe: - properties: - exec: - properties: - command: - items: - type: string - type: array - type: object - failureThreshold: - format: int32 - type: integer - grpc: - properties: - port: - format: int32 - type: integer - service: - type: string - required: - - port - type: object - httpGet: - properties: - host: - type: string - httpHeaders: - items: - properties: - name: - type: string - value: - type: string - required: - - name - - value - type: object - type: array - path: - type: string - port: - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - scheme: - type: string - required: - - port - type: object - initialDelaySeconds: - format: int32 - type: integer - periodSeconds: - format: int32 - type: integer - successThreshold: - format: int32 - type: integer - tcpSocket: - properties: - host: - type: string - port: - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - required: - - port - type: object - terminationGracePeriodSeconds: - format: int64 - type: integer - timeoutSeconds: - format: int32 - type: integer - type: object - logLevel: - type: string - readinessProbe: - properties: - exec: - properties: - command: - items: - type: string - type: array - type: object - failureThreshold: - format: int32 - type: integer - grpc: - properties: - port: - format: int32 - type: integer - service: - type: string - required: - - port - type: object - httpGet: - properties: - host: - type: string - httpHeaders: - items: - properties: - name: - type: string - value: - type: string - required: - - name - - value - type: object - type: array - path: - type: string - port: - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - scheme: - type: string - required: - - port - type: object - initialDelaySeconds: - format: int32 - type: integer - periodSeconds: - format: int32 - type: integer - successThreshold: - format: int32 - type: integer - tcpSocket: - properties: - host: - type: string - port: - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - required: - - port - type: object - terminationGracePeriodSeconds: - format: int64 - type: integer - timeoutSeconds: - format: int32 - type: integer - type: object - resources: - properties: - limits: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - type: object - requests: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - type: object - type: object - securityContext: - properties: - fsGroup: - format: int64 - type: integer - fsGroupChangePolicy: - type: string - runAsGroup: - format: int64 - type: integer - runAsNonRoot: - type: boolean - runAsUser: - format: int64 - type: integer - seLinuxOptions: - properties: - level: - type: string - role: - type: string - type: - type: string - user: - type: string - type: object - seccompProfile: - properties: - localhostProfile: - type: string - type: - type: string - required: - - type - type: object - supplementalGroups: - items: - format: int64 - type: integer - type: array - sysctls: - items: - properties: - name: - type: string - value: - type: string - required: - - name - - value - type: object - type: array - windowsOptions: - properties: - gmsaCredentialSpec: - type: string - gmsaCredentialSpecName: - type: string - hostProcess: - type: boolean - runAsUserName: - type: string - type: object - type: object - volumeMounts: - items: - properties: - mountPath: - type: string - mountPropagation: - type: string - name: - type: string - readOnly: - type: boolean - subPath: - type: string - subPathExpr: - type: string - required: - - mountPath - - name - type: object - type: array - x-kubernetes-list-map-keys: - - name - - mountPath - x-kubernetes-list-type: map - volumes: - items: - properties: - awsElasticBlockStore: - properties: - fsType: - type: string - partition: - format: int32 - type: integer - readOnly: - type: boolean - volumeID: - type: string - required: - - volumeID - type: object - azureDisk: - properties: - cachingMode: - type: string - diskName: - type: string - diskURI: - type: string - fsType: - type: string - kind: - type: string - readOnly: - type: boolean - required: - - diskName - - diskURI - type: object - azureFile: - properties: - readOnly: - type: boolean - secretName: - type: string - shareName: - type: string - required: - - secretName - - shareName - type: object - cephfs: - properties: - monitors: - items: - type: string - type: array - path: - type: string - readOnly: - type: boolean - secretFile: - type: string - secretRef: - properties: - name: - type: string - type: object - user: - type: string - required: - - monitors - type: object - cinder: - properties: - fsType: - type: string - readOnly: - type: boolean - secretRef: - properties: - name: - type: string - type: object - volumeID: - type: string - required: - - volumeID - type: object - configMap: - properties: - defaultMode: - format: int32 - type: integer - items: - items: - properties: - key: - type: string - mode: - format: int32 - type: integer - path: - type: string - required: - - key - - path - type: object - type: array - name: - type: string - optional: - type: boolean - type: object - csi: - properties: - driver: - type: string - fsType: - type: string - nodePublishSecretRef: - properties: - name: - type: string - type: object - readOnly: - type: boolean - volumeAttributes: - additionalProperties: - type: string - type: object - required: - - driver - type: object - downwardAPI: - properties: - defaultMode: - format: int32 - type: integer - items: - items: - properties: - fieldRef: - properties: - apiVersion: - type: string - fieldPath: - type: string - required: - - fieldPath - type: object - mode: - format: int32 - type: integer - path: - type: string - resourceFieldRef: - properties: - containerName: - type: string - divisor: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - resource: - type: string - required: - - resource - type: object - required: - - path - type: object - type: array - type: object - emptyDir: - properties: - medium: - type: string - sizeLimit: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - type: object - ephemeral: - properties: - volumeClaimTemplate: - properties: - metadata: - type: object - spec: - properties: - accessModes: - items: - type: string - type: array - dataSource: - properties: - apiGroup: - type: string - kind: - type: string - name: - type: string - required: - - kind - - name - type: object - dataSourceRef: - properties: - apiGroup: - type: string - kind: - type: string - name: - type: string - required: - - kind - - name - type: object - resources: - properties: - limits: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - type: object - requests: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - type: object - type: object - selector: - properties: - matchExpressions: - items: - properties: - key: - type: string - operator: - type: string - values: - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - type: object - type: object - storageClassName: - type: string - volumeMode: - type: string - volumeName: - type: string - type: object - required: - - spec - type: object - type: object - fc: - properties: - fsType: - type: string - lun: - format: int32 - type: integer - readOnly: - type: boolean - targetWWNs: - items: - type: string - type: array - wwids: - items: - type: string - type: array - type: object - flexVolume: - properties: - driver: - type: string - fsType: - type: string - options: - additionalProperties: - type: string - type: object - readOnly: - type: boolean - secretRef: - properties: - name: - type: string - type: object - required: - - driver - type: object - flocker: - properties: - datasetName: - type: string - datasetUUID: - type: string - type: object - gcePersistentDisk: - properties: - fsType: - type: string - partition: - format: int32 - type: integer - pdName: - type: string - readOnly: - type: boolean - required: - - pdName - type: object - gitRepo: - properties: - directory: - type: string - repository: - type: string - revision: - type: string - required: - - repository - type: object - glusterfs: - properties: - endpoints: - type: string - path: - type: string - readOnly: - type: boolean - required: - - endpoints - - path - type: object - hostPath: - properties: - path: - type: string - type: - type: string - required: - - path - type: object - iscsi: - properties: - chapAuthDiscovery: - type: boolean - chapAuthSession: - type: boolean - fsType: - type: string - initiatorName: - type: string - iqn: - type: string - iscsiInterface: - type: string - lun: - format: int32 - type: integer - portals: - items: - type: string - type: array - readOnly: - type: boolean - secretRef: - properties: - name: - type: string - type: object - targetPortal: - type: string - required: - - iqn - - lun - - targetPortal - type: object - name: - type: string - nfs: - properties: - path: - type: string - readOnly: - type: boolean - server: - type: string - required: - - path - - server - type: object - persistentVolumeClaim: - properties: - claimName: - type: string - readOnly: - type: boolean - required: - - claimName - type: object - photonPersistentDisk: - properties: - fsType: - type: string - pdID: - type: string - required: - - pdID - type: object - portworxVolume: - properties: - fsType: - type: string - readOnly: - type: boolean - volumeID: - type: string - required: - - volumeID - type: object - projected: - properties: - defaultMode: - format: int32 - type: integer - sources: - items: - properties: - configMap: - properties: - items: - items: - properties: - key: - type: string - mode: - format: int32 - type: integer - path: - type: string - required: - - key - - path - type: object - type: array - name: - type: string - optional: - type: boolean - type: object - downwardAPI: - properties: - items: - items: - properties: - fieldRef: - properties: - apiVersion: - type: string - fieldPath: - type: string - required: - - fieldPath - type: object - mode: - format: int32 - type: integer - path: - type: string - resourceFieldRef: - properties: - containerName: - type: string - divisor: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - resource: - type: string - required: - - resource - type: object - required: - - path - type: object - type: array - type: object - secret: - properties: - items: - items: - properties: - key: - type: string - mode: - format: int32 - type: integer - path: - type: string - required: - - key - - path - type: object - type: array - name: - type: string - optional: - type: boolean - type: object - serviceAccountToken: - properties: - audience: - type: string - expirationSeconds: - format: int64 - type: integer - path: - type: string - required: - - path - type: object - type: object - type: array - type: object - quobyte: - properties: - group: - type: string - readOnly: - type: boolean - registry: - type: string - tenant: - type: string - user: - type: string - volume: - type: string - required: - - registry - - volume - type: object - rbd: - properties: - fsType: - type: string - image: - type: string - keyring: - type: string - monitors: - items: - type: string - type: array - pool: - type: string - readOnly: - type: boolean - secretRef: - properties: - name: - type: string - type: object - user: - type: string - required: - - image - - monitors - type: object - scaleIO: - properties: - fsType: - type: string - gateway: - type: string - protectionDomain: - type: string - readOnly: - type: boolean - secretRef: - properties: - name: - type: string - type: object - sslEnabled: - type: boolean - storageMode: - type: string - storagePool: - type: string - system: - type: string - volumeName: - type: string - required: - - gateway - - secretRef - - system - type: object - secret: - properties: - defaultMode: - format: int32 - type: integer - items: - items: - properties: - key: - type: string - mode: - format: int32 - type: integer - path: - type: string - required: - - key - - path - type: object - type: array - optional: - type: boolean - secretName: - type: string - type: object - storageos: - properties: - fsType: - type: string - readOnly: - type: boolean - secretRef: - properties: - name: - type: string - type: object - volumeName: - type: string - volumeNamespace: - type: string - type: object - vsphereVolume: - properties: - fsType: - type: string - storagePolicyID: - type: string - storagePolicyName: - type: string - volumePath: - type: string - required: - - volumePath - type: object - required: - - name - type: object - type: array - x-kubernetes-list-map-keys: - - name - x-kubernetes-list-type: map - type: object - customConfig: - properties: - configData: - type: string - configMap: - properties: - fileKey: - type: string - name: - type: string - type: object - type: object - deploymentName: - type: string - enabled: - type: boolean - image: - properties: - jmxEnabled: - type: boolean - name: - type: string - pullPolicy: - type: string - pullSecrets: - items: - properties: - name: - type: string - type: object - type: array - tag: - type: string - type: object - networkPolicy: - properties: - create: - type: boolean - dnsSelectorEndpoints: - items: - properties: - matchExpressions: - items: - properties: - key: - type: string - operator: - type: string - values: - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - type: object - type: object - type: array - x-kubernetes-list-type: atomic - flavor: - type: string - type: object - nodeSelector: - additionalProperties: - type: string - type: object - priorityClassName: - type: string - rbac: - properties: - create: - type: boolean - serviceAccountName: - type: string - type: object - replicas: - format: int32 - type: integer - tolerations: - items: - properties: - effect: - type: string - key: - type: string - operator: - type: string - tolerationSeconds: - format: int64 - type: integer - value: - type: string - type: object - type: array - x-kubernetes-list-type: atomic - type: object - clusterName: - type: string - credentials: - properties: - apiKey: - type: string - apiKeyExistingSecret: - type: string - apiSecret: - properties: - keyName: - type: string - secretName: - type: string - required: - - secretName - type: object - appKey: - type: string - appKeyExistingSecret: - type: string - appSecret: - properties: - keyName: - type: string - secretName: - type: string - required: - - secretName - type: object - token: - type: string - useSecretBackend: - type: boolean - type: object - features: - properties: - kubeStateMetricsCore: - properties: - clusterCheck: - type: boolean - conf: - properties: - configData: - type: string - configMap: - properties: - fileKey: - type: string - name: - type: string - type: object - type: object - enabled: - type: boolean - type: object - logCollection: - properties: - containerCollectUsingFiles: - type: boolean - containerLogsPath: - type: string - containerSymlinksPath: - type: string - enabled: - type: boolean - logsConfigContainerCollectAll: - type: boolean - openFilesLimit: - format: int32 - type: integer - podLogsPath: - type: string - tempStoragePath: - type: string - type: object - networkMonitoring: - properties: - enabled: - type: boolean - type: object - orchestratorExplorer: - properties: - additionalEndpoints: - type: string - clusterCheck: - type: boolean - conf: - properties: - configData: - type: string - configMap: - properties: - fileKey: - type: string - name: - type: string - type: object - type: object - ddUrl: - type: string - enabled: - type: boolean - extraTags: - items: - type: string - type: array - x-kubernetes-list-type: set - scrubbing: - properties: - containers: - type: boolean - type: object - type: object - prometheusScrape: - properties: - additionalConfigs: - type: string - enabled: - type: boolean - serviceEndpoints: - type: boolean - type: object - type: object - registry: - type: string - site: - type: string - type: object - status: - properties: - agent: - properties: - available: - format: int32 - type: integer - current: - format: int32 - type: integer - currentHash: - type: string - daemonsetName: - type: string - desired: - format: int32 - type: integer - lastUpdate: - format: date-time - type: string - ready: - format: int32 - type: integer - state: - type: string - status: - type: string - upToDate: - format: int32 - type: integer - required: - - available - - current - - desired - - ready - - upToDate - type: object - clusterAgent: - properties: - availableReplicas: - format: int32 - type: integer - currentHash: - type: string - deploymentName: - type: string - generatedToken: - type: string - lastUpdate: - format: date-time - type: string - readyReplicas: - format: int32 - type: integer - replicas: - format: int32 - type: integer - state: - type: string - status: - type: string - unavailableReplicas: - format: int32 - type: integer - updatedReplicas: - format: int32 - type: integer - type: object - clusterChecksRunner: - properties: - availableReplicas: - format: int32 - type: integer - currentHash: - type: string - deploymentName: - type: string - generatedToken: - type: string - lastUpdate: - format: date-time - type: string - readyReplicas: - format: int32 - type: integer - replicas: - format: int32 - type: integer - state: - type: string - status: - type: string - unavailableReplicas: - format: int32 - type: integer - updatedReplicas: - format: int32 - type: integer - type: object - conditions: - items: - properties: - lastTransitionTime: - format: date-time - type: string - lastUpdateTime: - format: date-time - type: string - message: - type: string - reason: - type: string - status: - type: string - type: - type: string - required: - - status - - type - type: object - type: array - x-kubernetes-list-map-keys: - - type - x-kubernetes-list-type: map - type: object - type: object - {{- if not (eq .Values.migration.datadogAgents.version "v2alpha1") }} - served: true - storage: true - {{- else }} - served: true - storage: false - {{- end }} - subresources: - status: {} - additionalPrinterColumns: - jsonPath: .status.agent.status name: agent @@ -5916,6 +73,7 @@ spec: name: type: string type: object + x-kubernetes-map-type: atomic type: array tag: type: string @@ -5943,6 +101,7 @@ spec: required: - key type: object + x-kubernetes-map-type: atomic fieldRef: properties: apiVersion: @@ -5952,6 +111,7 @@ spec: required: - fieldPath type: object + x-kubernetes-map-type: atomic resourceFieldRef: properties: containerName: @@ -5967,6 +127,7 @@ spec: required: - resource type: object + x-kubernetes-map-type: atomic secretKeyRef: properties: key: @@ -5978,6 +139,7 @@ spec: required: - key type: object + x-kubernetes-map-type: atomic type: object required: - name @@ -5988,6 +150,18 @@ spec: x-kubernetes-list-type: map resources: properties: + claims: + items: + properties: + name: + type: string + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map limits: additionalProperties: anyOf: @@ -6038,6 +212,7 @@ spec: type: string type: object type: object + x-kubernetes-map-type: atomic objectSelector: properties: matchExpressions: @@ -6061,6 +236,7 @@ spec: type: string type: object type: object + x-kubernetes-map-type: atomic type: object type: array x-kubernetes-list-type: atomic @@ -6111,6 +287,11 @@ spec: type: string type: array x-kubernetes-list-type: set + languageDetection: + properties: + enabled: + type: boolean + type: object libVersions: additionalProperties: type: string @@ -6142,6 +323,14 @@ spec: type: boolean type: object type: object + autoscaling: + properties: + workload: + properties: + enabled: + type: boolean + type: object + type: object clusterChecks: properties: enabled: @@ -6298,6 +487,24 @@ spec: properties: collectKubernetesEvents: type: boolean + collectedEventTypes: + items: + properties: + kind: + type: string + reasons: + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - kind + - reasons + type: object + type: array + x-kubernetes-list-type: atomic + unbundleEvents: + type: boolean type: object externalMetricsServer: properties: @@ -6537,6 +744,10 @@ spec: x-kubernetes-list-type: set enabled: type: boolean + overlayFSDirectScan: + type: boolean + uncompressedLayersSupport: + type: boolean type: object enabled: type: boolean @@ -6686,6 +897,7 @@ spec: name: type: string type: object + x-kubernetes-map-type: atomic type: array tag: type: string @@ -6700,6 +912,18 @@ spec: type: integer resources: properties: + claims: + items: + properties: + name: + type: string + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map limits: additionalProperties: anyOf: @@ -6737,6 +961,7 @@ spec: required: - key type: object + x-kubernetes-map-type: atomic fieldRef: properties: apiVersion: @@ -6746,6 +971,7 @@ spec: required: - fieldPath type: object + x-kubernetes-map-type: atomic resourceFieldRef: properties: containerName: @@ -6761,6 +987,7 @@ spec: required: - resource type: object + x-kubernetes-map-type: atomic secretKeyRef: properties: key: @@ -6772,6 +999,7 @@ spec: required: - key type: object + x-kubernetes-map-type: atomic type: object hostCAPath: type: string @@ -6787,6 +1015,10 @@ spec: type: object logLevel: type: string + namespaceAnnotationsAsTags: + additionalProperties: + type: string + type: object namespaceLabelsAsTags: additionalProperties: type: string @@ -6819,6 +1051,7 @@ spec: type: string type: object type: object + x-kubernetes-map-type: atomic type: array x-kubernetes-list-type: atomic flavor: @@ -6896,6 +1129,7 @@ spec: type: object type: array type: object + x-kubernetes-map-type: atomic weight: format: int32 type: integer @@ -6942,10 +1176,12 @@ spec: type: object type: array type: object + x-kubernetes-map-type: atomic type: array required: - nodeSelectorTerms type: object + x-kubernetes-map-type: atomic type: object podAffinity: properties: @@ -6977,6 +1213,7 @@ spec: type: string type: object type: object + x-kubernetes-map-type: atomic namespaceSelector: properties: matchExpressions: @@ -7000,6 +1237,7 @@ spec: type: string type: object type: object + x-kubernetes-map-type: atomic namespaces: items: type: string @@ -7043,6 +1281,7 @@ spec: type: string type: object type: object + x-kubernetes-map-type: atomic namespaceSelector: properties: matchExpressions: @@ -7066,6 +1305,7 @@ spec: type: string type: object type: object + x-kubernetes-map-type: atomic namespaces: items: type: string @@ -7107,6 +1347,7 @@ spec: type: string type: object type: object + x-kubernetes-map-type: atomic namespaceSelector: properties: matchExpressions: @@ -7130,6 +1371,7 @@ spec: type: string type: object type: object + x-kubernetes-map-type: atomic namespaces: items: type: string @@ -7173,6 +1415,7 @@ spec: type: string type: object type: object + x-kubernetes-map-type: atomic namespaceSelector: properties: matchExpressions: @@ -7196,6 +1439,7 @@ spec: type: string type: object type: object + x-kubernetes-map-type: atomic namespaces: items: type: string @@ -7247,6 +1491,7 @@ spec: required: - key type: object + x-kubernetes-map-type: atomic fieldRef: properties: apiVersion: @@ -7256,6 +1501,7 @@ spec: required: - fieldPath type: object + x-kubernetes-map-type: atomic resourceFieldRef: properties: containerName: @@ -7271,6 +1517,7 @@ spec: required: - resource type: object + x-kubernetes-map-type: atomic secretKeyRef: properties: key: @@ -7282,6 +1529,7 @@ spec: required: - key type: object + x-kubernetes-map-type: atomic type: object required: - name @@ -7455,6 +1703,18 @@ spec: type: object resources: properties: + claims: + items: + properties: + name: + type: string + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map limits: additionalProperties: anyOf: @@ -7626,6 +1886,28 @@ spec: type: object disabled: type: boolean + dnsConfig: + properties: + nameservers: + items: + type: string + type: array + options: + items: + properties: + name: + type: string + value: + type: string + type: object + type: array + searches: + items: + type: string + type: array + type: object + dnsPolicy: + type: string env: items: properties: @@ -7646,6 +1928,7 @@ spec: required: - key type: object + x-kubernetes-map-type: atomic fieldRef: properties: apiVersion: @@ -7655,6 +1938,7 @@ spec: required: - fieldPath type: object + x-kubernetes-map-type: atomic resourceFieldRef: properties: containerName: @@ -7670,6 +1954,7 @@ spec: required: - resource type: object + x-kubernetes-map-type: atomic secretKeyRef: properties: key: @@ -7681,6 +1966,7 @@ spec: required: - key type: object + x-kubernetes-map-type: atomic type: object required: - name @@ -7767,6 +2053,7 @@ spec: name: type: string type: object + x-kubernetes-map-type: atomic type: array tag: type: string @@ -7869,6 +2156,24 @@ spec: type: object type: array x-kubernetes-list-type: atomic + updateStrategy: + properties: + rollingUpdate: + properties: + maxSurge: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + maxUnavailable: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + type: object + type: + type: string + type: object volumes: items: properties: @@ -7933,6 +2238,7 @@ spec: name: type: string type: object + x-kubernetes-map-type: atomic user: type: string required: @@ -7949,6 +2255,7 @@ spec: name: type: string type: object + x-kubernetes-map-type: atomic volumeID: type: string required: @@ -7979,6 +2286,7 @@ spec: optional: type: boolean type: object + x-kubernetes-map-type: atomic csi: properties: driver: @@ -7990,6 +2298,7 @@ spec: name: type: string type: object + x-kubernetes-map-type: atomic readOnly: type: boolean volumeAttributes: @@ -8016,6 +2325,7 @@ spec: required: - fieldPath type: object + x-kubernetes-map-type: atomic mode: format: int32 type: integer @@ -8036,6 +2346,7 @@ spec: required: - resource type: object + x-kubernetes-map-type: atomic required: - path type: object @@ -8076,6 +2387,7 @@ spec: - kind - name type: object + x-kubernetes-map-type: atomic dataSourceRef: properties: apiGroup: @@ -8084,12 +2396,26 @@ spec: type: string name: type: string + namespace: + type: string required: - kind - name type: object resources: properties: + claims: + items: + properties: + name: + type: string + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map limits: additionalProperties: anyOf: @@ -8130,6 +2456,7 @@ spec: type: string type: object type: object + x-kubernetes-map-type: atomic storageClassName: type: string volumeMode: @@ -8176,6 +2503,7 @@ spec: name: type: string type: object + x-kubernetes-map-type: atomic required: - driver type: object @@ -8260,6 +2588,7 @@ spec: name: type: string type: object + x-kubernetes-map-type: atomic targetPortal: type: string required: @@ -8340,6 +2669,7 @@ spec: optional: type: boolean type: object + x-kubernetes-map-type: atomic downwardAPI: properties: items: @@ -8354,6 +2684,7 @@ spec: required: - fieldPath type: object + x-kubernetes-map-type: atomic mode: format: int32 type: integer @@ -8374,6 +2705,7 @@ spec: required: - resource type: object + x-kubernetes-map-type: atomic required: - path type: object @@ -8401,6 +2733,7 @@ spec: optional: type: boolean type: object + x-kubernetes-map-type: atomic serviceAccountToken: properties: audience: @@ -8455,6 +2788,7 @@ spec: name: type: string type: object + x-kubernetes-map-type: atomic user: type: string required: @@ -8476,6 +2810,7 @@ spec: name: type: string type: object + x-kubernetes-map-type: atomic sslEnabled: type: boolean storageMode: @@ -8527,6 +2862,7 @@ spec: name: type: string type: object + x-kubernetes-map-type: atomic volumeName: type: string volumeNamespace: @@ -8759,6 +3095,7 @@ spec: name: type: string type: object + x-kubernetes-map-type: atomic type: array tag: type: string @@ -8786,6 +3123,7 @@ spec: required: - key type: object + x-kubernetes-map-type: atomic fieldRef: properties: apiVersion: @@ -8795,6 +3133,7 @@ spec: required: - fieldPath type: object + x-kubernetes-map-type: atomic resourceFieldRef: properties: containerName: @@ -8810,6 +3149,7 @@ spec: required: - resource type: object + x-kubernetes-map-type: atomic secretKeyRef: properties: key: @@ -8821,6 +3161,7 @@ spec: required: - key type: object + x-kubernetes-map-type: atomic type: object required: - name @@ -8831,6 +3172,18 @@ spec: x-kubernetes-list-type: map resources: properties: + claims: + items: + properties: + name: + type: string + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map limits: additionalProperties: anyOf: @@ -8881,6 +3234,7 @@ spec: type: string type: object type: object + x-kubernetes-map-type: atomic objectSelector: properties: matchExpressions: @@ -8904,6 +3258,7 @@ spec: type: string type: object type: object + x-kubernetes-map-type: atomic type: object type: array x-kubernetes-list-type: atomic @@ -8954,6 +3309,11 @@ spec: type: string type: array x-kubernetes-list-type: set + languageDetection: + properties: + enabled: + type: boolean + type: object libVersions: additionalProperties: type: string @@ -8985,6 +3345,14 @@ spec: type: boolean type: object type: object + autoscaling: + properties: + workload: + properties: + enabled: + type: boolean + type: object + type: object clusterChecks: properties: enabled: @@ -9141,6 +3509,24 @@ spec: properties: collectKubernetesEvents: type: boolean + collectedEventTypes: + items: + properties: + kind: + type: string + reasons: + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - kind + - reasons + type: object + type: array + x-kubernetes-list-type: atomic + unbundleEvents: + type: boolean type: object externalMetricsServer: properties: @@ -9380,6 +3766,10 @@ spec: x-kubernetes-list-type: set enabled: type: boolean + overlayFSDirectScan: + type: boolean + uncompressedLayersSupport: + type: boolean type: object enabled: type: boolean @@ -9412,10 +3802,4 @@ spec: storage: true subresources: status: {} -status: - acceptedNames: - kind: "" - plural: "" - conditions: [] - storedVersions: [] {{- end }} diff --git a/charts/datadog-crds/templates/datadoghq.com_datadogagents_v1beta1.yaml b/charts/datadog-crds/templates/datadoghq.com_datadogagents_v1beta1.yaml index 93be5daf3..c602a1017 100644 --- a/charts/datadog-crds/templates/datadoghq.com_datadogagents_v1beta1.yaml +++ b/charts/datadog-crds/templates/datadoghq.com_datadogagents_v1beta1.yaml @@ -14,6 +14,19 @@ metadata: app.kubernetes.io/name: '{{ include "datadog-crds.name" . }}' app.kubernetes.io/instance: '{{ .Release.Name }}' spec: + additionalPrinterColumns: + - JSONPath: .status.agent.status + name: agent + type: string + - JSONPath: .status.clusterAgent.status + name: cluster-agent + type: string + - JSONPath: .status.clusterChecksRunner.status + name: cluster-checks-runner + type: string + - JSONPath: .metadata.creationTimestamp + name: age + type: date group: datadoghq.com names: kind: DatadogAgent @@ -25,620 +38,394 @@ spec: scope: Namespaced subresources: status: {} - version: v1alpha1 - versions: - - additionalPrinterColumns: - - JSONPath: .status.conditions[?(@.type=='Active')].status - name: active - type: string - - JSONPath: .status.agent.status - name: agent + validation: + openAPIV3Schema: + properties: + apiVersion: type: string - - JSONPath: .status.clusterAgent.status - name: cluster-agent + kind: type: string - - JSONPath: .status.clusterChecksRunner.status - name: cluster-checks-runner - type: string - - JSONPath: .metadata.creationTimestamp - name: age - type: date - name: v1alpha1 - schema: - openAPIV3Schema: + metadata: + type: object + spec: properties: - apiVersion: - type: string - kind: - type: string - metadata: - type: object - spec: + features: properties: - agent: + admissionController: properties: - additionalAnnotations: - additionalProperties: - type: string - type: object - additionalLabels: - additionalProperties: - type: string - type: object - affinity: + agentCommunicationMode: + type: string + agentSidecarInjection: properties: - nodeAffinity: + clusterAgentCommunicationEnabled: + type: boolean + enabled: + type: boolean + image: properties: - preferredDuringSchedulingIgnoredDuringExecution: + jmxEnabled: + type: boolean + name: + type: string + pullPolicy: + type: string + pullSecrets: items: properties: - preference: - properties: - matchExpressions: - items: + name: + type: string + type: object + type: array + tag: + type: string + type: object + profiles: + items: + properties: + env: + items: + properties: + name: + type: string + value: + type: string + valueFrom: + properties: + configMapKeyRef: properties: key: type: string - operator: + name: type: string - values: - items: - type: string - type: array + optional: + type: boolean required: - key - - operator type: object - type: array - matchFields: - items: + fieldRef: properties: - key: + apiVersion: type: string - operator: + fieldPath: type: string - values: - items: - type: string - type: array required: - - key - - operator + - fieldPath type: object - type: array - type: object - weight: - format: int32 - type: integer - required: - - preference - - weight - type: object - type: array - requiredDuringSchedulingIgnoredDuringExecution: - properties: - nodeSelectorTerms: - items: - properties: - matchExpressions: - items: + resourceFieldRef: properties: - key: + containerName: type: string - operator: + divisor: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: type: string - values: - items: - type: string - type: array required: - - key - - operator + - resource type: object - type: array - matchFields: - items: + secretKeyRef: properties: key: type: string - operator: + name: type: string - values: - items: - type: string - type: array + optional: + type: boolean required: - key - - operator type: object - type: array + type: object + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + resources: + properties: + claims: + items: + properties: + name: + type: string + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true type: object - type: array - required: - - nodeSelectorTerms - type: object - type: object - podAffinity: - properties: - preferredDuringSchedulingIgnoredDuringExecution: - items: + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + type: object + type: object + type: array + x-kubernetes-list-type: atomic + provider: + type: string + registry: + type: string + selectors: + items: + properties: + namespaceSelector: properties: - podAffinityTerm: - properties: - labelSelector: - properties: - matchExpressions: - items: - properties: - key: - type: string - operator: - type: string - values: - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - type: object - type: object - namespaceSelector: - properties: - matchExpressions: - items: - properties: - key: - type: string - operator: - type: string - values: - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - type: object - type: object - namespaces: - items: + matchExpressions: + items: + properties: + key: type: string - type: array - topologyKey: - type: string - required: - - topologyKey + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string type: object - weight: - format: int32 - type: integer - required: - - podAffinityTerm - - weight type: object - type: array - requiredDuringSchedulingIgnoredDuringExecution: - items: + objectSelector: properties: - labelSelector: - properties: - matchExpressions: - items: - properties: - key: - type: string - operator: - type: string - values: - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: + matchExpressions: + items: + properties: + key: type: string - type: object + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string type: object - namespaceSelector: - properties: - matchExpressions: - items: - properties: - key: - type: string - operator: - type: string - values: - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - type: object - type: object - namespaces: - items: - type: string - type: array - topologyKey: - type: string - required: - - topologyKey type: object - type: array + type: object + type: array + x-kubernetes-list-type: atomic + type: object + cwsInstrumentation: + properties: + enabled: + type: boolean + mode: + type: string + type: object + enabled: + type: boolean + failurePolicy: + type: string + mutateUnlabelled: + type: boolean + registry: + type: string + serviceName: + type: string + webhookName: + type: string + type: object + apm: + properties: + enabled: + type: boolean + hostPortConfig: + properties: + enabled: + type: boolean + hostPort: + format: int32 + type: integer + type: object + instrumentation: + properties: + disabledNamespaces: + items: + type: string + type: array + x-kubernetes-list-type: set + enabled: + type: boolean + enabledNamespaces: + items: + type: string + type: array + x-kubernetes-list-type: set + libVersions: + additionalProperties: + type: string type: object - podAntiAffinity: + type: object + unixDomainSocketConfig: + properties: + enabled: + type: boolean + path: + type: string + type: object + type: object + asm: + properties: + iast: + properties: + enabled: + type: boolean + type: object + sca: + properties: + enabled: + type: boolean + type: object + threats: + properties: + enabled: + type: boolean + type: object + type: object + clusterChecks: + properties: + enabled: + type: boolean + useClusterChecksRunners: + type: boolean + type: object + cspm: + properties: + checkInterval: + type: string + customBenchmarks: + properties: + configData: + type: string + configMap: properties: - preferredDuringSchedulingIgnoredDuringExecution: + items: items: properties: - podAffinityTerm: - properties: - labelSelector: - properties: - matchExpressions: - items: - properties: - key: - type: string - operator: - type: string - values: - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - type: object - type: object - namespaceSelector: - properties: - matchExpressions: - items: - properties: - key: - type: string - operator: - type: string - values: - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - type: object - type: object - namespaces: - items: - type: string - type: array - topologyKey: - type: string - required: - - topologyKey - type: object - weight: + key: + type: string + mode: format: int32 type: integer + path: + type: string required: - - podAffinityTerm - - weight + - key + - path type: object type: array - requiredDuringSchedulingIgnoredDuringExecution: + x-kubernetes-list-map-keys: + - key + x-kubernetes-list-type: map + name: + type: string + type: object + type: object + enabled: + type: boolean + hostBenchmarks: + properties: + enabled: + type: boolean + type: object + type: object + cws: + properties: + customPolicies: + properties: + configData: + type: string + configMap: + properties: + items: items: properties: - labelSelector: - properties: - matchExpressions: - items: - properties: - key: - type: string - operator: - type: string - values: - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - type: object - type: object - namespaceSelector: - properties: - matchExpressions: - items: - properties: - key: - type: string - operator: - type: string - values: - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - type: object - type: object - namespaces: - items: - type: string - type: array - topologyKey: + key: + type: string + mode: + format: int32 + type: integer + path: type: string required: - - topologyKey + - key + - path type: object type: array + x-kubernetes-list-map-keys: + - key + x-kubernetes-list-type: map + name: + type: string type: object type: object - apm: + enabled: + type: boolean + network: + properties: + enabled: + type: boolean + type: object + remoteConfiguration: + properties: + enabled: + type: boolean + type: object + securityProfiles: + properties: + enabled: + type: boolean + type: object + syscallMonitorEnabled: + type: boolean + type: object + dogstatsd: + properties: + hostPortConfig: properties: - args: - items: - type: string - type: array - x-kubernetes-list-type: atomic - command: - items: - type: string - type: array - x-kubernetes-list-type: atomic enabled: type: boolean - env: - items: - properties: - name: - type: string - value: - type: string - valueFrom: - properties: - configMapKeyRef: - properties: - key: - type: string - name: - type: string - optional: - type: boolean - required: - - key - type: object - fieldRef: - properties: - apiVersion: - type: string - fieldPath: - type: string - required: - - fieldPath - type: object - resourceFieldRef: - properties: - containerName: - type: string - divisor: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - resource: - type: string - required: - - resource - type: object - secretKeyRef: - properties: - key: - type: string - name: - type: string - optional: - type: boolean - required: - - key - type: object - type: object - required: - - name - type: object - type: array - x-kubernetes-list-map-keys: - - name - x-kubernetes-list-type: map hostPort: format: int32 type: integer - livenessProbe: - properties: - exec: - properties: - command: - items: - type: string - type: array - type: object - failureThreshold: - format: int32 - type: integer - grpc: - properties: - port: - format: int32 - type: integer - service: - type: string - required: - - port - type: object - httpGet: - properties: - host: - type: string - httpHeaders: - items: - properties: - name: - type: string - value: - type: string - required: - - name - - value - type: object - type: array - path: - type: string - port: - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - scheme: - type: string - required: - - port - type: object - initialDelaySeconds: - format: int32 - type: integer - periodSeconds: - format: int32 - type: integer - successThreshold: - format: int32 - type: integer - tcpSocket: - properties: - host: - type: string - port: - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - required: - - port - type: object - terminationGracePeriodSeconds: - format: int64 - type: integer - timeoutSeconds: - format: int32 - type: integer - type: object - resources: - properties: - limits: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - type: object - requests: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - type: object - type: object - unixDomainSocket: - properties: - enabled: - type: boolean - hostFilepath: - type: string - type: object - volumeMounts: - items: - properties: - mountPath: - type: string - mountPropagation: - type: string - name: - type: string - readOnly: - type: boolean - subPath: - type: string - subPathExpr: - type: string - required: - - mountPath - - name - type: object - type: array - x-kubernetes-list-map-keys: - - name - - mountPath - x-kubernetes-list-type: map type: object - config: + mapperProfiles: properties: - args: - items: - type: string - type: array - x-kubernetes-list-type: atomic - checksd: + configData: + type: string + configMap: properties: - configMapName: - type: string items: items: properties: @@ -657,300 +444,1047 @@ spec: x-kubernetes-list-map-keys: - key x-kubernetes-list-type: map + name: + type: string type: object - collectEvents: + type: object + originDetectionEnabled: + type: boolean + tagCardinality: + type: string + unixDomainSocketConfig: + properties: + enabled: type: boolean - command: - items: - type: string - type: array - x-kubernetes-list-type: atomic - confd: + path: + type: string + type: object + type: object + ebpfCheck: + properties: + enabled: + type: boolean + type: object + eventCollection: + properties: + collectKubernetesEvents: + type: boolean + type: object + externalMetricsServer: + properties: + enabled: + type: boolean + endpoint: + properties: + credentials: properties: - configMapName: + apiKey: type: string - items: - items: - properties: - key: - type: string - mode: - format: int32 - type: integer - path: - type: string - required: - - key + apiSecret: + properties: + keyName: + type: string + secretName: + type: string + required: + - secretName + type: object + appKey: + type: string + appSecret: + properties: + keyName: + type: string + secretName: + type: string + required: + - secretName + type: object + type: object + url: + type: string + type: object + port: + format: int32 + type: integer + registerAPIService: + type: boolean + useDatadogMetrics: + type: boolean + wpaController: + type: boolean + type: object + helmCheck: + properties: + collectEvents: + type: boolean + enabled: + type: boolean + valuesAsTags: + additionalProperties: + type: string + type: object + type: object + kubeStateMetricsCore: + properties: + conf: + properties: + configData: + type: string + configMap: + properties: + items: + items: + properties: + key: + type: string + mode: + format: int32 + type: integer + path: + type: string + required: + - key - path type: object type: array x-kubernetes-list-map-keys: - key x-kubernetes-list-type: map + name: + type: string type: object - criSocket: + type: object + enabled: + type: boolean + type: object + liveContainerCollection: + properties: + enabled: + type: boolean + type: object + liveProcessCollection: + properties: + enabled: + type: boolean + scrubProcessArguments: + type: boolean + stripProcessArguments: + type: boolean + type: object + logCollection: + properties: + containerCollectAll: + type: boolean + containerCollectUsingFiles: + type: boolean + containerLogsPath: + type: string + containerSymlinksPath: + type: string + enabled: + type: boolean + openFilesLimit: + format: int32 + type: integer + podLogsPath: + type: string + tempStoragePath: + type: string + type: object + npm: + properties: + collectDNSStats: + type: boolean + enableConntrack: + type: boolean + enabled: + type: boolean + type: object + oomKill: + properties: + enabled: + type: boolean + type: object + orchestratorExplorer: + properties: + conf: + properties: + configData: + type: string + configMap: properties: - criSocketPath: - type: string - dockerSocketPath: + items: + items: + properties: + key: + type: string + mode: + format: int32 + type: integer + path: + type: string + required: + - key + - path + type: object + type: array + x-kubernetes-list-map-keys: + - key + x-kubernetes-list-type: map + name: type: string type: object - ddUrl: - type: string - dogstatsd: + type: object + customResources: + items: + type: string + type: array + x-kubernetes-list-type: set + ddUrl: + type: string + enabled: + type: boolean + extraTags: + items: + type: string + type: array + x-kubernetes-list-type: set + scrubContainers: + type: boolean + type: object + otlp: + properties: + receiver: + properties: + protocols: properties: - dogstatsdOriginDetection: - type: boolean - mapperProfiles: + grpc: properties: - configData: + enabled: + type: boolean + endpoint: type: string - configMap: - properties: - fileKey: - type: string - name: - type: string - type: object type: object - unixDomainSocket: + http: properties: enabled: type: boolean - hostFilepath: + endpoint: type: string type: object type: object - env: + type: object + type: object + processDiscovery: + properties: + enabled: + type: boolean + type: object + prometheusScrape: + properties: + additionalConfigs: + type: string + enableServiceEndpoints: + type: boolean + enabled: + type: boolean + version: + type: integer + type: object + remoteConfiguration: + properties: + enabled: + type: boolean + type: object + sbom: + properties: + containerImage: + properties: + analyzers: items: - properties: - name: - type: string - value: - type: string - valueFrom: - properties: - configMapKeyRef: - properties: - key: - type: string - name: - type: string - optional: - type: boolean - required: - - key - type: object - fieldRef: - properties: - apiVersion: - type: string - fieldPath: - type: string - required: - - fieldPath - type: object - resourceFieldRef: - properties: - containerName: - type: string - divisor: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - resource: - type: string - required: - - resource - type: object - secretKeyRef: - properties: - key: - type: string - name: - type: string - optional: - type: boolean - required: - - key - type: object - type: object - required: - - name - type: object + type: string type: array - x-kubernetes-list-map-keys: - - name - x-kubernetes-list-type: map - healthPort: - format: int32 - type: integer - hostPort: - format: int32 - type: integer - kubelet: - properties: - agentCAPath: - type: string - host: - properties: - configMapKeyRef: - properties: - key: - type: string - name: - type: string - optional: - type: boolean - required: - - key - type: object - fieldRef: - properties: - apiVersion: - type: string - fieldPath: - type: string - required: - - fieldPath - type: object - resourceFieldRef: - properties: - containerName: - type: string - divisor: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - resource: - type: string - required: - - resource - type: object - secretKeyRef: - properties: - key: - type: string - name: - type: string - optional: - type: boolean - required: - - key - type: object - type: object - hostCAPath: + x-kubernetes-list-type: set + enabled: + type: boolean + type: object + enabled: + type: boolean + host: + properties: + analyzers: + items: + type: string + type: array + x-kubernetes-list-type: set + enabled: + type: boolean + type: object + type: object + tcpQueueLength: + properties: + enabled: + type: boolean + type: object + usm: + properties: + enabled: + type: boolean + type: object + type: object + global: + properties: + clusterAgentToken: + type: string + clusterAgentTokenSecret: + properties: + keyName: + type: string + secretName: + type: string + required: + - secretName + type: object + clusterName: + type: string + containerStrategy: + type: string + credentials: + properties: + apiKey: + type: string + apiSecret: + properties: + keyName: + type: string + secretName: + type: string + required: + - secretName + type: object + appKey: + type: string + appSecret: + properties: + keyName: + type: string + secretName: + type: string + required: + - secretName + type: object + type: object + criSocketPath: + type: string + disableNonResourceRules: + type: boolean + dockerSocketPath: + type: string + endpoint: + properties: + credentials: + properties: + apiKey: + type: string + apiSecret: + properties: + keyName: + type: string + secretName: + type: string + required: + - secretName + type: object + appKey: + type: string + appSecret: + properties: + keyName: + type: string + secretName: + type: string + required: + - secretName + type: object + type: object + url: + type: string + type: object + fips: + properties: + customFIPSConfig: + properties: + configData: + type: string + configMap: + properties: + items: + items: + properties: + key: + type: string + mode: + format: int32 + type: integer + path: + type: string + required: + - key + - path + type: object + type: array + x-kubernetes-list-map-keys: + - key + x-kubernetes-list-type: map + name: type: string - tlsVerify: - type: boolean type: object - leaderElection: + type: object + enabled: + type: boolean + image: + properties: + jmxEnabled: type: boolean - livenessProbe: + name: + type: string + pullPolicy: + type: string + pullSecrets: + items: + properties: + name: + type: string + type: object + type: array + tag: + type: string + type: object + localAddress: + type: string + port: + format: int32 + type: integer + portRange: + format: int32 + type: integer + resources: + properties: + claims: + items: + properties: + name: + type: string + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + type: object + useHTTPS: + type: boolean + type: object + kubelet: + properties: + agentCAPath: + type: string + host: + properties: + configMapKeyRef: properties: - exec: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + fieldRef: + properties: + apiVersion: + type: string + fieldPath: + type: string + required: + - fieldPath + type: object + resourceFieldRef: + properties: + containerName: + type: string + divisor: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + type: string + required: + - resource + type: object + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + hostCAPath: + type: string + tlsVerify: + type: boolean + type: object + localService: + properties: + forceEnableLocalService: + type: boolean + nameOverride: + type: string + type: object + logLevel: + type: string + namespaceLabelsAsTags: + additionalProperties: + type: string + type: object + namespaceAnnotationsAsTags: + additionalProperties: + type: string + type: object + networkPolicy: + properties: + create: + type: boolean + dnsSelectorEndpoints: + items: + properties: + matchExpressions: + items: properties: - command: + key: + type: string + operator: + type: string + values: items: type: string type: array + required: + - key + - operator type: object - failureThreshold: - format: int32 - type: integer - grpc: - properties: - port: - format: int32 + type: array + matchLabels: + additionalProperties: + type: string + type: object + type: object + type: array + x-kubernetes-list-type: atomic + flavor: + type: string + type: object + nodeLabelsAsTags: + additionalProperties: + type: string + type: object + originDetectionUnified: + properties: + enabled: + type: boolean + type: object + podAnnotationsAsTags: + additionalProperties: + type: string + type: object + podLabelsAsTags: + additionalProperties: + type: string + type: object + registry: + type: string + site: + type: string + tags: + items: + type: string + type: array + x-kubernetes-list-type: set + type: object + override: + additionalProperties: + properties: + affinity: + properties: + nodeAffinity: + properties: + preferredDuringSchedulingIgnoredDuringExecution: + items: + properties: + preference: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchFields: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + type: object + weight: + format: int32 type: integer - service: - type: string required: - - port + - preference + - weight type: object - httpGet: + type: array + requiredDuringSchedulingIgnoredDuringExecution: + properties: + nodeSelectorTerms: + items: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchFields: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + type: object + type: array + required: + - nodeSelectorTerms + type: object + type: object + podAffinity: + properties: + preferredDuringSchedulingIgnoredDuringExecution: + items: properties: - host: - type: string - httpHeaders: - items: - properties: - name: - type: string - value: + podAffinityTerm: + properties: + labelSelector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + type: object + type: object + namespaceSelector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + type: object + type: object + namespaces: + items: type: string - required: - - name - - value - type: object - type: array - path: - type: string - port: - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - scheme: - type: string - required: - - port - type: object - initialDelaySeconds: - format: int32 - type: integer - periodSeconds: - format: int32 - type: integer - successThreshold: - format: int32 - type: integer - tcpSocket: - properties: - host: - type: string - port: - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true + type: array + topologyKey: + type: string + required: + - topologyKey + type: object + weight: + format: int32 + type: integer required: - - port + - podAffinityTerm + - weight type: object - terminationGracePeriodSeconds: - format: int64 - type: integer - timeoutSeconds: - format: int32 - type: integer - type: object - logLevel: - type: string - namespaceLabelsAsTags: - additionalProperties: - type: string - type: object - nodeLabelsAsTags: - additionalProperties: - type: string - type: object - podAnnotationsAsTags: - additionalProperties: - type: string - type: object - podLabelsAsTags: - additionalProperties: - type: string - type: object - readinessProbe: - properties: - exec: + type: array + requiredDuringSchedulingIgnoredDuringExecution: + items: properties: - command: + labelSelector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + type: object + type: object + namespaceSelector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + type: object + type: object + namespaces: + items: + type: string + type: array + topologyKey: + type: string + required: + - topologyKey + type: object + type: array + type: object + podAntiAffinity: + properties: + preferredDuringSchedulingIgnoredDuringExecution: + items: + properties: + podAffinityTerm: + properties: + labelSelector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + type: object + type: object + namespaceSelector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + type: object + type: object + namespaces: + items: + type: string + type: array + topologyKey: + type: string + required: + - topologyKey + type: object + weight: + format: int32 + type: integer + required: + - podAffinityTerm + - weight + type: object + type: array + requiredDuringSchedulingIgnoredDuringExecution: + items: + properties: + labelSelector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + type: object + type: object + namespaceSelector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + type: object + type: object + namespaces: + items: + type: string + type: array + topologyKey: + type: string + required: + - topologyKey + type: object + type: array + type: object + type: object + annotations: + additionalProperties: + type: string + type: object + containers: + additionalProperties: + properties: + appArmorProfileName: + type: string + args: + items: + type: string + type: array + x-kubernetes-list-type: atomic + command: + items: + type: string + type: array + x-kubernetes-list-type: atomic + env: + items: + properties: + name: + type: string + value: + type: string + valueFrom: + properties: + configMapKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + fieldRef: + properties: + apiVersion: + type: string + fieldPath: + type: string + required: + - fieldPath + type: object + resourceFieldRef: + properties: + containerName: + type: string + divisor: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + type: string + required: + - resource + type: object + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + healthPort: + format: int32 + type: integer + livenessProbe: + properties: + exec: + properties: + command: items: type: string type: array @@ -1024,77 +1558,201 @@ spec: format: int32 type: integer type: object - resources: + logLevel: + type: string + name: + type: string + readinessProbe: properties: - limits: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - type: object - requests: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true + exec: + properties: + command: + items: + type: string + type: array type: object - type: object - securityContext: - properties: - fsGroup: - format: int64 - type: integer - fsGroupChangePolicy: - type: string - runAsGroup: - format: int64 - type: integer - runAsNonRoot: - type: boolean - runAsUser: - format: int64 + failureThreshold: + format: int32 type: integer - seLinuxOptions: + grpc: properties: - level: - type: string - role: - type: string - type: - type: string - user: + port: + format: int32 + type: integer + service: type: string + required: + - port type: object - seccompProfile: + httpGet: properties: - localhostProfile: + host: type: string - type: + httpHeaders: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + path: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + scheme: type: string required: - - type + - port type: object - supplementalGroups: - items: - format: int64 - type: integer - type: array - sysctls: + initialDelaySeconds: + format: int32 + type: integer + periodSeconds: + format: int32 + type: integer + successThreshold: + format: int32 + type: integer + tcpSocket: + properties: + host: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + required: + - port + type: object + terminationGracePeriodSeconds: + format: int64 + type: integer + timeoutSeconds: + format: int32 + type: integer + type: object + resources: + properties: + claims: items: properties: name: type: string - value: - type: string required: - name - - value type: object type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + type: object + seccompConfig: + properties: + customProfile: + properties: + configData: + type: string + configMap: + properties: + items: + items: + properties: + key: + type: string + mode: + format: int32 + type: integer + path: + type: string + required: + - key + - path + type: object + type: array + x-kubernetes-list-map-keys: + - key + x-kubernetes-list-type: map + name: + type: string + type: object + type: object + customRootPath: + type: string + type: object + securityContext: + properties: + allowPrivilegeEscalation: + type: boolean + capabilities: + properties: + add: + items: + type: string + type: array + drop: + items: + type: string + type: array + type: object + privileged: + type: boolean + procMount: + type: string + readOnlyRootFilesystem: + type: boolean + runAsGroup: + format: int64 + type: integer + runAsNonRoot: + type: boolean + runAsUser: + format: int64 + type: integer + seLinuxOptions: + properties: + level: + type: string + role: + type: string + type: + type: string + user: + type: string + type: object + seccompProfile: + properties: + localhostProfile: + type: string + type: + type: string + required: + - type + type: object windowsOptions: properties: gmsaCredentialSpec: @@ -1107,28 +1765,6 @@ spec: type: string type: object type: object - tags: - items: - type: string - type: array - x-kubernetes-list-type: set - tolerations: - items: - properties: - effect: - type: string - key: - type: string - operator: - type: string - tolerationSeconds: - format: int64 - type: integer - value: - type: string - type: object - type: array - x-kubernetes-list-type: atomic volumeMounts: items: properties: @@ -1153,4731 +1789,1162 @@ spec: - name - mountPath x-kubernetes-list-type: map - volumes: - items: - properties: - awsElasticBlockStore: + type: object + type: object + createRbac: + type: boolean + customConfigurations: + additionalProperties: + properties: + configData: + type: string + configMap: + properties: + items: + items: properties: - fsType: + key: type: string - partition: + mode: format: int32 type: integer - readOnly: - type: boolean - volumeID: - type: string - required: - - volumeID - type: object - azureDisk: - properties: - cachingMode: - type: string - diskName: - type: string - diskURI: - type: string - fsType: - type: string - kind: - type: string - readOnly: - type: boolean - required: - - diskName - - diskURI - type: object - azureFile: - properties: - readOnly: - type: boolean - secretName: - type: string - shareName: - type: string - required: - - secretName - - shareName - type: object - cephfs: - properties: - monitors: - items: - type: string - type: array path: type: string - readOnly: - type: boolean - secretFile: - type: string - secretRef: - properties: - name: - type: string - type: object - user: - type: string - required: - - monitors - type: object - cinder: - properties: - fsType: - type: string - readOnly: - type: boolean - secretRef: - properties: - name: - type: string - type: object - volumeID: - type: string required: - - volumeID - type: object - configMap: - properties: - defaultMode: - format: int32 - type: integer - items: - items: - properties: - key: - type: string - mode: - format: int32 - type: integer - path: - type: string - required: - - key - - path - type: object - type: array - name: - type: string - optional: - type: boolean + - key + - path type: object - csi: - properties: - driver: - type: string - fsType: - type: string - nodePublishSecretRef: - properties: - name: - type: string - type: object - readOnly: - type: boolean - volumeAttributes: - additionalProperties: - type: string - type: object - required: - - driver - type: object - downwardAPI: - properties: - defaultMode: - format: int32 - type: integer - items: - items: - properties: - fieldRef: - properties: - apiVersion: - type: string - fieldPath: - type: string - required: - - fieldPath - type: object - mode: - format: int32 - type: integer - path: - type: string - resourceFieldRef: - properties: - containerName: - type: string - divisor: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - resource: - type: string - required: - - resource - type: object - required: - - path - type: object - type: array - type: object - emptyDir: - properties: - medium: - type: string - sizeLimit: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - type: object - ephemeral: - properties: - volumeClaimTemplate: - properties: - metadata: - type: object - spec: - properties: - accessModes: - items: - type: string - type: array - dataSource: - properties: - apiGroup: - type: string - kind: - type: string - name: - type: string - required: - - kind - - name - type: object - dataSourceRef: - properties: - apiGroup: - type: string - kind: - type: string - name: - type: string - required: - - kind - - name - type: object - resources: - properties: - limits: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - type: object - requests: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - type: object - type: object - selector: - properties: - matchExpressions: - items: - properties: - key: - type: string - operator: - type: string - values: - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - type: object - type: object - storageClassName: - type: string - volumeMode: - type: string - volumeName: - type: string - type: object - required: - - spec - type: object - type: object - fc: - properties: - fsType: - type: string - lun: - format: int32 - type: integer - readOnly: - type: boolean - targetWWNs: - items: - type: string - type: array - wwids: - items: - type: string - type: array - type: object - flexVolume: - properties: - driver: - type: string - fsType: - type: string - options: - additionalProperties: - type: string - type: object - readOnly: - type: boolean - secretRef: - properties: - name: - type: string - type: object - required: - - driver - type: object - flocker: - properties: - datasetName: - type: string - datasetUUID: - type: string - type: object - gcePersistentDisk: - properties: - fsType: - type: string - partition: - format: int32 - type: integer - pdName: - type: string - readOnly: - type: boolean - required: - - pdName - type: object - gitRepo: - properties: - directory: - type: string - repository: - type: string - revision: - type: string - required: - - repository - type: object - glusterfs: - properties: - endpoints: - type: string - path: - type: string - readOnly: - type: boolean - required: - - endpoints - - path - type: object - hostPath: - properties: - path: - type: string - type: - type: string - required: - - path - type: object - iscsi: - properties: - chapAuthDiscovery: - type: boolean - chapAuthSession: - type: boolean - fsType: - type: string - initiatorName: - type: string - iqn: - type: string - iscsiInterface: - type: string - lun: - format: int32 - type: integer - portals: - items: - type: string - type: array - readOnly: - type: boolean - secretRef: - properties: - name: - type: string - type: object - targetPortal: - type: string - required: - - iqn - - lun - - targetPortal - type: object - name: - type: string - nfs: - properties: - path: - type: string - readOnly: - type: boolean - server: - type: string - required: - - path - - server - type: object - persistentVolumeClaim: - properties: - claimName: - type: string - readOnly: - type: boolean - required: - - claimName - type: object - photonPersistentDisk: - properties: - fsType: - type: string - pdID: - type: string - required: - - pdID - type: object - portworxVolume: - properties: - fsType: - type: string - readOnly: - type: boolean - volumeID: - type: string - required: - - volumeID - type: object - projected: - properties: - defaultMode: - format: int32 - type: integer - sources: - items: - properties: - configMap: - properties: - items: - items: - properties: - key: - type: string - mode: - format: int32 - type: integer - path: - type: string - required: - - key - - path - type: object - type: array - name: - type: string - optional: - type: boolean - type: object - downwardAPI: - properties: - items: - items: - properties: - fieldRef: - properties: - apiVersion: - type: string - fieldPath: - type: string - required: - - fieldPath - type: object - mode: - format: int32 - type: integer - path: - type: string - resourceFieldRef: - properties: - containerName: - type: string - divisor: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - resource: - type: string - required: - - resource - type: object - required: - - path - type: object - type: array - type: object - secret: - properties: - items: - items: - properties: - key: - type: string - mode: - format: int32 - type: integer - path: - type: string - required: - - key - - path - type: object - type: array - name: - type: string - optional: - type: boolean - type: object - serviceAccountToken: - properties: - audience: - type: string - expirationSeconds: - format: int64 - type: integer - path: - type: string - required: - - path - type: object - type: object - type: array - type: object - quobyte: - properties: - group: - type: string - readOnly: - type: boolean - registry: - type: string - tenant: - type: string - user: - type: string - volume: - type: string - required: - - registry - - volume - type: object - rbd: - properties: - fsType: - type: string - image: - type: string - keyring: - type: string - monitors: - items: - type: string - type: array - pool: - type: string - readOnly: - type: boolean - secretRef: - properties: - name: - type: string - type: object - user: - type: string - required: - - image - - monitors - type: object - scaleIO: - properties: - fsType: - type: string - gateway: - type: string - protectionDomain: - type: string - readOnly: - type: boolean - secretRef: - properties: - name: - type: string - type: object - sslEnabled: - type: boolean - storageMode: - type: string - storagePool: - type: string - system: - type: string - volumeName: - type: string - required: - - gateway - - secretRef - - system - type: object - secret: - properties: - defaultMode: - format: int32 - type: integer - items: - items: - properties: - key: - type: string - mode: - format: int32 - type: integer - path: - type: string - required: - - key - - path - type: object - type: array - optional: - type: boolean - secretName: - type: string - type: object - storageos: - properties: - fsType: - type: string - readOnly: - type: boolean - secretRef: - properties: - name: - type: string - type: object - volumeName: - type: string - volumeNamespace: - type: string - type: object - vsphereVolume: - properties: - fsType: - type: string - storagePolicyID: - type: string - storagePolicyName: - type: string - volumePath: - type: string - required: - - volumePath - type: object - required: - - name - type: object - type: array - x-kubernetes-list-map-keys: - - name - x-kubernetes-list-type: map - type: object - customConfig: - properties: - configData: - type: string - configMap: - properties: - fileKey: - type: string - name: - type: string - type: object - type: object - daemonsetName: - type: string - deploymentStrategy: - properties: - canary: - properties: - autoFail: - properties: - canaryTimeout: - type: string - enabled: - type: boolean - maxRestarts: - format: int32 - type: integer - maxRestartsDuration: - type: string - type: object - autoPause: - properties: - enabled: - type: boolean - maxRestarts: - format: int32 - type: integer - maxSlowStartDuration: - type: string - type: object - duration: - type: string - noRestartsDuration: - type: string - nodeAntiAffinityKeys: - items: - type: string - type: array - x-kubernetes-list-type: set - nodeSelector: - properties: - matchExpressions: - items: - properties: - key: - type: string - operator: - type: string - values: - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - type: object - type: object - replicas: - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - validationMode: - enum: - - auto - - manual - type: string - type: object - reconcileFrequency: - type: string - rollingUpdate: - properties: - maxParallelPodCreation: - format: int32 - type: integer - maxPodSchedulerFailure: - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - maxUnavailable: - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - slowStartAdditiveIncrease: - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - slowStartIntervalDuration: - type: string - type: object - updateStrategyType: - type: string - type: object - dnsConfig: - properties: - nameservers: - items: - type: string - type: array - options: - items: - properties: - name: - type: string - value: - type: string - type: object - type: array - searches: - items: - type: string - type: array - type: object - dnsPolicy: - type: string - enabled: - type: boolean - env: - items: - properties: - name: - type: string - value: - type: string - valueFrom: - properties: - configMapKeyRef: - properties: - key: - type: string - name: - type: string - optional: - type: boolean - required: - - key - type: object - fieldRef: - properties: - apiVersion: - type: string - fieldPath: - type: string - required: - - fieldPath - type: object - resourceFieldRef: - properties: - containerName: - type: string - divisor: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - resource: - type: string - required: - - resource - type: object - secretKeyRef: - properties: - key: - type: string - name: - type: string - optional: - type: boolean - required: - - key - type: object - type: object - required: - - name - type: object - type: array - x-kubernetes-list-map-keys: - - name - x-kubernetes-list-type: map - hostNetwork: - type: boolean - hostPID: - type: boolean - image: - properties: - jmxEnabled: - type: boolean - name: - type: string - pullPolicy: - type: string - pullSecrets: - items: - properties: - name: - type: string - type: object - type: array - tag: - type: string - type: object - keepAnnotations: - type: string - keepLabels: - type: string - localService: - properties: - forceLocalServiceEnable: - type: boolean - overrideName: - type: string - type: object - log: - properties: - containerCollectUsingFiles: - type: boolean - containerLogsPath: - type: string - containerSymlinksPath: - type: string - enabled: - type: boolean - logsConfigContainerCollectAll: - type: boolean - openFilesLimit: - format: int32 - type: integer - podLogsPath: - type: string - tempStoragePath: - type: string - type: object - networkPolicy: - properties: - create: - type: boolean - dnsSelectorEndpoints: - items: - properties: - matchExpressions: - items: - properties: - key: - type: string - operator: - type: string - values: - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - type: object - type: object - type: array - x-kubernetes-list-type: atomic - flavor: - type: string - type: object - otlp: - properties: - receiver: - properties: - protocols: - properties: - grpc: - properties: - enabled: - type: boolean - endpoint: - type: string - type: object - http: - properties: - enabled: - type: boolean - endpoint: - type: string - type: object - type: object - type: object - type: object - priorityClassName: - type: string - process: - properties: - args: - items: - type: string - type: array - x-kubernetes-list-type: atomic - command: - items: - type: string - type: array - x-kubernetes-list-type: atomic - enabled: - type: boolean - env: - items: - properties: - name: - type: string - value: - type: string - valueFrom: - properties: - configMapKeyRef: - properties: - key: - type: string - name: - type: string - optional: - type: boolean - required: - - key - type: object - fieldRef: - properties: - apiVersion: - type: string - fieldPath: - type: string - required: - - fieldPath - type: object - resourceFieldRef: - properties: - containerName: - type: string - divisor: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - resource: - type: string - required: - - resource - type: object - secretKeyRef: - properties: - key: - type: string - name: - type: string - optional: - type: boolean - required: - - key - type: object - type: object - required: - - name - type: object - type: array - x-kubernetes-list-map-keys: - - name - x-kubernetes-list-type: map - processCollectionEnabled: - type: boolean - resources: - properties: - limits: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - type: object - requests: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - type: object - type: object - volumeMounts: - items: - properties: - mountPath: - type: string - mountPropagation: - type: string - name: - type: string - readOnly: - type: boolean - subPath: - type: string - subPathExpr: - type: string - required: - - mountPath - - name - type: object - type: array - x-kubernetes-list-map-keys: - - name - - mountPath - x-kubernetes-list-type: map - type: object - rbac: - properties: - create: - type: boolean - serviceAccountName: - type: string - type: object - security: - properties: - args: - items: - type: string - type: array - x-kubernetes-list-type: atomic - command: - items: - type: string - type: array - x-kubernetes-list-type: atomic - compliance: - properties: - checkInterval: - type: string - configDir: - properties: - configMapName: - type: string - items: - items: - properties: - key: - type: string - mode: - format: int32 - type: integer - path: - type: string - required: - - key - - path - type: object - type: array - x-kubernetes-list-map-keys: - - key - x-kubernetes-list-type: map - type: object - enabled: - type: boolean - type: object - env: - items: - properties: - name: - type: string - value: - type: string - valueFrom: - properties: - configMapKeyRef: - properties: - key: - type: string - name: - type: string - optional: - type: boolean - required: - - key - type: object - fieldRef: - properties: - apiVersion: - type: string - fieldPath: - type: string - required: - - fieldPath - type: object - resourceFieldRef: - properties: - containerName: - type: string - divisor: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - resource: - type: string - required: - - resource - type: object - secretKeyRef: - properties: - key: - type: string - name: - type: string - optional: - type: boolean - required: - - key - type: object - type: object - required: - - name - type: object - type: array - x-kubernetes-list-map-keys: - - name - x-kubernetes-list-type: map - resources: - properties: - limits: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - type: object - requests: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - type: object - type: object - runtime: - properties: - enabled: - type: boolean - policiesDir: - properties: - configMapName: - type: string - items: - items: - properties: - key: - type: string - mode: - format: int32 - type: integer - path: - type: string - required: - - key - - path - type: object - type: array - x-kubernetes-list-map-keys: - - key - x-kubernetes-list-type: map - type: object - syscallMonitor: - properties: - enabled: - type: boolean - type: object - type: object - volumeMounts: - items: - properties: - mountPath: - type: string - mountPropagation: - type: string - name: - type: string - readOnly: - type: boolean - subPath: - type: string - subPathExpr: - type: string - required: - - mountPath - - name - type: object - type: array - x-kubernetes-list-map-keys: - - name - - mountPath - x-kubernetes-list-type: map - type: object - systemProbe: - properties: - appArmorProfileName: - type: string - args: - items: - type: string - type: array - x-kubernetes-list-type: atomic - bpfDebugEnabled: - type: boolean - collectDNSStats: - type: boolean - command: - items: - type: string - type: array - x-kubernetes-list-type: atomic - conntrackEnabled: - type: boolean - customConfig: - properties: - configData: - type: string - configMap: - properties: - fileKey: - type: string - name: - type: string - type: object - type: object - debugPort: - format: int32 - type: integer - enableOOMKill: - type: boolean - enableTCPQueueLength: - type: boolean - enabled: - type: boolean - env: - items: - properties: - name: - type: string - value: - type: string - valueFrom: - properties: - configMapKeyRef: - properties: - key: - type: string - name: - type: string - optional: - type: boolean - required: - - key - type: object - fieldRef: - properties: - apiVersion: - type: string - fieldPath: - type: string - required: - - fieldPath - type: object - resourceFieldRef: - properties: - containerName: - type: string - divisor: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - resource: - type: string - required: - - resource - type: object - secretKeyRef: - properties: - key: - type: string - name: - type: string - optional: - type: boolean - required: - - key - type: object - type: object - required: - - name - type: object - type: array - x-kubernetes-list-map-keys: - - name - x-kubernetes-list-type: map - resources: - properties: - limits: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - type: object - requests: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - type: object - type: object - secCompCustomProfileConfigMap: - type: string - secCompProfileName: - type: string - secCompRootPath: - type: string - securityContext: - properties: - allowPrivilegeEscalation: - type: boolean - capabilities: - properties: - add: - items: - type: string - type: array - drop: - items: - type: string - type: array - type: object - privileged: - type: boolean - procMount: - type: string - readOnlyRootFilesystem: - type: boolean - runAsGroup: - format: int64 - type: integer - runAsNonRoot: - type: boolean - runAsUser: - format: int64 - type: integer - seLinuxOptions: - properties: - level: - type: string - role: - type: string - type: - type: string - user: - type: string - type: object - seccompProfile: - properties: - localhostProfile: - type: string - type: - type: string - required: - - type - type: object - windowsOptions: - properties: - gmsaCredentialSpec: - type: string - gmsaCredentialSpecName: - type: string - hostProcess: - type: boolean - runAsUserName: - type: string - type: object - type: object - volumeMounts: - items: - properties: - mountPath: - type: string - mountPropagation: - type: string - name: - type: string - readOnly: - type: boolean - subPath: - type: string - subPathExpr: - type: string - required: - - mountPath - - name - type: object - type: array - x-kubernetes-list-map-keys: - - name - - mountPath - x-kubernetes-list-type: map - type: object - useExtendedDaemonset: - type: boolean - type: object - clusterAgent: - properties: - additionalAnnotations: - additionalProperties: - type: string - type: object - additionalLabels: - additionalProperties: - type: string - type: object - affinity: - properties: - nodeAffinity: - properties: - preferredDuringSchedulingIgnoredDuringExecution: - items: - properties: - preference: - properties: - matchExpressions: - items: - properties: - key: - type: string - operator: - type: string - values: - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchFields: - items: - properties: - key: - type: string - operator: - type: string - values: - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - type: object - weight: - format: int32 - type: integer - required: - - preference - - weight - type: object - type: array - requiredDuringSchedulingIgnoredDuringExecution: - properties: - nodeSelectorTerms: - items: - properties: - matchExpressions: - items: - properties: - key: - type: string - operator: - type: string - values: - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchFields: - items: - properties: - key: - type: string - operator: - type: string - values: - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - type: object - type: array - required: - - nodeSelectorTerms - type: object - type: object - podAffinity: - properties: - preferredDuringSchedulingIgnoredDuringExecution: - items: - properties: - podAffinityTerm: - properties: - labelSelector: - properties: - matchExpressions: - items: - properties: - key: - type: string - operator: - type: string - values: - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - type: object - type: object - namespaceSelector: - properties: - matchExpressions: - items: - properties: - key: - type: string - operator: - type: string - values: - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - type: object - type: object - namespaces: - items: - type: string - type: array - topologyKey: - type: string - required: - - topologyKey - type: object - weight: - format: int32 - type: integer - required: - - podAffinityTerm - - weight - type: object - type: array - requiredDuringSchedulingIgnoredDuringExecution: - items: - properties: - labelSelector: - properties: - matchExpressions: - items: - properties: - key: - type: string - operator: - type: string - values: - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - type: object - type: object - namespaceSelector: - properties: - matchExpressions: - items: - properties: - key: - type: string - operator: - type: string - values: - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - type: object - type: object - namespaces: - items: - type: string - type: array - topologyKey: - type: string - required: - - topologyKey - type: object - type: array - type: object - podAntiAffinity: - properties: - preferredDuringSchedulingIgnoredDuringExecution: - items: - properties: - podAffinityTerm: - properties: - labelSelector: - properties: - matchExpressions: - items: - properties: - key: - type: string - operator: - type: string - values: - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - type: object - type: object - namespaceSelector: - properties: - matchExpressions: - items: - properties: - key: - type: string - operator: - type: string - values: - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - type: object - type: object - namespaces: - items: - type: string - type: array - topologyKey: - type: string - required: - - topologyKey - type: object - weight: - format: int32 - type: integer - required: - - podAffinityTerm - - weight - type: object - type: array - requiredDuringSchedulingIgnoredDuringExecution: - items: - properties: - labelSelector: - properties: - matchExpressions: - items: - properties: - key: - type: string - operator: - type: string - values: - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - type: object - type: object - namespaceSelector: - properties: - matchExpressions: - items: - properties: - key: - type: string - operator: - type: string - values: - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - type: object - type: object - namespaces: - items: - type: string - type: array - topologyKey: - type: string - required: - - topologyKey - type: object - type: array - type: object - type: object - config: - properties: - admissionController: - properties: - agentCommunicationMode: - type: string - enabled: - type: boolean - mutateUnlabelled: - type: boolean - serviceName: - type: string - type: object - args: - items: - type: string - type: array - x-kubernetes-list-type: atomic - clusterChecksEnabled: - type: boolean - collectEvents: - type: boolean - command: - items: - type: string - type: array - x-kubernetes-list-type: atomic - confd: - properties: - configMapName: - type: string - items: - items: - properties: - key: - type: string - mode: - format: int32 - type: integer - path: - type: string - required: - - key - - path - type: object - type: array - x-kubernetes-list-map-keys: - - key - x-kubernetes-list-type: map - type: object - env: - items: - properties: - name: - type: string - value: - type: string - valueFrom: - properties: - configMapKeyRef: - properties: - key: - type: string - name: - type: string - optional: - type: boolean - required: - - key - type: object - fieldRef: - properties: - apiVersion: - type: string - fieldPath: - type: string - required: - - fieldPath - type: object - resourceFieldRef: - properties: - containerName: - type: string - divisor: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - resource: - type: string - required: - - resource - type: object - secretKeyRef: - properties: - key: - type: string - name: - type: string - optional: - type: boolean - required: - - key - type: object - type: object - required: - - name - type: object - type: array - x-kubernetes-list-map-keys: - - name - x-kubernetes-list-type: map - externalMetrics: - properties: - credentials: - properties: - apiKey: - type: string - apiKeyExistingSecret: - type: string - apiSecret: - properties: - keyName: - type: string - secretName: - type: string - required: - - secretName - type: object - appKey: - type: string - appKeyExistingSecret: - type: string - appSecret: - properties: - keyName: - type: string - secretName: - type: string - required: - - secretName - type: object - type: object - enabled: - type: boolean - endpoint: - type: string - port: - format: int32 - type: integer - useDatadogMetrics: - type: boolean - wpaController: - type: boolean - type: object - healthPort: - format: int32 - type: integer - logLevel: - type: string - resources: - properties: - limits: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - type: object - requests: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - type: object - type: object - securityContext: - properties: - fsGroup: - format: int64 - type: integer - fsGroupChangePolicy: - type: string - runAsGroup: - format: int64 - type: integer - runAsNonRoot: - type: boolean - runAsUser: - format: int64 - type: integer - seLinuxOptions: - properties: - level: - type: string - role: - type: string - type: - type: string - user: - type: string - type: object - seccompProfile: - properties: - localhostProfile: - type: string - type: - type: string - required: - - type - type: object - supplementalGroups: - items: - format: int64 - type: integer - type: array - sysctls: - items: - properties: - name: - type: string - value: - type: string - required: - - name - - value - type: object - type: array - windowsOptions: - properties: - gmsaCredentialSpec: - type: string - gmsaCredentialSpecName: - type: string - hostProcess: - type: boolean - runAsUserName: - type: string - type: object - type: object - volumeMounts: - items: - properties: - mountPath: - type: string - mountPropagation: - type: string - name: - type: string - readOnly: - type: boolean - subPath: - type: string - subPathExpr: - type: string - required: - - mountPath - - name - type: object - type: array - x-kubernetes-list-map-keys: - - name - - mountPath - x-kubernetes-list-type: map - volumes: - items: - properties: - awsElasticBlockStore: - properties: - fsType: - type: string - partition: - format: int32 - type: integer - readOnly: - type: boolean - volumeID: - type: string - required: - - volumeID - type: object - azureDisk: - properties: - cachingMode: - type: string - diskName: - type: string - diskURI: - type: string - fsType: - type: string - kind: - type: string - readOnly: - type: boolean - required: - - diskName - - diskURI - type: object - azureFile: - properties: - readOnly: - type: boolean - secretName: - type: string - shareName: - type: string - required: - - secretName - - shareName - type: object - cephfs: - properties: - monitors: - items: - type: string - type: array - path: - type: string - readOnly: - type: boolean - secretFile: - type: string - secretRef: - properties: - name: - type: string - type: object - user: - type: string - required: - - monitors - type: object - cinder: - properties: - fsType: - type: string - readOnly: - type: boolean - secretRef: - properties: - name: - type: string - type: object - volumeID: - type: string - required: - - volumeID - type: object - configMap: - properties: - defaultMode: - format: int32 - type: integer - items: - items: - properties: - key: - type: string - mode: - format: int32 - type: integer - path: - type: string - required: - - key - - path - type: object - type: array - name: - type: string - optional: - type: boolean - type: object - csi: - properties: - driver: - type: string - fsType: - type: string - nodePublishSecretRef: - properties: - name: - type: string - type: object - readOnly: - type: boolean - volumeAttributes: - additionalProperties: - type: string - type: object - required: - - driver - type: object - downwardAPI: - properties: - defaultMode: - format: int32 - type: integer - items: - items: - properties: - fieldRef: - properties: - apiVersion: - type: string - fieldPath: - type: string - required: - - fieldPath - type: object - mode: - format: int32 - type: integer - path: - type: string - resourceFieldRef: - properties: - containerName: - type: string - divisor: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - resource: - type: string - required: - - resource - type: object - required: - - path - type: object - type: array - type: object - emptyDir: - properties: - medium: - type: string - sizeLimit: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - type: object - ephemeral: - properties: - volumeClaimTemplate: - properties: - metadata: - type: object - spec: - properties: - accessModes: - items: - type: string - type: array - dataSource: - properties: - apiGroup: - type: string - kind: - type: string - name: - type: string - required: - - kind - - name - type: object - dataSourceRef: - properties: - apiGroup: - type: string - kind: - type: string - name: - type: string - required: - - kind - - name - type: object - resources: - properties: - limits: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - type: object - requests: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - type: object - type: object - selector: - properties: - matchExpressions: - items: - properties: - key: - type: string - operator: - type: string - values: - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - type: object - type: object - storageClassName: - type: string - volumeMode: - type: string - volumeName: - type: string - type: object - required: - - spec - type: object - type: object - fc: - properties: - fsType: - type: string - lun: - format: int32 - type: integer - readOnly: - type: boolean - targetWWNs: - items: - type: string - type: array - wwids: - items: - type: string - type: array - type: object - flexVolume: - properties: - driver: - type: string - fsType: - type: string - options: - additionalProperties: - type: string - type: object - readOnly: - type: boolean - secretRef: - properties: - name: - type: string - type: object - required: - - driver - type: object - flocker: - properties: - datasetName: - type: string - datasetUUID: - type: string - type: object - gcePersistentDisk: - properties: - fsType: - type: string - partition: - format: int32 - type: integer - pdName: - type: string - readOnly: - type: boolean - required: - - pdName - type: object - gitRepo: - properties: - directory: - type: string - repository: - type: string - revision: - type: string - required: - - repository - type: object - glusterfs: - properties: - endpoints: - type: string - path: - type: string - readOnly: - type: boolean - required: - - endpoints - - path - type: object - hostPath: - properties: - path: - type: string - type: - type: string - required: - - path - type: object - iscsi: - properties: - chapAuthDiscovery: - type: boolean - chapAuthSession: - type: boolean - fsType: - type: string - initiatorName: - type: string - iqn: - type: string - iscsiInterface: - type: string - lun: - format: int32 - type: integer - portals: - items: - type: string - type: array - readOnly: - type: boolean - secretRef: - properties: - name: - type: string - type: object - targetPortal: - type: string - required: - - iqn - - lun - - targetPortal - type: object - name: - type: string - nfs: - properties: - path: - type: string - readOnly: - type: boolean - server: - type: string - required: - - path - - server - type: object - persistentVolumeClaim: - properties: - claimName: - type: string - readOnly: - type: boolean - required: - - claimName - type: object - photonPersistentDisk: - properties: - fsType: - type: string - pdID: - type: string - required: - - pdID - type: object - portworxVolume: - properties: - fsType: - type: string - readOnly: - type: boolean - volumeID: - type: string - required: - - volumeID - type: object - projected: - properties: - defaultMode: - format: int32 - type: integer - sources: - items: - properties: - configMap: - properties: - items: - items: - properties: - key: - type: string - mode: - format: int32 - type: integer - path: - type: string - required: - - key - - path - type: object - type: array - name: - type: string - optional: - type: boolean - type: object - downwardAPI: - properties: - items: - items: - properties: - fieldRef: - properties: - apiVersion: - type: string - fieldPath: - type: string - required: - - fieldPath - type: object - mode: - format: int32 - type: integer - path: - type: string - resourceFieldRef: - properties: - containerName: - type: string - divisor: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - resource: - type: string - required: - - resource - type: object - required: - - path - type: object - type: array - type: object - secret: - properties: - items: - items: - properties: - key: - type: string - mode: - format: int32 - type: integer - path: - type: string - required: - - key - - path - type: object - type: array - name: - type: string - optional: - type: boolean - type: object - serviceAccountToken: - properties: - audience: - type: string - expirationSeconds: - format: int64 - type: integer - path: - type: string - required: - - path - type: object - type: object - type: array - type: object - quobyte: - properties: - group: - type: string - readOnly: - type: boolean - registry: - type: string - tenant: - type: string - user: - type: string - volume: - type: string - required: - - registry - - volume - type: object - rbd: - properties: - fsType: - type: string - image: - type: string - keyring: - type: string - monitors: - items: - type: string - type: array - pool: - type: string - readOnly: - type: boolean - secretRef: - properties: - name: - type: string - type: object - user: - type: string - required: - - image - - monitors - type: object - scaleIO: - properties: - fsType: - type: string - gateway: - type: string - protectionDomain: - type: string - readOnly: - type: boolean - secretRef: - properties: - name: - type: string - type: object - sslEnabled: - type: boolean - storageMode: - type: string - storagePool: - type: string - system: - type: string - volumeName: - type: string - required: - - gateway - - secretRef - - system - type: object - secret: - properties: - defaultMode: - format: int32 - type: integer - items: - items: - properties: - key: - type: string - mode: - format: int32 - type: integer - path: - type: string - required: - - key - - path - type: object - type: array - optional: - type: boolean - secretName: - type: string - type: object - storageos: - properties: - fsType: - type: string - readOnly: - type: boolean - secretRef: - properties: - name: - type: string - type: object - volumeName: - type: string - volumeNamespace: - type: string - type: object - vsphereVolume: - properties: - fsType: - type: string - storagePolicyID: - type: string - storagePolicyName: - type: string - volumePath: - type: string - required: - - volumePath - type: object - required: - - name - type: object - type: array - x-kubernetes-list-map-keys: - - name - x-kubernetes-list-type: map - type: object - customConfig: - properties: - configData: - type: string - configMap: - properties: - fileKey: - type: string - name: - type: string - type: object - type: object - deploymentName: - type: string - enabled: - type: boolean - image: - properties: - jmxEnabled: - type: boolean - name: - type: string - pullPolicy: - type: string - pullSecrets: - items: - properties: - name: - type: string - type: object - type: array - tag: - type: string - type: object - keepAnnotations: - type: string - keepLabels: - type: string - networkPolicy: - properties: - create: - type: boolean - dnsSelectorEndpoints: - items: - properties: - matchExpressions: - items: - properties: - key: - type: string - operator: - type: string - values: - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - type: object - type: object - type: array - x-kubernetes-list-type: atomic - flavor: - type: string - type: object - nodeSelector: - additionalProperties: - type: string - type: object - priorityClassName: - type: string - rbac: - properties: - create: - type: boolean - serviceAccountName: - type: string - type: object - replicas: - format: int32 - type: integer - tolerations: - items: - properties: - effect: - type: string - key: - type: string - operator: - type: string - tolerationSeconds: - format: int64 - type: integer - value: - type: string - type: object - type: array - x-kubernetes-list-type: atomic - type: object - clusterChecksRunner: - properties: - additionalAnnotations: - additionalProperties: - type: string - type: object - additionalLabels: - additionalProperties: - type: string - type: object - affinity: - properties: - nodeAffinity: - properties: - preferredDuringSchedulingIgnoredDuringExecution: - items: - properties: - preference: - properties: - matchExpressions: - items: - properties: - key: - type: string - operator: - type: string - values: - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchFields: - items: - properties: - key: - type: string - operator: - type: string - values: - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - type: object - weight: - format: int32 - type: integer - required: - - preference - - weight - type: object - type: array - requiredDuringSchedulingIgnoredDuringExecution: - properties: - nodeSelectorTerms: - items: - properties: - matchExpressions: - items: - properties: - key: - type: string - operator: - type: string - values: - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchFields: - items: - properties: - key: - type: string - operator: - type: string - values: - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - type: object - type: array - required: - - nodeSelectorTerms - type: object - type: object - podAffinity: - properties: - preferredDuringSchedulingIgnoredDuringExecution: - items: - properties: - podAffinityTerm: - properties: - labelSelector: - properties: - matchExpressions: - items: - properties: - key: - type: string - operator: - type: string - values: - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - type: object - type: object - namespaceSelector: - properties: - matchExpressions: - items: - properties: - key: - type: string - operator: - type: string - values: - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - type: object - type: object - namespaces: - items: - type: string - type: array - topologyKey: - type: string - required: - - topologyKey - type: object - weight: - format: int32 - type: integer - required: - - podAffinityTerm - - weight - type: object - type: array - requiredDuringSchedulingIgnoredDuringExecution: - items: - properties: - labelSelector: - properties: - matchExpressions: - items: - properties: - key: - type: string - operator: - type: string - values: - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - type: object - type: object - namespaceSelector: - properties: - matchExpressions: - items: - properties: - key: - type: string - operator: - type: string - values: - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - type: object - type: object - namespaces: - items: - type: string - type: array - topologyKey: - type: string - required: - - topologyKey - type: object - type: array - type: object - podAntiAffinity: - properties: - preferredDuringSchedulingIgnoredDuringExecution: - items: - properties: - podAffinityTerm: - properties: - labelSelector: - properties: - matchExpressions: - items: - properties: - key: - type: string - operator: - type: string - values: - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - type: object - type: object - namespaceSelector: - properties: - matchExpressions: - items: - properties: - key: - type: string - operator: - type: string - values: - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - type: object - type: object - namespaces: - items: - type: string - type: array - topologyKey: - type: string - required: - - topologyKey - type: object - weight: - format: int32 - type: integer - required: - - podAffinityTerm - - weight - type: object - type: array - requiredDuringSchedulingIgnoredDuringExecution: - items: - properties: - labelSelector: - properties: - matchExpressions: - items: - properties: - key: - type: string - operator: - type: string - values: - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - type: object - type: object - namespaceSelector: - properties: - matchExpressions: - items: - properties: - key: - type: string - operator: - type: string - values: - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - type: object - type: object - namespaces: - items: - type: string - type: array - topologyKey: - type: string - required: - - topologyKey - type: object - type: array - type: object - type: object - config: - properties: - args: - items: - type: string - type: array - x-kubernetes-list-type: atomic - command: - items: - type: string - type: array - x-kubernetes-list-type: atomic - env: - items: - properties: - name: - type: string - value: - type: string - valueFrom: - properties: - configMapKeyRef: - properties: - key: - type: string - name: - type: string - optional: - type: boolean - required: - - key - type: object - fieldRef: - properties: - apiVersion: - type: string - fieldPath: - type: string - required: - - fieldPath - type: object - resourceFieldRef: - properties: - containerName: - type: string - divisor: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - resource: - type: string - required: - - resource - type: object - secretKeyRef: - properties: - key: - type: string - name: - type: string - optional: - type: boolean - required: - - key - type: object - type: object - required: - - name - type: object - type: array - x-kubernetes-list-map-keys: - - name - x-kubernetes-list-type: map - healthPort: - format: int32 - type: integer - livenessProbe: - properties: - exec: - properties: - command: - items: - type: string - type: array - type: object - failureThreshold: - format: int32 - type: integer - grpc: - properties: - port: - format: int32 - type: integer - service: - type: string - required: - - port - type: object - httpGet: - properties: - host: - type: string - httpHeaders: - items: - properties: - name: - type: string - value: - type: string - required: - - name - - value - type: object - type: array - path: - type: string - port: - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - scheme: - type: string - required: - - port - type: object - initialDelaySeconds: - format: int32 - type: integer - periodSeconds: - format: int32 - type: integer - successThreshold: - format: int32 - type: integer - tcpSocket: - properties: - host: - type: string - port: - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - required: - - port - type: object - terminationGracePeriodSeconds: - format: int64 - type: integer - timeoutSeconds: - format: int32 - type: integer + type: array + x-kubernetes-list-map-keys: + - key + x-kubernetes-list-type: map + name: + type: string type: object - logLevel: + type: object + type: object + disabled: + type: boolean + env: + items: + properties: + name: type: string - readinessProbe: + value: + type: string + valueFrom: properties: - exec: - properties: - command: - items: - type: string - type: array - type: object - failureThreshold: - format: int32 - type: integer - grpc: + configMapKeyRef: properties: - port: - format: int32 - type: integer - service: + key: + type: string + name: type: string + optional: + type: boolean required: - - port + - key type: object - httpGet: + fieldRef: properties: - host: - type: string - httpHeaders: - items: - properties: - name: - type: string - value: - type: string - required: - - name - - value - type: object - type: array - path: + apiVersion: type: string - port: - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - scheme: + fieldPath: type: string required: - - port + - fieldPath type: object - initialDelaySeconds: - format: int32 - type: integer - periodSeconds: - format: int32 - type: integer - successThreshold: - format: int32 - type: integer - tcpSocket: + resourceFieldRef: properties: - host: + containerName: type: string - port: + divisor: anyOf: - type: integer - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ x-kubernetes-int-or-string: true + resource: + type: string required: - - port - type: object - terminationGracePeriodSeconds: - format: int64 - type: integer - timeoutSeconds: - format: int32 - type: integer - type: object - resources: - properties: - limits: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - type: object - requests: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true + - resource type: object - type: object - securityContext: - properties: - fsGroup: - format: int64 - type: integer - fsGroupChangePolicy: - type: string - runAsGroup: - format: int64 - type: integer - runAsNonRoot: - type: boolean - runAsUser: - format: int64 - type: integer - seLinuxOptions: + secretKeyRef: properties: - level: - type: string - role: - type: string - type: + key: type: string - user: + name: type: string + optional: + type: boolean + required: + - key type: object - seccompProfile: + type: object + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + extraChecksd: + properties: + configDataMap: + additionalProperties: + type: string + type: object + configMap: + properties: + items: + items: properties: - localhostProfile: + key: type: string - type: + mode: + format: int32 + type: integer + path: type: string required: - - type + - key + - path type: object - supplementalGroups: - items: - format: int64 - type: integer - type: array - sysctls: - items: - properties: - name: - type: string - value: - type: string - required: - - name - - value - type: object - type: array - windowsOptions: + type: array + x-kubernetes-list-map-keys: + - key + x-kubernetes-list-type: map + name: + type: string + type: object + type: object + extraConfd: + properties: + configDataMap: + additionalProperties: + type: string + type: object + configMap: + properties: + items: + items: properties: - gmsaCredentialSpec: - type: string - gmsaCredentialSpecName: + key: type: string - hostProcess: - type: boolean - runAsUserName: + mode: + format: int32 + type: integer + path: type: string + required: + - key + - path type: object + type: array + x-kubernetes-list-map-keys: + - key + x-kubernetes-list-type: map + name: + type: string + type: object + type: object + hostNetwork: + type: boolean + hostPID: + type: boolean + image: + properties: + jmxEnabled: + type: boolean + name: + type: string + pullPolicy: + type: string + pullSecrets: + items: + properties: + name: + type: string type: object - volumeMounts: - items: - properties: - mountPath: - type: string - mountPropagation: - type: string - name: - type: string - readOnly: - type: boolean - subPath: - type: string - subPathExpr: - type: string - required: - - mountPath - - name - type: object - type: array - x-kubernetes-list-map-keys: + type: array + tag: + type: string + type: object + labels: + additionalProperties: + type: string + type: object + name: + type: string + nodeSelector: + additionalProperties: + type: string + type: object + priorityClassName: + type: string + replicas: + format: int32 + type: integer + securityContext: + properties: + fsGroup: + format: int64 + type: integer + fsGroupChangePolicy: + type: string + runAsGroup: + format: int64 + type: integer + runAsNonRoot: + type: boolean + runAsUser: + format: int64 + type: integer + seLinuxOptions: + properties: + level: + type: string + role: + type: string + type: + type: string + user: + type: string + type: object + seccompProfile: + properties: + localhostProfile: + type: string + type: + type: string + required: + - type + type: object + supplementalGroups: + items: + format: int64 + type: integer + type: array + sysctls: + items: + properties: + name: + type: string + value: + type: string + required: - name - - mountPath - x-kubernetes-list-type: map - volumes: - items: - properties: - awsElasticBlockStore: - properties: - fsType: - type: string - partition: - format: int32 - type: integer - readOnly: - type: boolean - volumeID: - type: string - required: - - volumeID - type: object - azureDisk: - properties: - cachingMode: - type: string - diskName: - type: string - diskURI: - type: string - fsType: - type: string - kind: - type: string - readOnly: - type: boolean - required: - - diskName - - diskURI - type: object - azureFile: - properties: - readOnly: - type: boolean - secretName: - type: string - shareName: - type: string - required: - - secretName - - shareName - type: object - cephfs: - properties: - monitors: - items: - type: string - type: array - path: - type: string - readOnly: - type: boolean - secretFile: - type: string - secretRef: - properties: - name: - type: string - type: object - user: - type: string - required: - - monitors - type: object - cinder: - properties: - fsType: - type: string - readOnly: - type: boolean - secretRef: - properties: - name: - type: string - type: object - volumeID: - type: string - required: - - volumeID - type: object - configMap: - properties: - defaultMode: - format: int32 - type: integer - items: - items: - properties: - key: - type: string - mode: - format: int32 - type: integer - path: - type: string - required: - - key - - path - type: object - type: array - name: - type: string - optional: - type: boolean - type: object - csi: - properties: - driver: - type: string - fsType: - type: string - nodePublishSecretRef: - properties: - name: - type: string - type: object - readOnly: - type: boolean - volumeAttributes: - additionalProperties: - type: string - type: object - required: - - driver - type: object - downwardAPI: - properties: - defaultMode: - format: int32 - type: integer - items: - items: - properties: - fieldRef: - properties: - apiVersion: - type: string - fieldPath: - type: string - required: - - fieldPath - type: object - mode: - format: int32 - type: integer - path: - type: string - resourceFieldRef: - properties: - containerName: - type: string - divisor: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - resource: - type: string - required: - - resource - type: object - required: - - path - type: object - type: array - type: object - emptyDir: - properties: - medium: - type: string - sizeLimit: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - type: object - ephemeral: - properties: - volumeClaimTemplate: - properties: - metadata: - type: object - spec: - properties: - accessModes: - items: - type: string - type: array - dataSource: - properties: - apiGroup: - type: string - kind: - type: string - name: - type: string - required: - - kind - - name - type: object - dataSourceRef: - properties: - apiGroup: - type: string - kind: - type: string - name: - type: string - required: - - kind - - name - type: object - resources: - properties: - limits: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - type: object - requests: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - type: object - type: object - selector: - properties: - matchExpressions: - items: - properties: - key: - type: string - operator: - type: string - values: - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - type: object - type: object - storageClassName: - type: string - volumeMode: - type: string - volumeName: - type: string - type: object - required: - - spec - type: object - type: object - fc: + - value + type: object + type: array + windowsOptions: + properties: + gmsaCredentialSpec: + type: string + gmsaCredentialSpecName: + type: string + hostProcess: + type: boolean + runAsUserName: + type: string + type: object + type: object + serviceAccountName: + type: string + tolerations: + items: + properties: + effect: + type: string + key: + type: string + operator: + type: string + tolerationSeconds: + format: int64 + type: integer + value: + type: string + type: object + type: array + x-kubernetes-list-type: atomic + volumes: + items: + properties: + awsElasticBlockStore: + properties: + fsType: + type: string + partition: + format: int32 + type: integer + readOnly: + type: boolean + volumeID: + type: string + required: + - volumeID + type: object + azureDisk: + properties: + cachingMode: + type: string + diskName: + type: string + diskURI: + type: string + fsType: + type: string + kind: + type: string + readOnly: + type: boolean + required: + - diskName + - diskURI + type: object + azureFile: + properties: + readOnly: + type: boolean + secretName: + type: string + shareName: + type: string + required: + - secretName + - shareName + type: object + cephfs: + properties: + monitors: + items: + type: string + type: array + path: + type: string + readOnly: + type: boolean + secretFile: + type: string + secretRef: + properties: + name: + type: string + type: object + user: + type: string + required: + - monitors + type: object + cinder: + properties: + fsType: + type: string + readOnly: + type: boolean + secretRef: + properties: + name: + type: string + type: object + volumeID: + type: string + required: + - volumeID + type: object + configMap: + properties: + defaultMode: + format: int32 + type: integer + items: + items: properties: - fsType: + key: type: string - lun: + mode: format: int32 type: integer - readOnly: - type: boolean - targetWWNs: - items: - type: string - type: array - wwids: - items: - type: string - type: array + path: + type: string + required: + - key + - path type: object - flexVolume: + type: array + name: + type: string + optional: + type: boolean + type: object + csi: + properties: + driver: + type: string + fsType: + type: string + nodePublishSecretRef: + properties: + name: + type: string + type: object + readOnly: + type: boolean + volumeAttributes: + additionalProperties: + type: string + type: object + required: + - driver + type: object + downwardAPI: + properties: + defaultMode: + format: int32 + type: integer + items: + items: properties: - driver: - type: string - fsType: - type: string - options: - additionalProperties: - type: string - type: object - readOnly: - type: boolean - secretRef: + fieldRef: properties: - name: + apiVersion: + type: string + fieldPath: type: string + required: + - fieldPath type: object - required: - - driver - type: object - flocker: - properties: - datasetName: - type: string - datasetUUID: - type: string - type: object - gcePersistentDisk: - properties: - fsType: - type: string - partition: + mode: format: int32 type: integer - pdName: - type: string - readOnly: - type: boolean - required: - - pdName - type: object - gitRepo: - properties: - directory: - type: string - repository: - type: string - revision: - type: string - required: - - repository - type: object - glusterfs: - properties: - endpoints: - type: string - path: - type: string - readOnly: - type: boolean - required: - - endpoints - - path - type: object - hostPath: - properties: path: type: string - type: - type: string - required: - - path - type: object - iscsi: - properties: - chapAuthDiscovery: - type: boolean - chapAuthSession: - type: boolean - fsType: - type: string - initiatorName: - type: string - iqn: - type: string - iscsiInterface: - type: string - lun: - format: int32 - type: integer - portals: - items: - type: string - type: array - readOnly: - type: boolean - secretRef: + resourceFieldRef: properties: - name: + containerName: + type: string + divisor: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: type: string + required: + - resource type: object - targetPortal: - type: string - required: - - iqn - - lun - - targetPortal - type: object - name: - type: string - nfs: - properties: - path: - type: string - readOnly: - type: boolean - server: - type: string required: - path - - server - type: object - persistentVolumeClaim: - properties: - claimName: - type: string - readOnly: - type: boolean - required: - - claimName - type: object - photonPersistentDisk: - properties: - fsType: - type: string - pdID: - type: string - required: - - pdID - type: object - portworxVolume: - properties: - fsType: - type: string - readOnly: - type: boolean - volumeID: - type: string - required: - - volumeID type: object - projected: - properties: - defaultMode: - format: int32 - type: integer - sources: - items: + type: array + type: object + emptyDir: + properties: + medium: + type: string + sizeLimit: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + ephemeral: + properties: + volumeClaimTemplate: + properties: + metadata: + type: object + spec: + properties: + accessModes: + items: + type: string + type: array + dataSource: properties: - configMap: - properties: - items: - items: - properties: - key: - type: string - mode: - format: int32 - type: integer - path: - type: string - required: - - key - - path - type: object - type: array - name: - type: string - optional: - type: boolean - type: object - downwardAPI: - properties: - items: - items: - properties: - fieldRef: - properties: - apiVersion: - type: string - fieldPath: - type: string - required: - - fieldPath - type: object - mode: - format: int32 - type: integer - path: - type: string - resourceFieldRef: - properties: - containerName: - type: string - divisor: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - resource: - type: string - required: - - resource - type: object - required: - - path - type: object - type: array + apiGroup: + type: string + kind: + type: string + name: + type: string + required: + - kind + - name + type: object + dataSourceRef: + properties: + apiGroup: + type: string + kind: + type: string + name: + type: string + namespace: + type: string + required: + - kind + - name + type: object + resources: + properties: + claims: + items: + properties: + name: + type: string + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true type: object - secret: - properties: - items: - items: - properties: - key: - type: string - mode: - format: int32 - type: integer - path: - type: string - required: - - key - - path - type: object - type: array - name: - type: string - optional: - type: boolean + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + type: object + selector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string type: object - serviceAccountToken: + type: object + storageClassName: + type: string + volumeMode: + type: string + volumeName: + type: string + type: object + required: + - spec + type: object + type: object + fc: + properties: + fsType: + type: string + lun: + format: int32 + type: integer + readOnly: + type: boolean + targetWWNs: + items: + type: string + type: array + wwids: + items: + type: string + type: array + type: object + flexVolume: + properties: + driver: + type: string + fsType: + type: string + options: + additionalProperties: + type: string + type: object + readOnly: + type: boolean + secretRef: + properties: + name: + type: string + type: object + required: + - driver + type: object + flocker: + properties: + datasetName: + type: string + datasetUUID: + type: string + type: object + gcePersistentDisk: + properties: + fsType: + type: string + partition: + format: int32 + type: integer + pdName: + type: string + readOnly: + type: boolean + required: + - pdName + type: object + gitRepo: + properties: + directory: + type: string + repository: + type: string + revision: + type: string + required: + - repository + type: object + glusterfs: + properties: + endpoints: + type: string + path: + type: string + readOnly: + type: boolean + required: + - endpoints + - path + type: object + hostPath: + properties: + path: + type: string + type: + type: string + required: + - path + type: object + iscsi: + properties: + chapAuthDiscovery: + type: boolean + chapAuthSession: + type: boolean + fsType: + type: string + initiatorName: + type: string + iqn: + type: string + iscsiInterface: + type: string + lun: + format: int32 + type: integer + portals: + items: + type: string + type: array + readOnly: + type: boolean + secretRef: + properties: + name: + type: string + type: object + targetPortal: + type: string + required: + - iqn + - lun + - targetPortal + type: object + name: + type: string + nfs: + properties: + path: + type: string + readOnly: + type: boolean + server: + type: string + required: + - path + - server + type: object + persistentVolumeClaim: + properties: + claimName: + type: string + readOnly: + type: boolean + required: + - claimName + type: object + photonPersistentDisk: + properties: + fsType: + type: string + pdID: + type: string + required: + - pdID + type: object + portworxVolume: + properties: + fsType: + type: string + readOnly: + type: boolean + volumeID: + type: string + required: + - volumeID + type: object + projected: + properties: + defaultMode: + format: int32 + type: integer + sources: + items: + properties: + configMap: + properties: + items: + items: properties: - audience: + key: type: string - expirationSeconds: - format: int64 + mode: + format: int32 type: integer path: type: string required: + - key - path type: object - type: object - type: array - type: object - quobyte: - properties: - group: - type: string - readOnly: - type: boolean - registry: - type: string - tenant: - type: string - user: - type: string - volume: - type: string - required: - - registry - - volume - type: object - rbd: - properties: - fsType: - type: string - image: - type: string - keyring: - type: string - monitors: - items: - type: string - type: array - pool: - type: string - readOnly: - type: boolean - secretRef: - properties: + type: array name: type: string + optional: + type: boolean type: object - user: - type: string - required: - - image - - monitors - type: object - scaleIO: - properties: - fsType: - type: string - gateway: - type: string - protectionDomain: - type: string - readOnly: - type: boolean - secretRef: + downwardAPI: properties: - name: - type: string - type: object - sslEnabled: - type: boolean - storageMode: - type: string - storagePool: - type: string - system: - type: string - volumeName: - type: string - required: - - gateway - - secretRef - - system - type: object - secret: - properties: - defaultMode: - format: int32 - type: integer - items: - items: - properties: - key: - type: string - mode: - format: int32 - type: integer - path: - type: string - required: - - key - - path - type: object - type: array - optional: - type: boolean - secretName: - type: string - type: object - storageos: - properties: - fsType: - type: string - readOnly: - type: boolean - secretRef: + items: + items: + properties: + fieldRef: + properties: + apiVersion: + type: string + fieldPath: + type: string + required: + - fieldPath + type: object + mode: + format: int32 + type: integer + path: + type: string + resourceFieldRef: + properties: + containerName: + type: string + divisor: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + type: string + required: + - resource + type: object + required: + - path + type: object + type: array + type: object + secret: properties: + items: + items: + properties: + key: + type: string + mode: + format: int32 + type: integer + path: + type: string + required: + - key + - path + type: object + type: array name: type: string + optional: + type: boolean + type: object + serviceAccountToken: + properties: + audience: + type: string + expirationSeconds: + format: int64 + type: integer + path: + type: string + required: + - path type: object - volumeName: - type: string - volumeNamespace: - type: string - type: object - vsphereVolume: - properties: - fsType: - type: string - storagePolicyID: - type: string - storagePolicyName: - type: string - volumePath: - type: string - required: - - volumePath type: object - required: - - name - type: object - type: array - x-kubernetes-list-map-keys: - - name - x-kubernetes-list-type: map - type: object - customConfig: - properties: - configData: - type: string - configMap: + type: array + type: object + quobyte: properties: - fileKey: + group: type: string - name: + readOnly: + type: boolean + registry: + type: string + tenant: + type: string + user: + type: string + volume: type: string + required: + - registry + - volume type: object - type: object - deploymentName: - type: string - enabled: - type: boolean - image: - properties: - jmxEnabled: - type: boolean - name: - type: string - pullPolicy: - type: string - pullSecrets: - items: - properties: - name: + rbd: + properties: + fsType: + type: string + image: + type: string + keyring: + type: string + monitors: + items: type: string - type: object - type: array - tag: - type: string - type: object - networkPolicy: - properties: - create: - type: boolean - dnsSelectorEndpoints: - items: - properties: - matchExpressions: - items: - properties: - key: - type: string - operator: - type: string - values: - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: + type: array + pool: + type: string + readOnly: + type: boolean + secretRef: + properties: + name: type: string - type: object - type: object - type: array - x-kubernetes-list-type: atomic - flavor: - type: string - type: object - nodeSelector: - additionalProperties: - type: string - type: object - priorityClassName: - type: string - rbac: - properties: - create: - type: boolean - serviceAccountName: - type: string - type: object - replicas: - format: int32 - type: integer - tolerations: - items: - properties: - effect: - type: string - key: - type: string - operator: - type: string - tolerationSeconds: - format: int64 - type: integer - value: - type: string - type: object - type: array - x-kubernetes-list-type: atomic - type: object - clusterName: - type: string - credentials: - properties: - apiKey: - type: string - apiKeyExistingSecret: - type: string - apiSecret: - properties: - keyName: - type: string - secretName: - type: string - required: - - secretName - type: object - appKey: - type: string - appKeyExistingSecret: - type: string - appSecret: - properties: - keyName: - type: string - secretName: - type: string - required: - - secretName - type: object - token: - type: string - useSecretBackend: - type: boolean - type: object - features: - properties: - kubeStateMetricsCore: - properties: - clusterCheck: - type: boolean - conf: + type: object + user: + type: string + required: + - image + - monitors + type: object + scaleIO: properties: - configData: + fsType: type: string - configMap: + gateway: + type: string + protectionDomain: + type: string + readOnly: + type: boolean + secretRef: properties: - fileKey: - type: string name: type: string type: object + sslEnabled: + type: boolean + storageMode: + type: string + storagePool: + type: string + system: + type: string + volumeName: + type: string + required: + - gateway + - secretRef + - system type: object - enabled: - type: boolean - type: object - logCollection: - properties: - containerCollectUsingFiles: - type: boolean - containerLogsPath: - type: string - containerSymlinksPath: - type: string - enabled: - type: boolean - logsConfigContainerCollectAll: - type: boolean - openFilesLimit: - format: int32 - type: integer - podLogsPath: - type: string - tempStoragePath: - type: string - type: object - networkMonitoring: - properties: - enabled: - type: boolean - type: object - orchestratorExplorer: - properties: - additionalEndpoints: - type: string - clusterCheck: - type: boolean - conf: + secret: + properties: + defaultMode: + format: int32 + type: integer + items: + items: + properties: + key: + type: string + mode: + format: int32 + type: integer + path: + type: string + required: + - key + - path + type: object + type: array + optional: + type: boolean + secretName: + type: string + type: object + storageos: properties: - configData: + fsType: type: string - configMap: + readOnly: + type: boolean + secretRef: properties: - fileKey: - type: string name: type: string type: object + volumeName: + type: string + volumeNamespace: + type: string type: object - ddUrl: - type: string - enabled: - type: boolean - extraTags: - items: - type: string - type: array - x-kubernetes-list-type: set - scrubbing: + vsphereVolume: properties: - containers: - type: boolean + fsType: + type: string + storagePolicyID: + type: string + storagePolicyName: + type: string + volumePath: + type: string + required: + - volumePath type: object + required: + - name type: object - prometheusScrape: - properties: - additionalConfigs: - type: string - enabled: - type: boolean - serviceEndpoints: - type: boolean - type: object - type: object - registry: + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + type: object + type: object + type: object + status: + properties: + agent: + properties: + available: + format: int32 + type: integer + current: + format: int32 + type: integer + currentHash: type: string - site: + daemonsetName: + type: string + desired: + format: int32 + type: integer + lastUpdate: + format: date-time + type: string + ready: + format: int32 + type: integer + state: type: string + status: + type: string + upToDate: + format: int32 + type: integer + required: + - available + - current + - desired + - ready + - upToDate type: object - status: + agentList: + items: + properties: + available: + format: int32 + type: integer + current: + format: int32 + type: integer + currentHash: + type: string + daemonsetName: + type: string + desired: + format: int32 + type: integer + lastUpdate: + format: date-time + type: string + ready: + format: int32 + type: integer + state: + type: string + status: + type: string + upToDate: + format: int32 + type: integer + required: + - available + - current + - desired + - ready + - upToDate + type: object + type: array + x-kubernetes-list-type: atomic + clusterAgent: properties: - agent: - properties: - available: - format: int32 - type: integer - current: - format: int32 - type: integer - currentHash: - type: string - daemonsetName: - type: string - desired: - format: int32 - type: integer - lastUpdate: - format: date-time - type: string - ready: - format: int32 - type: integer - state: - type: string - status: - type: string - upToDate: - format: int32 - type: integer - required: - - available - - current - - desired - - ready - - upToDate - type: object - clusterAgent: - properties: - availableReplicas: - format: int32 - type: integer - currentHash: - type: string - deploymentName: - type: string - generatedToken: - type: string - lastUpdate: - format: date-time - type: string - readyReplicas: - format: int32 - type: integer - replicas: - format: int32 - type: integer - state: - type: string - status: - type: string - unavailableReplicas: - format: int32 - type: integer - updatedReplicas: - format: int32 - type: integer - type: object - clusterChecksRunner: - properties: - availableReplicas: - format: int32 - type: integer - currentHash: - type: string - deploymentName: - type: string - generatedToken: - type: string - lastUpdate: - format: date-time - type: string - readyReplicas: - format: int32 - type: integer - replicas: - format: int32 - type: integer - state: - type: string - status: - type: string - unavailableReplicas: - format: int32 - type: integer - updatedReplicas: - format: int32 - type: integer - type: object - conditions: - items: - properties: - lastTransitionTime: - format: date-time - type: string - lastUpdateTime: - format: date-time - type: string - message: - type: string - reason: - type: string - status: - type: string - type: - type: string - required: - - status - - type - type: object - type: array - x-kubernetes-list-map-keys: - - type - x-kubernetes-list-type: map - defaultOverride: - type: object - x-kubernetes-preserve-unknown-fields: true + availableReplicas: + format: int32 + type: integer + currentHash: + type: string + deploymentName: + type: string + generatedToken: + type: string + lastUpdate: + format: date-time + type: string + readyReplicas: + format: int32 + type: integer + replicas: + format: int32 + type: integer + state: + type: string + status: + type: string + unavailableReplicas: + format: int32 + type: integer + updatedReplicas: + format: int32 + type: integer type: object - type: object - {{- if not (eq .Values.migration.datadogAgents.version "v2alpha1") }} - served: true - storage: true - {{- else }} - served: true - storage: false - {{- end }} - - additionalPrinterColumns: - - JSONPath: .status.agent.status - name: agent - type: string - - JSONPath: .status.clusterAgent.status - name: cluster-agent - type: string - - JSONPath: .status.clusterChecksRunner.status - name: cluster-checks-runner - type: string - - JSONPath: .metadata.creationTimestamp - name: age - type: date - name: v2alpha1 - schema: - openAPIV3Schema: - properties: - apiVersion: - type: string - kind: - type: string - metadata: + clusterChecksRunner: + properties: + availableReplicas: + format: int32 + type: integer + currentHash: + type: string + deploymentName: + type: string + generatedToken: + type: string + lastUpdate: + format: date-time + type: string + readyReplicas: + format: int32 + type: integer + replicas: + format: int32 + type: integer + state: + type: string + status: + type: string + unavailableReplicas: + format: int32 + type: integer + updatedReplicas: + format: int32 + type: integer type: object - spec: + conditions: + items: + properties: + lastTransitionTime: + format: date-time + type: string + message: + maxLength: 32768 + type: string + observedGeneration: + format: int64 + minimum: 0 + type: integer + reason: + maxLength: 1024 + minLength: 1 + pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$ + type: string + status: + enum: + - "True" + - "False" + - Unknown + type: string + type: + maxLength: 316 + pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ + type: string + required: + - lastTransitionTime + - message + - reason + - status + - type + type: object + type: array + x-kubernetes-list-map-keys: + - type + x-kubernetes-list-type: map + remoteConfigConfiguration: properties: features: properties: @@ -5977,6 +3044,18 @@ spec: x-kubernetes-list-type: map resources: properties: + claims: + items: + properties: + name: + type: string + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map limits: additionalProperties: anyOf: @@ -6100,6 +3179,11 @@ spec: type: string type: array x-kubernetes-list-type: set + languageDetection: + properties: + enabled: + type: boolean + type: object libVersions: additionalProperties: type: string @@ -6526,6 +3610,10 @@ spec: x-kubernetes-list-type: set enabled: type: boolean + overlayFSDirectScan: + type: boolean + uncompressedLayersSupport: + type: boolean type: object enabled: type: boolean @@ -6689,6 +3777,18 @@ spec: type: integer resources: properties: + claims: + items: + properties: + name: + type: string + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map limits: additionalProperties: anyOf: @@ -7444,6 +4544,18 @@ spec: type: object resources: properties: + claims: + items: + properties: + name: + type: string + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map limits: additionalProperties: anyOf: @@ -7841,6 +4953,24 @@ spec: type: object serviceAccountName: type: string + strategy: + properties: + rollingUpdate: + properties: + maxSurge: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + maxUnavailable: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + type: object + type: + type: string + type: object tolerations: items: properties: @@ -8073,12 +5203,26 @@ spec: type: string name: type: string + namespace: + type: string required: - kind - name type: object resources: properties: + claims: + items: + properties: + name: + type: string + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map limits: additionalProperties: anyOf: @@ -8820,6 +5964,18 @@ spec: x-kubernetes-list-type: map resources: properties: + claims: + items: + properties: + name: + type: string + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map limits: additionalProperties: anyOf: @@ -8943,6 +6099,11 @@ spec: type: string type: array x-kubernetes-list-type: set + languageDetection: + properties: + enabled: + type: boolean + type: object libVersions: additionalProperties: type: string @@ -9397,6 +6558,10 @@ spec: type: object type: object type: object + type: object + version: v2alpha1 + versions: + - name: v2alpha1 served: true storage: true status: diff --git a/charts/datadog-crds/templates/datadoghq.com_datadogmetrics_v1.yaml b/charts/datadog-crds/templates/datadoghq.com_datadogmetrics_v1.yaml index af440ca92..614eea1e6 100644 --- a/charts/datadog-crds/templates/datadoghq.com_datadogmetrics_v1.yaml +++ b/charts/datadog-crds/templates/datadoghq.com_datadogmetrics_v1.yaml @@ -1,12 +1,10 @@ {{- if and .Values.crds.datadogMetrics (semverCompare ">1.21-0" .Capabilities.KubeVersion.GitVersion ) }} - --- apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.6.1 - creationTimestamp: null + controller-gen.kubebuilder.io/version: v0.14.0 name: datadogmetrics.datadoghq.com labels: helm.sh/chart: '{{ include "datadog-crds.chart" . }}' @@ -44,10 +42,19 @@ spec: description: DatadogMetric allows autoscaling on arbitrary Datadog query properties: apiVersion: - description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources type: string kind: - description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds type: string metadata: type: object @@ -58,7 +65,9 @@ spec: description: ExternalMetricName is reserved for internal use type: string maxAge: - description: MaxAge provides the max age for the metric query (overrides the default setting `external_metrics_provider.max_age`) + description: |- + MaxAge provides the max age for the metric query (overrides the default setting + `external_metrics_provider.max_age`) type: string query: description: Query is the raw datadog query @@ -117,10 +126,4 @@ spec: storage: true subresources: status: {} -status: - acceptedNames: - kind: "" - plural: "" - conditions: [] - storedVersions: [] {{- end }} diff --git a/charts/datadog-crds/templates/datadoghq.com_datadogmonitors_v1.yaml b/charts/datadog-crds/templates/datadoghq.com_datadogmonitors_v1.yaml index d16cabbb1..10e050b87 100644 --- a/charts/datadog-crds/templates/datadoghq.com_datadogmonitors_v1.yaml +++ b/charts/datadog-crds/templates/datadoghq.com_datadogmonitors_v1.yaml @@ -1,12 +1,10 @@ {{- if and .Values.crds.datadogMonitors (semverCompare ">1.21-0" .Capabilities.KubeVersion.GitVersion ) }} - --- apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.6.1 - creationTimestamp: null + controller-gen.kubebuilder.io/version: v0.14.0 name: datadogmonitors.datadoghq.com labels: helm.sh/chart: '{{ include "datadog-crds.chart" . }}' @@ -48,10 +46,19 @@ spec: description: DatadogMonitor allows to define and manage Monitors from your Kubernetes Cluster properties: apiVersion: - description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources type: string kind: - description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds type: string metadata: type: object @@ -81,7 +88,10 @@ spec: description: A message to include with a re-notification. type: string evaluationDelay: - description: Time (in seconds) to delay evaluation, as a non-negative integer. For example, if the value is set to 300 (5min), the timeframe is set to last_5m and the time is 7:00, the monitor evaluates data from 6:50 to 6:55. This is useful for AWS CloudWatch and other backfilled metrics to ensure the monitor always has data during evaluation. + description: |- + Time (in seconds) to delay evaluation, as a non-negative integer. For example, if the value is set to 300 (5min), + the timeframe is set to last_5m and the time is 7:00, the monitor evaluates data from 6:50 to 6:55. + This is useful for AWS CloudWatch and other backfilled metrics to ensure the monitor always has data during evaluation. format: int64 type: integer groupbySimpleMonitor: @@ -91,14 +101,19 @@ spec: description: A Boolean indicating whether notifications from this monitor automatically inserts its triggering tags into the title. type: boolean locked: - description: Whether or not the monitor is locked (only editable by creator and admins). + description: 'DEPRECATED: Whether or not the monitor is locked (only editable by creator and admins). Use `restricted_roles` instead.' type: boolean newGroupDelay: - description: Time (in seconds) to allow a host to boot and applications to fully start before starting the evaluation of monitor results. Should be a non negative integer. + description: |- + Time (in seconds) to allow a host to boot and applications to fully start before starting the evaluation of + monitor results. Should be a non negative integer. format: int64 type: integer noDataTimeframe: - description: The number of minutes before a monitor notifies after data stops reporting. Datadog recommends at least 2x the monitor timeframe for metric alerts or 2 minutes for service checks. If omitted, 2x the evaluation timeframe is used for metric alerts, and 24 hours is used for service checks. + description: |- + The number of minutes before a monitor notifies after data stops reporting. Datadog recommends at least 2x the + monitor timeframe for metric alerts or 2 minutes for service checks. If omitted, 2x the evaluation timeframe + is used for metric alerts, and 24 hours is used for service checks. format: int64 type: integer notificationPresetName: @@ -108,7 +123,12 @@ spec: description: A Boolean indicating whether tagged users are notified on changes to this monitor. type: boolean notifyBy: - description: A string indicating the granularity a monitor alerts on. Only available for monitors with groupings. For instance, a monitor grouped by cluster, namespace, and pod can be configured to only notify on each new cluster violating the alert conditions by setting notify_by to ["cluster"]. Tags mentioned in notify_by must be a subset of the grouping tags in the query. For example, a query grouped by cluster and namespace cannot notify on region. Setting notify_by to [*] configures the monitor to notify as a simple-alert. + description: |- + A string indicating the granularity a monitor alerts on. Only available for monitors with groupings. + For instance, a monitor grouped by cluster, namespace, and pod can be configured to only notify on each new + cluster violating the alert conditions by setting notify_by to ["cluster"]. Tags mentioned in notify_by must + be a subset of the grouping tags in the query. For example, a query grouped by cluster and namespace cannot + notify on region. Setting notify_by to [*] configures the monitor to notify as a simple-alert. items: type: string type: array @@ -116,18 +136,33 @@ spec: description: A Boolean indicating whether this monitor notifies when data stops reporting. type: boolean onMissingData: - description: An enum that controls how groups or monitors are treated if an evaluation does not return data points. The default option results in different behavior depending on the monitor query type. For monitors using Count queries, an empty monitor evaluation is treated as 0 and is compared to the threshold conditions. For monitors using any query type other than Count, for example Gauge, Measure, or Rate, the monitor shows the last known status. This option is only available for APM Trace Analytics, Audit Trail, CI, Error Tracking, Event, Logs, and RUM monitors + description: |- + An enum that controls how groups or monitors are treated if an evaluation does not return data points. + The default option results in different behavior depending on the monitor query type. + For monitors using Count queries, an empty monitor evaluation is treated as 0 and is compared to the threshold conditions. + For monitors using any query type other than Count, for example Gauge, Measure, or Rate, the monitor shows the last known status. + This option is only available for APM Trace Analytics, Audit Trail, CI, Error Tracking, Event, Logs, and RUM monitors type: string renotifyInterval: - description: The number of minutes after the last notification before a monitor re-notifies on the current status. It only re-notifies if it’s not resolved. + description: |- + The number of minutes after the last notification before a monitor re-notifies on the current status. + It only re-notifies if it’s not resolved. format: int64 type: integer renotifyOccurrences: description: The number of times re-notification messages should be sent on the current status at the provided re-notification interval. format: int64 type: integer + renotifyStatuses: + description: The types of statuses for which re-notification messages should be sent. Valid values are alert, warn, no data. + items: + description: MonitorRenotifyStatusType The different statuses for which renotification is supported. + type: string + type: array requireFullWindow: - description: A Boolean indicating whether this monitor needs a full window of data before it’s evaluated. We highly recommend you set this to false for sparse metrics, otherwise some evaluations are skipped. Default is false. + description: |- + A Boolean indicating whether this monitor needs a full window of data before it’s evaluated. We highly + recommend you set this to false for sparse metrics, otherwise some evaluations are skipped. Default is false. type: boolean thresholdWindows: description: A struct of the alerting time window options. @@ -174,7 +209,10 @@ spec: description: Query is the Datadog monitor query type: string restrictedRoles: - description: RestrictedRoles is a list of unique role identifiers to define which roles are allowed to edit the monitor. `restricted_roles` is the successor of `locked`. For more information about `locked` and `restricted_roles`, see the [monitor options docs](https://docs.datadoghq.com/monitors/guide/monitor_api_options/#permissions-options). + description: |- + RestrictedRoles is a list of unique role identifiers to define which roles are allowed to edit the monitor. + `restricted_roles` is the successor of `locked`. For more information about `locked` and `restricted_roles`, + see the [monitor options docs](https://docs.datadoghq.com/monitors/guide/monitor_api_options/#permissions-options). items: type: string type: array @@ -233,7 +271,9 @@ spec: description: Creator is the identify of the monitor creator type: string currentHash: - description: CurrentHash tracks the hash of the current DatadogMonitorSpec to know if the Spec has changed and needs an update + description: |- + CurrentHash tracks the hash of the current DatadogMonitorSpec to know + if the Spec has changed and needs an update type: string downtimeStatus: description: DowntimeStatus defines whether the monitor is downtimed @@ -262,7 +302,9 @@ spec: format: date-time type: string primary: - description: Primary defines whether the monitor is managed by the Kubernetes custom resource (true) or outside Kubernetes (false) + description: |- + Primary defines whether the monitor is managed by the Kubernetes custom + resource (true) or outside Kubernetes (false) type: boolean syncStatus: description: MonitorStateSyncStatus shows the health of syncing the monitor state to Datadog @@ -270,7 +312,9 @@ spec: triggeredState: description: TriggeredState only includes details for monitor groups that are triggering items: - description: DatadogMonitorTriggeredState represents the details of a triggering DatadogMonitor The DatadogMonitor is triggering if one of its groups is in Alert, Warn, or No Data + description: |- + DatadogMonitorTriggeredState represents the details of a triggering DatadogMonitor + The DatadogMonitor is triggering if one of its groups is in Alert, Warn, or No Data properties: lastTransitionTime: format: date-time @@ -294,10 +338,4 @@ spec: storage: true subresources: status: {} -status: - acceptedNames: - kind: "" - plural: "" - conditions: [] - storedVersions: [] {{- end }} diff --git a/charts/datadog-crds/templates/datadoghq.com_datadogslos_v1.yaml b/charts/datadog-crds/templates/datadoghq.com_datadogslos_v1.yaml index d95be534c..0cb8c68bd 100644 --- a/charts/datadog-crds/templates/datadoghq.com_datadogslos_v1.yaml +++ b/charts/datadog-crds/templates/datadoghq.com_datadogslos_v1.yaml @@ -1,12 +1,10 @@ {{- if and .Values.crds.datadogSLOs (semverCompare ">1.21-0" .Capabilities.KubeVersion.GitVersion ) }} - --- apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.6.1 - creationTimestamp: null + controller-gen.kubebuilder.io/version: v0.14.0 name: datadogslos.datadoghq.com labels: helm.sh/chart: '{{ include "datadog-crds.chart" . }}' @@ -40,10 +38,19 @@ spec: description: DatadogSLO allows a user to define and manage datadog SLOs from Kubernetes cluster. properties: apiVersion: - description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources type: string kind: - description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds type: string metadata: type: object @@ -57,10 +64,15 @@ spec: type: boolean type: object description: - description: Description is a user-defined description of the service level objective. Always included in service level objective responses (but may be null). Optional in create/update requests. + description: |- + Description is a user-defined description of the service level objective. + Always included in service level objective responses (but may be null). Optional in create/update requests. type: string groups: - description: Groups is a list of (up to 100) monitor groups that narrow the scope of a monitor service level objective. Included in service level objective responses if it is not empty. Optional in create/update requests for monitor service level objectives, but may only be used when the length of the monitor_ids field is one. + description: |- + Groups is a list of (up to 100) monitor groups that narrow the scope of a monitor service level objective. + Included in service level objective responses if it is not empty. + Optional in create/update requests for monitor service level objectives, but may only be used when the length of the monitor_ids field is one. items: type: string type: array @@ -76,7 +88,9 @@ spec: description: Name is the name of the service level objective. type: string query: - description: Query is the query for a metric-based SLO. Required if type is metric. Note that only the `sum by` aggregator is allowed, which sums all request counts. `Average`, `max`, nor `min` request aggregators are not supported. + description: |- + Query is the query for a metric-based SLO. Required if type is metric. + Note that only the `sum by` aggregator is allowed, which sums all request counts. `Average`, `max`, nor `min` request aggregators are not supported. properties: denominator: description: Denominator is a Datadog metric query for total (valid) events. @@ -89,7 +103,10 @@ spec: - numerator type: object tags: - description: 'Tags is a list of tags to associate with your service level objective. This can help you categorize and filter service level objectives in the service level objectives page of the UI. Note: it''s not currently possible to filter by these tags when querying via the API.' + description: |- + Tags is a list of tags to associate with your service level objective. + This can help you categorize and filter service level objectives in the service level objectives page of the UI. + Note: it's not currently possible to filter by these tags when querying via the API. items: type: string type: array @@ -126,23 +143,52 @@ spec: conditions: description: Conditions represents the latest available observations of the state of a DatadogSLO. items: - description: "Condition contains details for one aspect of the current state of this API Resource. --- This struct is intended for direct use as an array at the field path .status.conditions. For example, type FooStatus struct{ // Represents the observations of a foo's current state. // Known .status.conditions.type are: \"Available\", \"Progressing\", and \"Degraded\" // +patchMergeKey=type // +patchStrategy=merge // +listType=map // +listMapKey=type Conditions []metav1.Condition `json:\"conditions,omitempty\" patchStrategy:\"merge\" patchMergeKey:\"type\" protobuf:\"bytes,1,rep,name=conditions\"` \n // other fields }" + description: |- + Condition contains details for one aspect of the current state of this API Resource. + --- + This struct is intended for direct use as an array at the field path .status.conditions. For example, + + + type FooStatus struct{ + // Represents the observations of a foo's current state. + // Known .status.conditions.type are: "Available", "Progressing", and "Degraded" + // +patchMergeKey=type + // +patchStrategy=merge + // +listType=map + // +listMapKey=type + Conditions []metav1.Condition `json:"conditions,omitempty" patchStrategy:"merge" patchMergeKey:"type" protobuf:"bytes,1,rep,name=conditions"` + + + // other fields + } properties: lastTransitionTime: - description: lastTransitionTime is the last time the condition transitioned from one status to another. This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable. + description: |- + lastTransitionTime is the last time the condition transitioned from one status to another. + This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable. format: date-time type: string message: - description: message is a human readable message indicating details about the transition. This may be an empty string. + description: |- + message is a human readable message indicating details about the transition. + This may be an empty string. maxLength: 32768 type: string observedGeneration: - description: observedGeneration represents the .metadata.generation that the condition was set based upon. For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date with respect to the current state of the instance. + description: |- + observedGeneration represents the .metadata.generation that the condition was set based upon. + For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date + with respect to the current state of the instance. format: int64 minimum: 0 type: integer reason: - description: reason contains a programmatic identifier indicating the reason for the condition's last transition. Producers of specific condition types may define expected values and meanings for this field, and whether the values are considered a guaranteed API. The value should be a CamelCase string. This field may not be empty. + description: |- + reason contains a programmatic identifier indicating the reason for the condition's last transition. + Producers of specific condition types may define expected values and meanings for this field, + and whether the values are considered a guaranteed API. + The value should be a CamelCase string. + This field may not be empty. maxLength: 1024 minLength: 1 pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$ @@ -155,7 +201,12 @@ spec: - Unknown type: string type: - description: type of condition in CamelCase or in foo.example.com/CamelCase. --- Many .condition.type values are consistent across resources like Available, but because arbitrary conditions can be useful (see .node.status.conditions), the ability to deconflict is important. The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt) + description: |- + type of condition in CamelCase or in foo.example.com/CamelCase. + --- + Many .condition.type values are consistent across resources like Available, but because arbitrary conditions can be + useful (see .node.status.conditions), the ability to deconflict is important. + The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt) maxLength: 316 pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ type: string @@ -178,7 +229,9 @@ spec: description: Creator is the identity of the SLO creator. type: string currentHash: - description: CurrentHash tracks the hash of the current DatadogSLOSpec to know if the Spec has changed and needs an update. + description: |- + CurrentHash tracks the hash of the current DatadogSLOSpec to know + if the Spec has changed and needs an update. type: string id: description: ID is the SLO ID generated in Datadog. @@ -196,10 +249,4 @@ spec: storage: true subresources: status: {} -status: - acceptedNames: - kind: "" - plural: "" - conditions: [] - storedVersions: [] {{- end }} diff --git a/charts/datadog-crds/templates/datadoghq.com_datadogslos_v1beta1.yaml b/charts/datadog-crds/templates/datadoghq.com_datadogslos_v1beta1.yaml index b8c23d948..90d531817 100644 --- a/charts/datadog-crds/templates/datadoghq.com_datadogslos_v1beta1.yaml +++ b/charts/datadog-crds/templates/datadoghq.com_datadogslos_v1beta1.yaml @@ -126,7 +126,7 @@ spec: conditions: description: Conditions represents the latest available observations of the state of a DatadogSLO. items: - description: "Condition contains details for one aspect of the current state of this API Resource. --- This struct is intended for direct use as an array at the field path .status.conditions. For example, type FooStatus struct{ // Represents the observations of a foo's current state. // Known .status.conditions.type are: \"Available\", \"Progressing\", and \"Degraded\" // +patchMergeKey=type // +patchStrategy=merge // +listType=map // +listMapKey=type Conditions []metav1.Condition `json:\"conditions,omitempty\" patchStrategy:\"merge\" patchMergeKey:\"type\" protobuf:\"bytes,1,rep,name=conditions\"` \n // other fields }" + description: "Condition contains details for one aspect of the current state of this API Resource. --- This struct is intended for direct use as an array at the field path .status.conditions. For example, \n \ttype FooStatus struct{ \t // Represents the observations of a foo's current state. \t // Known .status.conditions.type are: \"Available\", \"Progressing\", and \"Degraded\" \t // +patchMergeKey=type \t // +patchStrategy=merge \t // +listType=map \t // +listMapKey=type \t Conditions []metav1.Condition `json:\"conditions,omitempty\" patchStrategy:\"merge\" patchMergeKey:\"type\" protobuf:\"bytes,1,rep,name=conditions\"` \n \t // other fields \t}" properties: lastTransitionTime: description: lastTransitionTime is the last time the condition transitioned from one status to another. This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable. diff --git a/charts/datadog-crds/update-crds.sh b/charts/datadog-crds/update-crds.sh index 78565a243..d6c88cc67 100755 --- a/charts/datadog-crds/update-crds.sh +++ b/charts/datadog-crds/update-crds.sh @@ -53,14 +53,9 @@ download_crd() { } mkdir -p "$ROOT/crds" -download_crd "$DATADOG_OPERATOR_REPO" "$DATADOG_OPERATOR_TAG" datadogmetrics datadogMetrics v1beta1 download_crd "$DATADOG_OPERATOR_REPO" "$DATADOG_OPERATOR_TAG" datadogmetrics datadogMetrics v1 -download_crd "$DATADOG_OPERATOR_REPO" "$DATADOG_OPERATOR_TAG" datadogagents datadogAgents v1beta1 download_crd "$DATADOG_OPERATOR_REPO" "$DATADOG_OPERATOR_TAG" datadogagents datadogAgents v1 -download_crd "$DATADOG_OPERATOR_REPO" "$DATADOG_OPERATOR_TAG" datadogmonitors datadogMonitors v1beta1 download_crd "$DATADOG_OPERATOR_REPO" "$DATADOG_OPERATOR_TAG" datadogmonitors datadogMonitors v1 -download_crd "$DATADOG_OPERATOR_REPO" "$DATADOG_OPERATOR_TAG" datadogslos datadogSLOs v1beta1 download_crd "$DATADOG_OPERATOR_REPO" "$DATADOG_OPERATOR_TAG" datadogslos datadogSLOs v1 -download_crd "$DATADOG_OPERATOR_REPO" "$DATADOG_OPERATOR_TAG" datadogagentprofiles datadogAgentProfiles v1beta1 download_crd "$DATADOG_OPERATOR_REPO" "$DATADOG_OPERATOR_TAG" datadogagentprofiles datadogAgentProfiles v1 download_crd "$DATADOG_OPERATOR_REPO" "$DATADOG_OPERATOR_TAG" datadogpodautoscalers datadogPodAutoscalers v1 diff --git a/charts/datadog-crds/values.yaml b/charts/datadog-crds/values.yaml index 773a93f1b..5f9ea8e3d 100644 --- a/charts/datadog-crds/values.yaml +++ b/charts/datadog-crds/values.yaml @@ -16,15 +16,6 @@ crds: # crds.datadogPodAutoscalers -- Set to true to deploy the DatadogPodAutoscalers CRD datadogPodAutoscalers: false -migration: - datadogAgents: - conversionWebhook: - enabled: false - name: datadog-operator-webhook-service - namespace: default - useCertManager: false - version: "v2alpha1" - # nameOverride -- Override name of app nameOverride: "" diff --git a/crds/datadoghq.com_datadogagentprofiles.yaml b/crds/datadoghq.com_datadogagentprofiles.yaml index 4ce95b8dc..9aab15bdd 100644 --- a/crds/datadoghq.com_datadogagentprofiles.yaml +++ b/crds/datadoghq.com_datadogagentprofiles.yaml @@ -1,11 +1,9 @@ - --- apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.6.1 - creationTimestamp: null + controller-gen.kubebuilder.io/version: v0.14.0 name: datadogagentprofiles.datadoghq.com spec: group: datadoghq.com @@ -34,10 +32,19 @@ spec: description: DatadogAgentProfile is the Schema for the datadogagentprofiles API properties: apiVersion: - description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources type: string kind: - description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds type: string metadata: type: object @@ -52,9 +59,147 @@ spec: containers: additionalProperties: properties: + env: + description: |- + Specify additional environment variables in the container. + See also: https://docs.datadoghq.com/agent/guide/environment-variables/ + items: + description: EnvVar represents an environment variable present in a Container. + properties: + name: + description: Name of the environment variable. Must be a C_IDENTIFIER. + type: string + value: + description: |- + Variable references $(VAR_NAME) are expanded + using the previously defined environment variables in the container and + any service environment variables. If a variable cannot be resolved, + the reference in the input string will be unchanged. Double $$ are reduced + to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. + "$$(VAR_NAME)" will produce the string literal "$(VAR_NAME)". + Escaped references will never be expanded, regardless of whether the variable + exists or not. + Defaults to "". + type: string + valueFrom: + description: Source for the environment variable's value. Cannot be used if value is not empty. + properties: + configMapKeyRef: + description: Selects a key of a ConfigMap. + properties: + key: + description: The key to select. + type: string + name: + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid? + type: string + optional: + description: Specify whether the ConfigMap or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + fieldRef: + description: |- + Selects a field of the pod: supports metadata.name, metadata.namespace, `metadata.labels['']`, `metadata.annotations['']`, + spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs. + properties: + apiVersion: + description: Version of the schema the FieldPath is written in terms of, defaults to "v1". + type: string + fieldPath: + description: Path of the field to select in the specified API version. + type: string + required: + - fieldPath + type: object + x-kubernetes-map-type: atomic + resourceFieldRef: + description: |- + Selects a resource of the container: only resources limits and requests + (limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported. + properties: + containerName: + description: 'Container name: required for volumes, optional for env vars' + type: string + divisor: + anyOf: + - type: integer + - type: string + description: Specifies the output format of the exposed resources, defaults to "1" + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + description: 'Required: resource to select' + type: string + required: + - resource + type: object + x-kubernetes-map-type: atomic + secretKeyRef: + description: Selects a key of a secret in the pod's namespace + properties: + key: + description: The key of the secret to select from. Must be a valid secret key. + type: string + name: + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid? + type: string + optional: + description: Specify whether the Secret or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map resources: - description: ResourceRequirements describes the compute resource requirements. + description: |- + Specify the Request and Limits of the pods. + To get guaranteed QoS class, specify requests and limits equal. + See also: http://kubernetes.io/docs/user-guide/compute-resources/ properties: + claims: + description: |- + Claims lists the names of resources, defined in spec.resourceClaims, + that are used by this container. + + + This is an alpha field and requires enabling the + DynamicResourceAllocation feature gate. + + + This field is immutable. It can only be set for containers. + items: + description: ResourceClaim references one entry in PodSpec.ResourceClaims. + properties: + name: + description: |- + Name must match the name of one entry in pod.spec.resourceClaims of + the Pod where this field is used. It makes that resource available + inside a container. + type: string + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map limits: additionalProperties: anyOf: @@ -62,7 +207,9 @@ spec: - type: string pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ x-kubernetes-int-or-string: true - description: 'Limits describes the maximum amount of compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + description: |- + Limits describes the maximum amount of compute resources allowed. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ type: object requests: additionalProperties: @@ -71,14 +218,31 @@ spec: - type: string pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ x-kubernetes-int-or-string: true - description: 'Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + description: |- + Requests describes the minimum amount of compute resources required. + If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, + otherwise to an implementation-defined value. Requests cannot exceed Limits. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ type: object type: object type: object - description: 'Configure the basic configurations for an Agent container Valid Agent container names are: `agent`' + description: |- + Configure the basic configurations for an Agent container + Valid Agent container names are: `agent` + type: object + labels: + additionalProperties: + type: string + description: Labels provide labels that are added to the Datadog Agent pods. type: object priorityClassName: - description: If specified, indicates the pod's priority. "system-node-critical" and "system-cluster-critical" are two special keywords which indicate the highest priorities with the former being the highest priority. Any other name must be defined by creating a PriorityClass object with that name. If not specified, the pod priority will be default or zero if there is no default. + description: |- + If specified, indicates the pod's priority. "system-node-critical" and + "system-cluster-critical" are two special keywords which indicate the + highest priorities with the former being the highest priority. Any other + name must be defined by creating a PriorityClass object with that name. + If not specified, the pod priority will be default or zero if there is no + default. type: string type: object type: object @@ -87,16 +251,25 @@ spec: properties: profileNodeAffinity: items: - description: A node selector requirement is a selector that contains values, a key, and an operator that relates the key and values. + description: |- + A node selector requirement is a selector that contains values, a key, and an operator + that relates the key and values. properties: key: description: The label key that the selector applies to. type: string operator: - description: Represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. + description: |- + Represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. type: string values: - description: An array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. If the operator is Gt or Lt, the values array must have a single element, which will be interpreted as an integer. This array is replaced during a strategic merge patch. + description: |- + An array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. If the operator is Gt or Lt, the values + array must have a single element, which will be interpreted as an integer. + This array is replaced during a strategic merge patch. items: type: string type: array @@ -116,23 +289,52 @@ spec: conditions: description: Conditions represents the latest available observations of a DatadogAgentProfile's current state. items: - description: "Condition contains details for one aspect of the current state of this API Resource. --- This struct is intended for direct use as an array at the field path .status.conditions. For example, type FooStatus struct{ // Represents the observations of a foo's current state. // Known .status.conditions.type are: \"Available\", \"Progressing\", and \"Degraded\" // +patchMergeKey=type // +patchStrategy=merge // +listType=map // +listMapKey=type Conditions []metav1.Condition `json:\"conditions,omitempty\" patchStrategy:\"merge\" patchMergeKey:\"type\" protobuf:\"bytes,1,rep,name=conditions\"` \n // other fields }" + description: |- + Condition contains details for one aspect of the current state of this API Resource. + --- + This struct is intended for direct use as an array at the field path .status.conditions. For example, + + + type FooStatus struct{ + // Represents the observations of a foo's current state. + // Known .status.conditions.type are: "Available", "Progressing", and "Degraded" + // +patchMergeKey=type + // +patchStrategy=merge + // +listType=map + // +listMapKey=type + Conditions []metav1.Condition `json:"conditions,omitempty" patchStrategy:"merge" patchMergeKey:"type" protobuf:"bytes,1,rep,name=conditions"` + + + // other fields + } properties: lastTransitionTime: - description: lastTransitionTime is the last time the condition transitioned from one status to another. This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable. + description: |- + lastTransitionTime is the last time the condition transitioned from one status to another. + This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable. format: date-time type: string message: - description: message is a human readable message indicating details about the transition. This may be an empty string. + description: |- + message is a human readable message indicating details about the transition. + This may be an empty string. maxLength: 32768 type: string observedGeneration: - description: observedGeneration represents the .metadata.generation that the condition was set based upon. For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date with respect to the current state of the instance. + description: |- + observedGeneration represents the .metadata.generation that the condition was set based upon. + For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date + with respect to the current state of the instance. format: int64 minimum: 0 type: integer reason: - description: reason contains a programmatic identifier indicating the reason for the condition's last transition. Producers of specific condition types may define expected values and meanings for this field, and whether the values are considered a guaranteed API. The value should be a CamelCase string. This field may not be empty. + description: |- + reason contains a programmatic identifier indicating the reason for the condition's last transition. + Producers of specific condition types may define expected values and meanings for this field, + and whether the values are considered a guaranteed API. + The value should be a CamelCase string. + This field may not be empty. maxLength: 1024 minLength: 1 pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$ @@ -145,7 +347,12 @@ spec: - Unknown type: string type: - description: type of condition in CamelCase or in foo.example.com/CamelCase. --- Many .condition.type values are consistent across resources like Available, but because arbitrary conditions can be useful (see .node.status.conditions), the ability to deconflict is important. The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt) + description: |- + type of condition in CamelCase or in foo.example.com/CamelCase. + --- + Many .condition.type values are consistent across resources like Available, but because arbitrary conditions can be + useful (see .node.status.conditions), the ability to deconflict is important. + The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt) maxLength: 316 pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ type: string @@ -176,9 +383,3 @@ spec: storage: true subresources: status: {} -status: - acceptedNames: - kind: "" - plural: "" - conditions: [] - storedVersions: [] diff --git a/crds/datadoghq.com_datadogagents.yaml b/crds/datadoghq.com_datadogagents.yaml index 580498cb1..d3c0cf280 100644 --- a/crds/datadoghq.com_datadogagents.yaml +++ b/crds/datadoghq.com_datadogagents.yaml @@ -1,11 +1,9 @@ - --- apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.6.1 - creationTimestamp: null + controller-gen.kubebuilder.io/version: v0.14.0 name: datadogagents.datadoghq.com spec: group: datadoghq.com @@ -18,5827 +16,6 @@ spec: singular: datadogagent scope: Namespaced versions: - - additionalPrinterColumns: - - jsonPath: .status.conditions[?(@.type=='Active')].status - name: active - type: string - - jsonPath: .status.agent.status - name: agent - type: string - - jsonPath: .status.clusterAgent.status - name: cluster-agent - type: string - - jsonPath: .status.clusterChecksRunner.status - name: cluster-checks-runner - type: string - - jsonPath: .metadata.creationTimestamp - name: age - type: date - name: v1alpha1 - schema: - openAPIV3Schema: - properties: - apiVersion: - type: string - kind: - type: string - metadata: - type: object - spec: - properties: - agent: - properties: - additionalAnnotations: - additionalProperties: - type: string - type: object - additionalLabels: - additionalProperties: - type: string - type: object - affinity: - properties: - nodeAffinity: - properties: - preferredDuringSchedulingIgnoredDuringExecution: - items: - properties: - preference: - properties: - matchExpressions: - items: - properties: - key: - type: string - operator: - type: string - values: - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchFields: - items: - properties: - key: - type: string - operator: - type: string - values: - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - type: object - weight: - format: int32 - type: integer - required: - - preference - - weight - type: object - type: array - requiredDuringSchedulingIgnoredDuringExecution: - properties: - nodeSelectorTerms: - items: - properties: - matchExpressions: - items: - properties: - key: - type: string - operator: - type: string - values: - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchFields: - items: - properties: - key: - type: string - operator: - type: string - values: - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - type: object - type: array - required: - - nodeSelectorTerms - type: object - type: object - podAffinity: - properties: - preferredDuringSchedulingIgnoredDuringExecution: - items: - properties: - podAffinityTerm: - properties: - labelSelector: - properties: - matchExpressions: - items: - properties: - key: - type: string - operator: - type: string - values: - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - type: object - type: object - namespaceSelector: - properties: - matchExpressions: - items: - properties: - key: - type: string - operator: - type: string - values: - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - type: object - type: object - namespaces: - items: - type: string - type: array - topologyKey: - type: string - required: - - topologyKey - type: object - weight: - format: int32 - type: integer - required: - - podAffinityTerm - - weight - type: object - type: array - requiredDuringSchedulingIgnoredDuringExecution: - items: - properties: - labelSelector: - properties: - matchExpressions: - items: - properties: - key: - type: string - operator: - type: string - values: - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - type: object - type: object - namespaceSelector: - properties: - matchExpressions: - items: - properties: - key: - type: string - operator: - type: string - values: - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - type: object - type: object - namespaces: - items: - type: string - type: array - topologyKey: - type: string - required: - - topologyKey - type: object - type: array - type: object - podAntiAffinity: - properties: - preferredDuringSchedulingIgnoredDuringExecution: - items: - properties: - podAffinityTerm: - properties: - labelSelector: - properties: - matchExpressions: - items: - properties: - key: - type: string - operator: - type: string - values: - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - type: object - type: object - namespaceSelector: - properties: - matchExpressions: - items: - properties: - key: - type: string - operator: - type: string - values: - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - type: object - type: object - namespaces: - items: - type: string - type: array - topologyKey: - type: string - required: - - topologyKey - type: object - weight: - format: int32 - type: integer - required: - - podAffinityTerm - - weight - type: object - type: array - requiredDuringSchedulingIgnoredDuringExecution: - items: - properties: - labelSelector: - properties: - matchExpressions: - items: - properties: - key: - type: string - operator: - type: string - values: - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - type: object - type: object - namespaceSelector: - properties: - matchExpressions: - items: - properties: - key: - type: string - operator: - type: string - values: - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - type: object - type: object - namespaces: - items: - type: string - type: array - topologyKey: - type: string - required: - - topologyKey - type: object - type: array - type: object - type: object - apm: - properties: - args: - items: - type: string - type: array - x-kubernetes-list-type: atomic - command: - items: - type: string - type: array - x-kubernetes-list-type: atomic - enabled: - type: boolean - env: - items: - properties: - name: - type: string - value: - type: string - valueFrom: - properties: - configMapKeyRef: - properties: - key: - type: string - name: - type: string - optional: - type: boolean - required: - - key - type: object - fieldRef: - properties: - apiVersion: - type: string - fieldPath: - type: string - required: - - fieldPath - type: object - resourceFieldRef: - properties: - containerName: - type: string - divisor: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - resource: - type: string - required: - - resource - type: object - secretKeyRef: - properties: - key: - type: string - name: - type: string - optional: - type: boolean - required: - - key - type: object - type: object - required: - - name - type: object - type: array - x-kubernetes-list-map-keys: - - name - x-kubernetes-list-type: map - hostPort: - format: int32 - type: integer - livenessProbe: - properties: - exec: - properties: - command: - items: - type: string - type: array - type: object - failureThreshold: - format: int32 - type: integer - grpc: - properties: - port: - format: int32 - type: integer - service: - type: string - required: - - port - type: object - httpGet: - properties: - host: - type: string - httpHeaders: - items: - properties: - name: - type: string - value: - type: string - required: - - name - - value - type: object - type: array - path: - type: string - port: - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - scheme: - type: string - required: - - port - type: object - initialDelaySeconds: - format: int32 - type: integer - periodSeconds: - format: int32 - type: integer - successThreshold: - format: int32 - type: integer - tcpSocket: - properties: - host: - type: string - port: - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - required: - - port - type: object - terminationGracePeriodSeconds: - format: int64 - type: integer - timeoutSeconds: - format: int32 - type: integer - type: object - resources: - properties: - limits: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - type: object - requests: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - type: object - type: object - unixDomainSocket: - properties: - enabled: - type: boolean - hostFilepath: - type: string - type: object - volumeMounts: - items: - properties: - mountPath: - type: string - mountPropagation: - type: string - name: - type: string - readOnly: - type: boolean - subPath: - type: string - subPathExpr: - type: string - required: - - mountPath - - name - type: object - type: array - x-kubernetes-list-map-keys: - - name - - mountPath - x-kubernetes-list-type: map - type: object - config: - properties: - args: - items: - type: string - type: array - x-kubernetes-list-type: atomic - checksd: - properties: - configMapName: - type: string - items: - items: - properties: - key: - type: string - mode: - format: int32 - type: integer - path: - type: string - required: - - key - - path - type: object - type: array - x-kubernetes-list-map-keys: - - key - x-kubernetes-list-type: map - type: object - collectEvents: - type: boolean - command: - items: - type: string - type: array - x-kubernetes-list-type: atomic - confd: - properties: - configMapName: - type: string - items: - items: - properties: - key: - type: string - mode: - format: int32 - type: integer - path: - type: string - required: - - key - - path - type: object - type: array - x-kubernetes-list-map-keys: - - key - x-kubernetes-list-type: map - type: object - criSocket: - properties: - criSocketPath: - type: string - dockerSocketPath: - type: string - type: object - ddUrl: - type: string - dogstatsd: - properties: - dogstatsdOriginDetection: - type: boolean - mapperProfiles: - properties: - configData: - type: string - configMap: - properties: - fileKey: - type: string - name: - type: string - type: object - type: object - unixDomainSocket: - properties: - enabled: - type: boolean - hostFilepath: - type: string - type: object - type: object - env: - items: - properties: - name: - type: string - value: - type: string - valueFrom: - properties: - configMapKeyRef: - properties: - key: - type: string - name: - type: string - optional: - type: boolean - required: - - key - type: object - fieldRef: - properties: - apiVersion: - type: string - fieldPath: - type: string - required: - - fieldPath - type: object - resourceFieldRef: - properties: - containerName: - type: string - divisor: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - resource: - type: string - required: - - resource - type: object - secretKeyRef: - properties: - key: - type: string - name: - type: string - optional: - type: boolean - required: - - key - type: object - type: object - required: - - name - type: object - type: array - x-kubernetes-list-map-keys: - - name - x-kubernetes-list-type: map - healthPort: - format: int32 - type: integer - hostPort: - format: int32 - type: integer - kubelet: - properties: - agentCAPath: - type: string - host: - properties: - configMapKeyRef: - properties: - key: - type: string - name: - type: string - optional: - type: boolean - required: - - key - type: object - fieldRef: - properties: - apiVersion: - type: string - fieldPath: - type: string - required: - - fieldPath - type: object - resourceFieldRef: - properties: - containerName: - type: string - divisor: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - resource: - type: string - required: - - resource - type: object - secretKeyRef: - properties: - key: - type: string - name: - type: string - optional: - type: boolean - required: - - key - type: object - type: object - hostCAPath: - type: string - tlsVerify: - type: boolean - type: object - leaderElection: - type: boolean - livenessProbe: - properties: - exec: - properties: - command: - items: - type: string - type: array - type: object - failureThreshold: - format: int32 - type: integer - grpc: - properties: - port: - format: int32 - type: integer - service: - type: string - required: - - port - type: object - httpGet: - properties: - host: - type: string - httpHeaders: - items: - properties: - name: - type: string - value: - type: string - required: - - name - - value - type: object - type: array - path: - type: string - port: - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - scheme: - type: string - required: - - port - type: object - initialDelaySeconds: - format: int32 - type: integer - periodSeconds: - format: int32 - type: integer - successThreshold: - format: int32 - type: integer - tcpSocket: - properties: - host: - type: string - port: - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - required: - - port - type: object - terminationGracePeriodSeconds: - format: int64 - type: integer - timeoutSeconds: - format: int32 - type: integer - type: object - logLevel: - type: string - namespaceLabelsAsTags: - additionalProperties: - type: string - type: object - nodeLabelsAsTags: - additionalProperties: - type: string - type: object - podAnnotationsAsTags: - additionalProperties: - type: string - type: object - podLabelsAsTags: - additionalProperties: - type: string - type: object - readinessProbe: - properties: - exec: - properties: - command: - items: - type: string - type: array - type: object - failureThreshold: - format: int32 - type: integer - grpc: - properties: - port: - format: int32 - type: integer - service: - type: string - required: - - port - type: object - httpGet: - properties: - host: - type: string - httpHeaders: - items: - properties: - name: - type: string - value: - type: string - required: - - name - - value - type: object - type: array - path: - type: string - port: - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - scheme: - type: string - required: - - port - type: object - initialDelaySeconds: - format: int32 - type: integer - periodSeconds: - format: int32 - type: integer - successThreshold: - format: int32 - type: integer - tcpSocket: - properties: - host: - type: string - port: - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - required: - - port - type: object - terminationGracePeriodSeconds: - format: int64 - type: integer - timeoutSeconds: - format: int32 - type: integer - type: object - resources: - properties: - limits: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - type: object - requests: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - type: object - type: object - securityContext: - properties: - fsGroup: - format: int64 - type: integer - fsGroupChangePolicy: - type: string - runAsGroup: - format: int64 - type: integer - runAsNonRoot: - type: boolean - runAsUser: - format: int64 - type: integer - seLinuxOptions: - properties: - level: - type: string - role: - type: string - type: - type: string - user: - type: string - type: object - seccompProfile: - properties: - localhostProfile: - type: string - type: - type: string - required: - - type - type: object - supplementalGroups: - items: - format: int64 - type: integer - type: array - sysctls: - items: - properties: - name: - type: string - value: - type: string - required: - - name - - value - type: object - type: array - windowsOptions: - properties: - gmsaCredentialSpec: - type: string - gmsaCredentialSpecName: - type: string - hostProcess: - type: boolean - runAsUserName: - type: string - type: object - type: object - tags: - items: - type: string - type: array - x-kubernetes-list-type: set - tolerations: - items: - properties: - effect: - type: string - key: - type: string - operator: - type: string - tolerationSeconds: - format: int64 - type: integer - value: - type: string - type: object - type: array - x-kubernetes-list-type: atomic - volumeMounts: - items: - properties: - mountPath: - type: string - mountPropagation: - type: string - name: - type: string - readOnly: - type: boolean - subPath: - type: string - subPathExpr: - type: string - required: - - mountPath - - name - type: object - type: array - x-kubernetes-list-map-keys: - - name - - mountPath - x-kubernetes-list-type: map - volumes: - items: - properties: - awsElasticBlockStore: - properties: - fsType: - type: string - partition: - format: int32 - type: integer - readOnly: - type: boolean - volumeID: - type: string - required: - - volumeID - type: object - azureDisk: - properties: - cachingMode: - type: string - diskName: - type: string - diskURI: - type: string - fsType: - type: string - kind: - type: string - readOnly: - type: boolean - required: - - diskName - - diskURI - type: object - azureFile: - properties: - readOnly: - type: boolean - secretName: - type: string - shareName: - type: string - required: - - secretName - - shareName - type: object - cephfs: - properties: - monitors: - items: - type: string - type: array - path: - type: string - readOnly: - type: boolean - secretFile: - type: string - secretRef: - properties: - name: - type: string - type: object - user: - type: string - required: - - monitors - type: object - cinder: - properties: - fsType: - type: string - readOnly: - type: boolean - secretRef: - properties: - name: - type: string - type: object - volumeID: - type: string - required: - - volumeID - type: object - configMap: - properties: - defaultMode: - format: int32 - type: integer - items: - items: - properties: - key: - type: string - mode: - format: int32 - type: integer - path: - type: string - required: - - key - - path - type: object - type: array - name: - type: string - optional: - type: boolean - type: object - csi: - properties: - driver: - type: string - fsType: - type: string - nodePublishSecretRef: - properties: - name: - type: string - type: object - readOnly: - type: boolean - volumeAttributes: - additionalProperties: - type: string - type: object - required: - - driver - type: object - downwardAPI: - properties: - defaultMode: - format: int32 - type: integer - items: - items: - properties: - fieldRef: - properties: - apiVersion: - type: string - fieldPath: - type: string - required: - - fieldPath - type: object - mode: - format: int32 - type: integer - path: - type: string - resourceFieldRef: - properties: - containerName: - type: string - divisor: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - resource: - type: string - required: - - resource - type: object - required: - - path - type: object - type: array - type: object - emptyDir: - properties: - medium: - type: string - sizeLimit: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - type: object - ephemeral: - properties: - volumeClaimTemplate: - properties: - metadata: - type: object - spec: - properties: - accessModes: - items: - type: string - type: array - dataSource: - properties: - apiGroup: - type: string - kind: - type: string - name: - type: string - required: - - kind - - name - type: object - dataSourceRef: - properties: - apiGroup: - type: string - kind: - type: string - name: - type: string - required: - - kind - - name - type: object - resources: - properties: - limits: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - type: object - requests: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - type: object - type: object - selector: - properties: - matchExpressions: - items: - properties: - key: - type: string - operator: - type: string - values: - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - type: object - type: object - storageClassName: - type: string - volumeMode: - type: string - volumeName: - type: string - type: object - required: - - spec - type: object - type: object - fc: - properties: - fsType: - type: string - lun: - format: int32 - type: integer - readOnly: - type: boolean - targetWWNs: - items: - type: string - type: array - wwids: - items: - type: string - type: array - type: object - flexVolume: - properties: - driver: - type: string - fsType: - type: string - options: - additionalProperties: - type: string - type: object - readOnly: - type: boolean - secretRef: - properties: - name: - type: string - type: object - required: - - driver - type: object - flocker: - properties: - datasetName: - type: string - datasetUUID: - type: string - type: object - gcePersistentDisk: - properties: - fsType: - type: string - partition: - format: int32 - type: integer - pdName: - type: string - readOnly: - type: boolean - required: - - pdName - type: object - gitRepo: - properties: - directory: - type: string - repository: - type: string - revision: - type: string - required: - - repository - type: object - glusterfs: - properties: - endpoints: - type: string - path: - type: string - readOnly: - type: boolean - required: - - endpoints - - path - type: object - hostPath: - properties: - path: - type: string - type: - type: string - required: - - path - type: object - iscsi: - properties: - chapAuthDiscovery: - type: boolean - chapAuthSession: - type: boolean - fsType: - type: string - initiatorName: - type: string - iqn: - type: string - iscsiInterface: - type: string - lun: - format: int32 - type: integer - portals: - items: - type: string - type: array - readOnly: - type: boolean - secretRef: - properties: - name: - type: string - type: object - targetPortal: - type: string - required: - - iqn - - lun - - targetPortal - type: object - name: - type: string - nfs: - properties: - path: - type: string - readOnly: - type: boolean - server: - type: string - required: - - path - - server - type: object - persistentVolumeClaim: - properties: - claimName: - type: string - readOnly: - type: boolean - required: - - claimName - type: object - photonPersistentDisk: - properties: - fsType: - type: string - pdID: - type: string - required: - - pdID - type: object - portworxVolume: - properties: - fsType: - type: string - readOnly: - type: boolean - volumeID: - type: string - required: - - volumeID - type: object - projected: - properties: - defaultMode: - format: int32 - type: integer - sources: - items: - properties: - configMap: - properties: - items: - items: - properties: - key: - type: string - mode: - format: int32 - type: integer - path: - type: string - required: - - key - - path - type: object - type: array - name: - type: string - optional: - type: boolean - type: object - downwardAPI: - properties: - items: - items: - properties: - fieldRef: - properties: - apiVersion: - type: string - fieldPath: - type: string - required: - - fieldPath - type: object - mode: - format: int32 - type: integer - path: - type: string - resourceFieldRef: - properties: - containerName: - type: string - divisor: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - resource: - type: string - required: - - resource - type: object - required: - - path - type: object - type: array - type: object - secret: - properties: - items: - items: - properties: - key: - type: string - mode: - format: int32 - type: integer - path: - type: string - required: - - key - - path - type: object - type: array - name: - type: string - optional: - type: boolean - type: object - serviceAccountToken: - properties: - audience: - type: string - expirationSeconds: - format: int64 - type: integer - path: - type: string - required: - - path - type: object - type: object - type: array - type: object - quobyte: - properties: - group: - type: string - readOnly: - type: boolean - registry: - type: string - tenant: - type: string - user: - type: string - volume: - type: string - required: - - registry - - volume - type: object - rbd: - properties: - fsType: - type: string - image: - type: string - keyring: - type: string - monitors: - items: - type: string - type: array - pool: - type: string - readOnly: - type: boolean - secretRef: - properties: - name: - type: string - type: object - user: - type: string - required: - - image - - monitors - type: object - scaleIO: - properties: - fsType: - type: string - gateway: - type: string - protectionDomain: - type: string - readOnly: - type: boolean - secretRef: - properties: - name: - type: string - type: object - sslEnabled: - type: boolean - storageMode: - type: string - storagePool: - type: string - system: - type: string - volumeName: - type: string - required: - - gateway - - secretRef - - system - type: object - secret: - properties: - defaultMode: - format: int32 - type: integer - items: - items: - properties: - key: - type: string - mode: - format: int32 - type: integer - path: - type: string - required: - - key - - path - type: object - type: array - optional: - type: boolean - secretName: - type: string - type: object - storageos: - properties: - fsType: - type: string - readOnly: - type: boolean - secretRef: - properties: - name: - type: string - type: object - volumeName: - type: string - volumeNamespace: - type: string - type: object - vsphereVolume: - properties: - fsType: - type: string - storagePolicyID: - type: string - storagePolicyName: - type: string - volumePath: - type: string - required: - - volumePath - type: object - required: - - name - type: object - type: array - x-kubernetes-list-map-keys: - - name - x-kubernetes-list-type: map - type: object - customConfig: - properties: - configData: - type: string - configMap: - properties: - fileKey: - type: string - name: - type: string - type: object - type: object - daemonsetName: - type: string - deploymentStrategy: - properties: - canary: - properties: - autoFail: - properties: - canaryTimeout: - type: string - enabled: - type: boolean - maxRestarts: - format: int32 - type: integer - maxRestartsDuration: - type: string - type: object - autoPause: - properties: - enabled: - type: boolean - maxRestarts: - format: int32 - type: integer - maxSlowStartDuration: - type: string - type: object - duration: - type: string - noRestartsDuration: - type: string - nodeAntiAffinityKeys: - items: - type: string - type: array - x-kubernetes-list-type: set - nodeSelector: - properties: - matchExpressions: - items: - properties: - key: - type: string - operator: - type: string - values: - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - type: object - type: object - replicas: - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - validationMode: - enum: - - auto - - manual - type: string - type: object - reconcileFrequency: - type: string - rollingUpdate: - properties: - maxParallelPodCreation: - format: int32 - type: integer - maxPodSchedulerFailure: - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - maxUnavailable: - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - slowStartAdditiveIncrease: - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - slowStartIntervalDuration: - type: string - type: object - updateStrategyType: - type: string - type: object - dnsConfig: - properties: - nameservers: - items: - type: string - type: array - options: - items: - properties: - name: - type: string - value: - type: string - type: object - type: array - searches: - items: - type: string - type: array - type: object - dnsPolicy: - type: string - enabled: - type: boolean - env: - items: - properties: - name: - type: string - value: - type: string - valueFrom: - properties: - configMapKeyRef: - properties: - key: - type: string - name: - type: string - optional: - type: boolean - required: - - key - type: object - fieldRef: - properties: - apiVersion: - type: string - fieldPath: - type: string - required: - - fieldPath - type: object - resourceFieldRef: - properties: - containerName: - type: string - divisor: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - resource: - type: string - required: - - resource - type: object - secretKeyRef: - properties: - key: - type: string - name: - type: string - optional: - type: boolean - required: - - key - type: object - type: object - required: - - name - type: object - type: array - x-kubernetes-list-map-keys: - - name - x-kubernetes-list-type: map - hostNetwork: - type: boolean - hostPID: - type: boolean - image: - properties: - jmxEnabled: - type: boolean - name: - type: string - pullPolicy: - type: string - pullSecrets: - items: - properties: - name: - type: string - type: object - type: array - tag: - type: string - type: object - keepAnnotations: - type: string - keepLabels: - type: string - localService: - properties: - forceLocalServiceEnable: - type: boolean - overrideName: - type: string - type: object - log: - properties: - containerCollectUsingFiles: - type: boolean - containerLogsPath: - type: string - containerSymlinksPath: - type: string - enabled: - type: boolean - logsConfigContainerCollectAll: - type: boolean - openFilesLimit: - format: int32 - type: integer - podLogsPath: - type: string - tempStoragePath: - type: string - type: object - networkPolicy: - properties: - create: - type: boolean - dnsSelectorEndpoints: - items: - properties: - matchExpressions: - items: - properties: - key: - type: string - operator: - type: string - values: - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - type: object - type: object - type: array - x-kubernetes-list-type: atomic - flavor: - type: string - type: object - otlp: - properties: - receiver: - properties: - protocols: - properties: - grpc: - properties: - enabled: - type: boolean - endpoint: - type: string - type: object - http: - properties: - enabled: - type: boolean - endpoint: - type: string - type: object - type: object - type: object - type: object - priorityClassName: - type: string - process: - properties: - args: - items: - type: string - type: array - x-kubernetes-list-type: atomic - command: - items: - type: string - type: array - x-kubernetes-list-type: atomic - enabled: - type: boolean - env: - items: - properties: - name: - type: string - value: - type: string - valueFrom: - properties: - configMapKeyRef: - properties: - key: - type: string - name: - type: string - optional: - type: boolean - required: - - key - type: object - fieldRef: - properties: - apiVersion: - type: string - fieldPath: - type: string - required: - - fieldPath - type: object - resourceFieldRef: - properties: - containerName: - type: string - divisor: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - resource: - type: string - required: - - resource - type: object - secretKeyRef: - properties: - key: - type: string - name: - type: string - optional: - type: boolean - required: - - key - type: object - type: object - required: - - name - type: object - type: array - x-kubernetes-list-map-keys: - - name - x-kubernetes-list-type: map - processCollectionEnabled: - type: boolean - resources: - properties: - limits: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - type: object - requests: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - type: object - type: object - volumeMounts: - items: - properties: - mountPath: - type: string - mountPropagation: - type: string - name: - type: string - readOnly: - type: boolean - subPath: - type: string - subPathExpr: - type: string - required: - - mountPath - - name - type: object - type: array - x-kubernetes-list-map-keys: - - name - - mountPath - x-kubernetes-list-type: map - type: object - rbac: - properties: - create: - type: boolean - serviceAccountName: - type: string - type: object - security: - properties: - args: - items: - type: string - type: array - x-kubernetes-list-type: atomic - command: - items: - type: string - type: array - x-kubernetes-list-type: atomic - compliance: - properties: - checkInterval: - type: string - configDir: - properties: - configMapName: - type: string - items: - items: - properties: - key: - type: string - mode: - format: int32 - type: integer - path: - type: string - required: - - key - - path - type: object - type: array - x-kubernetes-list-map-keys: - - key - x-kubernetes-list-type: map - type: object - enabled: - type: boolean - type: object - env: - items: - properties: - name: - type: string - value: - type: string - valueFrom: - properties: - configMapKeyRef: - properties: - key: - type: string - name: - type: string - optional: - type: boolean - required: - - key - type: object - fieldRef: - properties: - apiVersion: - type: string - fieldPath: - type: string - required: - - fieldPath - type: object - resourceFieldRef: - properties: - containerName: - type: string - divisor: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - resource: - type: string - required: - - resource - type: object - secretKeyRef: - properties: - key: - type: string - name: - type: string - optional: - type: boolean - required: - - key - type: object - type: object - required: - - name - type: object - type: array - x-kubernetes-list-map-keys: - - name - x-kubernetes-list-type: map - resources: - properties: - limits: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - type: object - requests: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - type: object - type: object - runtime: - properties: - enabled: - type: boolean - policiesDir: - properties: - configMapName: - type: string - items: - items: - properties: - key: - type: string - mode: - format: int32 - type: integer - path: - type: string - required: - - key - - path - type: object - type: array - x-kubernetes-list-map-keys: - - key - x-kubernetes-list-type: map - type: object - syscallMonitor: - properties: - enabled: - type: boolean - type: object - type: object - volumeMounts: - items: - properties: - mountPath: - type: string - mountPropagation: - type: string - name: - type: string - readOnly: - type: boolean - subPath: - type: string - subPathExpr: - type: string - required: - - mountPath - - name - type: object - type: array - x-kubernetes-list-map-keys: - - name - - mountPath - x-kubernetes-list-type: map - type: object - systemProbe: - properties: - appArmorProfileName: - type: string - args: - items: - type: string - type: array - x-kubernetes-list-type: atomic - bpfDebugEnabled: - type: boolean - collectDNSStats: - type: boolean - command: - items: - type: string - type: array - x-kubernetes-list-type: atomic - conntrackEnabled: - type: boolean - customConfig: - properties: - configData: - type: string - configMap: - properties: - fileKey: - type: string - name: - type: string - type: object - type: object - debugPort: - format: int32 - type: integer - enableOOMKill: - type: boolean - enableTCPQueueLength: - type: boolean - enabled: - type: boolean - env: - items: - properties: - name: - type: string - value: - type: string - valueFrom: - properties: - configMapKeyRef: - properties: - key: - type: string - name: - type: string - optional: - type: boolean - required: - - key - type: object - fieldRef: - properties: - apiVersion: - type: string - fieldPath: - type: string - required: - - fieldPath - type: object - resourceFieldRef: - properties: - containerName: - type: string - divisor: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - resource: - type: string - required: - - resource - type: object - secretKeyRef: - properties: - key: - type: string - name: - type: string - optional: - type: boolean - required: - - key - type: object - type: object - required: - - name - type: object - type: array - x-kubernetes-list-map-keys: - - name - x-kubernetes-list-type: map - resources: - properties: - limits: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - type: object - requests: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - type: object - type: object - secCompCustomProfileConfigMap: - type: string - secCompProfileName: - type: string - secCompRootPath: - type: string - securityContext: - properties: - allowPrivilegeEscalation: - type: boolean - capabilities: - properties: - add: - items: - type: string - type: array - drop: - items: - type: string - type: array - type: object - privileged: - type: boolean - procMount: - type: string - readOnlyRootFilesystem: - type: boolean - runAsGroup: - format: int64 - type: integer - runAsNonRoot: - type: boolean - runAsUser: - format: int64 - type: integer - seLinuxOptions: - properties: - level: - type: string - role: - type: string - type: - type: string - user: - type: string - type: object - seccompProfile: - properties: - localhostProfile: - type: string - type: - type: string - required: - - type - type: object - windowsOptions: - properties: - gmsaCredentialSpec: - type: string - gmsaCredentialSpecName: - type: string - hostProcess: - type: boolean - runAsUserName: - type: string - type: object - type: object - volumeMounts: - items: - properties: - mountPath: - type: string - mountPropagation: - type: string - name: - type: string - readOnly: - type: boolean - subPath: - type: string - subPathExpr: - type: string - required: - - mountPath - - name - type: object - type: array - x-kubernetes-list-map-keys: - - name - - mountPath - x-kubernetes-list-type: map - type: object - useExtendedDaemonset: - type: boolean - type: object - clusterAgent: - properties: - additionalAnnotations: - additionalProperties: - type: string - type: object - additionalLabels: - additionalProperties: - type: string - type: object - affinity: - properties: - nodeAffinity: - properties: - preferredDuringSchedulingIgnoredDuringExecution: - items: - properties: - preference: - properties: - matchExpressions: - items: - properties: - key: - type: string - operator: - type: string - values: - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchFields: - items: - properties: - key: - type: string - operator: - type: string - values: - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - type: object - weight: - format: int32 - type: integer - required: - - preference - - weight - type: object - type: array - requiredDuringSchedulingIgnoredDuringExecution: - properties: - nodeSelectorTerms: - items: - properties: - matchExpressions: - items: - properties: - key: - type: string - operator: - type: string - values: - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchFields: - items: - properties: - key: - type: string - operator: - type: string - values: - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - type: object - type: array - required: - - nodeSelectorTerms - type: object - type: object - podAffinity: - properties: - preferredDuringSchedulingIgnoredDuringExecution: - items: - properties: - podAffinityTerm: - properties: - labelSelector: - properties: - matchExpressions: - items: - properties: - key: - type: string - operator: - type: string - values: - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - type: object - type: object - namespaceSelector: - properties: - matchExpressions: - items: - properties: - key: - type: string - operator: - type: string - values: - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - type: object - type: object - namespaces: - items: - type: string - type: array - topologyKey: - type: string - required: - - topologyKey - type: object - weight: - format: int32 - type: integer - required: - - podAffinityTerm - - weight - type: object - type: array - requiredDuringSchedulingIgnoredDuringExecution: - items: - properties: - labelSelector: - properties: - matchExpressions: - items: - properties: - key: - type: string - operator: - type: string - values: - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - type: object - type: object - namespaceSelector: - properties: - matchExpressions: - items: - properties: - key: - type: string - operator: - type: string - values: - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - type: object - type: object - namespaces: - items: - type: string - type: array - topologyKey: - type: string - required: - - topologyKey - type: object - type: array - type: object - podAntiAffinity: - properties: - preferredDuringSchedulingIgnoredDuringExecution: - items: - properties: - podAffinityTerm: - properties: - labelSelector: - properties: - matchExpressions: - items: - properties: - key: - type: string - operator: - type: string - values: - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - type: object - type: object - namespaceSelector: - properties: - matchExpressions: - items: - properties: - key: - type: string - operator: - type: string - values: - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - type: object - type: object - namespaces: - items: - type: string - type: array - topologyKey: - type: string - required: - - topologyKey - type: object - weight: - format: int32 - type: integer - required: - - podAffinityTerm - - weight - type: object - type: array - requiredDuringSchedulingIgnoredDuringExecution: - items: - properties: - labelSelector: - properties: - matchExpressions: - items: - properties: - key: - type: string - operator: - type: string - values: - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - type: object - type: object - namespaceSelector: - properties: - matchExpressions: - items: - properties: - key: - type: string - operator: - type: string - values: - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - type: object - type: object - namespaces: - items: - type: string - type: array - topologyKey: - type: string - required: - - topologyKey - type: object - type: array - type: object - type: object - config: - properties: - admissionController: - properties: - agentCommunicationMode: - type: string - enabled: - type: boolean - mutateUnlabelled: - type: boolean - serviceName: - type: string - type: object - args: - items: - type: string - type: array - x-kubernetes-list-type: atomic - clusterChecksEnabled: - type: boolean - collectEvents: - type: boolean - command: - items: - type: string - type: array - x-kubernetes-list-type: atomic - confd: - properties: - configMapName: - type: string - items: - items: - properties: - key: - type: string - mode: - format: int32 - type: integer - path: - type: string - required: - - key - - path - type: object - type: array - x-kubernetes-list-map-keys: - - key - x-kubernetes-list-type: map - type: object - env: - items: - properties: - name: - type: string - value: - type: string - valueFrom: - properties: - configMapKeyRef: - properties: - key: - type: string - name: - type: string - optional: - type: boolean - required: - - key - type: object - fieldRef: - properties: - apiVersion: - type: string - fieldPath: - type: string - required: - - fieldPath - type: object - resourceFieldRef: - properties: - containerName: - type: string - divisor: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - resource: - type: string - required: - - resource - type: object - secretKeyRef: - properties: - key: - type: string - name: - type: string - optional: - type: boolean - required: - - key - type: object - type: object - required: - - name - type: object - type: array - x-kubernetes-list-map-keys: - - name - x-kubernetes-list-type: map - externalMetrics: - properties: - credentials: - properties: - apiKey: - type: string - apiKeyExistingSecret: - type: string - apiSecret: - properties: - keyName: - type: string - secretName: - type: string - required: - - secretName - type: object - appKey: - type: string - appKeyExistingSecret: - type: string - appSecret: - properties: - keyName: - type: string - secretName: - type: string - required: - - secretName - type: object - type: object - enabled: - type: boolean - endpoint: - type: string - port: - format: int32 - type: integer - useDatadogMetrics: - type: boolean - wpaController: - type: boolean - type: object - healthPort: - format: int32 - type: integer - logLevel: - type: string - resources: - properties: - limits: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - type: object - requests: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - type: object - type: object - securityContext: - properties: - fsGroup: - format: int64 - type: integer - fsGroupChangePolicy: - type: string - runAsGroup: - format: int64 - type: integer - runAsNonRoot: - type: boolean - runAsUser: - format: int64 - type: integer - seLinuxOptions: - properties: - level: - type: string - role: - type: string - type: - type: string - user: - type: string - type: object - seccompProfile: - properties: - localhostProfile: - type: string - type: - type: string - required: - - type - type: object - supplementalGroups: - items: - format: int64 - type: integer - type: array - sysctls: - items: - properties: - name: - type: string - value: - type: string - required: - - name - - value - type: object - type: array - windowsOptions: - properties: - gmsaCredentialSpec: - type: string - gmsaCredentialSpecName: - type: string - hostProcess: - type: boolean - runAsUserName: - type: string - type: object - type: object - volumeMounts: - items: - properties: - mountPath: - type: string - mountPropagation: - type: string - name: - type: string - readOnly: - type: boolean - subPath: - type: string - subPathExpr: - type: string - required: - - mountPath - - name - type: object - type: array - x-kubernetes-list-map-keys: - - name - - mountPath - x-kubernetes-list-type: map - volumes: - items: - properties: - awsElasticBlockStore: - properties: - fsType: - type: string - partition: - format: int32 - type: integer - readOnly: - type: boolean - volumeID: - type: string - required: - - volumeID - type: object - azureDisk: - properties: - cachingMode: - type: string - diskName: - type: string - diskURI: - type: string - fsType: - type: string - kind: - type: string - readOnly: - type: boolean - required: - - diskName - - diskURI - type: object - azureFile: - properties: - readOnly: - type: boolean - secretName: - type: string - shareName: - type: string - required: - - secretName - - shareName - type: object - cephfs: - properties: - monitors: - items: - type: string - type: array - path: - type: string - readOnly: - type: boolean - secretFile: - type: string - secretRef: - properties: - name: - type: string - type: object - user: - type: string - required: - - monitors - type: object - cinder: - properties: - fsType: - type: string - readOnly: - type: boolean - secretRef: - properties: - name: - type: string - type: object - volumeID: - type: string - required: - - volumeID - type: object - configMap: - properties: - defaultMode: - format: int32 - type: integer - items: - items: - properties: - key: - type: string - mode: - format: int32 - type: integer - path: - type: string - required: - - key - - path - type: object - type: array - name: - type: string - optional: - type: boolean - type: object - csi: - properties: - driver: - type: string - fsType: - type: string - nodePublishSecretRef: - properties: - name: - type: string - type: object - readOnly: - type: boolean - volumeAttributes: - additionalProperties: - type: string - type: object - required: - - driver - type: object - downwardAPI: - properties: - defaultMode: - format: int32 - type: integer - items: - items: - properties: - fieldRef: - properties: - apiVersion: - type: string - fieldPath: - type: string - required: - - fieldPath - type: object - mode: - format: int32 - type: integer - path: - type: string - resourceFieldRef: - properties: - containerName: - type: string - divisor: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - resource: - type: string - required: - - resource - type: object - required: - - path - type: object - type: array - type: object - emptyDir: - properties: - medium: - type: string - sizeLimit: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - type: object - ephemeral: - properties: - volumeClaimTemplate: - properties: - metadata: - type: object - spec: - properties: - accessModes: - items: - type: string - type: array - dataSource: - properties: - apiGroup: - type: string - kind: - type: string - name: - type: string - required: - - kind - - name - type: object - dataSourceRef: - properties: - apiGroup: - type: string - kind: - type: string - name: - type: string - required: - - kind - - name - type: object - resources: - properties: - limits: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - type: object - requests: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - type: object - type: object - selector: - properties: - matchExpressions: - items: - properties: - key: - type: string - operator: - type: string - values: - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - type: object - type: object - storageClassName: - type: string - volumeMode: - type: string - volumeName: - type: string - type: object - required: - - spec - type: object - type: object - fc: - properties: - fsType: - type: string - lun: - format: int32 - type: integer - readOnly: - type: boolean - targetWWNs: - items: - type: string - type: array - wwids: - items: - type: string - type: array - type: object - flexVolume: - properties: - driver: - type: string - fsType: - type: string - options: - additionalProperties: - type: string - type: object - readOnly: - type: boolean - secretRef: - properties: - name: - type: string - type: object - required: - - driver - type: object - flocker: - properties: - datasetName: - type: string - datasetUUID: - type: string - type: object - gcePersistentDisk: - properties: - fsType: - type: string - partition: - format: int32 - type: integer - pdName: - type: string - readOnly: - type: boolean - required: - - pdName - type: object - gitRepo: - properties: - directory: - type: string - repository: - type: string - revision: - type: string - required: - - repository - type: object - glusterfs: - properties: - endpoints: - type: string - path: - type: string - readOnly: - type: boolean - required: - - endpoints - - path - type: object - hostPath: - properties: - path: - type: string - type: - type: string - required: - - path - type: object - iscsi: - properties: - chapAuthDiscovery: - type: boolean - chapAuthSession: - type: boolean - fsType: - type: string - initiatorName: - type: string - iqn: - type: string - iscsiInterface: - type: string - lun: - format: int32 - type: integer - portals: - items: - type: string - type: array - readOnly: - type: boolean - secretRef: - properties: - name: - type: string - type: object - targetPortal: - type: string - required: - - iqn - - lun - - targetPortal - type: object - name: - type: string - nfs: - properties: - path: - type: string - readOnly: - type: boolean - server: - type: string - required: - - path - - server - type: object - persistentVolumeClaim: - properties: - claimName: - type: string - readOnly: - type: boolean - required: - - claimName - type: object - photonPersistentDisk: - properties: - fsType: - type: string - pdID: - type: string - required: - - pdID - type: object - portworxVolume: - properties: - fsType: - type: string - readOnly: - type: boolean - volumeID: - type: string - required: - - volumeID - type: object - projected: - properties: - defaultMode: - format: int32 - type: integer - sources: - items: - properties: - configMap: - properties: - items: - items: - properties: - key: - type: string - mode: - format: int32 - type: integer - path: - type: string - required: - - key - - path - type: object - type: array - name: - type: string - optional: - type: boolean - type: object - downwardAPI: - properties: - items: - items: - properties: - fieldRef: - properties: - apiVersion: - type: string - fieldPath: - type: string - required: - - fieldPath - type: object - mode: - format: int32 - type: integer - path: - type: string - resourceFieldRef: - properties: - containerName: - type: string - divisor: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - resource: - type: string - required: - - resource - type: object - required: - - path - type: object - type: array - type: object - secret: - properties: - items: - items: - properties: - key: - type: string - mode: - format: int32 - type: integer - path: - type: string - required: - - key - - path - type: object - type: array - name: - type: string - optional: - type: boolean - type: object - serviceAccountToken: - properties: - audience: - type: string - expirationSeconds: - format: int64 - type: integer - path: - type: string - required: - - path - type: object - type: object - type: array - type: object - quobyte: - properties: - group: - type: string - readOnly: - type: boolean - registry: - type: string - tenant: - type: string - user: - type: string - volume: - type: string - required: - - registry - - volume - type: object - rbd: - properties: - fsType: - type: string - image: - type: string - keyring: - type: string - monitors: - items: - type: string - type: array - pool: - type: string - readOnly: - type: boolean - secretRef: - properties: - name: - type: string - type: object - user: - type: string - required: - - image - - monitors - type: object - scaleIO: - properties: - fsType: - type: string - gateway: - type: string - protectionDomain: - type: string - readOnly: - type: boolean - secretRef: - properties: - name: - type: string - type: object - sslEnabled: - type: boolean - storageMode: - type: string - storagePool: - type: string - system: - type: string - volumeName: - type: string - required: - - gateway - - secretRef - - system - type: object - secret: - properties: - defaultMode: - format: int32 - type: integer - items: - items: - properties: - key: - type: string - mode: - format: int32 - type: integer - path: - type: string - required: - - key - - path - type: object - type: array - optional: - type: boolean - secretName: - type: string - type: object - storageos: - properties: - fsType: - type: string - readOnly: - type: boolean - secretRef: - properties: - name: - type: string - type: object - volumeName: - type: string - volumeNamespace: - type: string - type: object - vsphereVolume: - properties: - fsType: - type: string - storagePolicyID: - type: string - storagePolicyName: - type: string - volumePath: - type: string - required: - - volumePath - type: object - required: - - name - type: object - type: array - x-kubernetes-list-map-keys: - - name - x-kubernetes-list-type: map - type: object - customConfig: - properties: - configData: - type: string - configMap: - properties: - fileKey: - type: string - name: - type: string - type: object - type: object - deploymentName: - type: string - enabled: - type: boolean - image: - properties: - jmxEnabled: - type: boolean - name: - type: string - pullPolicy: - type: string - pullSecrets: - items: - properties: - name: - type: string - type: object - type: array - tag: - type: string - type: object - keepAnnotations: - type: string - keepLabels: - type: string - networkPolicy: - properties: - create: - type: boolean - dnsSelectorEndpoints: - items: - properties: - matchExpressions: - items: - properties: - key: - type: string - operator: - type: string - values: - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - type: object - type: object - type: array - x-kubernetes-list-type: atomic - flavor: - type: string - type: object - nodeSelector: - additionalProperties: - type: string - type: object - priorityClassName: - type: string - rbac: - properties: - create: - type: boolean - serviceAccountName: - type: string - type: object - replicas: - format: int32 - type: integer - tolerations: - items: - properties: - effect: - type: string - key: - type: string - operator: - type: string - tolerationSeconds: - format: int64 - type: integer - value: - type: string - type: object - type: array - x-kubernetes-list-type: atomic - type: object - clusterChecksRunner: - properties: - additionalAnnotations: - additionalProperties: - type: string - type: object - additionalLabels: - additionalProperties: - type: string - type: object - affinity: - properties: - nodeAffinity: - properties: - preferredDuringSchedulingIgnoredDuringExecution: - items: - properties: - preference: - properties: - matchExpressions: - items: - properties: - key: - type: string - operator: - type: string - values: - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchFields: - items: - properties: - key: - type: string - operator: - type: string - values: - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - type: object - weight: - format: int32 - type: integer - required: - - preference - - weight - type: object - type: array - requiredDuringSchedulingIgnoredDuringExecution: - properties: - nodeSelectorTerms: - items: - properties: - matchExpressions: - items: - properties: - key: - type: string - operator: - type: string - values: - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchFields: - items: - properties: - key: - type: string - operator: - type: string - values: - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - type: object - type: array - required: - - nodeSelectorTerms - type: object - type: object - podAffinity: - properties: - preferredDuringSchedulingIgnoredDuringExecution: - items: - properties: - podAffinityTerm: - properties: - labelSelector: - properties: - matchExpressions: - items: - properties: - key: - type: string - operator: - type: string - values: - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - type: object - type: object - namespaceSelector: - properties: - matchExpressions: - items: - properties: - key: - type: string - operator: - type: string - values: - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - type: object - type: object - namespaces: - items: - type: string - type: array - topologyKey: - type: string - required: - - topologyKey - type: object - weight: - format: int32 - type: integer - required: - - podAffinityTerm - - weight - type: object - type: array - requiredDuringSchedulingIgnoredDuringExecution: - items: - properties: - labelSelector: - properties: - matchExpressions: - items: - properties: - key: - type: string - operator: - type: string - values: - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - type: object - type: object - namespaceSelector: - properties: - matchExpressions: - items: - properties: - key: - type: string - operator: - type: string - values: - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - type: object - type: object - namespaces: - items: - type: string - type: array - topologyKey: - type: string - required: - - topologyKey - type: object - type: array - type: object - podAntiAffinity: - properties: - preferredDuringSchedulingIgnoredDuringExecution: - items: - properties: - podAffinityTerm: - properties: - labelSelector: - properties: - matchExpressions: - items: - properties: - key: - type: string - operator: - type: string - values: - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - type: object - type: object - namespaceSelector: - properties: - matchExpressions: - items: - properties: - key: - type: string - operator: - type: string - values: - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - type: object - type: object - namespaces: - items: - type: string - type: array - topologyKey: - type: string - required: - - topologyKey - type: object - weight: - format: int32 - type: integer - required: - - podAffinityTerm - - weight - type: object - type: array - requiredDuringSchedulingIgnoredDuringExecution: - items: - properties: - labelSelector: - properties: - matchExpressions: - items: - properties: - key: - type: string - operator: - type: string - values: - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - type: object - type: object - namespaceSelector: - properties: - matchExpressions: - items: - properties: - key: - type: string - operator: - type: string - values: - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - type: object - type: object - namespaces: - items: - type: string - type: array - topologyKey: - type: string - required: - - topologyKey - type: object - type: array - type: object - type: object - config: - properties: - args: - items: - type: string - type: array - x-kubernetes-list-type: atomic - command: - items: - type: string - type: array - x-kubernetes-list-type: atomic - env: - items: - properties: - name: - type: string - value: - type: string - valueFrom: - properties: - configMapKeyRef: - properties: - key: - type: string - name: - type: string - optional: - type: boolean - required: - - key - type: object - fieldRef: - properties: - apiVersion: - type: string - fieldPath: - type: string - required: - - fieldPath - type: object - resourceFieldRef: - properties: - containerName: - type: string - divisor: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - resource: - type: string - required: - - resource - type: object - secretKeyRef: - properties: - key: - type: string - name: - type: string - optional: - type: boolean - required: - - key - type: object - type: object - required: - - name - type: object - type: array - x-kubernetes-list-map-keys: - - name - x-kubernetes-list-type: map - healthPort: - format: int32 - type: integer - livenessProbe: - properties: - exec: - properties: - command: - items: - type: string - type: array - type: object - failureThreshold: - format: int32 - type: integer - grpc: - properties: - port: - format: int32 - type: integer - service: - type: string - required: - - port - type: object - httpGet: - properties: - host: - type: string - httpHeaders: - items: - properties: - name: - type: string - value: - type: string - required: - - name - - value - type: object - type: array - path: - type: string - port: - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - scheme: - type: string - required: - - port - type: object - initialDelaySeconds: - format: int32 - type: integer - periodSeconds: - format: int32 - type: integer - successThreshold: - format: int32 - type: integer - tcpSocket: - properties: - host: - type: string - port: - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - required: - - port - type: object - terminationGracePeriodSeconds: - format: int64 - type: integer - timeoutSeconds: - format: int32 - type: integer - type: object - logLevel: - type: string - readinessProbe: - properties: - exec: - properties: - command: - items: - type: string - type: array - type: object - failureThreshold: - format: int32 - type: integer - grpc: - properties: - port: - format: int32 - type: integer - service: - type: string - required: - - port - type: object - httpGet: - properties: - host: - type: string - httpHeaders: - items: - properties: - name: - type: string - value: - type: string - required: - - name - - value - type: object - type: array - path: - type: string - port: - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - scheme: - type: string - required: - - port - type: object - initialDelaySeconds: - format: int32 - type: integer - periodSeconds: - format: int32 - type: integer - successThreshold: - format: int32 - type: integer - tcpSocket: - properties: - host: - type: string - port: - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - required: - - port - type: object - terminationGracePeriodSeconds: - format: int64 - type: integer - timeoutSeconds: - format: int32 - type: integer - type: object - resources: - properties: - limits: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - type: object - requests: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - type: object - type: object - securityContext: - properties: - fsGroup: - format: int64 - type: integer - fsGroupChangePolicy: - type: string - runAsGroup: - format: int64 - type: integer - runAsNonRoot: - type: boolean - runAsUser: - format: int64 - type: integer - seLinuxOptions: - properties: - level: - type: string - role: - type: string - type: - type: string - user: - type: string - type: object - seccompProfile: - properties: - localhostProfile: - type: string - type: - type: string - required: - - type - type: object - supplementalGroups: - items: - format: int64 - type: integer - type: array - sysctls: - items: - properties: - name: - type: string - value: - type: string - required: - - name - - value - type: object - type: array - windowsOptions: - properties: - gmsaCredentialSpec: - type: string - gmsaCredentialSpecName: - type: string - hostProcess: - type: boolean - runAsUserName: - type: string - type: object - type: object - volumeMounts: - items: - properties: - mountPath: - type: string - mountPropagation: - type: string - name: - type: string - readOnly: - type: boolean - subPath: - type: string - subPathExpr: - type: string - required: - - mountPath - - name - type: object - type: array - x-kubernetes-list-map-keys: - - name - - mountPath - x-kubernetes-list-type: map - volumes: - items: - properties: - awsElasticBlockStore: - properties: - fsType: - type: string - partition: - format: int32 - type: integer - readOnly: - type: boolean - volumeID: - type: string - required: - - volumeID - type: object - azureDisk: - properties: - cachingMode: - type: string - diskName: - type: string - diskURI: - type: string - fsType: - type: string - kind: - type: string - readOnly: - type: boolean - required: - - diskName - - diskURI - type: object - azureFile: - properties: - readOnly: - type: boolean - secretName: - type: string - shareName: - type: string - required: - - secretName - - shareName - type: object - cephfs: - properties: - monitors: - items: - type: string - type: array - path: - type: string - readOnly: - type: boolean - secretFile: - type: string - secretRef: - properties: - name: - type: string - type: object - user: - type: string - required: - - monitors - type: object - cinder: - properties: - fsType: - type: string - readOnly: - type: boolean - secretRef: - properties: - name: - type: string - type: object - volumeID: - type: string - required: - - volumeID - type: object - configMap: - properties: - defaultMode: - format: int32 - type: integer - items: - items: - properties: - key: - type: string - mode: - format: int32 - type: integer - path: - type: string - required: - - key - - path - type: object - type: array - name: - type: string - optional: - type: boolean - type: object - csi: - properties: - driver: - type: string - fsType: - type: string - nodePublishSecretRef: - properties: - name: - type: string - type: object - readOnly: - type: boolean - volumeAttributes: - additionalProperties: - type: string - type: object - required: - - driver - type: object - downwardAPI: - properties: - defaultMode: - format: int32 - type: integer - items: - items: - properties: - fieldRef: - properties: - apiVersion: - type: string - fieldPath: - type: string - required: - - fieldPath - type: object - mode: - format: int32 - type: integer - path: - type: string - resourceFieldRef: - properties: - containerName: - type: string - divisor: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - resource: - type: string - required: - - resource - type: object - required: - - path - type: object - type: array - type: object - emptyDir: - properties: - medium: - type: string - sizeLimit: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - type: object - ephemeral: - properties: - volumeClaimTemplate: - properties: - metadata: - type: object - spec: - properties: - accessModes: - items: - type: string - type: array - dataSource: - properties: - apiGroup: - type: string - kind: - type: string - name: - type: string - required: - - kind - - name - type: object - dataSourceRef: - properties: - apiGroup: - type: string - kind: - type: string - name: - type: string - required: - - kind - - name - type: object - resources: - properties: - limits: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - type: object - requests: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - type: object - type: object - selector: - properties: - matchExpressions: - items: - properties: - key: - type: string - operator: - type: string - values: - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - type: object - type: object - storageClassName: - type: string - volumeMode: - type: string - volumeName: - type: string - type: object - required: - - spec - type: object - type: object - fc: - properties: - fsType: - type: string - lun: - format: int32 - type: integer - readOnly: - type: boolean - targetWWNs: - items: - type: string - type: array - wwids: - items: - type: string - type: array - type: object - flexVolume: - properties: - driver: - type: string - fsType: - type: string - options: - additionalProperties: - type: string - type: object - readOnly: - type: boolean - secretRef: - properties: - name: - type: string - type: object - required: - - driver - type: object - flocker: - properties: - datasetName: - type: string - datasetUUID: - type: string - type: object - gcePersistentDisk: - properties: - fsType: - type: string - partition: - format: int32 - type: integer - pdName: - type: string - readOnly: - type: boolean - required: - - pdName - type: object - gitRepo: - properties: - directory: - type: string - repository: - type: string - revision: - type: string - required: - - repository - type: object - glusterfs: - properties: - endpoints: - type: string - path: - type: string - readOnly: - type: boolean - required: - - endpoints - - path - type: object - hostPath: - properties: - path: - type: string - type: - type: string - required: - - path - type: object - iscsi: - properties: - chapAuthDiscovery: - type: boolean - chapAuthSession: - type: boolean - fsType: - type: string - initiatorName: - type: string - iqn: - type: string - iscsiInterface: - type: string - lun: - format: int32 - type: integer - portals: - items: - type: string - type: array - readOnly: - type: boolean - secretRef: - properties: - name: - type: string - type: object - targetPortal: - type: string - required: - - iqn - - lun - - targetPortal - type: object - name: - type: string - nfs: - properties: - path: - type: string - readOnly: - type: boolean - server: - type: string - required: - - path - - server - type: object - persistentVolumeClaim: - properties: - claimName: - type: string - readOnly: - type: boolean - required: - - claimName - type: object - photonPersistentDisk: - properties: - fsType: - type: string - pdID: - type: string - required: - - pdID - type: object - portworxVolume: - properties: - fsType: - type: string - readOnly: - type: boolean - volumeID: - type: string - required: - - volumeID - type: object - projected: - properties: - defaultMode: - format: int32 - type: integer - sources: - items: - properties: - configMap: - properties: - items: - items: - properties: - key: - type: string - mode: - format: int32 - type: integer - path: - type: string - required: - - key - - path - type: object - type: array - name: - type: string - optional: - type: boolean - type: object - downwardAPI: - properties: - items: - items: - properties: - fieldRef: - properties: - apiVersion: - type: string - fieldPath: - type: string - required: - - fieldPath - type: object - mode: - format: int32 - type: integer - path: - type: string - resourceFieldRef: - properties: - containerName: - type: string - divisor: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - resource: - type: string - required: - - resource - type: object - required: - - path - type: object - type: array - type: object - secret: - properties: - items: - items: - properties: - key: - type: string - mode: - format: int32 - type: integer - path: - type: string - required: - - key - - path - type: object - type: array - name: - type: string - optional: - type: boolean - type: object - serviceAccountToken: - properties: - audience: - type: string - expirationSeconds: - format: int64 - type: integer - path: - type: string - required: - - path - type: object - type: object - type: array - type: object - quobyte: - properties: - group: - type: string - readOnly: - type: boolean - registry: - type: string - tenant: - type: string - user: - type: string - volume: - type: string - required: - - registry - - volume - type: object - rbd: - properties: - fsType: - type: string - image: - type: string - keyring: - type: string - monitors: - items: - type: string - type: array - pool: - type: string - readOnly: - type: boolean - secretRef: - properties: - name: - type: string - type: object - user: - type: string - required: - - image - - monitors - type: object - scaleIO: - properties: - fsType: - type: string - gateway: - type: string - protectionDomain: - type: string - readOnly: - type: boolean - secretRef: - properties: - name: - type: string - type: object - sslEnabled: - type: boolean - storageMode: - type: string - storagePool: - type: string - system: - type: string - volumeName: - type: string - required: - - gateway - - secretRef - - system - type: object - secret: - properties: - defaultMode: - format: int32 - type: integer - items: - items: - properties: - key: - type: string - mode: - format: int32 - type: integer - path: - type: string - required: - - key - - path - type: object - type: array - optional: - type: boolean - secretName: - type: string - type: object - storageos: - properties: - fsType: - type: string - readOnly: - type: boolean - secretRef: - properties: - name: - type: string - type: object - volumeName: - type: string - volumeNamespace: - type: string - type: object - vsphereVolume: - properties: - fsType: - type: string - storagePolicyID: - type: string - storagePolicyName: - type: string - volumePath: - type: string - required: - - volumePath - type: object - required: - - name - type: object - type: array - x-kubernetes-list-map-keys: - - name - x-kubernetes-list-type: map - type: object - customConfig: - properties: - configData: - type: string - configMap: - properties: - fileKey: - type: string - name: - type: string - type: object - type: object - deploymentName: - type: string - enabled: - type: boolean - image: - properties: - jmxEnabled: - type: boolean - name: - type: string - pullPolicy: - type: string - pullSecrets: - items: - properties: - name: - type: string - type: object - type: array - tag: - type: string - type: object - networkPolicy: - properties: - create: - type: boolean - dnsSelectorEndpoints: - items: - properties: - matchExpressions: - items: - properties: - key: - type: string - operator: - type: string - values: - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - type: object - type: object - type: array - x-kubernetes-list-type: atomic - flavor: - type: string - type: object - nodeSelector: - additionalProperties: - type: string - type: object - priorityClassName: - type: string - rbac: - properties: - create: - type: boolean - serviceAccountName: - type: string - type: object - replicas: - format: int32 - type: integer - tolerations: - items: - properties: - effect: - type: string - key: - type: string - operator: - type: string - tolerationSeconds: - format: int64 - type: integer - value: - type: string - type: object - type: array - x-kubernetes-list-type: atomic - type: object - clusterName: - type: string - credentials: - properties: - apiKey: - type: string - apiKeyExistingSecret: - type: string - apiSecret: - properties: - keyName: - type: string - secretName: - type: string - required: - - secretName - type: object - appKey: - type: string - appKeyExistingSecret: - type: string - appSecret: - properties: - keyName: - type: string - secretName: - type: string - required: - - secretName - type: object - token: - type: string - useSecretBackend: - type: boolean - type: object - features: - properties: - kubeStateMetricsCore: - properties: - clusterCheck: - type: boolean - conf: - properties: - configData: - type: string - configMap: - properties: - fileKey: - type: string - name: - type: string - type: object - type: object - enabled: - type: boolean - type: object - logCollection: - properties: - containerCollectUsingFiles: - type: boolean - containerLogsPath: - type: string - containerSymlinksPath: - type: string - enabled: - type: boolean - logsConfigContainerCollectAll: - type: boolean - openFilesLimit: - format: int32 - type: integer - podLogsPath: - type: string - tempStoragePath: - type: string - type: object - networkMonitoring: - properties: - enabled: - type: boolean - type: object - orchestratorExplorer: - properties: - additionalEndpoints: - type: string - clusterCheck: - type: boolean - conf: - properties: - configData: - type: string - configMap: - properties: - fileKey: - type: string - name: - type: string - type: object - type: object - ddUrl: - type: string - enabled: - type: boolean - extraTags: - items: - type: string - type: array - x-kubernetes-list-type: set - scrubbing: - properties: - containers: - type: boolean - type: object - type: object - prometheusScrape: - properties: - additionalConfigs: - type: string - enabled: - type: boolean - serviceEndpoints: - type: boolean - type: object - type: object - registry: - type: string - site: - type: string - type: object - status: - properties: - agent: - properties: - available: - format: int32 - type: integer - current: - format: int32 - type: integer - currentHash: - type: string - daemonsetName: - type: string - desired: - format: int32 - type: integer - lastUpdate: - format: date-time - type: string - ready: - format: int32 - type: integer - state: - type: string - status: - type: string - upToDate: - format: int32 - type: integer - required: - - available - - current - - desired - - ready - - upToDate - type: object - clusterAgent: - properties: - availableReplicas: - format: int32 - type: integer - currentHash: - type: string - deploymentName: - type: string - generatedToken: - type: string - lastUpdate: - format: date-time - type: string - readyReplicas: - format: int32 - type: integer - replicas: - format: int32 - type: integer - state: - type: string - status: - type: string - unavailableReplicas: - format: int32 - type: integer - updatedReplicas: - format: int32 - type: integer - type: object - clusterChecksRunner: - properties: - availableReplicas: - format: int32 - type: integer - currentHash: - type: string - deploymentName: - type: string - generatedToken: - type: string - lastUpdate: - format: date-time - type: string - readyReplicas: - format: int32 - type: integer - replicas: - format: int32 - type: integer - state: - type: string - status: - type: string - unavailableReplicas: - format: int32 - type: integer - updatedReplicas: - format: int32 - type: integer - type: object - conditions: - items: - properties: - lastTransitionTime: - format: date-time - type: string - lastUpdateTime: - format: date-time - type: string - message: - type: string - reason: - type: string - status: - type: string - type: - type: string - required: - - status - - type - type: object - type: array - x-kubernetes-list-map-keys: - - type - x-kubernetes-list-type: map - type: object - type: object - served: true - storage: false - subresources: - status: {} - additionalPrinterColumns: - jsonPath: .status.agent.status name: agent @@ -5890,6 +67,7 @@ spec: name: type: string type: object + x-kubernetes-map-type: atomic type: array tag: type: string @@ -5917,6 +95,7 @@ spec: required: - key type: object + x-kubernetes-map-type: atomic fieldRef: properties: apiVersion: @@ -5926,6 +105,7 @@ spec: required: - fieldPath type: object + x-kubernetes-map-type: atomic resourceFieldRef: properties: containerName: @@ -5941,6 +121,7 @@ spec: required: - resource type: object + x-kubernetes-map-type: atomic secretKeyRef: properties: key: @@ -5952,6 +133,7 @@ spec: required: - key type: object + x-kubernetes-map-type: atomic type: object required: - name @@ -5962,6 +144,18 @@ spec: x-kubernetes-list-type: map resources: properties: + claims: + items: + properties: + name: + type: string + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map limits: additionalProperties: anyOf: @@ -6012,6 +206,7 @@ spec: type: string type: object type: object + x-kubernetes-map-type: atomic objectSelector: properties: matchExpressions: @@ -6035,6 +230,7 @@ spec: type: string type: object type: object + x-kubernetes-map-type: atomic type: object type: array x-kubernetes-list-type: atomic @@ -6085,6 +281,11 @@ spec: type: string type: array x-kubernetes-list-type: set + languageDetection: + properties: + enabled: + type: boolean + type: object libVersions: additionalProperties: type: string @@ -6116,6 +317,14 @@ spec: type: boolean type: object type: object + autoscaling: + properties: + workload: + properties: + enabled: + type: boolean + type: object + type: object clusterChecks: properties: enabled: @@ -6272,6 +481,24 @@ spec: properties: collectKubernetesEvents: type: boolean + collectedEventTypes: + items: + properties: + kind: + type: string + reasons: + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - kind + - reasons + type: object + type: array + x-kubernetes-list-type: atomic + unbundleEvents: + type: boolean type: object externalMetricsServer: properties: @@ -6511,6 +738,10 @@ spec: x-kubernetes-list-type: set enabled: type: boolean + overlayFSDirectScan: + type: boolean + uncompressedLayersSupport: + type: boolean type: object enabled: type: boolean @@ -6660,6 +891,7 @@ spec: name: type: string type: object + x-kubernetes-map-type: atomic type: array tag: type: string @@ -6674,6 +906,18 @@ spec: type: integer resources: properties: + claims: + items: + properties: + name: + type: string + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map limits: additionalProperties: anyOf: @@ -6711,6 +955,7 @@ spec: required: - key type: object + x-kubernetes-map-type: atomic fieldRef: properties: apiVersion: @@ -6720,6 +965,7 @@ spec: required: - fieldPath type: object + x-kubernetes-map-type: atomic resourceFieldRef: properties: containerName: @@ -6735,6 +981,7 @@ spec: required: - resource type: object + x-kubernetes-map-type: atomic secretKeyRef: properties: key: @@ -6746,6 +993,7 @@ spec: required: - key type: object + x-kubernetes-map-type: atomic type: object hostCAPath: type: string @@ -6761,6 +1009,10 @@ spec: type: object logLevel: type: string + namespaceAnnotationsAsTags: + additionalProperties: + type: string + type: object namespaceLabelsAsTags: additionalProperties: type: string @@ -6793,6 +1045,7 @@ spec: type: string type: object type: object + x-kubernetes-map-type: atomic type: array x-kubernetes-list-type: atomic flavor: @@ -6870,6 +1123,7 @@ spec: type: object type: array type: object + x-kubernetes-map-type: atomic weight: format: int32 type: integer @@ -6916,10 +1170,12 @@ spec: type: object type: array type: object + x-kubernetes-map-type: atomic type: array required: - nodeSelectorTerms type: object + x-kubernetes-map-type: atomic type: object podAffinity: properties: @@ -6951,6 +1207,7 @@ spec: type: string type: object type: object + x-kubernetes-map-type: atomic namespaceSelector: properties: matchExpressions: @@ -6974,6 +1231,7 @@ spec: type: string type: object type: object + x-kubernetes-map-type: atomic namespaces: items: type: string @@ -7017,6 +1275,7 @@ spec: type: string type: object type: object + x-kubernetes-map-type: atomic namespaceSelector: properties: matchExpressions: @@ -7040,6 +1299,7 @@ spec: type: string type: object type: object + x-kubernetes-map-type: atomic namespaces: items: type: string @@ -7081,6 +1341,7 @@ spec: type: string type: object type: object + x-kubernetes-map-type: atomic namespaceSelector: properties: matchExpressions: @@ -7104,6 +1365,7 @@ spec: type: string type: object type: object + x-kubernetes-map-type: atomic namespaces: items: type: string @@ -7147,6 +1409,7 @@ spec: type: string type: object type: object + x-kubernetes-map-type: atomic namespaceSelector: properties: matchExpressions: @@ -7170,6 +1433,7 @@ spec: type: string type: object type: object + x-kubernetes-map-type: atomic namespaces: items: type: string @@ -7221,6 +1485,7 @@ spec: required: - key type: object + x-kubernetes-map-type: atomic fieldRef: properties: apiVersion: @@ -7230,6 +1495,7 @@ spec: required: - fieldPath type: object + x-kubernetes-map-type: atomic resourceFieldRef: properties: containerName: @@ -7245,6 +1511,7 @@ spec: required: - resource type: object + x-kubernetes-map-type: atomic secretKeyRef: properties: key: @@ -7256,6 +1523,7 @@ spec: required: - key type: object + x-kubernetes-map-type: atomic type: object required: - name @@ -7429,6 +1697,18 @@ spec: type: object resources: properties: + claims: + items: + properties: + name: + type: string + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map limits: additionalProperties: anyOf: @@ -7600,6 +1880,28 @@ spec: type: object disabled: type: boolean + dnsConfig: + properties: + nameservers: + items: + type: string + type: array + options: + items: + properties: + name: + type: string + value: + type: string + type: object + type: array + searches: + items: + type: string + type: array + type: object + dnsPolicy: + type: string env: items: properties: @@ -7620,6 +1922,7 @@ spec: required: - key type: object + x-kubernetes-map-type: atomic fieldRef: properties: apiVersion: @@ -7629,6 +1932,7 @@ spec: required: - fieldPath type: object + x-kubernetes-map-type: atomic resourceFieldRef: properties: containerName: @@ -7644,6 +1948,7 @@ spec: required: - resource type: object + x-kubernetes-map-type: atomic secretKeyRef: properties: key: @@ -7655,6 +1960,7 @@ spec: required: - key type: object + x-kubernetes-map-type: atomic type: object required: - name @@ -7741,6 +2047,7 @@ spec: name: type: string type: object + x-kubernetes-map-type: atomic type: array tag: type: string @@ -7843,6 +2150,24 @@ spec: type: object type: array x-kubernetes-list-type: atomic + updateStrategy: + properties: + rollingUpdate: + properties: + maxSurge: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + maxUnavailable: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + type: object + type: + type: string + type: object volumes: items: properties: @@ -7907,6 +2232,7 @@ spec: name: type: string type: object + x-kubernetes-map-type: atomic user: type: string required: @@ -7923,6 +2249,7 @@ spec: name: type: string type: object + x-kubernetes-map-type: atomic volumeID: type: string required: @@ -7953,6 +2280,7 @@ spec: optional: type: boolean type: object + x-kubernetes-map-type: atomic csi: properties: driver: @@ -7964,6 +2292,7 @@ spec: name: type: string type: object + x-kubernetes-map-type: atomic readOnly: type: boolean volumeAttributes: @@ -7990,6 +2319,7 @@ spec: required: - fieldPath type: object + x-kubernetes-map-type: atomic mode: format: int32 type: integer @@ -8010,6 +2340,7 @@ spec: required: - resource type: object + x-kubernetes-map-type: atomic required: - path type: object @@ -8050,6 +2381,7 @@ spec: - kind - name type: object + x-kubernetes-map-type: atomic dataSourceRef: properties: apiGroup: @@ -8058,12 +2390,26 @@ spec: type: string name: type: string + namespace: + type: string required: - kind - name type: object resources: properties: + claims: + items: + properties: + name: + type: string + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map limits: additionalProperties: anyOf: @@ -8104,6 +2450,7 @@ spec: type: string type: object type: object + x-kubernetes-map-type: atomic storageClassName: type: string volumeMode: @@ -8150,6 +2497,7 @@ spec: name: type: string type: object + x-kubernetes-map-type: atomic required: - driver type: object @@ -8234,6 +2582,7 @@ spec: name: type: string type: object + x-kubernetes-map-type: atomic targetPortal: type: string required: @@ -8314,6 +2663,7 @@ spec: optional: type: boolean type: object + x-kubernetes-map-type: atomic downwardAPI: properties: items: @@ -8328,6 +2678,7 @@ spec: required: - fieldPath type: object + x-kubernetes-map-type: atomic mode: format: int32 type: integer @@ -8348,6 +2699,7 @@ spec: required: - resource type: object + x-kubernetes-map-type: atomic required: - path type: object @@ -8375,6 +2727,7 @@ spec: optional: type: boolean type: object + x-kubernetes-map-type: atomic serviceAccountToken: properties: audience: @@ -8429,6 +2782,7 @@ spec: name: type: string type: object + x-kubernetes-map-type: atomic user: type: string required: @@ -8450,6 +2804,7 @@ spec: name: type: string type: object + x-kubernetes-map-type: atomic sslEnabled: type: boolean storageMode: @@ -8501,6 +2856,7 @@ spec: name: type: string type: object + x-kubernetes-map-type: atomic volumeName: type: string volumeNamespace: @@ -8733,6 +3089,7 @@ spec: name: type: string type: object + x-kubernetes-map-type: atomic type: array tag: type: string @@ -8760,6 +3117,7 @@ spec: required: - key type: object + x-kubernetes-map-type: atomic fieldRef: properties: apiVersion: @@ -8769,6 +3127,7 @@ spec: required: - fieldPath type: object + x-kubernetes-map-type: atomic resourceFieldRef: properties: containerName: @@ -8784,6 +3143,7 @@ spec: required: - resource type: object + x-kubernetes-map-type: atomic secretKeyRef: properties: key: @@ -8795,6 +3155,7 @@ spec: required: - key type: object + x-kubernetes-map-type: atomic type: object required: - name @@ -8805,6 +3166,18 @@ spec: x-kubernetes-list-type: map resources: properties: + claims: + items: + properties: + name: + type: string + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map limits: additionalProperties: anyOf: @@ -8855,6 +3228,7 @@ spec: type: string type: object type: object + x-kubernetes-map-type: atomic objectSelector: properties: matchExpressions: @@ -8878,6 +3252,7 @@ spec: type: string type: object type: object + x-kubernetes-map-type: atomic type: object type: array x-kubernetes-list-type: atomic @@ -8928,6 +3303,11 @@ spec: type: string type: array x-kubernetes-list-type: set + languageDetection: + properties: + enabled: + type: boolean + type: object libVersions: additionalProperties: type: string @@ -8959,6 +3339,14 @@ spec: type: boolean type: object type: object + autoscaling: + properties: + workload: + properties: + enabled: + type: boolean + type: object + type: object clusterChecks: properties: enabled: @@ -9115,6 +3503,24 @@ spec: properties: collectKubernetesEvents: type: boolean + collectedEventTypes: + items: + properties: + kind: + type: string + reasons: + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - kind + - reasons + type: object + type: array + x-kubernetes-list-type: atomic + unbundleEvents: + type: boolean type: object externalMetricsServer: properties: @@ -9354,6 +3760,10 @@ spec: x-kubernetes-list-type: set enabled: type: boolean + overlayFSDirectScan: + type: boolean + uncompressedLayersSupport: + type: boolean type: object enabled: type: boolean @@ -9386,9 +3796,3 @@ spec: storage: true subresources: status: {} -status: - acceptedNames: - kind: "" - plural: "" - conditions: [] - storedVersions: [] diff --git a/crds/datadoghq.com_datadogmetrics.yaml b/crds/datadoghq.com_datadogmetrics.yaml index 8510d1b0b..7a886335f 100644 --- a/crds/datadoghq.com_datadogmetrics.yaml +++ b/crds/datadoghq.com_datadogmetrics.yaml @@ -1,11 +1,9 @@ - --- apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.6.1 - creationTimestamp: null + controller-gen.kubebuilder.io/version: v0.14.0 name: datadogmetrics.datadoghq.com spec: group: datadoghq.com @@ -38,10 +36,19 @@ spec: description: DatadogMetric allows autoscaling on arbitrary Datadog query properties: apiVersion: - description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources type: string kind: - description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds type: string metadata: type: object @@ -52,7 +59,9 @@ spec: description: ExternalMetricName is reserved for internal use type: string maxAge: - description: MaxAge provides the max age for the metric query (overrides the default setting `external_metrics_provider.max_age`) + description: |- + MaxAge provides the max age for the metric query (overrides the default setting + `external_metrics_provider.max_age`) type: string query: description: Query is the raw datadog query @@ -111,9 +120,3 @@ spec: storage: true subresources: status: {} -status: - acceptedNames: - kind: "" - plural: "" - conditions: [] - storedVersions: [] diff --git a/crds/datadoghq.com_datadogmonitors.yaml b/crds/datadoghq.com_datadogmonitors.yaml index 17a70b2e1..9245116e6 100644 --- a/crds/datadoghq.com_datadogmonitors.yaml +++ b/crds/datadoghq.com_datadogmonitors.yaml @@ -1,11 +1,9 @@ - --- apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.6.1 - creationTimestamp: null + controller-gen.kubebuilder.io/version: v0.14.0 name: datadogmonitors.datadoghq.com spec: group: datadoghq.com @@ -42,10 +40,19 @@ spec: description: DatadogMonitor allows to define and manage Monitors from your Kubernetes Cluster properties: apiVersion: - description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources type: string kind: - description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds type: string metadata: type: object @@ -75,7 +82,10 @@ spec: description: A message to include with a re-notification. type: string evaluationDelay: - description: Time (in seconds) to delay evaluation, as a non-negative integer. For example, if the value is set to 300 (5min), the timeframe is set to last_5m and the time is 7:00, the monitor evaluates data from 6:50 to 6:55. This is useful for AWS CloudWatch and other backfilled metrics to ensure the monitor always has data during evaluation. + description: |- + Time (in seconds) to delay evaluation, as a non-negative integer. For example, if the value is set to 300 (5min), + the timeframe is set to last_5m and the time is 7:00, the monitor evaluates data from 6:50 to 6:55. + This is useful for AWS CloudWatch and other backfilled metrics to ensure the monitor always has data during evaluation. format: int64 type: integer groupbySimpleMonitor: @@ -85,14 +95,19 @@ spec: description: A Boolean indicating whether notifications from this monitor automatically inserts its triggering tags into the title. type: boolean locked: - description: Whether or not the monitor is locked (only editable by creator and admins). + description: 'DEPRECATED: Whether or not the monitor is locked (only editable by creator and admins). Use `restricted_roles` instead.' type: boolean newGroupDelay: - description: Time (in seconds) to allow a host to boot and applications to fully start before starting the evaluation of monitor results. Should be a non negative integer. + description: |- + Time (in seconds) to allow a host to boot and applications to fully start before starting the evaluation of + monitor results. Should be a non negative integer. format: int64 type: integer noDataTimeframe: - description: The number of minutes before a monitor notifies after data stops reporting. Datadog recommends at least 2x the monitor timeframe for metric alerts or 2 minutes for service checks. If omitted, 2x the evaluation timeframe is used for metric alerts, and 24 hours is used for service checks. + description: |- + The number of minutes before a monitor notifies after data stops reporting. Datadog recommends at least 2x the + monitor timeframe for metric alerts or 2 minutes for service checks. If omitted, 2x the evaluation timeframe + is used for metric alerts, and 24 hours is used for service checks. format: int64 type: integer notificationPresetName: @@ -102,7 +117,12 @@ spec: description: A Boolean indicating whether tagged users are notified on changes to this monitor. type: boolean notifyBy: - description: A string indicating the granularity a monitor alerts on. Only available for monitors with groupings. For instance, a monitor grouped by cluster, namespace, and pod can be configured to only notify on each new cluster violating the alert conditions by setting notify_by to ["cluster"]. Tags mentioned in notify_by must be a subset of the grouping tags in the query. For example, a query grouped by cluster and namespace cannot notify on region. Setting notify_by to [*] configures the monitor to notify as a simple-alert. + description: |- + A string indicating the granularity a monitor alerts on. Only available for monitors with groupings. + For instance, a monitor grouped by cluster, namespace, and pod can be configured to only notify on each new + cluster violating the alert conditions by setting notify_by to ["cluster"]. Tags mentioned in notify_by must + be a subset of the grouping tags in the query. For example, a query grouped by cluster and namespace cannot + notify on region. Setting notify_by to [*] configures the monitor to notify as a simple-alert. items: type: string type: array @@ -110,18 +130,33 @@ spec: description: A Boolean indicating whether this monitor notifies when data stops reporting. type: boolean onMissingData: - description: An enum that controls how groups or monitors are treated if an evaluation does not return data points. The default option results in different behavior depending on the monitor query type. For monitors using Count queries, an empty monitor evaluation is treated as 0 and is compared to the threshold conditions. For monitors using any query type other than Count, for example Gauge, Measure, or Rate, the monitor shows the last known status. This option is only available for APM Trace Analytics, Audit Trail, CI, Error Tracking, Event, Logs, and RUM monitors + description: |- + An enum that controls how groups or monitors are treated if an evaluation does not return data points. + The default option results in different behavior depending on the monitor query type. + For monitors using Count queries, an empty monitor evaluation is treated as 0 and is compared to the threshold conditions. + For monitors using any query type other than Count, for example Gauge, Measure, or Rate, the monitor shows the last known status. + This option is only available for APM Trace Analytics, Audit Trail, CI, Error Tracking, Event, Logs, and RUM monitors type: string renotifyInterval: - description: The number of minutes after the last notification before a monitor re-notifies on the current status. It only re-notifies if it’s not resolved. + description: |- + The number of minutes after the last notification before a monitor re-notifies on the current status. + It only re-notifies if it’s not resolved. format: int64 type: integer renotifyOccurrences: description: The number of times re-notification messages should be sent on the current status at the provided re-notification interval. format: int64 type: integer + renotifyStatuses: + description: The types of statuses for which re-notification messages should be sent. Valid values are alert, warn, no data. + items: + description: MonitorRenotifyStatusType The different statuses for which renotification is supported. + type: string + type: array requireFullWindow: - description: A Boolean indicating whether this monitor needs a full window of data before it’s evaluated. We highly recommend you set this to false for sparse metrics, otherwise some evaluations are skipped. Default is false. + description: |- + A Boolean indicating whether this monitor needs a full window of data before it’s evaluated. We highly + recommend you set this to false for sparse metrics, otherwise some evaluations are skipped. Default is false. type: boolean thresholdWindows: description: A struct of the alerting time window options. @@ -168,7 +203,10 @@ spec: description: Query is the Datadog monitor query type: string restrictedRoles: - description: RestrictedRoles is a list of unique role identifiers to define which roles are allowed to edit the monitor. `restricted_roles` is the successor of `locked`. For more information about `locked` and `restricted_roles`, see the [monitor options docs](https://docs.datadoghq.com/monitors/guide/monitor_api_options/#permissions-options). + description: |- + RestrictedRoles is a list of unique role identifiers to define which roles are allowed to edit the monitor. + `restricted_roles` is the successor of `locked`. For more information about `locked` and `restricted_roles`, + see the [monitor options docs](https://docs.datadoghq.com/monitors/guide/monitor_api_options/#permissions-options). items: type: string type: array @@ -227,7 +265,9 @@ spec: description: Creator is the identify of the monitor creator type: string currentHash: - description: CurrentHash tracks the hash of the current DatadogMonitorSpec to know if the Spec has changed and needs an update + description: |- + CurrentHash tracks the hash of the current DatadogMonitorSpec to know + if the Spec has changed and needs an update type: string downtimeStatus: description: DowntimeStatus defines whether the monitor is downtimed @@ -256,7 +296,9 @@ spec: format: date-time type: string primary: - description: Primary defines whether the monitor is managed by the Kubernetes custom resource (true) or outside Kubernetes (false) + description: |- + Primary defines whether the monitor is managed by the Kubernetes custom + resource (true) or outside Kubernetes (false) type: boolean syncStatus: description: MonitorStateSyncStatus shows the health of syncing the monitor state to Datadog @@ -264,7 +306,9 @@ spec: triggeredState: description: TriggeredState only includes details for monitor groups that are triggering items: - description: DatadogMonitorTriggeredState represents the details of a triggering DatadogMonitor The DatadogMonitor is triggering if one of its groups is in Alert, Warn, or No Data + description: |- + DatadogMonitorTriggeredState represents the details of a triggering DatadogMonitor + The DatadogMonitor is triggering if one of its groups is in Alert, Warn, or No Data properties: lastTransitionTime: format: date-time @@ -288,9 +332,3 @@ spec: storage: true subresources: status: {} -status: - acceptedNames: - kind: "" - plural: "" - conditions: [] - storedVersions: [] diff --git a/crds/datadoghq.com_datadogpodautoscalers.yaml b/crds/datadoghq.com_datadogpodautoscalers.yaml index 1007b3abc..fc1a26779 100644 --- a/crds/datadoghq.com_datadogpodautoscalers.yaml +++ b/crds/datadoghq.com_datadogpodautoscalers.yaml @@ -324,9 +324,6 @@ spec: - kind - name type: object - x-kubernetes-validations: - - message: Modifying the targetRef is not allowed. Please delete and re-create the DatadogPodAutoscaler object. - rule: self == oldSelf targets: description: |- Targets are objectives to reach and maintain for the target resource. diff --git a/crds/datadoghq.com_datadogslos.yaml b/crds/datadoghq.com_datadogslos.yaml index 404c7c94b..3098d729c 100644 --- a/crds/datadoghq.com_datadogslos.yaml +++ b/crds/datadoghq.com_datadogslos.yaml @@ -1,11 +1,9 @@ - --- apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.6.1 - creationTimestamp: null + controller-gen.kubebuilder.io/version: v0.14.0 name: datadogslos.datadoghq.com spec: group: datadoghq.com @@ -34,10 +32,19 @@ spec: description: DatadogSLO allows a user to define and manage datadog SLOs from Kubernetes cluster. properties: apiVersion: - description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources type: string kind: - description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds type: string metadata: type: object @@ -51,10 +58,15 @@ spec: type: boolean type: object description: - description: Description is a user-defined description of the service level objective. Always included in service level objective responses (but may be null). Optional in create/update requests. + description: |- + Description is a user-defined description of the service level objective. + Always included in service level objective responses (but may be null). Optional in create/update requests. type: string groups: - description: Groups is a list of (up to 100) monitor groups that narrow the scope of a monitor service level objective. Included in service level objective responses if it is not empty. Optional in create/update requests for monitor service level objectives, but may only be used when the length of the monitor_ids field is one. + description: |- + Groups is a list of (up to 100) monitor groups that narrow the scope of a monitor service level objective. + Included in service level objective responses if it is not empty. + Optional in create/update requests for monitor service level objectives, but may only be used when the length of the monitor_ids field is one. items: type: string type: array @@ -70,7 +82,9 @@ spec: description: Name is the name of the service level objective. type: string query: - description: Query is the query for a metric-based SLO. Required if type is metric. Note that only the `sum by` aggregator is allowed, which sums all request counts. `Average`, `max`, nor `min` request aggregators are not supported. + description: |- + Query is the query for a metric-based SLO. Required if type is metric. + Note that only the `sum by` aggregator is allowed, which sums all request counts. `Average`, `max`, nor `min` request aggregators are not supported. properties: denominator: description: Denominator is a Datadog metric query for total (valid) events. @@ -83,7 +97,10 @@ spec: - numerator type: object tags: - description: 'Tags is a list of tags to associate with your service level objective. This can help you categorize and filter service level objectives in the service level objectives page of the UI. Note: it''s not currently possible to filter by these tags when querying via the API.' + description: |- + Tags is a list of tags to associate with your service level objective. + This can help you categorize and filter service level objectives in the service level objectives page of the UI. + Note: it's not currently possible to filter by these tags when querying via the API. items: type: string type: array @@ -120,23 +137,52 @@ spec: conditions: description: Conditions represents the latest available observations of the state of a DatadogSLO. items: - description: "Condition contains details for one aspect of the current state of this API Resource. --- This struct is intended for direct use as an array at the field path .status.conditions. For example, type FooStatus struct{ // Represents the observations of a foo's current state. // Known .status.conditions.type are: \"Available\", \"Progressing\", and \"Degraded\" // +patchMergeKey=type // +patchStrategy=merge // +listType=map // +listMapKey=type Conditions []metav1.Condition `json:\"conditions,omitempty\" patchStrategy:\"merge\" patchMergeKey:\"type\" protobuf:\"bytes,1,rep,name=conditions\"` \n // other fields }" + description: |- + Condition contains details for one aspect of the current state of this API Resource. + --- + This struct is intended for direct use as an array at the field path .status.conditions. For example, + + + type FooStatus struct{ + // Represents the observations of a foo's current state. + // Known .status.conditions.type are: "Available", "Progressing", and "Degraded" + // +patchMergeKey=type + // +patchStrategy=merge + // +listType=map + // +listMapKey=type + Conditions []metav1.Condition `json:"conditions,omitempty" patchStrategy:"merge" patchMergeKey:"type" protobuf:"bytes,1,rep,name=conditions"` + + + // other fields + } properties: lastTransitionTime: - description: lastTransitionTime is the last time the condition transitioned from one status to another. This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable. + description: |- + lastTransitionTime is the last time the condition transitioned from one status to another. + This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable. format: date-time type: string message: - description: message is a human readable message indicating details about the transition. This may be an empty string. + description: |- + message is a human readable message indicating details about the transition. + This may be an empty string. maxLength: 32768 type: string observedGeneration: - description: observedGeneration represents the .metadata.generation that the condition was set based upon. For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date with respect to the current state of the instance. + description: |- + observedGeneration represents the .metadata.generation that the condition was set based upon. + For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date + with respect to the current state of the instance. format: int64 minimum: 0 type: integer reason: - description: reason contains a programmatic identifier indicating the reason for the condition's last transition. Producers of specific condition types may define expected values and meanings for this field, and whether the values are considered a guaranteed API. The value should be a CamelCase string. This field may not be empty. + description: |- + reason contains a programmatic identifier indicating the reason for the condition's last transition. + Producers of specific condition types may define expected values and meanings for this field, + and whether the values are considered a guaranteed API. + The value should be a CamelCase string. + This field may not be empty. maxLength: 1024 minLength: 1 pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$ @@ -149,7 +195,12 @@ spec: - Unknown type: string type: - description: type of condition in CamelCase or in foo.example.com/CamelCase. --- Many .condition.type values are consistent across resources like Available, but because arbitrary conditions can be useful (see .node.status.conditions), the ability to deconflict is important. The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt) + description: |- + type of condition in CamelCase or in foo.example.com/CamelCase. + --- + Many .condition.type values are consistent across resources like Available, but because arbitrary conditions can be + useful (see .node.status.conditions), the ability to deconflict is important. + The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt) maxLength: 316 pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ type: string @@ -172,7 +223,9 @@ spec: description: Creator is the identity of the SLO creator. type: string currentHash: - description: CurrentHash tracks the hash of the current DatadogSLOSpec to know if the Spec has changed and needs an update. + description: |- + CurrentHash tracks the hash of the current DatadogSLOSpec to know + if the Spec has changed and needs an update. type: string id: description: ID is the SLO ID generated in Datadog. @@ -190,9 +243,3 @@ spec: storage: true subresources: status: {} -status: - acceptedNames: - kind: "" - plural: "" - conditions: [] - storedVersions: [] From 58ac6c3b1e618251d77afbed6b24d0112c3b38a1 Mon Sep 17 00:00:00 2001 From: levan-m <116471169+levan-m@users.noreply.github.com> Date: Mon, 19 Aug 2024 11:53:32 -0400 Subject: [PATCH 104/209] [datadog-operator] update operator version to 1.8.0 (#1494) * [datadog-operator] update operator version to 1.8.0 * fix tag in template helper * Cleanup operator readme * Update RBAC --- charts/datadog-operator/CHANGELOG.md | 5 + charts/datadog-operator/Chart.lock | 6 +- charts/datadog-operator/Chart.yaml | 6 +- charts/datadog-operator/README.md | 191 +- charts/datadog-operator/README.md.gotmpl | 182 +- charts/datadog-operator/templates/NOTES.txt | 19 - .../datadog-operator/templates/_helpers.tpl | 2 +- .../templates/certificate_conversion.yaml | 26 - .../templates/clusterrole.yaml | 125 +- .../templates/deployment.yaml | 19 - .../templates/webhook-service.yaml | 14 - charts/datadog-operator/values.yaml | 12 +- .../baseline/DatadogAgent_CRD_default.yaml | 6067 +---------- .../DatadogAgent_CRD_with_certManager.yaml | 9410 ----------------- .../baseline/Operator_Deployment_default.yaml | 6 +- .../Operator_Deployment_with_certManager.yaml | 85 - test/datadog-operator/baseline_test.go | 33 - .../operator_deployment_test.go | 85 +- ...gent-clusterchecks-deployment_default.yaml | 12 +- .../cluster-agent-deployment_default.yaml | 14 +- ...loyment_default_advanced_AC_injection.yaml | 14 +- ...ployment_default_minimal_AC_injection.yaml | 16 +- test/datadog/baseline/daemonset_default.yaml | 32 +- test/datadog/baseline/other_default.yaml | 120 +- test/datadog/dca_AC_sidecar_test.go | 3 +- 25 files changed, 454 insertions(+), 16050 deletions(-) delete mode 100644 charts/datadog-operator/templates/certificate_conversion.yaml delete mode 100644 charts/datadog-operator/templates/webhook-service.yaml delete mode 100644 test/datadog-operator/baseline/DatadogAgent_CRD_with_certManager.yaml delete mode 100644 test/datadog-operator/baseline/Operator_Deployment_with_certManager.yaml diff --git a/charts/datadog-operator/CHANGELOG.md b/charts/datadog-operator/CHANGELOG.md index 76904d65a..be965afab 100644 --- a/charts/datadog-operator/CHANGELOG.md +++ b/charts/datadog-operator/CHANGELOG.md @@ -1,5 +1,10 @@ # Changelog +## 2.0.0 + +* Update Datadog Operator version to 1.8.0. +* Drop support for DatadogAgent `v1alpha1` and conversion webhook. + ## 1.8.5 * Update `datadog-crds` dependency to `1.7.2`. diff --git a/charts/datadog-operator/Chart.lock b/charts/datadog-operator/Chart.lock index d1816c469..6fd0a13b2 100644 --- a/charts/datadog-operator/Chart.lock +++ b/charts/datadog-operator/Chart.lock @@ -1,6 +1,6 @@ dependencies: - name: datadog-crds repository: https://helm.datadoghq.com - version: 1.7.2 -digest: sha256:256e0d475f434d840d83c6ef94a7290ad1e8d74c76c1f1058e6cd4f919435872 -generated: "2024-08-02T09:24:41.011919+02:00" + version: 2.0.0 +digest: sha256:39f4d700e87701398d61344f3f816586017a20396c07a4953a60da9c46edc74b +generated: "2024-08-16T15:47:01.022149-04:00" diff --git a/charts/datadog-operator/Chart.yaml b/charts/datadog-operator/Chart.yaml index a68caf648..a159fd44e 100644 --- a/charts/datadog-operator/Chart.yaml +++ b/charts/datadog-operator/Chart.yaml @@ -1,7 +1,7 @@ apiVersion: v2 name: datadog-operator -version: 1.8.6 -appVersion: 1.7.0 +version: 2.0.0 +appVersion: 1.8.0 description: Datadog Operator keywords: - monitoring @@ -17,7 +17,7 @@ maintainers: email: support@datadoghq.com dependencies: - name: datadog-crds - version: "=1.7.2" + version: "=2.0.0" alias: datadogCRDs repository: https://helm.datadoghq.com condition: installCRDs diff --git a/charts/datadog-operator/README.md b/charts/datadog-operator/README.md index ba4ade3c5..e0f076e0e 100644 --- a/charts/datadog-operator/README.md +++ b/charts/datadog-operator/README.md @@ -1,6 +1,6 @@ # Datadog Operator -![Version: 1.8.6](https://img.shields.io/badge/Version-1.8.6-informational?style=flat-square) ![AppVersion: 1.7.0](https://img.shields.io/badge/AppVersion-1.7.0-informational?style=flat-square) +![Version: 2.0.0](https://img.shields.io/badge/Version-2.0.0-informational?style=flat-square) ![AppVersion: 1.8.0](https://img.shields.io/badge/AppVersion-1.8.0-informational?style=flat-square) ## Values @@ -21,11 +21,6 @@ | datadogCRDs.crds.datadogMonitors | bool | `true` | Set to true to deploy the DatadogMonitors CRD | | datadogCRDs.crds.datadogPodAutoscalers | bool | `true` | Set to true to deploy the DatadogPodAutoscalers CRD | | datadogCRDs.crds.datadogSLOs | bool | `false` | Set to true to deploy the DatadogSLO CRD | -| datadogCRDs.migration.datadogAgents.conversionWebhook.enabled | bool | `false` | | -| datadogCRDs.migration.datadogAgents.conversionWebhook.name | string | `"datadog-operator-webhook-service"` | | -| datadogCRDs.migration.datadogAgents.conversionWebhook.namespace | string | `"default"` | | -| datadogCRDs.migration.datadogAgents.useCertManager | bool | `false` | | -| datadogCRDs.migration.datadogAgents.version | string | `"v2alpha1"` | | | datadogMonitor.enabled | bool | `false` | Enables the Datadog Monitor controller | | datadogSLO.enabled | bool | `false` | Enables the Datadog SLO controller | | dd_url | string | `nil` | The host of the Datadog intake server to send Agent data to, only set this option if you need the Agent to send data to a custom URL | @@ -35,7 +30,7 @@ | image.doNotCheckTag | bool | `false` | Permit skipping operator image tag compatibility with the chart. | | image.pullPolicy | string | `"IfNotPresent"` | Define the pullPolicy for Datadog Operator image | | image.repository | string | `"gcr.io/datadoghq/operator"` | Repository to use for Datadog Operator image | -| image.tag | string | `"1.7.0"` | Define the Datadog Operator version to use | +| image.tag | string | `"1.8.0"` | Define the Datadog Operator version to use | | imagePullSecrets | list | `[]` | Datadog Operator repository pullSecret (ex: specify docker registry credentials) | | installCRDs | bool | `true` | Set to true to deploy the Datadog's CRDs | | introspection.enabled | bool | `false` | If true, enables introspection feature (beta). Requires v1.4.0+ | @@ -80,184 +75,4 @@ To watch all namespaces, the following configuration needs to be used: ```yaml watchNamespaces: - "" -``` - -## Migrating to the version 1.0 of the Datadog Operator - -### Disclaimer - -As part of the General Availability release of the Datadog Operator, we are offering a migration path for our early adopters to migrate to the GA version of the custom resource, `v2alpha1/DatadogAgent`. - -The Datadog Operator v1.X reconciles the version `v2alpha1` of the DatadogAgent custom resource, while the v0.X reconciles `v1alpha1`. - -### Requirements - -If you are using the v1alpha1 with a v0.X version of the Datadog Operator and would like to upgrade, you will need to use the Conversion Webhook feature. - -Start by ensuring that you have the minimum required version of the chart and it's dependencies: - -``` -NAME CHART VERSION APP VERSION DESCRIPTION -datadog/datadog-crds 0.6.1 1 Datadog Kubernetes CRDs chart -``` - -and for the Datadog Operator chart: - -``` -NAME CHART VERSION APP VERSION DESCRIPTION -datadog/datadog-operator 1.1.0 1.1.0 Datadog Operator -``` - -Then you will need to install the cert manager if you don't have it already, add the chart: -``` -helm repo add jetstack https://charts.jetstack.io -``` -and then install it: -``` - helm install \ - cert-manager jetstack/cert-manager \ - --version v1.11.0 \ - --set installCRDs=true -``` - -### Migration - -You can update with the following: - -``` -helm upgrade \ - datadog-operator datadog/datadog-operator \ - --set image.tag=1.7.0 \ - --set datadogCRDs.migration.datadogAgents.version=v2alpha1 \ - --set datadogCRDs.migration.datadogAgents.useCertManager=true \ - --set datadogCRDs.migration.datadogAgents.conversionWebhook.enabled=true -``` - -### Notes - -Starting at the version 1.0.0 of the datadog-operator chart, the fields `image.tag` has a default values of `1.0.0` and `datadogCRDs.migration.datadogAgents.version` is `v2alpha1`. - -We set them in the command here to illustrate the migration of going from a Datadog Operator version < 1.0.0 with a stored version of `v1alpha1` to the GA version of `1.0.0` with a stored version of `v2alpha1`. - -### Implementation details - -This will create a self-signed `Certificate` (using an `Issuer`) that will be used by the Certificate Manager to mutate the DatadogAgent CRD to document the `caBundle` that the API Server will use to contact the Conversion Webhook. - -The Datadog Operator will be running the new reconciler for `v2alpha1` object and will also start a Conversion Webhook Server, exposed on port 9443. This server is the one the API Server will be using to convert v1alpha1 DatadogAgent into v2alpha1. - -### Lifecycle - -The conversionWebhook is not supposed to be an ever running process, we recommend using it to migrate your objects as a transition. - -Once converted, you can store the new version of your DatadogAgent, deactivate the conversion and simply deploy v2alpha1 objects. - -### Roadmap - -Upon releasing the v2 version of the DatadogAgent object, we will remove v1alpha1 from the CRD as part of a major update of the charts (datadog-crds and datadog-operator). - -### Troubleshooting - -* I don't see v2alpha1 version of the DatadogAgent resource - -The v1alpha1 and the v2alpha1 are `served` so you might need to specify which version you want to see: - -``` -kubectl get datadogagents.v2alpha1.datadoghq.com datadog-agent -``` - -* The Conversion is not working - -The logs of the Datadog Operator pod should show that the conversion webhook is enabled, the server is running, the certificates are watched. - -``` -kubectl logs datadog-operator-XXX-YYY -[...] -{"level":"INFO","ts":"2023-02-16T16:47:07Z","logger":"controller-runtime.webhook","msg":"Registering webhook","path":"/convert"} -{"level":"INFO","ts":"2023-02-16T16:47:07Z","logger":"controller-runtime.builder","msg":"Conversion webhook enabled","GVK":"datadoghq.com/v2alpha1, Kind=DatadogAgent"} -{"level":"INFO","ts":"2023-02-16T16:47:07Z","logger":"setup","msg":"starting manager"} -{"level":"INFO","ts":"2023-02-16T16:47:07Z","logger":"controller-runtime.webhook.webhooks","msg":"Starting webhook server"} -{"level":"INFO","ts":"2023-02-16T16:47:07Z","logger":"controller-runtime.certwatcher","msg":"Updated current TLS certificate"} -{"level":"INFO","ts":"2023-02-16T16:47:07Z","logger":"controller-runtime.webhook","msg":"Serving webhook server","host":"","port":9443} -{"level":"INFO","ts":"2023-02-16T16:47:07Z","msg":"Starting server","path":"/metrics","kind":"metrics","addr":"0.0.0.0:8383"} -{"level":"INFO","ts":"2023-02-16T16:47:07Z","msg":"Starting server","kind":"health probe","addr":"0.0.0.0:8081"} -{"level":"INFO","ts":"2023-02-16T16:47:07Z","logger":"controller-runtime.certwatcher","msg":"Starting certificate watcher"} -[...] -``` - -* Check the service registered for the conversion for a registered Endpoint - -``` -kubectl describe service datadog-operator-webhook-service -[...] -Name: datadog-operator-webhook-service -Namespace: default -[...] -Selector: app.kubernetes.io/instance=datadog-operator,app.kubernetes.io/name=datadog-operator -[...] -Port: 443/TCP -TargetPort: 9443/TCP -Endpoints: 10.88.3.28:9443 -``` - -* Verify the registered service for the conversion webhook - -``` -kubectl describe crd datadogagents.datadoghq.com -[...] - Conversion: - Strategy: Webhook - Webhook: - Client Config: - Ca Bundle: LS0t[...]UtLS0tLQo= - Service: - Name: datadog-operator-webhook-service - Namespace: default - Path: /convert - Port: 443 - Conversion Review Versions: - v1 -``` - -* The CRD does not have the `caBundle` - -Make sure that the CRD has the correct annotation: `cert-manager.io/inject-ca-from: default/datadog-operator-serving-cert` and check the logs of the `cert-manager-cainjector` pod. - -If you do not see anything standing out, setting the log level to 5 (debug) might help: - -``` -kubectl edit deploy cert-manager-cainjector -n cert-manager -[...] - spec: - containers: - - args: - - --v=5 -[...] -``` - -You should see logs such as: - -``` -[...] -I0217 08:11:15.582479 1 controller.go:178] cert-manager/certificate/customresourcedefinition/generic-inject-reconciler "msg"="updated object" "resource_kind"="CustomResourceDefinition" "resource_name"="datadogagents.datadoghq.com" "resource_namespace"="" "resource_version"="v1" -I0217 08:25:24.989209 1 sources.go:98] cert-manager/certificate/customresourcedefinition/generic-inject-reconciler "msg"="Extracting CA from Certificate resource" "certificate"="default/datadog-operator-serving-cert" "resource_kind"="CustomResourceDefinition" "resource_name"="datadogagents.datadoghq.com" "resource_namespace"="" "resource_version"="v1" -[...] -``` -### Rollback - -If you migrated to the new version of the Datadog Operator using v2alpha1 but want to rollback to the former version, we recommend: -- Scaling the Datadog Operator deployment to 0 replicas. - ``` - kubectl scale deploy datadog-operator --replicas=0 - ``` -- Upgrading the chart to have v1alpha1 stored and for the Datadog Operator to use the 0.8.X image. - ``` - helm upgrade \ - datadog-operator datadog/datadog-operator \ - --set image.tag=0.8.4 \ - --set datadogCRDs.migration.datadogAgents.version=v1alpha1 \ - --set datadogCRDs.migration.datadogAgents.useCertManager=false \ - --set datadogCRDs.migration.datadogAgents.conversionWebhook.enabled=false - ``` -- Redeploy the previous DatadogAgent v1alpha1 object. - -Note: The Daemonset of the Datadog Agents will be rolled out in the process. +``` \ No newline at end of file diff --git a/charts/datadog-operator/README.md.gotmpl b/charts/datadog-operator/README.md.gotmpl index 6ef8c4c9c..c860465b9 100644 --- a/charts/datadog-operator/README.md.gotmpl +++ b/charts/datadog-operator/README.md.gotmpl @@ -21,184 +21,4 @@ To watch all namespaces, the following configuration needs to be used: ```yaml watchNamespaces: - "" -``` - -## Migrating to the version 1.0 of the Datadog Operator - -### Disclaimer - -As part of the General Availability release of the Datadog Operator, we are offering a migration path for our early adopters to migrate to the GA version of the custom resource, `v2alpha1/DatadogAgent`. - -The Datadog Operator v1.X reconciles the version `v2alpha1` of the DatadogAgent custom resource, while the v0.X reconciles `v1alpha1`. - -### Requirements - -If you are using the v1alpha1 with a v0.X version of the Datadog Operator and would like to upgrade, you will need to use the Conversion Webhook feature. - -Start by ensuring that you have the minimum required version of the chart and it's dependencies: - -``` -NAME CHART VERSION APP VERSION DESCRIPTION -datadog/datadog-crds 0.6.1 1 Datadog Kubernetes CRDs chart -``` - -and for the Datadog Operator chart: - -``` -NAME CHART VERSION APP VERSION DESCRIPTION -datadog/datadog-operator 1.1.0 1.1.0 Datadog Operator -``` - -Then you will need to install the cert manager if you don't have it already, add the chart: -``` -helm repo add jetstack https://charts.jetstack.io -``` -and then install it: -``` - helm install \ - cert-manager jetstack/cert-manager \ - --version v1.11.0 \ - --set installCRDs=true -``` - -### Migration - -You can update with the following: - -``` -helm upgrade \ - datadog-operator datadog/datadog-operator \ - --set image.tag=1.7.0 \ - --set datadogCRDs.migration.datadogAgents.version=v2alpha1 \ - --set datadogCRDs.migration.datadogAgents.useCertManager=true \ - --set datadogCRDs.migration.datadogAgents.conversionWebhook.enabled=true -``` - -### Notes - -Starting at the version 1.0.0 of the datadog-operator chart, the fields `image.tag` has a default values of `1.0.0` and `datadogCRDs.migration.datadogAgents.version` is `v2alpha1`. - -We set them in the command here to illustrate the migration of going from a Datadog Operator version < 1.0.0 with a stored version of `v1alpha1` to the GA version of `1.0.0` with a stored version of `v2alpha1`. - -### Implementation details - -This will create a self-signed `Certificate` (using an `Issuer`) that will be used by the Certificate Manager to mutate the DatadogAgent CRD to document the `caBundle` that the API Server will use to contact the Conversion Webhook. - -The Datadog Operator will be running the new reconciler for `v2alpha1` object and will also start a Conversion Webhook Server, exposed on port 9443. This server is the one the API Server will be using to convert v1alpha1 DatadogAgent into v2alpha1. - -### Lifecycle - -The conversionWebhook is not supposed to be an ever running process, we recommend using it to migrate your objects as a transition. - -Once converted, you can store the new version of your DatadogAgent, deactivate the conversion and simply deploy v2alpha1 objects. - -### Roadmap - -Upon releasing the v2 version of the DatadogAgent object, we will remove v1alpha1 from the CRD as part of a major update of the charts (datadog-crds and datadog-operator). - -### Troubleshooting - -* I don't see v2alpha1 version of the DatadogAgent resource - -The v1alpha1 and the v2alpha1 are `served` so you might need to specify which version you want to see: - -``` -kubectl get datadogagents.v2alpha1.datadoghq.com datadog-agent -``` - -* The Conversion is not working - -The logs of the Datadog Operator pod should show that the conversion webhook is enabled, the server is running, the certificates are watched. - -``` -kubectl logs datadog-operator-XXX-YYY -[...] -{"level":"INFO","ts":"2023-02-16T16:47:07Z","logger":"controller-runtime.webhook","msg":"Registering webhook","path":"/convert"} -{"level":"INFO","ts":"2023-02-16T16:47:07Z","logger":"controller-runtime.builder","msg":"Conversion webhook enabled","GVK":"datadoghq.com/v2alpha1, Kind=DatadogAgent"} -{"level":"INFO","ts":"2023-02-16T16:47:07Z","logger":"setup","msg":"starting manager"} -{"level":"INFO","ts":"2023-02-16T16:47:07Z","logger":"controller-runtime.webhook.webhooks","msg":"Starting webhook server"} -{"level":"INFO","ts":"2023-02-16T16:47:07Z","logger":"controller-runtime.certwatcher","msg":"Updated current TLS certificate"} -{"level":"INFO","ts":"2023-02-16T16:47:07Z","logger":"controller-runtime.webhook","msg":"Serving webhook server","host":"","port":9443} -{"level":"INFO","ts":"2023-02-16T16:47:07Z","msg":"Starting server","path":"/metrics","kind":"metrics","addr":"0.0.0.0:8383"} -{"level":"INFO","ts":"2023-02-16T16:47:07Z","msg":"Starting server","kind":"health probe","addr":"0.0.0.0:8081"} -{"level":"INFO","ts":"2023-02-16T16:47:07Z","logger":"controller-runtime.certwatcher","msg":"Starting certificate watcher"} -[...] -``` - -* Check the service registered for the conversion for a registered Endpoint - -``` -kubectl describe service datadog-operator-webhook-service -[...] -Name: datadog-operator-webhook-service -Namespace: default -[...] -Selector: app.kubernetes.io/instance=datadog-operator,app.kubernetes.io/name=datadog-operator -[...] -Port: 443/TCP -TargetPort: 9443/TCP -Endpoints: 10.88.3.28:9443 -``` - -* Verify the registered service for the conversion webhook - -``` -kubectl describe crd datadogagents.datadoghq.com -[...] - Conversion: - Strategy: Webhook - Webhook: - Client Config: - Ca Bundle: LS0t[...]UtLS0tLQo= - Service: - Name: datadog-operator-webhook-service - Namespace: default - Path: /convert - Port: 443 - Conversion Review Versions: - v1 -``` - -* The CRD does not have the `caBundle` - -Make sure that the CRD has the correct annotation: `cert-manager.io/inject-ca-from: default/datadog-operator-serving-cert` and check the logs of the `cert-manager-cainjector` pod. - -If you do not see anything standing out, setting the log level to 5 (debug) might help: - -``` -kubectl edit deploy cert-manager-cainjector -n cert-manager -[...] - spec: - containers: - - args: - - --v=5 -[...] -``` - -You should see logs such as: - -``` -[...] -I0217 08:11:15.582479 1 controller.go:178] cert-manager/certificate/customresourcedefinition/generic-inject-reconciler "msg"="updated object" "resource_kind"="CustomResourceDefinition" "resource_name"="datadogagents.datadoghq.com" "resource_namespace"="" "resource_version"="v1" -I0217 08:25:24.989209 1 sources.go:98] cert-manager/certificate/customresourcedefinition/generic-inject-reconciler "msg"="Extracting CA from Certificate resource" "certificate"="default/datadog-operator-serving-cert" "resource_kind"="CustomResourceDefinition" "resource_name"="datadogagents.datadoghq.com" "resource_namespace"="" "resource_version"="v1" -[...] -``` -### Rollback - -If you migrated to the new version of the Datadog Operator using v2alpha1 but want to rollback to the former version, we recommend: -- Scaling the Datadog Operator deployment to 0 replicas. - ``` - kubectl scale deploy datadog-operator --replicas=0 - ``` -- Upgrading the chart to have v1alpha1 stored and for the Datadog Operator to use the 0.8.X image. - ``` - helm upgrade \ - datadog-operator datadog/datadog-operator \ - --set image.tag=0.8.4 \ - --set datadogCRDs.migration.datadogAgents.version=v1alpha1 \ - --set datadogCRDs.migration.datadogAgents.useCertManager=false \ - --set datadogCRDs.migration.datadogAgents.conversionWebhook.enabled=false - ``` -- Redeploy the previous DatadogAgent v1alpha1 object. - -Note: The Daemonset of the Datadog Agents will be rolled out in the process. +``` \ No newline at end of file diff --git a/charts/datadog-operator/templates/NOTES.txt b/charts/datadog-operator/templates/NOTES.txt index 62d6d657f..2c9b4ba69 100644 --- a/charts/datadog-operator/templates/NOTES.txt +++ b/charts/datadog-operator/templates/NOTES.txt @@ -41,22 +41,3 @@ The maximumGoroutines parameter isn't supported by the Operator 1.0.0-rc.12 and Setting a value will not change the default defined in the Operator. {{- end }} {{- end }} - -{{- if (semverCompare ">=1.0.0" $version) }} - {{- if .Values.datadogCRDs.migration.datadogAgents.conversionWebhook.enabled }} -############################################################################## -#### WARNING: v1alpha1 and conversion webhook deprecation. #### -############################################################################## - -DatadogAgent v1alpha1 reconciliation in the Operator is deprecated since v1.2.0+ and will be removed in v1.7.0. -Once removed, the Datadog Operator cannot be configured to reconcile the v1alpha1 DatadogAgent CRD. -However, you will still be able to apply a v1alpha1 manifest with the conversion webhook enabled (using `datadogCRDs.migration.datadogAgents.conversionWebhook.enabled`). -DatadogAgent v1alpha1 and the conversion webhook will be removed in v1.8.0. -See the migration page for instructions on migrating to v2alpha1: https://docs.datadoghq.com/containers/guide/datadogoperator_migration/ - {{- end }} -{{- end }} - - -{{- if not (and (semverCompare ">=1.0.0-0" $version) (eq .Values.datadogCRDs.migration.datadogAgents.version "v2alpha1")) }} -{{- fail "The Datadog Operator `1.0.0` reconciles `DatadogAgent` versions `v2alpha1`. Using an old version of the Datadog Operator (< 1.0.0) with the new version of the DatadogAgent Customer Resource, or the Datadog Operator `1.X` with the `v1alpha1` as stored version of the DatadogAgent is not supported. If you are using a DatadogAgent `v1alpha1`, refer to the Migration Steps: https://github.com/DataDog/helm-charts/blob/main/charts/datadog-operator/README.md#migrating-to-the-version-10-of-the-datadog-operator."}} -{{- end }} diff --git a/charts/datadog-operator/templates/_helpers.tpl b/charts/datadog-operator/templates/_helpers.tpl index c5a5d370a..6625f0cd3 100644 --- a/charts/datadog-operator/templates/_helpers.tpl +++ b/charts/datadog-operator/templates/_helpers.tpl @@ -85,6 +85,6 @@ Check operator image tag version. {{- if not .Values.image.doNotCheckTag -}} {{- .Values.image.tag -}} {{- else -}} -{{ "1.7.0" }} +{{ "1.8.0" }} {{- end -}} {{- end -}} \ No newline at end of file diff --git a/charts/datadog-operator/templates/certificate_conversion.yaml b/charts/datadog-operator/templates/certificate_conversion.yaml deleted file mode 100644 index e3d104d3d..000000000 --- a/charts/datadog-operator/templates/certificate_conversion.yaml +++ /dev/null @@ -1,26 +0,0 @@ -# The following manifests contain a self-signed issuer CR and a certificate CR. -# More document can be found at https://docs.cert-manager.io -# WARNING: Targets CertManager v1.0. Check https://cert-manager.io/docs/installation/upgrading/ for breaking changes. -{{- if and .Values.datadogCRDs.migration.datadogAgents.conversionWebhook.enabled .Values.datadogCRDs.migration.datadogAgents.useCertManager }} -apiVersion: cert-manager.io/v1 -kind: Issuer -metadata: - name: {{ .Release.Name }}-selfsigned-issuer - namespace: {{ .Release.Namespace }} -spec: - selfSigned: {} ---- -apiVersion: cert-manager.io/v1 -kind: Certificate -metadata: - name: {{ .Release.Name }}-serving-cert - namespace: {{ .Release.Namespace }} -spec: - dnsNames: - - {{ .Values.datadogCRDs.migration.datadogAgents.conversionWebhook.name }}.{{ .Values.datadogCRDs.migration.datadogAgents.conversionWebhook.namespace }}.svc - - {{ .Values.datadogCRDs.migration.datadogAgents.conversionWebhook.name }}.{{ .Values.datadogCRDs.migration.datadogAgents.conversionWebhook.namespace }}.svc.cluster.local - issuerRef: - kind: Issuer - name: {{ .Release.Name }}-selfsigned-issuer - secretName: {{ .Release.Name }}-webhook-server-cert -{{- end }} diff --git a/charts/datadog-operator/templates/clusterrole.yaml b/charts/datadog-operator/templates/clusterrole.yaml index f4b212891..7dc6b54bb 100644 --- a/charts/datadog-operator/templates/clusterrole.yaml +++ b/charts/datadog-operator/templates/clusterrole.yaml @@ -8,6 +8,9 @@ metadata: rules: - nonResourceURLs: - /metrics + verbs: + - get +- nonResourceURLs: - /metrics/slis verbs: - get @@ -186,6 +189,13 @@ rules: - patch - update - watch +- apiGroups: + - '*' + resources: + - '*/scale' + verbs: + - get + - update - apiGroups: - admissionregistration.k8s.io resources: @@ -199,12 +209,21 @@ rules: verbs: - list - watch +- apiGroups: + - apiextensions.k8s.io + resources: + - customresourcedefinitions + verbs: + - list + - watch - apiGroups: - apiregistration.k8s.io resources: - apiservices verbs: - '*' + - list + - watch - apiGroups: - apps resources: @@ -293,6 +312,12 @@ rules: - patch - update - watch +- apiGroups: + - authorization.k8s.io + resources: + - pods/exec + verbs: + - create - apiGroups: - authorization.k8s.io resources: @@ -331,14 +356,6 @@ rules: verbs: - list - watch -- apiGroups: - - apiextensions.k8s.io - - extensions - resources: - - customresourcedefinitions - verbs: - - list - - watch - apiGroups: - autoscaling.k8s.io resources: @@ -475,13 +492,19 @@ rules: - apiGroups: - datadoghq.com resources: - - extendeddaemonsetreplicasets + - datadogpodautoscalers verbs: - - get + - '*' - apiGroups: - datadoghq.com resources: - - extendeddaemonsets + - datadogpodautoscalers/status + verbs: + - '*' +- apiGroups: + - datadoghq.com + resources: + - datadogslos verbs: - create - delete @@ -493,43 +516,56 @@ rules: - apiGroups: - datadoghq.com resources: - - watermarkpodautoscalers + - datadogslos/finalizers verbs: + - create + - delete - get - list + - patch + - update - watch - apiGroups: - - datadoghq.com + - datadoghq.com resources: - - datadogslos + - datadogslos/status verbs: - - create - - delete - - get - - list - - patch - - update - - watch + - get + - patch + - update - apiGroups: - - datadoghq.com + - datadoghq.com resources: - - datadogslos/finalizers + - extendeddaemonsetreplicasets verbs: - - create - - delete - - get - - list - - patch - - update - - watch + - get - apiGroups: - - datadoghq.com + - datadoghq.com resources: - - datadogslos/status + - extendeddaemonsets verbs: - - get - - patch - - update + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - datadoghq.com + resources: + - watermarkpodautoscalers + verbs: + - get + - list + - watch +- apiGroups: + - extensions + resources: + - customresourcedefinitions + verbs: + - list + - watch - apiGroups: - external.metrics.k8s.io resources: @@ -696,12 +732,6 @@ rules: verbs: - list - watch -- apiGroups: - - "" - resources: - - pods/exec - verbs: - - create {{- if .Values.datadogAgentProfile.enabled }} - apiGroups: - "" @@ -724,16 +754,23 @@ rules: - apiGroups: - datadoghq.com resources: - - datadogagentprofiles/status + - datadogagentprofiles/finalizers verbs: + - create + - delete - get + - list - patch - update + - watch - apiGroups: - datadoghq.com resources: - - datadogagentprofiles/finalizers + - datadogagentprofiles/status verbs: + - get + - patch - update {{- end }} -{{- end -}} +{{- end }} + diff --git a/charts/datadog-operator/templates/deployment.yaml b/charts/datadog-operator/templates/deployment.yaml index f4ee14e9b..333370722 100644 --- a/charts/datadog-operator/templates/deployment.yaml +++ b/charts/datadog-operator/templates/deployment.yaml @@ -107,9 +107,6 @@ spec: - "-metrics-addr=:{{ .Values.metricsPort }}" - "-loglevel={{ .Values.logLevel }}" - "-operatorMetricsEnabled={{ .Values.operatorMetricsEnabled }}" - {{- if and (not (empty .Values.datadogCRDs.migration.datadogAgents.conversionWebhook.enabled)) (semverCompare ">=1.0.0-0" $version ) (semverCompare "<1.7.0-0" $version ) }} - - "-webhookEnabled={{ .Values.datadogCRDs.migration.datadogAgents.conversionWebhook.enabled }}" - {{- end }} {{- if .Values.secretBackend.command }} - "-secretBackendCommand={{ .Values.secretBackend.command }}" {{- end }} @@ -139,11 +136,6 @@ spec: - name: metrics containerPort: {{ .Values.metricsPort }} protocol: TCP - {{- if .Values.datadogCRDs.migration.datadogAgents.conversionWebhook.enabled }} - - name: webhook - containerPort: 9443 - protocol: TCP - {{- end }} livenessProbe: httpGet: path: /healthz/ @@ -152,11 +144,6 @@ spec: resources: {{- toYaml .Values.resources | nindent 12 }} volumeMounts: - {{- if .Values.datadogCRDs.migration.datadogAgents.conversionWebhook.enabled }} - - mountPath: /tmp/k8s-webhook-server/serving-certs - name: cert - readOnly: true - {{- end }} {{- if .Values.volumeMounts }} {{- toYaml .Values.volumeMounts | nindent 10 }} {{- end }} @@ -177,12 +164,6 @@ spec: {{- toYaml . | nindent 8 }} {{- end }} volumes: - {{- if .Values.datadogCRDs.migration.datadogAgents.conversionWebhook.enabled }} - - name: cert - secret: - defaultMode: 420 - secretName: {{ .Release.Name }}-webhook-server-cert - {{- end }} {{- if .Values.volumes }} {{- toYaml .Values.volumes | nindent 6 }} {{- end }} diff --git a/charts/datadog-operator/templates/webhook-service.yaml b/charts/datadog-operator/templates/webhook-service.yaml deleted file mode 100644 index 0f1975041..000000000 --- a/charts/datadog-operator/templates/webhook-service.yaml +++ /dev/null @@ -1,14 +0,0 @@ -{{- if .Values.datadogCRDs.migration.datadogAgents.conversionWebhook.enabled -}} -apiVersion: v1 -kind: Service -metadata: - name: {{ .Values.datadogCRDs.migration.datadogAgents.conversionWebhook.name }} - namespace: {{ .Values.datadogCRDs.migration.datadogAgents.conversionWebhook.namespace }} -spec: - ports: - - port: 443 - targetPort: 9443 - selector: - app.kubernetes.io/name: {{ include "datadog-operator.name" . }} - app.kubernetes.io/instance: {{ .Release.Name }} -{{- end }} diff --git a/charts/datadog-operator/values.yaml b/charts/datadog-operator/values.yaml index 22b156036..318f78227 100644 --- a/charts/datadog-operator/values.yaml +++ b/charts/datadog-operator/values.yaml @@ -47,7 +47,7 @@ image: # image.repository -- Repository to use for Datadog Operator image repository: gcr.io/datadoghq/operator # image.tag -- Define the Datadog Operator version to use - tag: 1.7.0 + tag: 1.8.0 # image.pullPolicy -- Define the pullPolicy for Datadog Operator image pullPolicy: IfNotPresent # image.doNotCheckTag -- Permit skipping operator image tag compatibility with the chart. @@ -143,16 +143,6 @@ datadogCRDs: # datadogCRDs.crds.datadogSLOs -- Set to true to deploy the DatadogSLO CRD datadogSLOs: false - # v1alpha1 to v2alpha1 CRD conversion is deprecated in v1.7.0 - migration: - datadogAgents: - conversionWebhook: - enabled: false - name: datadog-operator-webhook-service - namespace: default - useCertManager: false - version: "v2alpha1" - # podAnnotations -- Allows setting additional annotations for Datadog Operator PODs podAnnotations: {} # podLabels -- Allows setting additional labels for for Datadog Operator PODs diff --git a/test/datadog-operator/baseline/DatadogAgent_CRD_default.yaml b/test/datadog-operator/baseline/DatadogAgent_CRD_default.yaml index 732097cc9..d241a6bc6 100644 --- a/test/datadog-operator/baseline/DatadogAgent_CRD_default.yaml +++ b/test/datadog-operator/baseline/DatadogAgent_CRD_default.yaml @@ -4,11 +4,10 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.6.1 - creationTimestamp: null + controller-gen.kubebuilder.io/version: v0.14.0 name: datadogagents.datadoghq.com labels: - helm.sh/chart: 'datadogCRDs-1.7.0' + helm.sh/chart: 'datadogCRDs-2.0.0' app.kubernetes.io/managed-by: 'Helm' app.kubernetes.io/name: 'datadogCRDs' app.kubernetes.io/instance: 'datadog-operator' @@ -23,5827 +22,6 @@ spec: singular: datadogagent scope: Namespaced versions: - - additionalPrinterColumns: - - jsonPath: .status.conditions[?(@.type=='Active')].status - name: active - type: string - - jsonPath: .status.agent.status - name: agent - type: string - - jsonPath: .status.clusterAgent.status - name: cluster-agent - type: string - - jsonPath: .status.clusterChecksRunner.status - name: cluster-checks-runner - type: string - - jsonPath: .metadata.creationTimestamp - name: age - type: date - name: v1alpha1 - schema: - openAPIV3Schema: - properties: - apiVersion: - type: string - kind: - type: string - metadata: - type: object - spec: - properties: - agent: - properties: - additionalAnnotations: - additionalProperties: - type: string - type: object - additionalLabels: - additionalProperties: - type: string - type: object - affinity: - properties: - nodeAffinity: - properties: - preferredDuringSchedulingIgnoredDuringExecution: - items: - properties: - preference: - properties: - matchExpressions: - items: - properties: - key: - type: string - operator: - type: string - values: - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchFields: - items: - properties: - key: - type: string - operator: - type: string - values: - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - type: object - weight: - format: int32 - type: integer - required: - - preference - - weight - type: object - type: array - requiredDuringSchedulingIgnoredDuringExecution: - properties: - nodeSelectorTerms: - items: - properties: - matchExpressions: - items: - properties: - key: - type: string - operator: - type: string - values: - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchFields: - items: - properties: - key: - type: string - operator: - type: string - values: - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - type: object - type: array - required: - - nodeSelectorTerms - type: object - type: object - podAffinity: - properties: - preferredDuringSchedulingIgnoredDuringExecution: - items: - properties: - podAffinityTerm: - properties: - labelSelector: - properties: - matchExpressions: - items: - properties: - key: - type: string - operator: - type: string - values: - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - type: object - type: object - namespaceSelector: - properties: - matchExpressions: - items: - properties: - key: - type: string - operator: - type: string - values: - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - type: object - type: object - namespaces: - items: - type: string - type: array - topologyKey: - type: string - required: - - topologyKey - type: object - weight: - format: int32 - type: integer - required: - - podAffinityTerm - - weight - type: object - type: array - requiredDuringSchedulingIgnoredDuringExecution: - items: - properties: - labelSelector: - properties: - matchExpressions: - items: - properties: - key: - type: string - operator: - type: string - values: - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - type: object - type: object - namespaceSelector: - properties: - matchExpressions: - items: - properties: - key: - type: string - operator: - type: string - values: - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - type: object - type: object - namespaces: - items: - type: string - type: array - topologyKey: - type: string - required: - - topologyKey - type: object - type: array - type: object - podAntiAffinity: - properties: - preferredDuringSchedulingIgnoredDuringExecution: - items: - properties: - podAffinityTerm: - properties: - labelSelector: - properties: - matchExpressions: - items: - properties: - key: - type: string - operator: - type: string - values: - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - type: object - type: object - namespaceSelector: - properties: - matchExpressions: - items: - properties: - key: - type: string - operator: - type: string - values: - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - type: object - type: object - namespaces: - items: - type: string - type: array - topologyKey: - type: string - required: - - topologyKey - type: object - weight: - format: int32 - type: integer - required: - - podAffinityTerm - - weight - type: object - type: array - requiredDuringSchedulingIgnoredDuringExecution: - items: - properties: - labelSelector: - properties: - matchExpressions: - items: - properties: - key: - type: string - operator: - type: string - values: - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - type: object - type: object - namespaceSelector: - properties: - matchExpressions: - items: - properties: - key: - type: string - operator: - type: string - values: - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - type: object - type: object - namespaces: - items: - type: string - type: array - topologyKey: - type: string - required: - - topologyKey - type: object - type: array - type: object - type: object - apm: - properties: - args: - items: - type: string - type: array - x-kubernetes-list-type: atomic - command: - items: - type: string - type: array - x-kubernetes-list-type: atomic - enabled: - type: boolean - env: - items: - properties: - name: - type: string - value: - type: string - valueFrom: - properties: - configMapKeyRef: - properties: - key: - type: string - name: - type: string - optional: - type: boolean - required: - - key - type: object - fieldRef: - properties: - apiVersion: - type: string - fieldPath: - type: string - required: - - fieldPath - type: object - resourceFieldRef: - properties: - containerName: - type: string - divisor: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - resource: - type: string - required: - - resource - type: object - secretKeyRef: - properties: - key: - type: string - name: - type: string - optional: - type: boolean - required: - - key - type: object - type: object - required: - - name - type: object - type: array - x-kubernetes-list-map-keys: - - name - x-kubernetes-list-type: map - hostPort: - format: int32 - type: integer - livenessProbe: - properties: - exec: - properties: - command: - items: - type: string - type: array - type: object - failureThreshold: - format: int32 - type: integer - grpc: - properties: - port: - format: int32 - type: integer - service: - type: string - required: - - port - type: object - httpGet: - properties: - host: - type: string - httpHeaders: - items: - properties: - name: - type: string - value: - type: string - required: - - name - - value - type: object - type: array - path: - type: string - port: - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - scheme: - type: string - required: - - port - type: object - initialDelaySeconds: - format: int32 - type: integer - periodSeconds: - format: int32 - type: integer - successThreshold: - format: int32 - type: integer - tcpSocket: - properties: - host: - type: string - port: - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - required: - - port - type: object - terminationGracePeriodSeconds: - format: int64 - type: integer - timeoutSeconds: - format: int32 - type: integer - type: object - resources: - properties: - limits: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - type: object - requests: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - type: object - type: object - unixDomainSocket: - properties: - enabled: - type: boolean - hostFilepath: - type: string - type: object - volumeMounts: - items: - properties: - mountPath: - type: string - mountPropagation: - type: string - name: - type: string - readOnly: - type: boolean - subPath: - type: string - subPathExpr: - type: string - required: - - mountPath - - name - type: object - type: array - x-kubernetes-list-map-keys: - - name - - mountPath - x-kubernetes-list-type: map - type: object - config: - properties: - args: - items: - type: string - type: array - x-kubernetes-list-type: atomic - checksd: - properties: - configMapName: - type: string - items: - items: - properties: - key: - type: string - mode: - format: int32 - type: integer - path: - type: string - required: - - key - - path - type: object - type: array - x-kubernetes-list-map-keys: - - key - x-kubernetes-list-type: map - type: object - collectEvents: - type: boolean - command: - items: - type: string - type: array - x-kubernetes-list-type: atomic - confd: - properties: - configMapName: - type: string - items: - items: - properties: - key: - type: string - mode: - format: int32 - type: integer - path: - type: string - required: - - key - - path - type: object - type: array - x-kubernetes-list-map-keys: - - key - x-kubernetes-list-type: map - type: object - criSocket: - properties: - criSocketPath: - type: string - dockerSocketPath: - type: string - type: object - ddUrl: - type: string - dogstatsd: - properties: - dogstatsdOriginDetection: - type: boolean - mapperProfiles: - properties: - configData: - type: string - configMap: - properties: - fileKey: - type: string - name: - type: string - type: object - type: object - unixDomainSocket: - properties: - enabled: - type: boolean - hostFilepath: - type: string - type: object - type: object - env: - items: - properties: - name: - type: string - value: - type: string - valueFrom: - properties: - configMapKeyRef: - properties: - key: - type: string - name: - type: string - optional: - type: boolean - required: - - key - type: object - fieldRef: - properties: - apiVersion: - type: string - fieldPath: - type: string - required: - - fieldPath - type: object - resourceFieldRef: - properties: - containerName: - type: string - divisor: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - resource: - type: string - required: - - resource - type: object - secretKeyRef: - properties: - key: - type: string - name: - type: string - optional: - type: boolean - required: - - key - type: object - type: object - required: - - name - type: object - type: array - x-kubernetes-list-map-keys: - - name - x-kubernetes-list-type: map - healthPort: - format: int32 - type: integer - hostPort: - format: int32 - type: integer - kubelet: - properties: - agentCAPath: - type: string - host: - properties: - configMapKeyRef: - properties: - key: - type: string - name: - type: string - optional: - type: boolean - required: - - key - type: object - fieldRef: - properties: - apiVersion: - type: string - fieldPath: - type: string - required: - - fieldPath - type: object - resourceFieldRef: - properties: - containerName: - type: string - divisor: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - resource: - type: string - required: - - resource - type: object - secretKeyRef: - properties: - key: - type: string - name: - type: string - optional: - type: boolean - required: - - key - type: object - type: object - hostCAPath: - type: string - tlsVerify: - type: boolean - type: object - leaderElection: - type: boolean - livenessProbe: - properties: - exec: - properties: - command: - items: - type: string - type: array - type: object - failureThreshold: - format: int32 - type: integer - grpc: - properties: - port: - format: int32 - type: integer - service: - type: string - required: - - port - type: object - httpGet: - properties: - host: - type: string - httpHeaders: - items: - properties: - name: - type: string - value: - type: string - required: - - name - - value - type: object - type: array - path: - type: string - port: - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - scheme: - type: string - required: - - port - type: object - initialDelaySeconds: - format: int32 - type: integer - periodSeconds: - format: int32 - type: integer - successThreshold: - format: int32 - type: integer - tcpSocket: - properties: - host: - type: string - port: - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - required: - - port - type: object - terminationGracePeriodSeconds: - format: int64 - type: integer - timeoutSeconds: - format: int32 - type: integer - type: object - logLevel: - type: string - namespaceLabelsAsTags: - additionalProperties: - type: string - type: object - nodeLabelsAsTags: - additionalProperties: - type: string - type: object - podAnnotationsAsTags: - additionalProperties: - type: string - type: object - podLabelsAsTags: - additionalProperties: - type: string - type: object - readinessProbe: - properties: - exec: - properties: - command: - items: - type: string - type: array - type: object - failureThreshold: - format: int32 - type: integer - grpc: - properties: - port: - format: int32 - type: integer - service: - type: string - required: - - port - type: object - httpGet: - properties: - host: - type: string - httpHeaders: - items: - properties: - name: - type: string - value: - type: string - required: - - name - - value - type: object - type: array - path: - type: string - port: - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - scheme: - type: string - required: - - port - type: object - initialDelaySeconds: - format: int32 - type: integer - periodSeconds: - format: int32 - type: integer - successThreshold: - format: int32 - type: integer - tcpSocket: - properties: - host: - type: string - port: - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - required: - - port - type: object - terminationGracePeriodSeconds: - format: int64 - type: integer - timeoutSeconds: - format: int32 - type: integer - type: object - resources: - properties: - limits: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - type: object - requests: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - type: object - type: object - securityContext: - properties: - fsGroup: - format: int64 - type: integer - fsGroupChangePolicy: - type: string - runAsGroup: - format: int64 - type: integer - runAsNonRoot: - type: boolean - runAsUser: - format: int64 - type: integer - seLinuxOptions: - properties: - level: - type: string - role: - type: string - type: - type: string - user: - type: string - type: object - seccompProfile: - properties: - localhostProfile: - type: string - type: - type: string - required: - - type - type: object - supplementalGroups: - items: - format: int64 - type: integer - type: array - sysctls: - items: - properties: - name: - type: string - value: - type: string - required: - - name - - value - type: object - type: array - windowsOptions: - properties: - gmsaCredentialSpec: - type: string - gmsaCredentialSpecName: - type: string - hostProcess: - type: boolean - runAsUserName: - type: string - type: object - type: object - tags: - items: - type: string - type: array - x-kubernetes-list-type: set - tolerations: - items: - properties: - effect: - type: string - key: - type: string - operator: - type: string - tolerationSeconds: - format: int64 - type: integer - value: - type: string - type: object - type: array - x-kubernetes-list-type: atomic - volumeMounts: - items: - properties: - mountPath: - type: string - mountPropagation: - type: string - name: - type: string - readOnly: - type: boolean - subPath: - type: string - subPathExpr: - type: string - required: - - mountPath - - name - type: object - type: array - x-kubernetes-list-map-keys: - - name - - mountPath - x-kubernetes-list-type: map - volumes: - items: - properties: - awsElasticBlockStore: - properties: - fsType: - type: string - partition: - format: int32 - type: integer - readOnly: - type: boolean - volumeID: - type: string - required: - - volumeID - type: object - azureDisk: - properties: - cachingMode: - type: string - diskName: - type: string - diskURI: - type: string - fsType: - type: string - kind: - type: string - readOnly: - type: boolean - required: - - diskName - - diskURI - type: object - azureFile: - properties: - readOnly: - type: boolean - secretName: - type: string - shareName: - type: string - required: - - secretName - - shareName - type: object - cephfs: - properties: - monitors: - items: - type: string - type: array - path: - type: string - readOnly: - type: boolean - secretFile: - type: string - secretRef: - properties: - name: - type: string - type: object - user: - type: string - required: - - monitors - type: object - cinder: - properties: - fsType: - type: string - readOnly: - type: boolean - secretRef: - properties: - name: - type: string - type: object - volumeID: - type: string - required: - - volumeID - type: object - configMap: - properties: - defaultMode: - format: int32 - type: integer - items: - items: - properties: - key: - type: string - mode: - format: int32 - type: integer - path: - type: string - required: - - key - - path - type: object - type: array - name: - type: string - optional: - type: boolean - type: object - csi: - properties: - driver: - type: string - fsType: - type: string - nodePublishSecretRef: - properties: - name: - type: string - type: object - readOnly: - type: boolean - volumeAttributes: - additionalProperties: - type: string - type: object - required: - - driver - type: object - downwardAPI: - properties: - defaultMode: - format: int32 - type: integer - items: - items: - properties: - fieldRef: - properties: - apiVersion: - type: string - fieldPath: - type: string - required: - - fieldPath - type: object - mode: - format: int32 - type: integer - path: - type: string - resourceFieldRef: - properties: - containerName: - type: string - divisor: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - resource: - type: string - required: - - resource - type: object - required: - - path - type: object - type: array - type: object - emptyDir: - properties: - medium: - type: string - sizeLimit: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - type: object - ephemeral: - properties: - volumeClaimTemplate: - properties: - metadata: - type: object - spec: - properties: - accessModes: - items: - type: string - type: array - dataSource: - properties: - apiGroup: - type: string - kind: - type: string - name: - type: string - required: - - kind - - name - type: object - dataSourceRef: - properties: - apiGroup: - type: string - kind: - type: string - name: - type: string - required: - - kind - - name - type: object - resources: - properties: - limits: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - type: object - requests: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - type: object - type: object - selector: - properties: - matchExpressions: - items: - properties: - key: - type: string - operator: - type: string - values: - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - type: object - type: object - storageClassName: - type: string - volumeMode: - type: string - volumeName: - type: string - type: object - required: - - spec - type: object - type: object - fc: - properties: - fsType: - type: string - lun: - format: int32 - type: integer - readOnly: - type: boolean - targetWWNs: - items: - type: string - type: array - wwids: - items: - type: string - type: array - type: object - flexVolume: - properties: - driver: - type: string - fsType: - type: string - options: - additionalProperties: - type: string - type: object - readOnly: - type: boolean - secretRef: - properties: - name: - type: string - type: object - required: - - driver - type: object - flocker: - properties: - datasetName: - type: string - datasetUUID: - type: string - type: object - gcePersistentDisk: - properties: - fsType: - type: string - partition: - format: int32 - type: integer - pdName: - type: string - readOnly: - type: boolean - required: - - pdName - type: object - gitRepo: - properties: - directory: - type: string - repository: - type: string - revision: - type: string - required: - - repository - type: object - glusterfs: - properties: - endpoints: - type: string - path: - type: string - readOnly: - type: boolean - required: - - endpoints - - path - type: object - hostPath: - properties: - path: - type: string - type: - type: string - required: - - path - type: object - iscsi: - properties: - chapAuthDiscovery: - type: boolean - chapAuthSession: - type: boolean - fsType: - type: string - initiatorName: - type: string - iqn: - type: string - iscsiInterface: - type: string - lun: - format: int32 - type: integer - portals: - items: - type: string - type: array - readOnly: - type: boolean - secretRef: - properties: - name: - type: string - type: object - targetPortal: - type: string - required: - - iqn - - lun - - targetPortal - type: object - name: - type: string - nfs: - properties: - path: - type: string - readOnly: - type: boolean - server: - type: string - required: - - path - - server - type: object - persistentVolumeClaim: - properties: - claimName: - type: string - readOnly: - type: boolean - required: - - claimName - type: object - photonPersistentDisk: - properties: - fsType: - type: string - pdID: - type: string - required: - - pdID - type: object - portworxVolume: - properties: - fsType: - type: string - readOnly: - type: boolean - volumeID: - type: string - required: - - volumeID - type: object - projected: - properties: - defaultMode: - format: int32 - type: integer - sources: - items: - properties: - configMap: - properties: - items: - items: - properties: - key: - type: string - mode: - format: int32 - type: integer - path: - type: string - required: - - key - - path - type: object - type: array - name: - type: string - optional: - type: boolean - type: object - downwardAPI: - properties: - items: - items: - properties: - fieldRef: - properties: - apiVersion: - type: string - fieldPath: - type: string - required: - - fieldPath - type: object - mode: - format: int32 - type: integer - path: - type: string - resourceFieldRef: - properties: - containerName: - type: string - divisor: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - resource: - type: string - required: - - resource - type: object - required: - - path - type: object - type: array - type: object - secret: - properties: - items: - items: - properties: - key: - type: string - mode: - format: int32 - type: integer - path: - type: string - required: - - key - - path - type: object - type: array - name: - type: string - optional: - type: boolean - type: object - serviceAccountToken: - properties: - audience: - type: string - expirationSeconds: - format: int64 - type: integer - path: - type: string - required: - - path - type: object - type: object - type: array - type: object - quobyte: - properties: - group: - type: string - readOnly: - type: boolean - registry: - type: string - tenant: - type: string - user: - type: string - volume: - type: string - required: - - registry - - volume - type: object - rbd: - properties: - fsType: - type: string - image: - type: string - keyring: - type: string - monitors: - items: - type: string - type: array - pool: - type: string - readOnly: - type: boolean - secretRef: - properties: - name: - type: string - type: object - user: - type: string - required: - - image - - monitors - type: object - scaleIO: - properties: - fsType: - type: string - gateway: - type: string - protectionDomain: - type: string - readOnly: - type: boolean - secretRef: - properties: - name: - type: string - type: object - sslEnabled: - type: boolean - storageMode: - type: string - storagePool: - type: string - system: - type: string - volumeName: - type: string - required: - - gateway - - secretRef - - system - type: object - secret: - properties: - defaultMode: - format: int32 - type: integer - items: - items: - properties: - key: - type: string - mode: - format: int32 - type: integer - path: - type: string - required: - - key - - path - type: object - type: array - optional: - type: boolean - secretName: - type: string - type: object - storageos: - properties: - fsType: - type: string - readOnly: - type: boolean - secretRef: - properties: - name: - type: string - type: object - volumeName: - type: string - volumeNamespace: - type: string - type: object - vsphereVolume: - properties: - fsType: - type: string - storagePolicyID: - type: string - storagePolicyName: - type: string - volumePath: - type: string - required: - - volumePath - type: object - required: - - name - type: object - type: array - x-kubernetes-list-map-keys: - - name - x-kubernetes-list-type: map - type: object - customConfig: - properties: - configData: - type: string - configMap: - properties: - fileKey: - type: string - name: - type: string - type: object - type: object - daemonsetName: - type: string - deploymentStrategy: - properties: - canary: - properties: - autoFail: - properties: - canaryTimeout: - type: string - enabled: - type: boolean - maxRestarts: - format: int32 - type: integer - maxRestartsDuration: - type: string - type: object - autoPause: - properties: - enabled: - type: boolean - maxRestarts: - format: int32 - type: integer - maxSlowStartDuration: - type: string - type: object - duration: - type: string - noRestartsDuration: - type: string - nodeAntiAffinityKeys: - items: - type: string - type: array - x-kubernetes-list-type: set - nodeSelector: - properties: - matchExpressions: - items: - properties: - key: - type: string - operator: - type: string - values: - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - type: object - type: object - replicas: - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - validationMode: - enum: - - auto - - manual - type: string - type: object - reconcileFrequency: - type: string - rollingUpdate: - properties: - maxParallelPodCreation: - format: int32 - type: integer - maxPodSchedulerFailure: - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - maxUnavailable: - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - slowStartAdditiveIncrease: - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - slowStartIntervalDuration: - type: string - type: object - updateStrategyType: - type: string - type: object - dnsConfig: - properties: - nameservers: - items: - type: string - type: array - options: - items: - properties: - name: - type: string - value: - type: string - type: object - type: array - searches: - items: - type: string - type: array - type: object - dnsPolicy: - type: string - enabled: - type: boolean - env: - items: - properties: - name: - type: string - value: - type: string - valueFrom: - properties: - configMapKeyRef: - properties: - key: - type: string - name: - type: string - optional: - type: boolean - required: - - key - type: object - fieldRef: - properties: - apiVersion: - type: string - fieldPath: - type: string - required: - - fieldPath - type: object - resourceFieldRef: - properties: - containerName: - type: string - divisor: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - resource: - type: string - required: - - resource - type: object - secretKeyRef: - properties: - key: - type: string - name: - type: string - optional: - type: boolean - required: - - key - type: object - type: object - required: - - name - type: object - type: array - x-kubernetes-list-map-keys: - - name - x-kubernetes-list-type: map - hostNetwork: - type: boolean - hostPID: - type: boolean - image: - properties: - jmxEnabled: - type: boolean - name: - type: string - pullPolicy: - type: string - pullSecrets: - items: - properties: - name: - type: string - type: object - type: array - tag: - type: string - type: object - keepAnnotations: - type: string - keepLabels: - type: string - localService: - properties: - forceLocalServiceEnable: - type: boolean - overrideName: - type: string - type: object - log: - properties: - containerCollectUsingFiles: - type: boolean - containerLogsPath: - type: string - containerSymlinksPath: - type: string - enabled: - type: boolean - logsConfigContainerCollectAll: - type: boolean - openFilesLimit: - format: int32 - type: integer - podLogsPath: - type: string - tempStoragePath: - type: string - type: object - networkPolicy: - properties: - create: - type: boolean - dnsSelectorEndpoints: - items: - properties: - matchExpressions: - items: - properties: - key: - type: string - operator: - type: string - values: - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - type: object - type: object - type: array - x-kubernetes-list-type: atomic - flavor: - type: string - type: object - otlp: - properties: - receiver: - properties: - protocols: - properties: - grpc: - properties: - enabled: - type: boolean - endpoint: - type: string - type: object - http: - properties: - enabled: - type: boolean - endpoint: - type: string - type: object - type: object - type: object - type: object - priorityClassName: - type: string - process: - properties: - args: - items: - type: string - type: array - x-kubernetes-list-type: atomic - command: - items: - type: string - type: array - x-kubernetes-list-type: atomic - enabled: - type: boolean - env: - items: - properties: - name: - type: string - value: - type: string - valueFrom: - properties: - configMapKeyRef: - properties: - key: - type: string - name: - type: string - optional: - type: boolean - required: - - key - type: object - fieldRef: - properties: - apiVersion: - type: string - fieldPath: - type: string - required: - - fieldPath - type: object - resourceFieldRef: - properties: - containerName: - type: string - divisor: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - resource: - type: string - required: - - resource - type: object - secretKeyRef: - properties: - key: - type: string - name: - type: string - optional: - type: boolean - required: - - key - type: object - type: object - required: - - name - type: object - type: array - x-kubernetes-list-map-keys: - - name - x-kubernetes-list-type: map - processCollectionEnabled: - type: boolean - resources: - properties: - limits: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - type: object - requests: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - type: object - type: object - volumeMounts: - items: - properties: - mountPath: - type: string - mountPropagation: - type: string - name: - type: string - readOnly: - type: boolean - subPath: - type: string - subPathExpr: - type: string - required: - - mountPath - - name - type: object - type: array - x-kubernetes-list-map-keys: - - name - - mountPath - x-kubernetes-list-type: map - type: object - rbac: - properties: - create: - type: boolean - serviceAccountName: - type: string - type: object - security: - properties: - args: - items: - type: string - type: array - x-kubernetes-list-type: atomic - command: - items: - type: string - type: array - x-kubernetes-list-type: atomic - compliance: - properties: - checkInterval: - type: string - configDir: - properties: - configMapName: - type: string - items: - items: - properties: - key: - type: string - mode: - format: int32 - type: integer - path: - type: string - required: - - key - - path - type: object - type: array - x-kubernetes-list-map-keys: - - key - x-kubernetes-list-type: map - type: object - enabled: - type: boolean - type: object - env: - items: - properties: - name: - type: string - value: - type: string - valueFrom: - properties: - configMapKeyRef: - properties: - key: - type: string - name: - type: string - optional: - type: boolean - required: - - key - type: object - fieldRef: - properties: - apiVersion: - type: string - fieldPath: - type: string - required: - - fieldPath - type: object - resourceFieldRef: - properties: - containerName: - type: string - divisor: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - resource: - type: string - required: - - resource - type: object - secretKeyRef: - properties: - key: - type: string - name: - type: string - optional: - type: boolean - required: - - key - type: object - type: object - required: - - name - type: object - type: array - x-kubernetes-list-map-keys: - - name - x-kubernetes-list-type: map - resources: - properties: - limits: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - type: object - requests: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - type: object - type: object - runtime: - properties: - enabled: - type: boolean - policiesDir: - properties: - configMapName: - type: string - items: - items: - properties: - key: - type: string - mode: - format: int32 - type: integer - path: - type: string - required: - - key - - path - type: object - type: array - x-kubernetes-list-map-keys: - - key - x-kubernetes-list-type: map - type: object - syscallMonitor: - properties: - enabled: - type: boolean - type: object - type: object - volumeMounts: - items: - properties: - mountPath: - type: string - mountPropagation: - type: string - name: - type: string - readOnly: - type: boolean - subPath: - type: string - subPathExpr: - type: string - required: - - mountPath - - name - type: object - type: array - x-kubernetes-list-map-keys: - - name - - mountPath - x-kubernetes-list-type: map - type: object - systemProbe: - properties: - appArmorProfileName: - type: string - args: - items: - type: string - type: array - x-kubernetes-list-type: atomic - bpfDebugEnabled: - type: boolean - collectDNSStats: - type: boolean - command: - items: - type: string - type: array - x-kubernetes-list-type: atomic - conntrackEnabled: - type: boolean - customConfig: - properties: - configData: - type: string - configMap: - properties: - fileKey: - type: string - name: - type: string - type: object - type: object - debugPort: - format: int32 - type: integer - enableOOMKill: - type: boolean - enableTCPQueueLength: - type: boolean - enabled: - type: boolean - env: - items: - properties: - name: - type: string - value: - type: string - valueFrom: - properties: - configMapKeyRef: - properties: - key: - type: string - name: - type: string - optional: - type: boolean - required: - - key - type: object - fieldRef: - properties: - apiVersion: - type: string - fieldPath: - type: string - required: - - fieldPath - type: object - resourceFieldRef: - properties: - containerName: - type: string - divisor: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - resource: - type: string - required: - - resource - type: object - secretKeyRef: - properties: - key: - type: string - name: - type: string - optional: - type: boolean - required: - - key - type: object - type: object - required: - - name - type: object - type: array - x-kubernetes-list-map-keys: - - name - x-kubernetes-list-type: map - resources: - properties: - limits: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - type: object - requests: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - type: object - type: object - secCompCustomProfileConfigMap: - type: string - secCompProfileName: - type: string - secCompRootPath: - type: string - securityContext: - properties: - allowPrivilegeEscalation: - type: boolean - capabilities: - properties: - add: - items: - type: string - type: array - drop: - items: - type: string - type: array - type: object - privileged: - type: boolean - procMount: - type: string - readOnlyRootFilesystem: - type: boolean - runAsGroup: - format: int64 - type: integer - runAsNonRoot: - type: boolean - runAsUser: - format: int64 - type: integer - seLinuxOptions: - properties: - level: - type: string - role: - type: string - type: - type: string - user: - type: string - type: object - seccompProfile: - properties: - localhostProfile: - type: string - type: - type: string - required: - - type - type: object - windowsOptions: - properties: - gmsaCredentialSpec: - type: string - gmsaCredentialSpecName: - type: string - hostProcess: - type: boolean - runAsUserName: - type: string - type: object - type: object - volumeMounts: - items: - properties: - mountPath: - type: string - mountPropagation: - type: string - name: - type: string - readOnly: - type: boolean - subPath: - type: string - subPathExpr: - type: string - required: - - mountPath - - name - type: object - type: array - x-kubernetes-list-map-keys: - - name - - mountPath - x-kubernetes-list-type: map - type: object - useExtendedDaemonset: - type: boolean - type: object - clusterAgent: - properties: - additionalAnnotations: - additionalProperties: - type: string - type: object - additionalLabels: - additionalProperties: - type: string - type: object - affinity: - properties: - nodeAffinity: - properties: - preferredDuringSchedulingIgnoredDuringExecution: - items: - properties: - preference: - properties: - matchExpressions: - items: - properties: - key: - type: string - operator: - type: string - values: - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchFields: - items: - properties: - key: - type: string - operator: - type: string - values: - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - type: object - weight: - format: int32 - type: integer - required: - - preference - - weight - type: object - type: array - requiredDuringSchedulingIgnoredDuringExecution: - properties: - nodeSelectorTerms: - items: - properties: - matchExpressions: - items: - properties: - key: - type: string - operator: - type: string - values: - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchFields: - items: - properties: - key: - type: string - operator: - type: string - values: - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - type: object - type: array - required: - - nodeSelectorTerms - type: object - type: object - podAffinity: - properties: - preferredDuringSchedulingIgnoredDuringExecution: - items: - properties: - podAffinityTerm: - properties: - labelSelector: - properties: - matchExpressions: - items: - properties: - key: - type: string - operator: - type: string - values: - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - type: object - type: object - namespaceSelector: - properties: - matchExpressions: - items: - properties: - key: - type: string - operator: - type: string - values: - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - type: object - type: object - namespaces: - items: - type: string - type: array - topologyKey: - type: string - required: - - topologyKey - type: object - weight: - format: int32 - type: integer - required: - - podAffinityTerm - - weight - type: object - type: array - requiredDuringSchedulingIgnoredDuringExecution: - items: - properties: - labelSelector: - properties: - matchExpressions: - items: - properties: - key: - type: string - operator: - type: string - values: - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - type: object - type: object - namespaceSelector: - properties: - matchExpressions: - items: - properties: - key: - type: string - operator: - type: string - values: - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - type: object - type: object - namespaces: - items: - type: string - type: array - topologyKey: - type: string - required: - - topologyKey - type: object - type: array - type: object - podAntiAffinity: - properties: - preferredDuringSchedulingIgnoredDuringExecution: - items: - properties: - podAffinityTerm: - properties: - labelSelector: - properties: - matchExpressions: - items: - properties: - key: - type: string - operator: - type: string - values: - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - type: object - type: object - namespaceSelector: - properties: - matchExpressions: - items: - properties: - key: - type: string - operator: - type: string - values: - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - type: object - type: object - namespaces: - items: - type: string - type: array - topologyKey: - type: string - required: - - topologyKey - type: object - weight: - format: int32 - type: integer - required: - - podAffinityTerm - - weight - type: object - type: array - requiredDuringSchedulingIgnoredDuringExecution: - items: - properties: - labelSelector: - properties: - matchExpressions: - items: - properties: - key: - type: string - operator: - type: string - values: - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - type: object - type: object - namespaceSelector: - properties: - matchExpressions: - items: - properties: - key: - type: string - operator: - type: string - values: - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - type: object - type: object - namespaces: - items: - type: string - type: array - topologyKey: - type: string - required: - - topologyKey - type: object - type: array - type: object - type: object - config: - properties: - admissionController: - properties: - agentCommunicationMode: - type: string - enabled: - type: boolean - mutateUnlabelled: - type: boolean - serviceName: - type: string - type: object - args: - items: - type: string - type: array - x-kubernetes-list-type: atomic - clusterChecksEnabled: - type: boolean - collectEvents: - type: boolean - command: - items: - type: string - type: array - x-kubernetes-list-type: atomic - confd: - properties: - configMapName: - type: string - items: - items: - properties: - key: - type: string - mode: - format: int32 - type: integer - path: - type: string - required: - - key - - path - type: object - type: array - x-kubernetes-list-map-keys: - - key - x-kubernetes-list-type: map - type: object - env: - items: - properties: - name: - type: string - value: - type: string - valueFrom: - properties: - configMapKeyRef: - properties: - key: - type: string - name: - type: string - optional: - type: boolean - required: - - key - type: object - fieldRef: - properties: - apiVersion: - type: string - fieldPath: - type: string - required: - - fieldPath - type: object - resourceFieldRef: - properties: - containerName: - type: string - divisor: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - resource: - type: string - required: - - resource - type: object - secretKeyRef: - properties: - key: - type: string - name: - type: string - optional: - type: boolean - required: - - key - type: object - type: object - required: - - name - type: object - type: array - x-kubernetes-list-map-keys: - - name - x-kubernetes-list-type: map - externalMetrics: - properties: - credentials: - properties: - apiKey: - type: string - apiKeyExistingSecret: - type: string - apiSecret: - properties: - keyName: - type: string - secretName: - type: string - required: - - secretName - type: object - appKey: - type: string - appKeyExistingSecret: - type: string - appSecret: - properties: - keyName: - type: string - secretName: - type: string - required: - - secretName - type: object - type: object - enabled: - type: boolean - endpoint: - type: string - port: - format: int32 - type: integer - useDatadogMetrics: - type: boolean - wpaController: - type: boolean - type: object - healthPort: - format: int32 - type: integer - logLevel: - type: string - resources: - properties: - limits: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - type: object - requests: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - type: object - type: object - securityContext: - properties: - fsGroup: - format: int64 - type: integer - fsGroupChangePolicy: - type: string - runAsGroup: - format: int64 - type: integer - runAsNonRoot: - type: boolean - runAsUser: - format: int64 - type: integer - seLinuxOptions: - properties: - level: - type: string - role: - type: string - type: - type: string - user: - type: string - type: object - seccompProfile: - properties: - localhostProfile: - type: string - type: - type: string - required: - - type - type: object - supplementalGroups: - items: - format: int64 - type: integer - type: array - sysctls: - items: - properties: - name: - type: string - value: - type: string - required: - - name - - value - type: object - type: array - windowsOptions: - properties: - gmsaCredentialSpec: - type: string - gmsaCredentialSpecName: - type: string - hostProcess: - type: boolean - runAsUserName: - type: string - type: object - type: object - volumeMounts: - items: - properties: - mountPath: - type: string - mountPropagation: - type: string - name: - type: string - readOnly: - type: boolean - subPath: - type: string - subPathExpr: - type: string - required: - - mountPath - - name - type: object - type: array - x-kubernetes-list-map-keys: - - name - - mountPath - x-kubernetes-list-type: map - volumes: - items: - properties: - awsElasticBlockStore: - properties: - fsType: - type: string - partition: - format: int32 - type: integer - readOnly: - type: boolean - volumeID: - type: string - required: - - volumeID - type: object - azureDisk: - properties: - cachingMode: - type: string - diskName: - type: string - diskURI: - type: string - fsType: - type: string - kind: - type: string - readOnly: - type: boolean - required: - - diskName - - diskURI - type: object - azureFile: - properties: - readOnly: - type: boolean - secretName: - type: string - shareName: - type: string - required: - - secretName - - shareName - type: object - cephfs: - properties: - monitors: - items: - type: string - type: array - path: - type: string - readOnly: - type: boolean - secretFile: - type: string - secretRef: - properties: - name: - type: string - type: object - user: - type: string - required: - - monitors - type: object - cinder: - properties: - fsType: - type: string - readOnly: - type: boolean - secretRef: - properties: - name: - type: string - type: object - volumeID: - type: string - required: - - volumeID - type: object - configMap: - properties: - defaultMode: - format: int32 - type: integer - items: - items: - properties: - key: - type: string - mode: - format: int32 - type: integer - path: - type: string - required: - - key - - path - type: object - type: array - name: - type: string - optional: - type: boolean - type: object - csi: - properties: - driver: - type: string - fsType: - type: string - nodePublishSecretRef: - properties: - name: - type: string - type: object - readOnly: - type: boolean - volumeAttributes: - additionalProperties: - type: string - type: object - required: - - driver - type: object - downwardAPI: - properties: - defaultMode: - format: int32 - type: integer - items: - items: - properties: - fieldRef: - properties: - apiVersion: - type: string - fieldPath: - type: string - required: - - fieldPath - type: object - mode: - format: int32 - type: integer - path: - type: string - resourceFieldRef: - properties: - containerName: - type: string - divisor: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - resource: - type: string - required: - - resource - type: object - required: - - path - type: object - type: array - type: object - emptyDir: - properties: - medium: - type: string - sizeLimit: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - type: object - ephemeral: - properties: - volumeClaimTemplate: - properties: - metadata: - type: object - spec: - properties: - accessModes: - items: - type: string - type: array - dataSource: - properties: - apiGroup: - type: string - kind: - type: string - name: - type: string - required: - - kind - - name - type: object - dataSourceRef: - properties: - apiGroup: - type: string - kind: - type: string - name: - type: string - required: - - kind - - name - type: object - resources: - properties: - limits: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - type: object - requests: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - type: object - type: object - selector: - properties: - matchExpressions: - items: - properties: - key: - type: string - operator: - type: string - values: - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - type: object - type: object - storageClassName: - type: string - volumeMode: - type: string - volumeName: - type: string - type: object - required: - - spec - type: object - type: object - fc: - properties: - fsType: - type: string - lun: - format: int32 - type: integer - readOnly: - type: boolean - targetWWNs: - items: - type: string - type: array - wwids: - items: - type: string - type: array - type: object - flexVolume: - properties: - driver: - type: string - fsType: - type: string - options: - additionalProperties: - type: string - type: object - readOnly: - type: boolean - secretRef: - properties: - name: - type: string - type: object - required: - - driver - type: object - flocker: - properties: - datasetName: - type: string - datasetUUID: - type: string - type: object - gcePersistentDisk: - properties: - fsType: - type: string - partition: - format: int32 - type: integer - pdName: - type: string - readOnly: - type: boolean - required: - - pdName - type: object - gitRepo: - properties: - directory: - type: string - repository: - type: string - revision: - type: string - required: - - repository - type: object - glusterfs: - properties: - endpoints: - type: string - path: - type: string - readOnly: - type: boolean - required: - - endpoints - - path - type: object - hostPath: - properties: - path: - type: string - type: - type: string - required: - - path - type: object - iscsi: - properties: - chapAuthDiscovery: - type: boolean - chapAuthSession: - type: boolean - fsType: - type: string - initiatorName: - type: string - iqn: - type: string - iscsiInterface: - type: string - lun: - format: int32 - type: integer - portals: - items: - type: string - type: array - readOnly: - type: boolean - secretRef: - properties: - name: - type: string - type: object - targetPortal: - type: string - required: - - iqn - - lun - - targetPortal - type: object - name: - type: string - nfs: - properties: - path: - type: string - readOnly: - type: boolean - server: - type: string - required: - - path - - server - type: object - persistentVolumeClaim: - properties: - claimName: - type: string - readOnly: - type: boolean - required: - - claimName - type: object - photonPersistentDisk: - properties: - fsType: - type: string - pdID: - type: string - required: - - pdID - type: object - portworxVolume: - properties: - fsType: - type: string - readOnly: - type: boolean - volumeID: - type: string - required: - - volumeID - type: object - projected: - properties: - defaultMode: - format: int32 - type: integer - sources: - items: - properties: - configMap: - properties: - items: - items: - properties: - key: - type: string - mode: - format: int32 - type: integer - path: - type: string - required: - - key - - path - type: object - type: array - name: - type: string - optional: - type: boolean - type: object - downwardAPI: - properties: - items: - items: - properties: - fieldRef: - properties: - apiVersion: - type: string - fieldPath: - type: string - required: - - fieldPath - type: object - mode: - format: int32 - type: integer - path: - type: string - resourceFieldRef: - properties: - containerName: - type: string - divisor: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - resource: - type: string - required: - - resource - type: object - required: - - path - type: object - type: array - type: object - secret: - properties: - items: - items: - properties: - key: - type: string - mode: - format: int32 - type: integer - path: - type: string - required: - - key - - path - type: object - type: array - name: - type: string - optional: - type: boolean - type: object - serviceAccountToken: - properties: - audience: - type: string - expirationSeconds: - format: int64 - type: integer - path: - type: string - required: - - path - type: object - type: object - type: array - type: object - quobyte: - properties: - group: - type: string - readOnly: - type: boolean - registry: - type: string - tenant: - type: string - user: - type: string - volume: - type: string - required: - - registry - - volume - type: object - rbd: - properties: - fsType: - type: string - image: - type: string - keyring: - type: string - monitors: - items: - type: string - type: array - pool: - type: string - readOnly: - type: boolean - secretRef: - properties: - name: - type: string - type: object - user: - type: string - required: - - image - - monitors - type: object - scaleIO: - properties: - fsType: - type: string - gateway: - type: string - protectionDomain: - type: string - readOnly: - type: boolean - secretRef: - properties: - name: - type: string - type: object - sslEnabled: - type: boolean - storageMode: - type: string - storagePool: - type: string - system: - type: string - volumeName: - type: string - required: - - gateway - - secretRef - - system - type: object - secret: - properties: - defaultMode: - format: int32 - type: integer - items: - items: - properties: - key: - type: string - mode: - format: int32 - type: integer - path: - type: string - required: - - key - - path - type: object - type: array - optional: - type: boolean - secretName: - type: string - type: object - storageos: - properties: - fsType: - type: string - readOnly: - type: boolean - secretRef: - properties: - name: - type: string - type: object - volumeName: - type: string - volumeNamespace: - type: string - type: object - vsphereVolume: - properties: - fsType: - type: string - storagePolicyID: - type: string - storagePolicyName: - type: string - volumePath: - type: string - required: - - volumePath - type: object - required: - - name - type: object - type: array - x-kubernetes-list-map-keys: - - name - x-kubernetes-list-type: map - type: object - customConfig: - properties: - configData: - type: string - configMap: - properties: - fileKey: - type: string - name: - type: string - type: object - type: object - deploymentName: - type: string - enabled: - type: boolean - image: - properties: - jmxEnabled: - type: boolean - name: - type: string - pullPolicy: - type: string - pullSecrets: - items: - properties: - name: - type: string - type: object - type: array - tag: - type: string - type: object - keepAnnotations: - type: string - keepLabels: - type: string - networkPolicy: - properties: - create: - type: boolean - dnsSelectorEndpoints: - items: - properties: - matchExpressions: - items: - properties: - key: - type: string - operator: - type: string - values: - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - type: object - type: object - type: array - x-kubernetes-list-type: atomic - flavor: - type: string - type: object - nodeSelector: - additionalProperties: - type: string - type: object - priorityClassName: - type: string - rbac: - properties: - create: - type: boolean - serviceAccountName: - type: string - type: object - replicas: - format: int32 - type: integer - tolerations: - items: - properties: - effect: - type: string - key: - type: string - operator: - type: string - tolerationSeconds: - format: int64 - type: integer - value: - type: string - type: object - type: array - x-kubernetes-list-type: atomic - type: object - clusterChecksRunner: - properties: - additionalAnnotations: - additionalProperties: - type: string - type: object - additionalLabels: - additionalProperties: - type: string - type: object - affinity: - properties: - nodeAffinity: - properties: - preferredDuringSchedulingIgnoredDuringExecution: - items: - properties: - preference: - properties: - matchExpressions: - items: - properties: - key: - type: string - operator: - type: string - values: - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchFields: - items: - properties: - key: - type: string - operator: - type: string - values: - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - type: object - weight: - format: int32 - type: integer - required: - - preference - - weight - type: object - type: array - requiredDuringSchedulingIgnoredDuringExecution: - properties: - nodeSelectorTerms: - items: - properties: - matchExpressions: - items: - properties: - key: - type: string - operator: - type: string - values: - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchFields: - items: - properties: - key: - type: string - operator: - type: string - values: - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - type: object - type: array - required: - - nodeSelectorTerms - type: object - type: object - podAffinity: - properties: - preferredDuringSchedulingIgnoredDuringExecution: - items: - properties: - podAffinityTerm: - properties: - labelSelector: - properties: - matchExpressions: - items: - properties: - key: - type: string - operator: - type: string - values: - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - type: object - type: object - namespaceSelector: - properties: - matchExpressions: - items: - properties: - key: - type: string - operator: - type: string - values: - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - type: object - type: object - namespaces: - items: - type: string - type: array - topologyKey: - type: string - required: - - topologyKey - type: object - weight: - format: int32 - type: integer - required: - - podAffinityTerm - - weight - type: object - type: array - requiredDuringSchedulingIgnoredDuringExecution: - items: - properties: - labelSelector: - properties: - matchExpressions: - items: - properties: - key: - type: string - operator: - type: string - values: - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - type: object - type: object - namespaceSelector: - properties: - matchExpressions: - items: - properties: - key: - type: string - operator: - type: string - values: - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - type: object - type: object - namespaces: - items: - type: string - type: array - topologyKey: - type: string - required: - - topologyKey - type: object - type: array - type: object - podAntiAffinity: - properties: - preferredDuringSchedulingIgnoredDuringExecution: - items: - properties: - podAffinityTerm: - properties: - labelSelector: - properties: - matchExpressions: - items: - properties: - key: - type: string - operator: - type: string - values: - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - type: object - type: object - namespaceSelector: - properties: - matchExpressions: - items: - properties: - key: - type: string - operator: - type: string - values: - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - type: object - type: object - namespaces: - items: - type: string - type: array - topologyKey: - type: string - required: - - topologyKey - type: object - weight: - format: int32 - type: integer - required: - - podAffinityTerm - - weight - type: object - type: array - requiredDuringSchedulingIgnoredDuringExecution: - items: - properties: - labelSelector: - properties: - matchExpressions: - items: - properties: - key: - type: string - operator: - type: string - values: - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - type: object - type: object - namespaceSelector: - properties: - matchExpressions: - items: - properties: - key: - type: string - operator: - type: string - values: - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - type: object - type: object - namespaces: - items: - type: string - type: array - topologyKey: - type: string - required: - - topologyKey - type: object - type: array - type: object - type: object - config: - properties: - args: - items: - type: string - type: array - x-kubernetes-list-type: atomic - command: - items: - type: string - type: array - x-kubernetes-list-type: atomic - env: - items: - properties: - name: - type: string - value: - type: string - valueFrom: - properties: - configMapKeyRef: - properties: - key: - type: string - name: - type: string - optional: - type: boolean - required: - - key - type: object - fieldRef: - properties: - apiVersion: - type: string - fieldPath: - type: string - required: - - fieldPath - type: object - resourceFieldRef: - properties: - containerName: - type: string - divisor: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - resource: - type: string - required: - - resource - type: object - secretKeyRef: - properties: - key: - type: string - name: - type: string - optional: - type: boolean - required: - - key - type: object - type: object - required: - - name - type: object - type: array - x-kubernetes-list-map-keys: - - name - x-kubernetes-list-type: map - healthPort: - format: int32 - type: integer - livenessProbe: - properties: - exec: - properties: - command: - items: - type: string - type: array - type: object - failureThreshold: - format: int32 - type: integer - grpc: - properties: - port: - format: int32 - type: integer - service: - type: string - required: - - port - type: object - httpGet: - properties: - host: - type: string - httpHeaders: - items: - properties: - name: - type: string - value: - type: string - required: - - name - - value - type: object - type: array - path: - type: string - port: - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - scheme: - type: string - required: - - port - type: object - initialDelaySeconds: - format: int32 - type: integer - periodSeconds: - format: int32 - type: integer - successThreshold: - format: int32 - type: integer - tcpSocket: - properties: - host: - type: string - port: - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - required: - - port - type: object - terminationGracePeriodSeconds: - format: int64 - type: integer - timeoutSeconds: - format: int32 - type: integer - type: object - logLevel: - type: string - readinessProbe: - properties: - exec: - properties: - command: - items: - type: string - type: array - type: object - failureThreshold: - format: int32 - type: integer - grpc: - properties: - port: - format: int32 - type: integer - service: - type: string - required: - - port - type: object - httpGet: - properties: - host: - type: string - httpHeaders: - items: - properties: - name: - type: string - value: - type: string - required: - - name - - value - type: object - type: array - path: - type: string - port: - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - scheme: - type: string - required: - - port - type: object - initialDelaySeconds: - format: int32 - type: integer - periodSeconds: - format: int32 - type: integer - successThreshold: - format: int32 - type: integer - tcpSocket: - properties: - host: - type: string - port: - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - required: - - port - type: object - terminationGracePeriodSeconds: - format: int64 - type: integer - timeoutSeconds: - format: int32 - type: integer - type: object - resources: - properties: - limits: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - type: object - requests: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - type: object - type: object - securityContext: - properties: - fsGroup: - format: int64 - type: integer - fsGroupChangePolicy: - type: string - runAsGroup: - format: int64 - type: integer - runAsNonRoot: - type: boolean - runAsUser: - format: int64 - type: integer - seLinuxOptions: - properties: - level: - type: string - role: - type: string - type: - type: string - user: - type: string - type: object - seccompProfile: - properties: - localhostProfile: - type: string - type: - type: string - required: - - type - type: object - supplementalGroups: - items: - format: int64 - type: integer - type: array - sysctls: - items: - properties: - name: - type: string - value: - type: string - required: - - name - - value - type: object - type: array - windowsOptions: - properties: - gmsaCredentialSpec: - type: string - gmsaCredentialSpecName: - type: string - hostProcess: - type: boolean - runAsUserName: - type: string - type: object - type: object - volumeMounts: - items: - properties: - mountPath: - type: string - mountPropagation: - type: string - name: - type: string - readOnly: - type: boolean - subPath: - type: string - subPathExpr: - type: string - required: - - mountPath - - name - type: object - type: array - x-kubernetes-list-map-keys: - - name - - mountPath - x-kubernetes-list-type: map - volumes: - items: - properties: - awsElasticBlockStore: - properties: - fsType: - type: string - partition: - format: int32 - type: integer - readOnly: - type: boolean - volumeID: - type: string - required: - - volumeID - type: object - azureDisk: - properties: - cachingMode: - type: string - diskName: - type: string - diskURI: - type: string - fsType: - type: string - kind: - type: string - readOnly: - type: boolean - required: - - diskName - - diskURI - type: object - azureFile: - properties: - readOnly: - type: boolean - secretName: - type: string - shareName: - type: string - required: - - secretName - - shareName - type: object - cephfs: - properties: - monitors: - items: - type: string - type: array - path: - type: string - readOnly: - type: boolean - secretFile: - type: string - secretRef: - properties: - name: - type: string - type: object - user: - type: string - required: - - monitors - type: object - cinder: - properties: - fsType: - type: string - readOnly: - type: boolean - secretRef: - properties: - name: - type: string - type: object - volumeID: - type: string - required: - - volumeID - type: object - configMap: - properties: - defaultMode: - format: int32 - type: integer - items: - items: - properties: - key: - type: string - mode: - format: int32 - type: integer - path: - type: string - required: - - key - - path - type: object - type: array - name: - type: string - optional: - type: boolean - type: object - csi: - properties: - driver: - type: string - fsType: - type: string - nodePublishSecretRef: - properties: - name: - type: string - type: object - readOnly: - type: boolean - volumeAttributes: - additionalProperties: - type: string - type: object - required: - - driver - type: object - downwardAPI: - properties: - defaultMode: - format: int32 - type: integer - items: - items: - properties: - fieldRef: - properties: - apiVersion: - type: string - fieldPath: - type: string - required: - - fieldPath - type: object - mode: - format: int32 - type: integer - path: - type: string - resourceFieldRef: - properties: - containerName: - type: string - divisor: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - resource: - type: string - required: - - resource - type: object - required: - - path - type: object - type: array - type: object - emptyDir: - properties: - medium: - type: string - sizeLimit: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - type: object - ephemeral: - properties: - volumeClaimTemplate: - properties: - metadata: - type: object - spec: - properties: - accessModes: - items: - type: string - type: array - dataSource: - properties: - apiGroup: - type: string - kind: - type: string - name: - type: string - required: - - kind - - name - type: object - dataSourceRef: - properties: - apiGroup: - type: string - kind: - type: string - name: - type: string - required: - - kind - - name - type: object - resources: - properties: - limits: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - type: object - requests: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - type: object - type: object - selector: - properties: - matchExpressions: - items: - properties: - key: - type: string - operator: - type: string - values: - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - type: object - type: object - storageClassName: - type: string - volumeMode: - type: string - volumeName: - type: string - type: object - required: - - spec - type: object - type: object - fc: - properties: - fsType: - type: string - lun: - format: int32 - type: integer - readOnly: - type: boolean - targetWWNs: - items: - type: string - type: array - wwids: - items: - type: string - type: array - type: object - flexVolume: - properties: - driver: - type: string - fsType: - type: string - options: - additionalProperties: - type: string - type: object - readOnly: - type: boolean - secretRef: - properties: - name: - type: string - type: object - required: - - driver - type: object - flocker: - properties: - datasetName: - type: string - datasetUUID: - type: string - type: object - gcePersistentDisk: - properties: - fsType: - type: string - partition: - format: int32 - type: integer - pdName: - type: string - readOnly: - type: boolean - required: - - pdName - type: object - gitRepo: - properties: - directory: - type: string - repository: - type: string - revision: - type: string - required: - - repository - type: object - glusterfs: - properties: - endpoints: - type: string - path: - type: string - readOnly: - type: boolean - required: - - endpoints - - path - type: object - hostPath: - properties: - path: - type: string - type: - type: string - required: - - path - type: object - iscsi: - properties: - chapAuthDiscovery: - type: boolean - chapAuthSession: - type: boolean - fsType: - type: string - initiatorName: - type: string - iqn: - type: string - iscsiInterface: - type: string - lun: - format: int32 - type: integer - portals: - items: - type: string - type: array - readOnly: - type: boolean - secretRef: - properties: - name: - type: string - type: object - targetPortal: - type: string - required: - - iqn - - lun - - targetPortal - type: object - name: - type: string - nfs: - properties: - path: - type: string - readOnly: - type: boolean - server: - type: string - required: - - path - - server - type: object - persistentVolumeClaim: - properties: - claimName: - type: string - readOnly: - type: boolean - required: - - claimName - type: object - photonPersistentDisk: - properties: - fsType: - type: string - pdID: - type: string - required: - - pdID - type: object - portworxVolume: - properties: - fsType: - type: string - readOnly: - type: boolean - volumeID: - type: string - required: - - volumeID - type: object - projected: - properties: - defaultMode: - format: int32 - type: integer - sources: - items: - properties: - configMap: - properties: - items: - items: - properties: - key: - type: string - mode: - format: int32 - type: integer - path: - type: string - required: - - key - - path - type: object - type: array - name: - type: string - optional: - type: boolean - type: object - downwardAPI: - properties: - items: - items: - properties: - fieldRef: - properties: - apiVersion: - type: string - fieldPath: - type: string - required: - - fieldPath - type: object - mode: - format: int32 - type: integer - path: - type: string - resourceFieldRef: - properties: - containerName: - type: string - divisor: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - resource: - type: string - required: - - resource - type: object - required: - - path - type: object - type: array - type: object - secret: - properties: - items: - items: - properties: - key: - type: string - mode: - format: int32 - type: integer - path: - type: string - required: - - key - - path - type: object - type: array - name: - type: string - optional: - type: boolean - type: object - serviceAccountToken: - properties: - audience: - type: string - expirationSeconds: - format: int64 - type: integer - path: - type: string - required: - - path - type: object - type: object - type: array - type: object - quobyte: - properties: - group: - type: string - readOnly: - type: boolean - registry: - type: string - tenant: - type: string - user: - type: string - volume: - type: string - required: - - registry - - volume - type: object - rbd: - properties: - fsType: - type: string - image: - type: string - keyring: - type: string - monitors: - items: - type: string - type: array - pool: - type: string - readOnly: - type: boolean - secretRef: - properties: - name: - type: string - type: object - user: - type: string - required: - - image - - monitors - type: object - scaleIO: - properties: - fsType: - type: string - gateway: - type: string - protectionDomain: - type: string - readOnly: - type: boolean - secretRef: - properties: - name: - type: string - type: object - sslEnabled: - type: boolean - storageMode: - type: string - storagePool: - type: string - system: - type: string - volumeName: - type: string - required: - - gateway - - secretRef - - system - type: object - secret: - properties: - defaultMode: - format: int32 - type: integer - items: - items: - properties: - key: - type: string - mode: - format: int32 - type: integer - path: - type: string - required: - - key - - path - type: object - type: array - optional: - type: boolean - secretName: - type: string - type: object - storageos: - properties: - fsType: - type: string - readOnly: - type: boolean - secretRef: - properties: - name: - type: string - type: object - volumeName: - type: string - volumeNamespace: - type: string - type: object - vsphereVolume: - properties: - fsType: - type: string - storagePolicyID: - type: string - storagePolicyName: - type: string - volumePath: - type: string - required: - - volumePath - type: object - required: - - name - type: object - type: array - x-kubernetes-list-map-keys: - - name - x-kubernetes-list-type: map - type: object - customConfig: - properties: - configData: - type: string - configMap: - properties: - fileKey: - type: string - name: - type: string - type: object - type: object - deploymentName: - type: string - enabled: - type: boolean - image: - properties: - jmxEnabled: - type: boolean - name: - type: string - pullPolicy: - type: string - pullSecrets: - items: - properties: - name: - type: string - type: object - type: array - tag: - type: string - type: object - networkPolicy: - properties: - create: - type: boolean - dnsSelectorEndpoints: - items: - properties: - matchExpressions: - items: - properties: - key: - type: string - operator: - type: string - values: - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - type: object - type: object - type: array - x-kubernetes-list-type: atomic - flavor: - type: string - type: object - nodeSelector: - additionalProperties: - type: string - type: object - priorityClassName: - type: string - rbac: - properties: - create: - type: boolean - serviceAccountName: - type: string - type: object - replicas: - format: int32 - type: integer - tolerations: - items: - properties: - effect: - type: string - key: - type: string - operator: - type: string - tolerationSeconds: - format: int64 - type: integer - value: - type: string - type: object - type: array - x-kubernetes-list-type: atomic - type: object - clusterName: - type: string - credentials: - properties: - apiKey: - type: string - apiKeyExistingSecret: - type: string - apiSecret: - properties: - keyName: - type: string - secretName: - type: string - required: - - secretName - type: object - appKey: - type: string - appKeyExistingSecret: - type: string - appSecret: - properties: - keyName: - type: string - secretName: - type: string - required: - - secretName - type: object - token: - type: string - useSecretBackend: - type: boolean - type: object - features: - properties: - kubeStateMetricsCore: - properties: - clusterCheck: - type: boolean - conf: - properties: - configData: - type: string - configMap: - properties: - fileKey: - type: string - name: - type: string - type: object - type: object - enabled: - type: boolean - type: object - logCollection: - properties: - containerCollectUsingFiles: - type: boolean - containerLogsPath: - type: string - containerSymlinksPath: - type: string - enabled: - type: boolean - logsConfigContainerCollectAll: - type: boolean - openFilesLimit: - format: int32 - type: integer - podLogsPath: - type: string - tempStoragePath: - type: string - type: object - networkMonitoring: - properties: - enabled: - type: boolean - type: object - orchestratorExplorer: - properties: - additionalEndpoints: - type: string - clusterCheck: - type: boolean - conf: - properties: - configData: - type: string - configMap: - properties: - fileKey: - type: string - name: - type: string - type: object - type: object - ddUrl: - type: string - enabled: - type: boolean - extraTags: - items: - type: string - type: array - x-kubernetes-list-type: set - scrubbing: - properties: - containers: - type: boolean - type: object - type: object - prometheusScrape: - properties: - additionalConfigs: - type: string - enabled: - type: boolean - serviceEndpoints: - type: boolean - type: object - type: object - registry: - type: string - site: - type: string - type: object - status: - properties: - agent: - properties: - available: - format: int32 - type: integer - current: - format: int32 - type: integer - currentHash: - type: string - daemonsetName: - type: string - desired: - format: int32 - type: integer - lastUpdate: - format: date-time - type: string - ready: - format: int32 - type: integer - state: - type: string - status: - type: string - upToDate: - format: int32 - type: integer - required: - - available - - current - - desired - - ready - - upToDate - type: object - clusterAgent: - properties: - availableReplicas: - format: int32 - type: integer - currentHash: - type: string - deploymentName: - type: string - generatedToken: - type: string - lastUpdate: - format: date-time - type: string - readyReplicas: - format: int32 - type: integer - replicas: - format: int32 - type: integer - state: - type: string - status: - type: string - unavailableReplicas: - format: int32 - type: integer - updatedReplicas: - format: int32 - type: integer - type: object - clusterChecksRunner: - properties: - availableReplicas: - format: int32 - type: integer - currentHash: - type: string - deploymentName: - type: string - generatedToken: - type: string - lastUpdate: - format: date-time - type: string - readyReplicas: - format: int32 - type: integer - replicas: - format: int32 - type: integer - state: - type: string - status: - type: string - unavailableReplicas: - format: int32 - type: integer - updatedReplicas: - format: int32 - type: integer - type: object - conditions: - items: - properties: - lastTransitionTime: - format: date-time - type: string - lastUpdateTime: - format: date-time - type: string - message: - type: string - reason: - type: string - status: - type: string - type: - type: string - required: - - status - - type - type: object - type: array - x-kubernetes-list-map-keys: - - type - x-kubernetes-list-type: map - type: object - type: object - served: true - storage: false - subresources: - status: {} - additionalPrinterColumns: - jsonPath: .status.agent.status name: agent @@ -5895,6 +73,7 @@ spec: name: type: string type: object + x-kubernetes-map-type: atomic type: array tag: type: string @@ -5922,6 +101,7 @@ spec: required: - key type: object + x-kubernetes-map-type: atomic fieldRef: properties: apiVersion: @@ -5931,6 +111,7 @@ spec: required: - fieldPath type: object + x-kubernetes-map-type: atomic resourceFieldRef: properties: containerName: @@ -5946,6 +127,7 @@ spec: required: - resource type: object + x-kubernetes-map-type: atomic secretKeyRef: properties: key: @@ -5957,6 +139,7 @@ spec: required: - key type: object + x-kubernetes-map-type: atomic type: object required: - name @@ -5967,6 +150,18 @@ spec: x-kubernetes-list-type: map resources: properties: + claims: + items: + properties: + name: + type: string + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map limits: additionalProperties: anyOf: @@ -6017,6 +212,7 @@ spec: type: string type: object type: object + x-kubernetes-map-type: atomic objectSelector: properties: matchExpressions: @@ -6040,6 +236,7 @@ spec: type: string type: object type: object + x-kubernetes-map-type: atomic type: object type: array x-kubernetes-list-type: atomic @@ -6090,6 +287,11 @@ spec: type: string type: array x-kubernetes-list-type: set + languageDetection: + properties: + enabled: + type: boolean + type: object libVersions: additionalProperties: type: string @@ -6121,6 +323,14 @@ spec: type: boolean type: object type: object + autoscaling: + properties: + workload: + properties: + enabled: + type: boolean + type: object + type: object clusterChecks: properties: enabled: @@ -6277,6 +487,24 @@ spec: properties: collectKubernetesEvents: type: boolean + collectedEventTypes: + items: + properties: + kind: + type: string + reasons: + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - kind + - reasons + type: object + type: array + x-kubernetes-list-type: atomic + unbundleEvents: + type: boolean type: object externalMetricsServer: properties: @@ -6516,6 +744,10 @@ spec: x-kubernetes-list-type: set enabled: type: boolean + overlayFSDirectScan: + type: boolean + uncompressedLayersSupport: + type: boolean type: object enabled: type: boolean @@ -6665,6 +897,7 @@ spec: name: type: string type: object + x-kubernetes-map-type: atomic type: array tag: type: string @@ -6679,6 +912,18 @@ spec: type: integer resources: properties: + claims: + items: + properties: + name: + type: string + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map limits: additionalProperties: anyOf: @@ -6716,6 +961,7 @@ spec: required: - key type: object + x-kubernetes-map-type: atomic fieldRef: properties: apiVersion: @@ -6725,6 +971,7 @@ spec: required: - fieldPath type: object + x-kubernetes-map-type: atomic resourceFieldRef: properties: containerName: @@ -6740,6 +987,7 @@ spec: required: - resource type: object + x-kubernetes-map-type: atomic secretKeyRef: properties: key: @@ -6751,6 +999,7 @@ spec: required: - key type: object + x-kubernetes-map-type: atomic type: object hostCAPath: type: string @@ -6766,6 +1015,10 @@ spec: type: object logLevel: type: string + namespaceAnnotationsAsTags: + additionalProperties: + type: string + type: object namespaceLabelsAsTags: additionalProperties: type: string @@ -6798,6 +1051,7 @@ spec: type: string type: object type: object + x-kubernetes-map-type: atomic type: array x-kubernetes-list-type: atomic flavor: @@ -6875,6 +1129,7 @@ spec: type: object type: array type: object + x-kubernetes-map-type: atomic weight: format: int32 type: integer @@ -6921,10 +1176,12 @@ spec: type: object type: array type: object + x-kubernetes-map-type: atomic type: array required: - nodeSelectorTerms type: object + x-kubernetes-map-type: atomic type: object podAffinity: properties: @@ -6956,6 +1213,7 @@ spec: type: string type: object type: object + x-kubernetes-map-type: atomic namespaceSelector: properties: matchExpressions: @@ -6979,6 +1237,7 @@ spec: type: string type: object type: object + x-kubernetes-map-type: atomic namespaces: items: type: string @@ -7022,6 +1281,7 @@ spec: type: string type: object type: object + x-kubernetes-map-type: atomic namespaceSelector: properties: matchExpressions: @@ -7045,6 +1305,7 @@ spec: type: string type: object type: object + x-kubernetes-map-type: atomic namespaces: items: type: string @@ -7086,6 +1347,7 @@ spec: type: string type: object type: object + x-kubernetes-map-type: atomic namespaceSelector: properties: matchExpressions: @@ -7109,6 +1371,7 @@ spec: type: string type: object type: object + x-kubernetes-map-type: atomic namespaces: items: type: string @@ -7152,6 +1415,7 @@ spec: type: string type: object type: object + x-kubernetes-map-type: atomic namespaceSelector: properties: matchExpressions: @@ -7175,6 +1439,7 @@ spec: type: string type: object type: object + x-kubernetes-map-type: atomic namespaces: items: type: string @@ -7226,6 +1491,7 @@ spec: required: - key type: object + x-kubernetes-map-type: atomic fieldRef: properties: apiVersion: @@ -7235,6 +1501,7 @@ spec: required: - fieldPath type: object + x-kubernetes-map-type: atomic resourceFieldRef: properties: containerName: @@ -7250,6 +1517,7 @@ spec: required: - resource type: object + x-kubernetes-map-type: atomic secretKeyRef: properties: key: @@ -7261,6 +1529,7 @@ spec: required: - key type: object + x-kubernetes-map-type: atomic type: object required: - name @@ -7434,6 +1703,18 @@ spec: type: object resources: properties: + claims: + items: + properties: + name: + type: string + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map limits: additionalProperties: anyOf: @@ -7605,6 +1886,28 @@ spec: type: object disabled: type: boolean + dnsConfig: + properties: + nameservers: + items: + type: string + type: array + options: + items: + properties: + name: + type: string + value: + type: string + type: object + type: array + searches: + items: + type: string + type: array + type: object + dnsPolicy: + type: string env: items: properties: @@ -7625,6 +1928,7 @@ spec: required: - key type: object + x-kubernetes-map-type: atomic fieldRef: properties: apiVersion: @@ -7634,6 +1938,7 @@ spec: required: - fieldPath type: object + x-kubernetes-map-type: atomic resourceFieldRef: properties: containerName: @@ -7649,6 +1954,7 @@ spec: required: - resource type: object + x-kubernetes-map-type: atomic secretKeyRef: properties: key: @@ -7660,6 +1966,7 @@ spec: required: - key type: object + x-kubernetes-map-type: atomic type: object required: - name @@ -7746,6 +2053,7 @@ spec: name: type: string type: object + x-kubernetes-map-type: atomic type: array tag: type: string @@ -7848,6 +2156,24 @@ spec: type: object type: array x-kubernetes-list-type: atomic + updateStrategy: + properties: + rollingUpdate: + properties: + maxSurge: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + maxUnavailable: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + type: object + type: + type: string + type: object volumes: items: properties: @@ -7912,6 +2238,7 @@ spec: name: type: string type: object + x-kubernetes-map-type: atomic user: type: string required: @@ -7928,6 +2255,7 @@ spec: name: type: string type: object + x-kubernetes-map-type: atomic volumeID: type: string required: @@ -7958,6 +2286,7 @@ spec: optional: type: boolean type: object + x-kubernetes-map-type: atomic csi: properties: driver: @@ -7969,6 +2298,7 @@ spec: name: type: string type: object + x-kubernetes-map-type: atomic readOnly: type: boolean volumeAttributes: @@ -7995,6 +2325,7 @@ spec: required: - fieldPath type: object + x-kubernetes-map-type: atomic mode: format: int32 type: integer @@ -8015,6 +2346,7 @@ spec: required: - resource type: object + x-kubernetes-map-type: atomic required: - path type: object @@ -8055,6 +2387,7 @@ spec: - kind - name type: object + x-kubernetes-map-type: atomic dataSourceRef: properties: apiGroup: @@ -8063,12 +2396,26 @@ spec: type: string name: type: string + namespace: + type: string required: - kind - name type: object resources: properties: + claims: + items: + properties: + name: + type: string + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map limits: additionalProperties: anyOf: @@ -8109,6 +2456,7 @@ spec: type: string type: object type: object + x-kubernetes-map-type: atomic storageClassName: type: string volumeMode: @@ -8155,6 +2503,7 @@ spec: name: type: string type: object + x-kubernetes-map-type: atomic required: - driver type: object @@ -8239,6 +2588,7 @@ spec: name: type: string type: object + x-kubernetes-map-type: atomic targetPortal: type: string required: @@ -8319,6 +2669,7 @@ spec: optional: type: boolean type: object + x-kubernetes-map-type: atomic downwardAPI: properties: items: @@ -8333,6 +2684,7 @@ spec: required: - fieldPath type: object + x-kubernetes-map-type: atomic mode: format: int32 type: integer @@ -8353,6 +2705,7 @@ spec: required: - resource type: object + x-kubernetes-map-type: atomic required: - path type: object @@ -8380,6 +2733,7 @@ spec: optional: type: boolean type: object + x-kubernetes-map-type: atomic serviceAccountToken: properties: audience: @@ -8434,6 +2788,7 @@ spec: name: type: string type: object + x-kubernetes-map-type: atomic user: type: string required: @@ -8455,6 +2810,7 @@ spec: name: type: string type: object + x-kubernetes-map-type: atomic sslEnabled: type: boolean storageMode: @@ -8506,6 +2862,7 @@ spec: name: type: string type: object + x-kubernetes-map-type: atomic volumeName: type: string volumeNamespace: @@ -8738,6 +3095,7 @@ spec: name: type: string type: object + x-kubernetes-map-type: atomic type: array tag: type: string @@ -8765,6 +3123,7 @@ spec: required: - key type: object + x-kubernetes-map-type: atomic fieldRef: properties: apiVersion: @@ -8774,6 +3133,7 @@ spec: required: - fieldPath type: object + x-kubernetes-map-type: atomic resourceFieldRef: properties: containerName: @@ -8789,6 +3149,7 @@ spec: required: - resource type: object + x-kubernetes-map-type: atomic secretKeyRef: properties: key: @@ -8800,6 +3161,7 @@ spec: required: - key type: object + x-kubernetes-map-type: atomic type: object required: - name @@ -8810,6 +3172,18 @@ spec: x-kubernetes-list-type: map resources: properties: + claims: + items: + properties: + name: + type: string + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map limits: additionalProperties: anyOf: @@ -8860,6 +3234,7 @@ spec: type: string type: object type: object + x-kubernetes-map-type: atomic objectSelector: properties: matchExpressions: @@ -8883,6 +3258,7 @@ spec: type: string type: object type: object + x-kubernetes-map-type: atomic type: object type: array x-kubernetes-list-type: atomic @@ -8933,6 +3309,11 @@ spec: type: string type: array x-kubernetes-list-type: set + languageDetection: + properties: + enabled: + type: boolean + type: object libVersions: additionalProperties: type: string @@ -8964,6 +3345,14 @@ spec: type: boolean type: object type: object + autoscaling: + properties: + workload: + properties: + enabled: + type: boolean + type: object + type: object clusterChecks: properties: enabled: @@ -9120,6 +3509,24 @@ spec: properties: collectKubernetesEvents: type: boolean + collectedEventTypes: + items: + properties: + kind: + type: string + reasons: + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - kind + - reasons + type: object + type: array + x-kubernetes-list-type: atomic + unbundleEvents: + type: boolean type: object externalMetricsServer: properties: @@ -9359,6 +3766,10 @@ spec: x-kubernetes-list-type: set enabled: type: boolean + overlayFSDirectScan: + type: boolean + uncompressedLayersSupport: + type: boolean type: object enabled: type: boolean @@ -9390,10 +3801,4 @@ spec: served: true storage: true subresources: - status: {} -status: - acceptedNames: - kind: "" - plural: "" - conditions: [] - storedVersions: [] \ No newline at end of file + status: {} \ No newline at end of file diff --git a/test/datadog-operator/baseline/DatadogAgent_CRD_with_certManager.yaml b/test/datadog-operator/baseline/DatadogAgent_CRD_with_certManager.yaml deleted file mode 100644 index ac7e5a511..000000000 --- a/test/datadog-operator/baseline/DatadogAgent_CRD_with_certManager.yaml +++ /dev/null @@ -1,9410 +0,0 @@ ---- -# Source: datadog-operator/charts/datadogCRDs/templates/datadoghq.com_datadogagents_v1.yaml -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - annotations: - controller-gen.kubebuilder.io/version: v0.6.1 - cert-manager.io/inject-ca-from: datadog-agent/datadog-operator-serving-cert - creationTimestamp: null - name: datadogagents.datadoghq.com - labels: - helm.sh/chart: 'datadogCRDs-1.7.0' - app.kubernetes.io/managed-by: 'Helm' - app.kubernetes.io/name: 'datadogCRDs' - app.kubernetes.io/instance: 'datadog-operator' -spec: - conversion: - strategy: Webhook - webhook: - clientConfig: - service: - namespace: default - name: datadog-operator-webhook-service - path: /convert - conversionReviewVersions: - - v1 - group: datadoghq.com - names: - kind: DatadogAgent - listKind: DatadogAgentList - plural: datadogagents - shortNames: - - dd - singular: datadogagent - scope: Namespaced - versions: - - additionalPrinterColumns: - - jsonPath: .status.conditions[?(@.type=='Active')].status - name: active - type: string - - jsonPath: .status.agent.status - name: agent - type: string - - jsonPath: .status.clusterAgent.status - name: cluster-agent - type: string - - jsonPath: .status.clusterChecksRunner.status - name: cluster-checks-runner - type: string - - jsonPath: .metadata.creationTimestamp - name: age - type: date - name: v1alpha1 - schema: - openAPIV3Schema: - properties: - apiVersion: - type: string - kind: - type: string - metadata: - type: object - spec: - properties: - agent: - properties: - additionalAnnotations: - additionalProperties: - type: string - type: object - additionalLabels: - additionalProperties: - type: string - type: object - affinity: - properties: - nodeAffinity: - properties: - preferredDuringSchedulingIgnoredDuringExecution: - items: - properties: - preference: - properties: - matchExpressions: - items: - properties: - key: - type: string - operator: - type: string - values: - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchFields: - items: - properties: - key: - type: string - operator: - type: string - values: - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - type: object - weight: - format: int32 - type: integer - required: - - preference - - weight - type: object - type: array - requiredDuringSchedulingIgnoredDuringExecution: - properties: - nodeSelectorTerms: - items: - properties: - matchExpressions: - items: - properties: - key: - type: string - operator: - type: string - values: - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchFields: - items: - properties: - key: - type: string - operator: - type: string - values: - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - type: object - type: array - required: - - nodeSelectorTerms - type: object - type: object - podAffinity: - properties: - preferredDuringSchedulingIgnoredDuringExecution: - items: - properties: - podAffinityTerm: - properties: - labelSelector: - properties: - matchExpressions: - items: - properties: - key: - type: string - operator: - type: string - values: - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - type: object - type: object - namespaceSelector: - properties: - matchExpressions: - items: - properties: - key: - type: string - operator: - type: string - values: - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - type: object - type: object - namespaces: - items: - type: string - type: array - topologyKey: - type: string - required: - - topologyKey - type: object - weight: - format: int32 - type: integer - required: - - podAffinityTerm - - weight - type: object - type: array - requiredDuringSchedulingIgnoredDuringExecution: - items: - properties: - labelSelector: - properties: - matchExpressions: - items: - properties: - key: - type: string - operator: - type: string - values: - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - type: object - type: object - namespaceSelector: - properties: - matchExpressions: - items: - properties: - key: - type: string - operator: - type: string - values: - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - type: object - type: object - namespaces: - items: - type: string - type: array - topologyKey: - type: string - required: - - topologyKey - type: object - type: array - type: object - podAntiAffinity: - properties: - preferredDuringSchedulingIgnoredDuringExecution: - items: - properties: - podAffinityTerm: - properties: - labelSelector: - properties: - matchExpressions: - items: - properties: - key: - type: string - operator: - type: string - values: - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - type: object - type: object - namespaceSelector: - properties: - matchExpressions: - items: - properties: - key: - type: string - operator: - type: string - values: - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - type: object - type: object - namespaces: - items: - type: string - type: array - topologyKey: - type: string - required: - - topologyKey - type: object - weight: - format: int32 - type: integer - required: - - podAffinityTerm - - weight - type: object - type: array - requiredDuringSchedulingIgnoredDuringExecution: - items: - properties: - labelSelector: - properties: - matchExpressions: - items: - properties: - key: - type: string - operator: - type: string - values: - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - type: object - type: object - namespaceSelector: - properties: - matchExpressions: - items: - properties: - key: - type: string - operator: - type: string - values: - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - type: object - type: object - namespaces: - items: - type: string - type: array - topologyKey: - type: string - required: - - topologyKey - type: object - type: array - type: object - type: object - apm: - properties: - args: - items: - type: string - type: array - x-kubernetes-list-type: atomic - command: - items: - type: string - type: array - x-kubernetes-list-type: atomic - enabled: - type: boolean - env: - items: - properties: - name: - type: string - value: - type: string - valueFrom: - properties: - configMapKeyRef: - properties: - key: - type: string - name: - type: string - optional: - type: boolean - required: - - key - type: object - fieldRef: - properties: - apiVersion: - type: string - fieldPath: - type: string - required: - - fieldPath - type: object - resourceFieldRef: - properties: - containerName: - type: string - divisor: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - resource: - type: string - required: - - resource - type: object - secretKeyRef: - properties: - key: - type: string - name: - type: string - optional: - type: boolean - required: - - key - type: object - type: object - required: - - name - type: object - type: array - x-kubernetes-list-map-keys: - - name - x-kubernetes-list-type: map - hostPort: - format: int32 - type: integer - livenessProbe: - properties: - exec: - properties: - command: - items: - type: string - type: array - type: object - failureThreshold: - format: int32 - type: integer - grpc: - properties: - port: - format: int32 - type: integer - service: - type: string - required: - - port - type: object - httpGet: - properties: - host: - type: string - httpHeaders: - items: - properties: - name: - type: string - value: - type: string - required: - - name - - value - type: object - type: array - path: - type: string - port: - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - scheme: - type: string - required: - - port - type: object - initialDelaySeconds: - format: int32 - type: integer - periodSeconds: - format: int32 - type: integer - successThreshold: - format: int32 - type: integer - tcpSocket: - properties: - host: - type: string - port: - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - required: - - port - type: object - terminationGracePeriodSeconds: - format: int64 - type: integer - timeoutSeconds: - format: int32 - type: integer - type: object - resources: - properties: - limits: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - type: object - requests: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - type: object - type: object - unixDomainSocket: - properties: - enabled: - type: boolean - hostFilepath: - type: string - type: object - volumeMounts: - items: - properties: - mountPath: - type: string - mountPropagation: - type: string - name: - type: string - readOnly: - type: boolean - subPath: - type: string - subPathExpr: - type: string - required: - - mountPath - - name - type: object - type: array - x-kubernetes-list-map-keys: - - name - - mountPath - x-kubernetes-list-type: map - type: object - config: - properties: - args: - items: - type: string - type: array - x-kubernetes-list-type: atomic - checksd: - properties: - configMapName: - type: string - items: - items: - properties: - key: - type: string - mode: - format: int32 - type: integer - path: - type: string - required: - - key - - path - type: object - type: array - x-kubernetes-list-map-keys: - - key - x-kubernetes-list-type: map - type: object - collectEvents: - type: boolean - command: - items: - type: string - type: array - x-kubernetes-list-type: atomic - confd: - properties: - configMapName: - type: string - items: - items: - properties: - key: - type: string - mode: - format: int32 - type: integer - path: - type: string - required: - - key - - path - type: object - type: array - x-kubernetes-list-map-keys: - - key - x-kubernetes-list-type: map - type: object - criSocket: - properties: - criSocketPath: - type: string - dockerSocketPath: - type: string - type: object - ddUrl: - type: string - dogstatsd: - properties: - dogstatsdOriginDetection: - type: boolean - mapperProfiles: - properties: - configData: - type: string - configMap: - properties: - fileKey: - type: string - name: - type: string - type: object - type: object - unixDomainSocket: - properties: - enabled: - type: boolean - hostFilepath: - type: string - type: object - type: object - env: - items: - properties: - name: - type: string - value: - type: string - valueFrom: - properties: - configMapKeyRef: - properties: - key: - type: string - name: - type: string - optional: - type: boolean - required: - - key - type: object - fieldRef: - properties: - apiVersion: - type: string - fieldPath: - type: string - required: - - fieldPath - type: object - resourceFieldRef: - properties: - containerName: - type: string - divisor: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - resource: - type: string - required: - - resource - type: object - secretKeyRef: - properties: - key: - type: string - name: - type: string - optional: - type: boolean - required: - - key - type: object - type: object - required: - - name - type: object - type: array - x-kubernetes-list-map-keys: - - name - x-kubernetes-list-type: map - healthPort: - format: int32 - type: integer - hostPort: - format: int32 - type: integer - kubelet: - properties: - agentCAPath: - type: string - host: - properties: - configMapKeyRef: - properties: - key: - type: string - name: - type: string - optional: - type: boolean - required: - - key - type: object - fieldRef: - properties: - apiVersion: - type: string - fieldPath: - type: string - required: - - fieldPath - type: object - resourceFieldRef: - properties: - containerName: - type: string - divisor: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - resource: - type: string - required: - - resource - type: object - secretKeyRef: - properties: - key: - type: string - name: - type: string - optional: - type: boolean - required: - - key - type: object - type: object - hostCAPath: - type: string - tlsVerify: - type: boolean - type: object - leaderElection: - type: boolean - livenessProbe: - properties: - exec: - properties: - command: - items: - type: string - type: array - type: object - failureThreshold: - format: int32 - type: integer - grpc: - properties: - port: - format: int32 - type: integer - service: - type: string - required: - - port - type: object - httpGet: - properties: - host: - type: string - httpHeaders: - items: - properties: - name: - type: string - value: - type: string - required: - - name - - value - type: object - type: array - path: - type: string - port: - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - scheme: - type: string - required: - - port - type: object - initialDelaySeconds: - format: int32 - type: integer - periodSeconds: - format: int32 - type: integer - successThreshold: - format: int32 - type: integer - tcpSocket: - properties: - host: - type: string - port: - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - required: - - port - type: object - terminationGracePeriodSeconds: - format: int64 - type: integer - timeoutSeconds: - format: int32 - type: integer - type: object - logLevel: - type: string - namespaceLabelsAsTags: - additionalProperties: - type: string - type: object - nodeLabelsAsTags: - additionalProperties: - type: string - type: object - podAnnotationsAsTags: - additionalProperties: - type: string - type: object - podLabelsAsTags: - additionalProperties: - type: string - type: object - readinessProbe: - properties: - exec: - properties: - command: - items: - type: string - type: array - type: object - failureThreshold: - format: int32 - type: integer - grpc: - properties: - port: - format: int32 - type: integer - service: - type: string - required: - - port - type: object - httpGet: - properties: - host: - type: string - httpHeaders: - items: - properties: - name: - type: string - value: - type: string - required: - - name - - value - type: object - type: array - path: - type: string - port: - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - scheme: - type: string - required: - - port - type: object - initialDelaySeconds: - format: int32 - type: integer - periodSeconds: - format: int32 - type: integer - successThreshold: - format: int32 - type: integer - tcpSocket: - properties: - host: - type: string - port: - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - required: - - port - type: object - terminationGracePeriodSeconds: - format: int64 - type: integer - timeoutSeconds: - format: int32 - type: integer - type: object - resources: - properties: - limits: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - type: object - requests: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - type: object - type: object - securityContext: - properties: - fsGroup: - format: int64 - type: integer - fsGroupChangePolicy: - type: string - runAsGroup: - format: int64 - type: integer - runAsNonRoot: - type: boolean - runAsUser: - format: int64 - type: integer - seLinuxOptions: - properties: - level: - type: string - role: - type: string - type: - type: string - user: - type: string - type: object - seccompProfile: - properties: - localhostProfile: - type: string - type: - type: string - required: - - type - type: object - supplementalGroups: - items: - format: int64 - type: integer - type: array - sysctls: - items: - properties: - name: - type: string - value: - type: string - required: - - name - - value - type: object - type: array - windowsOptions: - properties: - gmsaCredentialSpec: - type: string - gmsaCredentialSpecName: - type: string - hostProcess: - type: boolean - runAsUserName: - type: string - type: object - type: object - tags: - items: - type: string - type: array - x-kubernetes-list-type: set - tolerations: - items: - properties: - effect: - type: string - key: - type: string - operator: - type: string - tolerationSeconds: - format: int64 - type: integer - value: - type: string - type: object - type: array - x-kubernetes-list-type: atomic - volumeMounts: - items: - properties: - mountPath: - type: string - mountPropagation: - type: string - name: - type: string - readOnly: - type: boolean - subPath: - type: string - subPathExpr: - type: string - required: - - mountPath - - name - type: object - type: array - x-kubernetes-list-map-keys: - - name - - mountPath - x-kubernetes-list-type: map - volumes: - items: - properties: - awsElasticBlockStore: - properties: - fsType: - type: string - partition: - format: int32 - type: integer - readOnly: - type: boolean - volumeID: - type: string - required: - - volumeID - type: object - azureDisk: - properties: - cachingMode: - type: string - diskName: - type: string - diskURI: - type: string - fsType: - type: string - kind: - type: string - readOnly: - type: boolean - required: - - diskName - - diskURI - type: object - azureFile: - properties: - readOnly: - type: boolean - secretName: - type: string - shareName: - type: string - required: - - secretName - - shareName - type: object - cephfs: - properties: - monitors: - items: - type: string - type: array - path: - type: string - readOnly: - type: boolean - secretFile: - type: string - secretRef: - properties: - name: - type: string - type: object - user: - type: string - required: - - monitors - type: object - cinder: - properties: - fsType: - type: string - readOnly: - type: boolean - secretRef: - properties: - name: - type: string - type: object - volumeID: - type: string - required: - - volumeID - type: object - configMap: - properties: - defaultMode: - format: int32 - type: integer - items: - items: - properties: - key: - type: string - mode: - format: int32 - type: integer - path: - type: string - required: - - key - - path - type: object - type: array - name: - type: string - optional: - type: boolean - type: object - csi: - properties: - driver: - type: string - fsType: - type: string - nodePublishSecretRef: - properties: - name: - type: string - type: object - readOnly: - type: boolean - volumeAttributes: - additionalProperties: - type: string - type: object - required: - - driver - type: object - downwardAPI: - properties: - defaultMode: - format: int32 - type: integer - items: - items: - properties: - fieldRef: - properties: - apiVersion: - type: string - fieldPath: - type: string - required: - - fieldPath - type: object - mode: - format: int32 - type: integer - path: - type: string - resourceFieldRef: - properties: - containerName: - type: string - divisor: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - resource: - type: string - required: - - resource - type: object - required: - - path - type: object - type: array - type: object - emptyDir: - properties: - medium: - type: string - sizeLimit: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - type: object - ephemeral: - properties: - volumeClaimTemplate: - properties: - metadata: - type: object - spec: - properties: - accessModes: - items: - type: string - type: array - dataSource: - properties: - apiGroup: - type: string - kind: - type: string - name: - type: string - required: - - kind - - name - type: object - dataSourceRef: - properties: - apiGroup: - type: string - kind: - type: string - name: - type: string - required: - - kind - - name - type: object - resources: - properties: - limits: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - type: object - requests: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - type: object - type: object - selector: - properties: - matchExpressions: - items: - properties: - key: - type: string - operator: - type: string - values: - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - type: object - type: object - storageClassName: - type: string - volumeMode: - type: string - volumeName: - type: string - type: object - required: - - spec - type: object - type: object - fc: - properties: - fsType: - type: string - lun: - format: int32 - type: integer - readOnly: - type: boolean - targetWWNs: - items: - type: string - type: array - wwids: - items: - type: string - type: array - type: object - flexVolume: - properties: - driver: - type: string - fsType: - type: string - options: - additionalProperties: - type: string - type: object - readOnly: - type: boolean - secretRef: - properties: - name: - type: string - type: object - required: - - driver - type: object - flocker: - properties: - datasetName: - type: string - datasetUUID: - type: string - type: object - gcePersistentDisk: - properties: - fsType: - type: string - partition: - format: int32 - type: integer - pdName: - type: string - readOnly: - type: boolean - required: - - pdName - type: object - gitRepo: - properties: - directory: - type: string - repository: - type: string - revision: - type: string - required: - - repository - type: object - glusterfs: - properties: - endpoints: - type: string - path: - type: string - readOnly: - type: boolean - required: - - endpoints - - path - type: object - hostPath: - properties: - path: - type: string - type: - type: string - required: - - path - type: object - iscsi: - properties: - chapAuthDiscovery: - type: boolean - chapAuthSession: - type: boolean - fsType: - type: string - initiatorName: - type: string - iqn: - type: string - iscsiInterface: - type: string - lun: - format: int32 - type: integer - portals: - items: - type: string - type: array - readOnly: - type: boolean - secretRef: - properties: - name: - type: string - type: object - targetPortal: - type: string - required: - - iqn - - lun - - targetPortal - type: object - name: - type: string - nfs: - properties: - path: - type: string - readOnly: - type: boolean - server: - type: string - required: - - path - - server - type: object - persistentVolumeClaim: - properties: - claimName: - type: string - readOnly: - type: boolean - required: - - claimName - type: object - photonPersistentDisk: - properties: - fsType: - type: string - pdID: - type: string - required: - - pdID - type: object - portworxVolume: - properties: - fsType: - type: string - readOnly: - type: boolean - volumeID: - type: string - required: - - volumeID - type: object - projected: - properties: - defaultMode: - format: int32 - type: integer - sources: - items: - properties: - configMap: - properties: - items: - items: - properties: - key: - type: string - mode: - format: int32 - type: integer - path: - type: string - required: - - key - - path - type: object - type: array - name: - type: string - optional: - type: boolean - type: object - downwardAPI: - properties: - items: - items: - properties: - fieldRef: - properties: - apiVersion: - type: string - fieldPath: - type: string - required: - - fieldPath - type: object - mode: - format: int32 - type: integer - path: - type: string - resourceFieldRef: - properties: - containerName: - type: string - divisor: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - resource: - type: string - required: - - resource - type: object - required: - - path - type: object - type: array - type: object - secret: - properties: - items: - items: - properties: - key: - type: string - mode: - format: int32 - type: integer - path: - type: string - required: - - key - - path - type: object - type: array - name: - type: string - optional: - type: boolean - type: object - serviceAccountToken: - properties: - audience: - type: string - expirationSeconds: - format: int64 - type: integer - path: - type: string - required: - - path - type: object - type: object - type: array - type: object - quobyte: - properties: - group: - type: string - readOnly: - type: boolean - registry: - type: string - tenant: - type: string - user: - type: string - volume: - type: string - required: - - registry - - volume - type: object - rbd: - properties: - fsType: - type: string - image: - type: string - keyring: - type: string - monitors: - items: - type: string - type: array - pool: - type: string - readOnly: - type: boolean - secretRef: - properties: - name: - type: string - type: object - user: - type: string - required: - - image - - monitors - type: object - scaleIO: - properties: - fsType: - type: string - gateway: - type: string - protectionDomain: - type: string - readOnly: - type: boolean - secretRef: - properties: - name: - type: string - type: object - sslEnabled: - type: boolean - storageMode: - type: string - storagePool: - type: string - system: - type: string - volumeName: - type: string - required: - - gateway - - secretRef - - system - type: object - secret: - properties: - defaultMode: - format: int32 - type: integer - items: - items: - properties: - key: - type: string - mode: - format: int32 - type: integer - path: - type: string - required: - - key - - path - type: object - type: array - optional: - type: boolean - secretName: - type: string - type: object - storageos: - properties: - fsType: - type: string - readOnly: - type: boolean - secretRef: - properties: - name: - type: string - type: object - volumeName: - type: string - volumeNamespace: - type: string - type: object - vsphereVolume: - properties: - fsType: - type: string - storagePolicyID: - type: string - storagePolicyName: - type: string - volumePath: - type: string - required: - - volumePath - type: object - required: - - name - type: object - type: array - x-kubernetes-list-map-keys: - - name - x-kubernetes-list-type: map - type: object - customConfig: - properties: - configData: - type: string - configMap: - properties: - fileKey: - type: string - name: - type: string - type: object - type: object - daemonsetName: - type: string - deploymentStrategy: - properties: - canary: - properties: - autoFail: - properties: - canaryTimeout: - type: string - enabled: - type: boolean - maxRestarts: - format: int32 - type: integer - maxRestartsDuration: - type: string - type: object - autoPause: - properties: - enabled: - type: boolean - maxRestarts: - format: int32 - type: integer - maxSlowStartDuration: - type: string - type: object - duration: - type: string - noRestartsDuration: - type: string - nodeAntiAffinityKeys: - items: - type: string - type: array - x-kubernetes-list-type: set - nodeSelector: - properties: - matchExpressions: - items: - properties: - key: - type: string - operator: - type: string - values: - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - type: object - type: object - replicas: - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - validationMode: - enum: - - auto - - manual - type: string - type: object - reconcileFrequency: - type: string - rollingUpdate: - properties: - maxParallelPodCreation: - format: int32 - type: integer - maxPodSchedulerFailure: - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - maxUnavailable: - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - slowStartAdditiveIncrease: - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - slowStartIntervalDuration: - type: string - type: object - updateStrategyType: - type: string - type: object - dnsConfig: - properties: - nameservers: - items: - type: string - type: array - options: - items: - properties: - name: - type: string - value: - type: string - type: object - type: array - searches: - items: - type: string - type: array - type: object - dnsPolicy: - type: string - enabled: - type: boolean - env: - items: - properties: - name: - type: string - value: - type: string - valueFrom: - properties: - configMapKeyRef: - properties: - key: - type: string - name: - type: string - optional: - type: boolean - required: - - key - type: object - fieldRef: - properties: - apiVersion: - type: string - fieldPath: - type: string - required: - - fieldPath - type: object - resourceFieldRef: - properties: - containerName: - type: string - divisor: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - resource: - type: string - required: - - resource - type: object - secretKeyRef: - properties: - key: - type: string - name: - type: string - optional: - type: boolean - required: - - key - type: object - type: object - required: - - name - type: object - type: array - x-kubernetes-list-map-keys: - - name - x-kubernetes-list-type: map - hostNetwork: - type: boolean - hostPID: - type: boolean - image: - properties: - jmxEnabled: - type: boolean - name: - type: string - pullPolicy: - type: string - pullSecrets: - items: - properties: - name: - type: string - type: object - type: array - tag: - type: string - type: object - keepAnnotations: - type: string - keepLabels: - type: string - localService: - properties: - forceLocalServiceEnable: - type: boolean - overrideName: - type: string - type: object - log: - properties: - containerCollectUsingFiles: - type: boolean - containerLogsPath: - type: string - containerSymlinksPath: - type: string - enabled: - type: boolean - logsConfigContainerCollectAll: - type: boolean - openFilesLimit: - format: int32 - type: integer - podLogsPath: - type: string - tempStoragePath: - type: string - type: object - networkPolicy: - properties: - create: - type: boolean - dnsSelectorEndpoints: - items: - properties: - matchExpressions: - items: - properties: - key: - type: string - operator: - type: string - values: - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - type: object - type: object - type: array - x-kubernetes-list-type: atomic - flavor: - type: string - type: object - otlp: - properties: - receiver: - properties: - protocols: - properties: - grpc: - properties: - enabled: - type: boolean - endpoint: - type: string - type: object - http: - properties: - enabled: - type: boolean - endpoint: - type: string - type: object - type: object - type: object - type: object - priorityClassName: - type: string - process: - properties: - args: - items: - type: string - type: array - x-kubernetes-list-type: atomic - command: - items: - type: string - type: array - x-kubernetes-list-type: atomic - enabled: - type: boolean - env: - items: - properties: - name: - type: string - value: - type: string - valueFrom: - properties: - configMapKeyRef: - properties: - key: - type: string - name: - type: string - optional: - type: boolean - required: - - key - type: object - fieldRef: - properties: - apiVersion: - type: string - fieldPath: - type: string - required: - - fieldPath - type: object - resourceFieldRef: - properties: - containerName: - type: string - divisor: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - resource: - type: string - required: - - resource - type: object - secretKeyRef: - properties: - key: - type: string - name: - type: string - optional: - type: boolean - required: - - key - type: object - type: object - required: - - name - type: object - type: array - x-kubernetes-list-map-keys: - - name - x-kubernetes-list-type: map - processCollectionEnabled: - type: boolean - resources: - properties: - limits: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - type: object - requests: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - type: object - type: object - volumeMounts: - items: - properties: - mountPath: - type: string - mountPropagation: - type: string - name: - type: string - readOnly: - type: boolean - subPath: - type: string - subPathExpr: - type: string - required: - - mountPath - - name - type: object - type: array - x-kubernetes-list-map-keys: - - name - - mountPath - x-kubernetes-list-type: map - type: object - rbac: - properties: - create: - type: boolean - serviceAccountName: - type: string - type: object - security: - properties: - args: - items: - type: string - type: array - x-kubernetes-list-type: atomic - command: - items: - type: string - type: array - x-kubernetes-list-type: atomic - compliance: - properties: - checkInterval: - type: string - configDir: - properties: - configMapName: - type: string - items: - items: - properties: - key: - type: string - mode: - format: int32 - type: integer - path: - type: string - required: - - key - - path - type: object - type: array - x-kubernetes-list-map-keys: - - key - x-kubernetes-list-type: map - type: object - enabled: - type: boolean - type: object - env: - items: - properties: - name: - type: string - value: - type: string - valueFrom: - properties: - configMapKeyRef: - properties: - key: - type: string - name: - type: string - optional: - type: boolean - required: - - key - type: object - fieldRef: - properties: - apiVersion: - type: string - fieldPath: - type: string - required: - - fieldPath - type: object - resourceFieldRef: - properties: - containerName: - type: string - divisor: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - resource: - type: string - required: - - resource - type: object - secretKeyRef: - properties: - key: - type: string - name: - type: string - optional: - type: boolean - required: - - key - type: object - type: object - required: - - name - type: object - type: array - x-kubernetes-list-map-keys: - - name - x-kubernetes-list-type: map - resources: - properties: - limits: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - type: object - requests: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - type: object - type: object - runtime: - properties: - enabled: - type: boolean - policiesDir: - properties: - configMapName: - type: string - items: - items: - properties: - key: - type: string - mode: - format: int32 - type: integer - path: - type: string - required: - - key - - path - type: object - type: array - x-kubernetes-list-map-keys: - - key - x-kubernetes-list-type: map - type: object - syscallMonitor: - properties: - enabled: - type: boolean - type: object - type: object - volumeMounts: - items: - properties: - mountPath: - type: string - mountPropagation: - type: string - name: - type: string - readOnly: - type: boolean - subPath: - type: string - subPathExpr: - type: string - required: - - mountPath - - name - type: object - type: array - x-kubernetes-list-map-keys: - - name - - mountPath - x-kubernetes-list-type: map - type: object - systemProbe: - properties: - appArmorProfileName: - type: string - args: - items: - type: string - type: array - x-kubernetes-list-type: atomic - bpfDebugEnabled: - type: boolean - collectDNSStats: - type: boolean - command: - items: - type: string - type: array - x-kubernetes-list-type: atomic - conntrackEnabled: - type: boolean - customConfig: - properties: - configData: - type: string - configMap: - properties: - fileKey: - type: string - name: - type: string - type: object - type: object - debugPort: - format: int32 - type: integer - enableOOMKill: - type: boolean - enableTCPQueueLength: - type: boolean - enabled: - type: boolean - env: - items: - properties: - name: - type: string - value: - type: string - valueFrom: - properties: - configMapKeyRef: - properties: - key: - type: string - name: - type: string - optional: - type: boolean - required: - - key - type: object - fieldRef: - properties: - apiVersion: - type: string - fieldPath: - type: string - required: - - fieldPath - type: object - resourceFieldRef: - properties: - containerName: - type: string - divisor: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - resource: - type: string - required: - - resource - type: object - secretKeyRef: - properties: - key: - type: string - name: - type: string - optional: - type: boolean - required: - - key - type: object - type: object - required: - - name - type: object - type: array - x-kubernetes-list-map-keys: - - name - x-kubernetes-list-type: map - resources: - properties: - limits: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - type: object - requests: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - type: object - type: object - secCompCustomProfileConfigMap: - type: string - secCompProfileName: - type: string - secCompRootPath: - type: string - securityContext: - properties: - allowPrivilegeEscalation: - type: boolean - capabilities: - properties: - add: - items: - type: string - type: array - drop: - items: - type: string - type: array - type: object - privileged: - type: boolean - procMount: - type: string - readOnlyRootFilesystem: - type: boolean - runAsGroup: - format: int64 - type: integer - runAsNonRoot: - type: boolean - runAsUser: - format: int64 - type: integer - seLinuxOptions: - properties: - level: - type: string - role: - type: string - type: - type: string - user: - type: string - type: object - seccompProfile: - properties: - localhostProfile: - type: string - type: - type: string - required: - - type - type: object - windowsOptions: - properties: - gmsaCredentialSpec: - type: string - gmsaCredentialSpecName: - type: string - hostProcess: - type: boolean - runAsUserName: - type: string - type: object - type: object - volumeMounts: - items: - properties: - mountPath: - type: string - mountPropagation: - type: string - name: - type: string - readOnly: - type: boolean - subPath: - type: string - subPathExpr: - type: string - required: - - mountPath - - name - type: object - type: array - x-kubernetes-list-map-keys: - - name - - mountPath - x-kubernetes-list-type: map - type: object - useExtendedDaemonset: - type: boolean - type: object - clusterAgent: - properties: - additionalAnnotations: - additionalProperties: - type: string - type: object - additionalLabels: - additionalProperties: - type: string - type: object - affinity: - properties: - nodeAffinity: - properties: - preferredDuringSchedulingIgnoredDuringExecution: - items: - properties: - preference: - properties: - matchExpressions: - items: - properties: - key: - type: string - operator: - type: string - values: - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchFields: - items: - properties: - key: - type: string - operator: - type: string - values: - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - type: object - weight: - format: int32 - type: integer - required: - - preference - - weight - type: object - type: array - requiredDuringSchedulingIgnoredDuringExecution: - properties: - nodeSelectorTerms: - items: - properties: - matchExpressions: - items: - properties: - key: - type: string - operator: - type: string - values: - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchFields: - items: - properties: - key: - type: string - operator: - type: string - values: - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - type: object - type: array - required: - - nodeSelectorTerms - type: object - type: object - podAffinity: - properties: - preferredDuringSchedulingIgnoredDuringExecution: - items: - properties: - podAffinityTerm: - properties: - labelSelector: - properties: - matchExpressions: - items: - properties: - key: - type: string - operator: - type: string - values: - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - type: object - type: object - namespaceSelector: - properties: - matchExpressions: - items: - properties: - key: - type: string - operator: - type: string - values: - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - type: object - type: object - namespaces: - items: - type: string - type: array - topologyKey: - type: string - required: - - topologyKey - type: object - weight: - format: int32 - type: integer - required: - - podAffinityTerm - - weight - type: object - type: array - requiredDuringSchedulingIgnoredDuringExecution: - items: - properties: - labelSelector: - properties: - matchExpressions: - items: - properties: - key: - type: string - operator: - type: string - values: - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - type: object - type: object - namespaceSelector: - properties: - matchExpressions: - items: - properties: - key: - type: string - operator: - type: string - values: - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - type: object - type: object - namespaces: - items: - type: string - type: array - topologyKey: - type: string - required: - - topologyKey - type: object - type: array - type: object - podAntiAffinity: - properties: - preferredDuringSchedulingIgnoredDuringExecution: - items: - properties: - podAffinityTerm: - properties: - labelSelector: - properties: - matchExpressions: - items: - properties: - key: - type: string - operator: - type: string - values: - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - type: object - type: object - namespaceSelector: - properties: - matchExpressions: - items: - properties: - key: - type: string - operator: - type: string - values: - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - type: object - type: object - namespaces: - items: - type: string - type: array - topologyKey: - type: string - required: - - topologyKey - type: object - weight: - format: int32 - type: integer - required: - - podAffinityTerm - - weight - type: object - type: array - requiredDuringSchedulingIgnoredDuringExecution: - items: - properties: - labelSelector: - properties: - matchExpressions: - items: - properties: - key: - type: string - operator: - type: string - values: - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - type: object - type: object - namespaceSelector: - properties: - matchExpressions: - items: - properties: - key: - type: string - operator: - type: string - values: - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - type: object - type: object - namespaces: - items: - type: string - type: array - topologyKey: - type: string - required: - - topologyKey - type: object - type: array - type: object - type: object - config: - properties: - admissionController: - properties: - agentCommunicationMode: - type: string - enabled: - type: boolean - mutateUnlabelled: - type: boolean - serviceName: - type: string - type: object - args: - items: - type: string - type: array - x-kubernetes-list-type: atomic - clusterChecksEnabled: - type: boolean - collectEvents: - type: boolean - command: - items: - type: string - type: array - x-kubernetes-list-type: atomic - confd: - properties: - configMapName: - type: string - items: - items: - properties: - key: - type: string - mode: - format: int32 - type: integer - path: - type: string - required: - - key - - path - type: object - type: array - x-kubernetes-list-map-keys: - - key - x-kubernetes-list-type: map - type: object - env: - items: - properties: - name: - type: string - value: - type: string - valueFrom: - properties: - configMapKeyRef: - properties: - key: - type: string - name: - type: string - optional: - type: boolean - required: - - key - type: object - fieldRef: - properties: - apiVersion: - type: string - fieldPath: - type: string - required: - - fieldPath - type: object - resourceFieldRef: - properties: - containerName: - type: string - divisor: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - resource: - type: string - required: - - resource - type: object - secretKeyRef: - properties: - key: - type: string - name: - type: string - optional: - type: boolean - required: - - key - type: object - type: object - required: - - name - type: object - type: array - x-kubernetes-list-map-keys: - - name - x-kubernetes-list-type: map - externalMetrics: - properties: - credentials: - properties: - apiKey: - type: string - apiKeyExistingSecret: - type: string - apiSecret: - properties: - keyName: - type: string - secretName: - type: string - required: - - secretName - type: object - appKey: - type: string - appKeyExistingSecret: - type: string - appSecret: - properties: - keyName: - type: string - secretName: - type: string - required: - - secretName - type: object - type: object - enabled: - type: boolean - endpoint: - type: string - port: - format: int32 - type: integer - useDatadogMetrics: - type: boolean - wpaController: - type: boolean - type: object - healthPort: - format: int32 - type: integer - logLevel: - type: string - resources: - properties: - limits: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - type: object - requests: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - type: object - type: object - securityContext: - properties: - fsGroup: - format: int64 - type: integer - fsGroupChangePolicy: - type: string - runAsGroup: - format: int64 - type: integer - runAsNonRoot: - type: boolean - runAsUser: - format: int64 - type: integer - seLinuxOptions: - properties: - level: - type: string - role: - type: string - type: - type: string - user: - type: string - type: object - seccompProfile: - properties: - localhostProfile: - type: string - type: - type: string - required: - - type - type: object - supplementalGroups: - items: - format: int64 - type: integer - type: array - sysctls: - items: - properties: - name: - type: string - value: - type: string - required: - - name - - value - type: object - type: array - windowsOptions: - properties: - gmsaCredentialSpec: - type: string - gmsaCredentialSpecName: - type: string - hostProcess: - type: boolean - runAsUserName: - type: string - type: object - type: object - volumeMounts: - items: - properties: - mountPath: - type: string - mountPropagation: - type: string - name: - type: string - readOnly: - type: boolean - subPath: - type: string - subPathExpr: - type: string - required: - - mountPath - - name - type: object - type: array - x-kubernetes-list-map-keys: - - name - - mountPath - x-kubernetes-list-type: map - volumes: - items: - properties: - awsElasticBlockStore: - properties: - fsType: - type: string - partition: - format: int32 - type: integer - readOnly: - type: boolean - volumeID: - type: string - required: - - volumeID - type: object - azureDisk: - properties: - cachingMode: - type: string - diskName: - type: string - diskURI: - type: string - fsType: - type: string - kind: - type: string - readOnly: - type: boolean - required: - - diskName - - diskURI - type: object - azureFile: - properties: - readOnly: - type: boolean - secretName: - type: string - shareName: - type: string - required: - - secretName - - shareName - type: object - cephfs: - properties: - monitors: - items: - type: string - type: array - path: - type: string - readOnly: - type: boolean - secretFile: - type: string - secretRef: - properties: - name: - type: string - type: object - user: - type: string - required: - - monitors - type: object - cinder: - properties: - fsType: - type: string - readOnly: - type: boolean - secretRef: - properties: - name: - type: string - type: object - volumeID: - type: string - required: - - volumeID - type: object - configMap: - properties: - defaultMode: - format: int32 - type: integer - items: - items: - properties: - key: - type: string - mode: - format: int32 - type: integer - path: - type: string - required: - - key - - path - type: object - type: array - name: - type: string - optional: - type: boolean - type: object - csi: - properties: - driver: - type: string - fsType: - type: string - nodePublishSecretRef: - properties: - name: - type: string - type: object - readOnly: - type: boolean - volumeAttributes: - additionalProperties: - type: string - type: object - required: - - driver - type: object - downwardAPI: - properties: - defaultMode: - format: int32 - type: integer - items: - items: - properties: - fieldRef: - properties: - apiVersion: - type: string - fieldPath: - type: string - required: - - fieldPath - type: object - mode: - format: int32 - type: integer - path: - type: string - resourceFieldRef: - properties: - containerName: - type: string - divisor: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - resource: - type: string - required: - - resource - type: object - required: - - path - type: object - type: array - type: object - emptyDir: - properties: - medium: - type: string - sizeLimit: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - type: object - ephemeral: - properties: - volumeClaimTemplate: - properties: - metadata: - type: object - spec: - properties: - accessModes: - items: - type: string - type: array - dataSource: - properties: - apiGroup: - type: string - kind: - type: string - name: - type: string - required: - - kind - - name - type: object - dataSourceRef: - properties: - apiGroup: - type: string - kind: - type: string - name: - type: string - required: - - kind - - name - type: object - resources: - properties: - limits: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - type: object - requests: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - type: object - type: object - selector: - properties: - matchExpressions: - items: - properties: - key: - type: string - operator: - type: string - values: - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - type: object - type: object - storageClassName: - type: string - volumeMode: - type: string - volumeName: - type: string - type: object - required: - - spec - type: object - type: object - fc: - properties: - fsType: - type: string - lun: - format: int32 - type: integer - readOnly: - type: boolean - targetWWNs: - items: - type: string - type: array - wwids: - items: - type: string - type: array - type: object - flexVolume: - properties: - driver: - type: string - fsType: - type: string - options: - additionalProperties: - type: string - type: object - readOnly: - type: boolean - secretRef: - properties: - name: - type: string - type: object - required: - - driver - type: object - flocker: - properties: - datasetName: - type: string - datasetUUID: - type: string - type: object - gcePersistentDisk: - properties: - fsType: - type: string - partition: - format: int32 - type: integer - pdName: - type: string - readOnly: - type: boolean - required: - - pdName - type: object - gitRepo: - properties: - directory: - type: string - repository: - type: string - revision: - type: string - required: - - repository - type: object - glusterfs: - properties: - endpoints: - type: string - path: - type: string - readOnly: - type: boolean - required: - - endpoints - - path - type: object - hostPath: - properties: - path: - type: string - type: - type: string - required: - - path - type: object - iscsi: - properties: - chapAuthDiscovery: - type: boolean - chapAuthSession: - type: boolean - fsType: - type: string - initiatorName: - type: string - iqn: - type: string - iscsiInterface: - type: string - lun: - format: int32 - type: integer - portals: - items: - type: string - type: array - readOnly: - type: boolean - secretRef: - properties: - name: - type: string - type: object - targetPortal: - type: string - required: - - iqn - - lun - - targetPortal - type: object - name: - type: string - nfs: - properties: - path: - type: string - readOnly: - type: boolean - server: - type: string - required: - - path - - server - type: object - persistentVolumeClaim: - properties: - claimName: - type: string - readOnly: - type: boolean - required: - - claimName - type: object - photonPersistentDisk: - properties: - fsType: - type: string - pdID: - type: string - required: - - pdID - type: object - portworxVolume: - properties: - fsType: - type: string - readOnly: - type: boolean - volumeID: - type: string - required: - - volumeID - type: object - projected: - properties: - defaultMode: - format: int32 - type: integer - sources: - items: - properties: - configMap: - properties: - items: - items: - properties: - key: - type: string - mode: - format: int32 - type: integer - path: - type: string - required: - - key - - path - type: object - type: array - name: - type: string - optional: - type: boolean - type: object - downwardAPI: - properties: - items: - items: - properties: - fieldRef: - properties: - apiVersion: - type: string - fieldPath: - type: string - required: - - fieldPath - type: object - mode: - format: int32 - type: integer - path: - type: string - resourceFieldRef: - properties: - containerName: - type: string - divisor: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - resource: - type: string - required: - - resource - type: object - required: - - path - type: object - type: array - type: object - secret: - properties: - items: - items: - properties: - key: - type: string - mode: - format: int32 - type: integer - path: - type: string - required: - - key - - path - type: object - type: array - name: - type: string - optional: - type: boolean - type: object - serviceAccountToken: - properties: - audience: - type: string - expirationSeconds: - format: int64 - type: integer - path: - type: string - required: - - path - type: object - type: object - type: array - type: object - quobyte: - properties: - group: - type: string - readOnly: - type: boolean - registry: - type: string - tenant: - type: string - user: - type: string - volume: - type: string - required: - - registry - - volume - type: object - rbd: - properties: - fsType: - type: string - image: - type: string - keyring: - type: string - monitors: - items: - type: string - type: array - pool: - type: string - readOnly: - type: boolean - secretRef: - properties: - name: - type: string - type: object - user: - type: string - required: - - image - - monitors - type: object - scaleIO: - properties: - fsType: - type: string - gateway: - type: string - protectionDomain: - type: string - readOnly: - type: boolean - secretRef: - properties: - name: - type: string - type: object - sslEnabled: - type: boolean - storageMode: - type: string - storagePool: - type: string - system: - type: string - volumeName: - type: string - required: - - gateway - - secretRef - - system - type: object - secret: - properties: - defaultMode: - format: int32 - type: integer - items: - items: - properties: - key: - type: string - mode: - format: int32 - type: integer - path: - type: string - required: - - key - - path - type: object - type: array - optional: - type: boolean - secretName: - type: string - type: object - storageos: - properties: - fsType: - type: string - readOnly: - type: boolean - secretRef: - properties: - name: - type: string - type: object - volumeName: - type: string - volumeNamespace: - type: string - type: object - vsphereVolume: - properties: - fsType: - type: string - storagePolicyID: - type: string - storagePolicyName: - type: string - volumePath: - type: string - required: - - volumePath - type: object - required: - - name - type: object - type: array - x-kubernetes-list-map-keys: - - name - x-kubernetes-list-type: map - type: object - customConfig: - properties: - configData: - type: string - configMap: - properties: - fileKey: - type: string - name: - type: string - type: object - type: object - deploymentName: - type: string - enabled: - type: boolean - image: - properties: - jmxEnabled: - type: boolean - name: - type: string - pullPolicy: - type: string - pullSecrets: - items: - properties: - name: - type: string - type: object - type: array - tag: - type: string - type: object - keepAnnotations: - type: string - keepLabels: - type: string - networkPolicy: - properties: - create: - type: boolean - dnsSelectorEndpoints: - items: - properties: - matchExpressions: - items: - properties: - key: - type: string - operator: - type: string - values: - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - type: object - type: object - type: array - x-kubernetes-list-type: atomic - flavor: - type: string - type: object - nodeSelector: - additionalProperties: - type: string - type: object - priorityClassName: - type: string - rbac: - properties: - create: - type: boolean - serviceAccountName: - type: string - type: object - replicas: - format: int32 - type: integer - tolerations: - items: - properties: - effect: - type: string - key: - type: string - operator: - type: string - tolerationSeconds: - format: int64 - type: integer - value: - type: string - type: object - type: array - x-kubernetes-list-type: atomic - type: object - clusterChecksRunner: - properties: - additionalAnnotations: - additionalProperties: - type: string - type: object - additionalLabels: - additionalProperties: - type: string - type: object - affinity: - properties: - nodeAffinity: - properties: - preferredDuringSchedulingIgnoredDuringExecution: - items: - properties: - preference: - properties: - matchExpressions: - items: - properties: - key: - type: string - operator: - type: string - values: - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchFields: - items: - properties: - key: - type: string - operator: - type: string - values: - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - type: object - weight: - format: int32 - type: integer - required: - - preference - - weight - type: object - type: array - requiredDuringSchedulingIgnoredDuringExecution: - properties: - nodeSelectorTerms: - items: - properties: - matchExpressions: - items: - properties: - key: - type: string - operator: - type: string - values: - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchFields: - items: - properties: - key: - type: string - operator: - type: string - values: - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - type: object - type: array - required: - - nodeSelectorTerms - type: object - type: object - podAffinity: - properties: - preferredDuringSchedulingIgnoredDuringExecution: - items: - properties: - podAffinityTerm: - properties: - labelSelector: - properties: - matchExpressions: - items: - properties: - key: - type: string - operator: - type: string - values: - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - type: object - type: object - namespaceSelector: - properties: - matchExpressions: - items: - properties: - key: - type: string - operator: - type: string - values: - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - type: object - type: object - namespaces: - items: - type: string - type: array - topologyKey: - type: string - required: - - topologyKey - type: object - weight: - format: int32 - type: integer - required: - - podAffinityTerm - - weight - type: object - type: array - requiredDuringSchedulingIgnoredDuringExecution: - items: - properties: - labelSelector: - properties: - matchExpressions: - items: - properties: - key: - type: string - operator: - type: string - values: - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - type: object - type: object - namespaceSelector: - properties: - matchExpressions: - items: - properties: - key: - type: string - operator: - type: string - values: - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - type: object - type: object - namespaces: - items: - type: string - type: array - topologyKey: - type: string - required: - - topologyKey - type: object - type: array - type: object - podAntiAffinity: - properties: - preferredDuringSchedulingIgnoredDuringExecution: - items: - properties: - podAffinityTerm: - properties: - labelSelector: - properties: - matchExpressions: - items: - properties: - key: - type: string - operator: - type: string - values: - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - type: object - type: object - namespaceSelector: - properties: - matchExpressions: - items: - properties: - key: - type: string - operator: - type: string - values: - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - type: object - type: object - namespaces: - items: - type: string - type: array - topologyKey: - type: string - required: - - topologyKey - type: object - weight: - format: int32 - type: integer - required: - - podAffinityTerm - - weight - type: object - type: array - requiredDuringSchedulingIgnoredDuringExecution: - items: - properties: - labelSelector: - properties: - matchExpressions: - items: - properties: - key: - type: string - operator: - type: string - values: - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - type: object - type: object - namespaceSelector: - properties: - matchExpressions: - items: - properties: - key: - type: string - operator: - type: string - values: - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - type: object - type: object - namespaces: - items: - type: string - type: array - topologyKey: - type: string - required: - - topologyKey - type: object - type: array - type: object - type: object - config: - properties: - args: - items: - type: string - type: array - x-kubernetes-list-type: atomic - command: - items: - type: string - type: array - x-kubernetes-list-type: atomic - env: - items: - properties: - name: - type: string - value: - type: string - valueFrom: - properties: - configMapKeyRef: - properties: - key: - type: string - name: - type: string - optional: - type: boolean - required: - - key - type: object - fieldRef: - properties: - apiVersion: - type: string - fieldPath: - type: string - required: - - fieldPath - type: object - resourceFieldRef: - properties: - containerName: - type: string - divisor: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - resource: - type: string - required: - - resource - type: object - secretKeyRef: - properties: - key: - type: string - name: - type: string - optional: - type: boolean - required: - - key - type: object - type: object - required: - - name - type: object - type: array - x-kubernetes-list-map-keys: - - name - x-kubernetes-list-type: map - healthPort: - format: int32 - type: integer - livenessProbe: - properties: - exec: - properties: - command: - items: - type: string - type: array - type: object - failureThreshold: - format: int32 - type: integer - grpc: - properties: - port: - format: int32 - type: integer - service: - type: string - required: - - port - type: object - httpGet: - properties: - host: - type: string - httpHeaders: - items: - properties: - name: - type: string - value: - type: string - required: - - name - - value - type: object - type: array - path: - type: string - port: - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - scheme: - type: string - required: - - port - type: object - initialDelaySeconds: - format: int32 - type: integer - periodSeconds: - format: int32 - type: integer - successThreshold: - format: int32 - type: integer - tcpSocket: - properties: - host: - type: string - port: - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - required: - - port - type: object - terminationGracePeriodSeconds: - format: int64 - type: integer - timeoutSeconds: - format: int32 - type: integer - type: object - logLevel: - type: string - readinessProbe: - properties: - exec: - properties: - command: - items: - type: string - type: array - type: object - failureThreshold: - format: int32 - type: integer - grpc: - properties: - port: - format: int32 - type: integer - service: - type: string - required: - - port - type: object - httpGet: - properties: - host: - type: string - httpHeaders: - items: - properties: - name: - type: string - value: - type: string - required: - - name - - value - type: object - type: array - path: - type: string - port: - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - scheme: - type: string - required: - - port - type: object - initialDelaySeconds: - format: int32 - type: integer - periodSeconds: - format: int32 - type: integer - successThreshold: - format: int32 - type: integer - tcpSocket: - properties: - host: - type: string - port: - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - required: - - port - type: object - terminationGracePeriodSeconds: - format: int64 - type: integer - timeoutSeconds: - format: int32 - type: integer - type: object - resources: - properties: - limits: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - type: object - requests: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - type: object - type: object - securityContext: - properties: - fsGroup: - format: int64 - type: integer - fsGroupChangePolicy: - type: string - runAsGroup: - format: int64 - type: integer - runAsNonRoot: - type: boolean - runAsUser: - format: int64 - type: integer - seLinuxOptions: - properties: - level: - type: string - role: - type: string - type: - type: string - user: - type: string - type: object - seccompProfile: - properties: - localhostProfile: - type: string - type: - type: string - required: - - type - type: object - supplementalGroups: - items: - format: int64 - type: integer - type: array - sysctls: - items: - properties: - name: - type: string - value: - type: string - required: - - name - - value - type: object - type: array - windowsOptions: - properties: - gmsaCredentialSpec: - type: string - gmsaCredentialSpecName: - type: string - hostProcess: - type: boolean - runAsUserName: - type: string - type: object - type: object - volumeMounts: - items: - properties: - mountPath: - type: string - mountPropagation: - type: string - name: - type: string - readOnly: - type: boolean - subPath: - type: string - subPathExpr: - type: string - required: - - mountPath - - name - type: object - type: array - x-kubernetes-list-map-keys: - - name - - mountPath - x-kubernetes-list-type: map - volumes: - items: - properties: - awsElasticBlockStore: - properties: - fsType: - type: string - partition: - format: int32 - type: integer - readOnly: - type: boolean - volumeID: - type: string - required: - - volumeID - type: object - azureDisk: - properties: - cachingMode: - type: string - diskName: - type: string - diskURI: - type: string - fsType: - type: string - kind: - type: string - readOnly: - type: boolean - required: - - diskName - - diskURI - type: object - azureFile: - properties: - readOnly: - type: boolean - secretName: - type: string - shareName: - type: string - required: - - secretName - - shareName - type: object - cephfs: - properties: - monitors: - items: - type: string - type: array - path: - type: string - readOnly: - type: boolean - secretFile: - type: string - secretRef: - properties: - name: - type: string - type: object - user: - type: string - required: - - monitors - type: object - cinder: - properties: - fsType: - type: string - readOnly: - type: boolean - secretRef: - properties: - name: - type: string - type: object - volumeID: - type: string - required: - - volumeID - type: object - configMap: - properties: - defaultMode: - format: int32 - type: integer - items: - items: - properties: - key: - type: string - mode: - format: int32 - type: integer - path: - type: string - required: - - key - - path - type: object - type: array - name: - type: string - optional: - type: boolean - type: object - csi: - properties: - driver: - type: string - fsType: - type: string - nodePublishSecretRef: - properties: - name: - type: string - type: object - readOnly: - type: boolean - volumeAttributes: - additionalProperties: - type: string - type: object - required: - - driver - type: object - downwardAPI: - properties: - defaultMode: - format: int32 - type: integer - items: - items: - properties: - fieldRef: - properties: - apiVersion: - type: string - fieldPath: - type: string - required: - - fieldPath - type: object - mode: - format: int32 - type: integer - path: - type: string - resourceFieldRef: - properties: - containerName: - type: string - divisor: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - resource: - type: string - required: - - resource - type: object - required: - - path - type: object - type: array - type: object - emptyDir: - properties: - medium: - type: string - sizeLimit: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - type: object - ephemeral: - properties: - volumeClaimTemplate: - properties: - metadata: - type: object - spec: - properties: - accessModes: - items: - type: string - type: array - dataSource: - properties: - apiGroup: - type: string - kind: - type: string - name: - type: string - required: - - kind - - name - type: object - dataSourceRef: - properties: - apiGroup: - type: string - kind: - type: string - name: - type: string - required: - - kind - - name - type: object - resources: - properties: - limits: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - type: object - requests: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - type: object - type: object - selector: - properties: - matchExpressions: - items: - properties: - key: - type: string - operator: - type: string - values: - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - type: object - type: object - storageClassName: - type: string - volumeMode: - type: string - volumeName: - type: string - type: object - required: - - spec - type: object - type: object - fc: - properties: - fsType: - type: string - lun: - format: int32 - type: integer - readOnly: - type: boolean - targetWWNs: - items: - type: string - type: array - wwids: - items: - type: string - type: array - type: object - flexVolume: - properties: - driver: - type: string - fsType: - type: string - options: - additionalProperties: - type: string - type: object - readOnly: - type: boolean - secretRef: - properties: - name: - type: string - type: object - required: - - driver - type: object - flocker: - properties: - datasetName: - type: string - datasetUUID: - type: string - type: object - gcePersistentDisk: - properties: - fsType: - type: string - partition: - format: int32 - type: integer - pdName: - type: string - readOnly: - type: boolean - required: - - pdName - type: object - gitRepo: - properties: - directory: - type: string - repository: - type: string - revision: - type: string - required: - - repository - type: object - glusterfs: - properties: - endpoints: - type: string - path: - type: string - readOnly: - type: boolean - required: - - endpoints - - path - type: object - hostPath: - properties: - path: - type: string - type: - type: string - required: - - path - type: object - iscsi: - properties: - chapAuthDiscovery: - type: boolean - chapAuthSession: - type: boolean - fsType: - type: string - initiatorName: - type: string - iqn: - type: string - iscsiInterface: - type: string - lun: - format: int32 - type: integer - portals: - items: - type: string - type: array - readOnly: - type: boolean - secretRef: - properties: - name: - type: string - type: object - targetPortal: - type: string - required: - - iqn - - lun - - targetPortal - type: object - name: - type: string - nfs: - properties: - path: - type: string - readOnly: - type: boolean - server: - type: string - required: - - path - - server - type: object - persistentVolumeClaim: - properties: - claimName: - type: string - readOnly: - type: boolean - required: - - claimName - type: object - photonPersistentDisk: - properties: - fsType: - type: string - pdID: - type: string - required: - - pdID - type: object - portworxVolume: - properties: - fsType: - type: string - readOnly: - type: boolean - volumeID: - type: string - required: - - volumeID - type: object - projected: - properties: - defaultMode: - format: int32 - type: integer - sources: - items: - properties: - configMap: - properties: - items: - items: - properties: - key: - type: string - mode: - format: int32 - type: integer - path: - type: string - required: - - key - - path - type: object - type: array - name: - type: string - optional: - type: boolean - type: object - downwardAPI: - properties: - items: - items: - properties: - fieldRef: - properties: - apiVersion: - type: string - fieldPath: - type: string - required: - - fieldPath - type: object - mode: - format: int32 - type: integer - path: - type: string - resourceFieldRef: - properties: - containerName: - type: string - divisor: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - resource: - type: string - required: - - resource - type: object - required: - - path - type: object - type: array - type: object - secret: - properties: - items: - items: - properties: - key: - type: string - mode: - format: int32 - type: integer - path: - type: string - required: - - key - - path - type: object - type: array - name: - type: string - optional: - type: boolean - type: object - serviceAccountToken: - properties: - audience: - type: string - expirationSeconds: - format: int64 - type: integer - path: - type: string - required: - - path - type: object - type: object - type: array - type: object - quobyte: - properties: - group: - type: string - readOnly: - type: boolean - registry: - type: string - tenant: - type: string - user: - type: string - volume: - type: string - required: - - registry - - volume - type: object - rbd: - properties: - fsType: - type: string - image: - type: string - keyring: - type: string - monitors: - items: - type: string - type: array - pool: - type: string - readOnly: - type: boolean - secretRef: - properties: - name: - type: string - type: object - user: - type: string - required: - - image - - monitors - type: object - scaleIO: - properties: - fsType: - type: string - gateway: - type: string - protectionDomain: - type: string - readOnly: - type: boolean - secretRef: - properties: - name: - type: string - type: object - sslEnabled: - type: boolean - storageMode: - type: string - storagePool: - type: string - system: - type: string - volumeName: - type: string - required: - - gateway - - secretRef - - system - type: object - secret: - properties: - defaultMode: - format: int32 - type: integer - items: - items: - properties: - key: - type: string - mode: - format: int32 - type: integer - path: - type: string - required: - - key - - path - type: object - type: array - optional: - type: boolean - secretName: - type: string - type: object - storageos: - properties: - fsType: - type: string - readOnly: - type: boolean - secretRef: - properties: - name: - type: string - type: object - volumeName: - type: string - volumeNamespace: - type: string - type: object - vsphereVolume: - properties: - fsType: - type: string - storagePolicyID: - type: string - storagePolicyName: - type: string - volumePath: - type: string - required: - - volumePath - type: object - required: - - name - type: object - type: array - x-kubernetes-list-map-keys: - - name - x-kubernetes-list-type: map - type: object - customConfig: - properties: - configData: - type: string - configMap: - properties: - fileKey: - type: string - name: - type: string - type: object - type: object - deploymentName: - type: string - enabled: - type: boolean - image: - properties: - jmxEnabled: - type: boolean - name: - type: string - pullPolicy: - type: string - pullSecrets: - items: - properties: - name: - type: string - type: object - type: array - tag: - type: string - type: object - networkPolicy: - properties: - create: - type: boolean - dnsSelectorEndpoints: - items: - properties: - matchExpressions: - items: - properties: - key: - type: string - operator: - type: string - values: - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - type: object - type: object - type: array - x-kubernetes-list-type: atomic - flavor: - type: string - type: object - nodeSelector: - additionalProperties: - type: string - type: object - priorityClassName: - type: string - rbac: - properties: - create: - type: boolean - serviceAccountName: - type: string - type: object - replicas: - format: int32 - type: integer - tolerations: - items: - properties: - effect: - type: string - key: - type: string - operator: - type: string - tolerationSeconds: - format: int64 - type: integer - value: - type: string - type: object - type: array - x-kubernetes-list-type: atomic - type: object - clusterName: - type: string - credentials: - properties: - apiKey: - type: string - apiKeyExistingSecret: - type: string - apiSecret: - properties: - keyName: - type: string - secretName: - type: string - required: - - secretName - type: object - appKey: - type: string - appKeyExistingSecret: - type: string - appSecret: - properties: - keyName: - type: string - secretName: - type: string - required: - - secretName - type: object - token: - type: string - useSecretBackend: - type: boolean - type: object - features: - properties: - kubeStateMetricsCore: - properties: - clusterCheck: - type: boolean - conf: - properties: - configData: - type: string - configMap: - properties: - fileKey: - type: string - name: - type: string - type: object - type: object - enabled: - type: boolean - type: object - logCollection: - properties: - containerCollectUsingFiles: - type: boolean - containerLogsPath: - type: string - containerSymlinksPath: - type: string - enabled: - type: boolean - logsConfigContainerCollectAll: - type: boolean - openFilesLimit: - format: int32 - type: integer - podLogsPath: - type: string - tempStoragePath: - type: string - type: object - networkMonitoring: - properties: - enabled: - type: boolean - type: object - orchestratorExplorer: - properties: - additionalEndpoints: - type: string - clusterCheck: - type: boolean - conf: - properties: - configData: - type: string - configMap: - properties: - fileKey: - type: string - name: - type: string - type: object - type: object - ddUrl: - type: string - enabled: - type: boolean - extraTags: - items: - type: string - type: array - x-kubernetes-list-type: set - scrubbing: - properties: - containers: - type: boolean - type: object - type: object - prometheusScrape: - properties: - additionalConfigs: - type: string - enabled: - type: boolean - serviceEndpoints: - type: boolean - type: object - type: object - registry: - type: string - site: - type: string - type: object - status: - properties: - agent: - properties: - available: - format: int32 - type: integer - current: - format: int32 - type: integer - currentHash: - type: string - daemonsetName: - type: string - desired: - format: int32 - type: integer - lastUpdate: - format: date-time - type: string - ready: - format: int32 - type: integer - state: - type: string - status: - type: string - upToDate: - format: int32 - type: integer - required: - - available - - current - - desired - - ready - - upToDate - type: object - clusterAgent: - properties: - availableReplicas: - format: int32 - type: integer - currentHash: - type: string - deploymentName: - type: string - generatedToken: - type: string - lastUpdate: - format: date-time - type: string - readyReplicas: - format: int32 - type: integer - replicas: - format: int32 - type: integer - state: - type: string - status: - type: string - unavailableReplicas: - format: int32 - type: integer - updatedReplicas: - format: int32 - type: integer - type: object - clusterChecksRunner: - properties: - availableReplicas: - format: int32 - type: integer - currentHash: - type: string - deploymentName: - type: string - generatedToken: - type: string - lastUpdate: - format: date-time - type: string - readyReplicas: - format: int32 - type: integer - replicas: - format: int32 - type: integer - state: - type: string - status: - type: string - unavailableReplicas: - format: int32 - type: integer - updatedReplicas: - format: int32 - type: integer - type: object - conditions: - items: - properties: - lastTransitionTime: - format: date-time - type: string - lastUpdateTime: - format: date-time - type: string - message: - type: string - reason: - type: string - status: - type: string - type: - type: string - required: - - status - - type - type: object - type: array - x-kubernetes-list-map-keys: - - type - x-kubernetes-list-type: map - type: object - type: object - served: true - storage: false - subresources: - status: {} - - additionalPrinterColumns: - - jsonPath: .status.agent.status - name: agent - type: string - - jsonPath: .status.clusterAgent.status - name: cluster-agent - type: string - - jsonPath: .status.clusterChecksRunner.status - name: cluster-checks-runner - type: string - - jsonPath: .metadata.creationTimestamp - name: age - type: date - name: v2alpha1 - schema: - openAPIV3Schema: - properties: - apiVersion: - type: string - kind: - type: string - metadata: - type: object - spec: - properties: - features: - properties: - admissionController: - properties: - agentCommunicationMode: - type: string - agentSidecarInjection: - properties: - clusterAgentCommunicationEnabled: - type: boolean - enabled: - type: boolean - image: - properties: - jmxEnabled: - type: boolean - name: - type: string - pullPolicy: - type: string - pullSecrets: - items: - properties: - name: - type: string - type: object - type: array - tag: - type: string - type: object - profiles: - items: - properties: - env: - items: - properties: - name: - type: string - value: - type: string - valueFrom: - properties: - configMapKeyRef: - properties: - key: - type: string - name: - type: string - optional: - type: boolean - required: - - key - type: object - fieldRef: - properties: - apiVersion: - type: string - fieldPath: - type: string - required: - - fieldPath - type: object - resourceFieldRef: - properties: - containerName: - type: string - divisor: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - resource: - type: string - required: - - resource - type: object - secretKeyRef: - properties: - key: - type: string - name: - type: string - optional: - type: boolean - required: - - key - type: object - type: object - required: - - name - type: object - type: array - x-kubernetes-list-map-keys: - - name - x-kubernetes-list-type: map - resources: - properties: - limits: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - type: object - requests: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - type: object - type: object - type: object - type: array - x-kubernetes-list-type: atomic - provider: - type: string - registry: - type: string - selectors: - items: - properties: - namespaceSelector: - properties: - matchExpressions: - items: - properties: - key: - type: string - operator: - type: string - values: - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - type: object - type: object - objectSelector: - properties: - matchExpressions: - items: - properties: - key: - type: string - operator: - type: string - values: - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - type: object - type: object - type: object - type: array - x-kubernetes-list-type: atomic - type: object - cwsInstrumentation: - properties: - enabled: - type: boolean - mode: - type: string - type: object - enabled: - type: boolean - failurePolicy: - type: string - mutateUnlabelled: - type: boolean - registry: - type: string - serviceName: - type: string - webhookName: - type: string - type: object - apm: - properties: - enabled: - type: boolean - hostPortConfig: - properties: - enabled: - type: boolean - hostPort: - format: int32 - type: integer - type: object - instrumentation: - properties: - disabledNamespaces: - items: - type: string - type: array - x-kubernetes-list-type: set - enabled: - type: boolean - enabledNamespaces: - items: - type: string - type: array - x-kubernetes-list-type: set - libVersions: - additionalProperties: - type: string - type: object - type: object - unixDomainSocketConfig: - properties: - enabled: - type: boolean - path: - type: string - type: object - type: object - asm: - properties: - iast: - properties: - enabled: - type: boolean - type: object - sca: - properties: - enabled: - type: boolean - type: object - threats: - properties: - enabled: - type: boolean - type: object - type: object - clusterChecks: - properties: - enabled: - type: boolean - useClusterChecksRunners: - type: boolean - type: object - cspm: - properties: - checkInterval: - type: string - customBenchmarks: - properties: - configData: - type: string - configMap: - properties: - items: - items: - properties: - key: - type: string - mode: - format: int32 - type: integer - path: - type: string - required: - - key - - path - type: object - type: array - x-kubernetes-list-map-keys: - - key - x-kubernetes-list-type: map - name: - type: string - type: object - type: object - enabled: - type: boolean - hostBenchmarks: - properties: - enabled: - type: boolean - type: object - type: object - cws: - properties: - customPolicies: - properties: - configData: - type: string - configMap: - properties: - items: - items: - properties: - key: - type: string - mode: - format: int32 - type: integer - path: - type: string - required: - - key - - path - type: object - type: array - x-kubernetes-list-map-keys: - - key - x-kubernetes-list-type: map - name: - type: string - type: object - type: object - enabled: - type: boolean - network: - properties: - enabled: - type: boolean - type: object - remoteConfiguration: - properties: - enabled: - type: boolean - type: object - securityProfiles: - properties: - enabled: - type: boolean - type: object - syscallMonitorEnabled: - type: boolean - type: object - dogstatsd: - properties: - hostPortConfig: - properties: - enabled: - type: boolean - hostPort: - format: int32 - type: integer - type: object - mapperProfiles: - properties: - configData: - type: string - configMap: - properties: - items: - items: - properties: - key: - type: string - mode: - format: int32 - type: integer - path: - type: string - required: - - key - - path - type: object - type: array - x-kubernetes-list-map-keys: - - key - x-kubernetes-list-type: map - name: - type: string - type: object - type: object - originDetectionEnabled: - type: boolean - tagCardinality: - type: string - unixDomainSocketConfig: - properties: - enabled: - type: boolean - path: - type: string - type: object - type: object - ebpfCheck: - properties: - enabled: - type: boolean - type: object - eventCollection: - properties: - collectKubernetesEvents: - type: boolean - type: object - externalMetricsServer: - properties: - enabled: - type: boolean - endpoint: - properties: - credentials: - properties: - apiKey: - type: string - apiSecret: - properties: - keyName: - type: string - secretName: - type: string - required: - - secretName - type: object - appKey: - type: string - appSecret: - properties: - keyName: - type: string - secretName: - type: string - required: - - secretName - type: object - type: object - url: - type: string - type: object - port: - format: int32 - type: integer - registerAPIService: - type: boolean - useDatadogMetrics: - type: boolean - wpaController: - type: boolean - type: object - helmCheck: - properties: - collectEvents: - type: boolean - enabled: - type: boolean - valuesAsTags: - additionalProperties: - type: string - type: object - type: object - kubeStateMetricsCore: - properties: - conf: - properties: - configData: - type: string - configMap: - properties: - items: - items: - properties: - key: - type: string - mode: - format: int32 - type: integer - path: - type: string - required: - - key - - path - type: object - type: array - x-kubernetes-list-map-keys: - - key - x-kubernetes-list-type: map - name: - type: string - type: object - type: object - enabled: - type: boolean - type: object - liveContainerCollection: - properties: - enabled: - type: boolean - type: object - liveProcessCollection: - properties: - enabled: - type: boolean - scrubProcessArguments: - type: boolean - stripProcessArguments: - type: boolean - type: object - logCollection: - properties: - containerCollectAll: - type: boolean - containerCollectUsingFiles: - type: boolean - containerLogsPath: - type: string - containerSymlinksPath: - type: string - enabled: - type: boolean - openFilesLimit: - format: int32 - type: integer - podLogsPath: - type: string - tempStoragePath: - type: string - type: object - npm: - properties: - collectDNSStats: - type: boolean - enableConntrack: - type: boolean - enabled: - type: boolean - type: object - oomKill: - properties: - enabled: - type: boolean - type: object - orchestratorExplorer: - properties: - conf: - properties: - configData: - type: string - configMap: - properties: - items: - items: - properties: - key: - type: string - mode: - format: int32 - type: integer - path: - type: string - required: - - key - - path - type: object - type: array - x-kubernetes-list-map-keys: - - key - x-kubernetes-list-type: map - name: - type: string - type: object - type: object - customResources: - items: - type: string - type: array - x-kubernetes-list-type: set - ddUrl: - type: string - enabled: - type: boolean - extraTags: - items: - type: string - type: array - x-kubernetes-list-type: set - scrubContainers: - type: boolean - type: object - otlp: - properties: - receiver: - properties: - protocols: - properties: - grpc: - properties: - enabled: - type: boolean - endpoint: - type: string - type: object - http: - properties: - enabled: - type: boolean - endpoint: - type: string - type: object - type: object - type: object - type: object - processDiscovery: - properties: - enabled: - type: boolean - type: object - prometheusScrape: - properties: - additionalConfigs: - type: string - enableServiceEndpoints: - type: boolean - enabled: - type: boolean - version: - type: integer - type: object - remoteConfiguration: - properties: - enabled: - type: boolean - type: object - sbom: - properties: - containerImage: - properties: - analyzers: - items: - type: string - type: array - x-kubernetes-list-type: set - enabled: - type: boolean - type: object - enabled: - type: boolean - host: - properties: - analyzers: - items: - type: string - type: array - x-kubernetes-list-type: set - enabled: - type: boolean - type: object - type: object - tcpQueueLength: - properties: - enabled: - type: boolean - type: object - usm: - properties: - enabled: - type: boolean - type: object - type: object - global: - properties: - clusterAgentToken: - type: string - clusterAgentTokenSecret: - properties: - keyName: - type: string - secretName: - type: string - required: - - secretName - type: object - clusterName: - type: string - containerStrategy: - type: string - credentials: - properties: - apiKey: - type: string - apiSecret: - properties: - keyName: - type: string - secretName: - type: string - required: - - secretName - type: object - appKey: - type: string - appSecret: - properties: - keyName: - type: string - secretName: - type: string - required: - - secretName - type: object - type: object - criSocketPath: - type: string - disableNonResourceRules: - type: boolean - dockerSocketPath: - type: string - endpoint: - properties: - credentials: - properties: - apiKey: - type: string - apiSecret: - properties: - keyName: - type: string - secretName: - type: string - required: - - secretName - type: object - appKey: - type: string - appSecret: - properties: - keyName: - type: string - secretName: - type: string - required: - - secretName - type: object - type: object - url: - type: string - type: object - fips: - properties: - customFIPSConfig: - properties: - configData: - type: string - configMap: - properties: - items: - items: - properties: - key: - type: string - mode: - format: int32 - type: integer - path: - type: string - required: - - key - - path - type: object - type: array - x-kubernetes-list-map-keys: - - key - x-kubernetes-list-type: map - name: - type: string - type: object - type: object - enabled: - type: boolean - image: - properties: - jmxEnabled: - type: boolean - name: - type: string - pullPolicy: - type: string - pullSecrets: - items: - properties: - name: - type: string - type: object - type: array - tag: - type: string - type: object - localAddress: - type: string - port: - format: int32 - type: integer - portRange: - format: int32 - type: integer - resources: - properties: - limits: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - type: object - requests: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - type: object - type: object - useHTTPS: - type: boolean - type: object - kubelet: - properties: - agentCAPath: - type: string - host: - properties: - configMapKeyRef: - properties: - key: - type: string - name: - type: string - optional: - type: boolean - required: - - key - type: object - fieldRef: - properties: - apiVersion: - type: string - fieldPath: - type: string - required: - - fieldPath - type: object - resourceFieldRef: - properties: - containerName: - type: string - divisor: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - resource: - type: string - required: - - resource - type: object - secretKeyRef: - properties: - key: - type: string - name: - type: string - optional: - type: boolean - required: - - key - type: object - type: object - hostCAPath: - type: string - tlsVerify: - type: boolean - type: object - localService: - properties: - forceEnableLocalService: - type: boolean - nameOverride: - type: string - type: object - logLevel: - type: string - namespaceLabelsAsTags: - additionalProperties: - type: string - type: object - networkPolicy: - properties: - create: - type: boolean - dnsSelectorEndpoints: - items: - properties: - matchExpressions: - items: - properties: - key: - type: string - operator: - type: string - values: - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - type: object - type: object - type: array - x-kubernetes-list-type: atomic - flavor: - type: string - type: object - nodeLabelsAsTags: - additionalProperties: - type: string - type: object - originDetectionUnified: - properties: - enabled: - type: boolean - type: object - podAnnotationsAsTags: - additionalProperties: - type: string - type: object - podLabelsAsTags: - additionalProperties: - type: string - type: object - registry: - type: string - site: - type: string - tags: - items: - type: string - type: array - x-kubernetes-list-type: set - type: object - override: - additionalProperties: - properties: - affinity: - properties: - nodeAffinity: - properties: - preferredDuringSchedulingIgnoredDuringExecution: - items: - properties: - preference: - properties: - matchExpressions: - items: - properties: - key: - type: string - operator: - type: string - values: - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchFields: - items: - properties: - key: - type: string - operator: - type: string - values: - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - type: object - weight: - format: int32 - type: integer - required: - - preference - - weight - type: object - type: array - requiredDuringSchedulingIgnoredDuringExecution: - properties: - nodeSelectorTerms: - items: - properties: - matchExpressions: - items: - properties: - key: - type: string - operator: - type: string - values: - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchFields: - items: - properties: - key: - type: string - operator: - type: string - values: - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - type: object - type: array - required: - - nodeSelectorTerms - type: object - type: object - podAffinity: - properties: - preferredDuringSchedulingIgnoredDuringExecution: - items: - properties: - podAffinityTerm: - properties: - labelSelector: - properties: - matchExpressions: - items: - properties: - key: - type: string - operator: - type: string - values: - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - type: object - type: object - namespaceSelector: - properties: - matchExpressions: - items: - properties: - key: - type: string - operator: - type: string - values: - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - type: object - type: object - namespaces: - items: - type: string - type: array - topologyKey: - type: string - required: - - topologyKey - type: object - weight: - format: int32 - type: integer - required: - - podAffinityTerm - - weight - type: object - type: array - requiredDuringSchedulingIgnoredDuringExecution: - items: - properties: - labelSelector: - properties: - matchExpressions: - items: - properties: - key: - type: string - operator: - type: string - values: - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - type: object - type: object - namespaceSelector: - properties: - matchExpressions: - items: - properties: - key: - type: string - operator: - type: string - values: - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - type: object - type: object - namespaces: - items: - type: string - type: array - topologyKey: - type: string - required: - - topologyKey - type: object - type: array - type: object - podAntiAffinity: - properties: - preferredDuringSchedulingIgnoredDuringExecution: - items: - properties: - podAffinityTerm: - properties: - labelSelector: - properties: - matchExpressions: - items: - properties: - key: - type: string - operator: - type: string - values: - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - type: object - type: object - namespaceSelector: - properties: - matchExpressions: - items: - properties: - key: - type: string - operator: - type: string - values: - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - type: object - type: object - namespaces: - items: - type: string - type: array - topologyKey: - type: string - required: - - topologyKey - type: object - weight: - format: int32 - type: integer - required: - - podAffinityTerm - - weight - type: object - type: array - requiredDuringSchedulingIgnoredDuringExecution: - items: - properties: - labelSelector: - properties: - matchExpressions: - items: - properties: - key: - type: string - operator: - type: string - values: - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - type: object - type: object - namespaceSelector: - properties: - matchExpressions: - items: - properties: - key: - type: string - operator: - type: string - values: - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - type: object - type: object - namespaces: - items: - type: string - type: array - topologyKey: - type: string - required: - - topologyKey - type: object - type: array - type: object - type: object - annotations: - additionalProperties: - type: string - type: object - containers: - additionalProperties: - properties: - appArmorProfileName: - type: string - args: - items: - type: string - type: array - x-kubernetes-list-type: atomic - command: - items: - type: string - type: array - x-kubernetes-list-type: atomic - env: - items: - properties: - name: - type: string - value: - type: string - valueFrom: - properties: - configMapKeyRef: - properties: - key: - type: string - name: - type: string - optional: - type: boolean - required: - - key - type: object - fieldRef: - properties: - apiVersion: - type: string - fieldPath: - type: string - required: - - fieldPath - type: object - resourceFieldRef: - properties: - containerName: - type: string - divisor: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - resource: - type: string - required: - - resource - type: object - secretKeyRef: - properties: - key: - type: string - name: - type: string - optional: - type: boolean - required: - - key - type: object - type: object - required: - - name - type: object - type: array - x-kubernetes-list-map-keys: - - name - x-kubernetes-list-type: map - healthPort: - format: int32 - type: integer - livenessProbe: - properties: - exec: - properties: - command: - items: - type: string - type: array - type: object - failureThreshold: - format: int32 - type: integer - grpc: - properties: - port: - format: int32 - type: integer - service: - type: string - required: - - port - type: object - httpGet: - properties: - host: - type: string - httpHeaders: - items: - properties: - name: - type: string - value: - type: string - required: - - name - - value - type: object - type: array - path: - type: string - port: - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - scheme: - type: string - required: - - port - type: object - initialDelaySeconds: - format: int32 - type: integer - periodSeconds: - format: int32 - type: integer - successThreshold: - format: int32 - type: integer - tcpSocket: - properties: - host: - type: string - port: - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - required: - - port - type: object - terminationGracePeriodSeconds: - format: int64 - type: integer - timeoutSeconds: - format: int32 - type: integer - type: object - logLevel: - type: string - name: - type: string - readinessProbe: - properties: - exec: - properties: - command: - items: - type: string - type: array - type: object - failureThreshold: - format: int32 - type: integer - grpc: - properties: - port: - format: int32 - type: integer - service: - type: string - required: - - port - type: object - httpGet: - properties: - host: - type: string - httpHeaders: - items: - properties: - name: - type: string - value: - type: string - required: - - name - - value - type: object - type: array - path: - type: string - port: - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - scheme: - type: string - required: - - port - type: object - initialDelaySeconds: - format: int32 - type: integer - periodSeconds: - format: int32 - type: integer - successThreshold: - format: int32 - type: integer - tcpSocket: - properties: - host: - type: string - port: - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - required: - - port - type: object - terminationGracePeriodSeconds: - format: int64 - type: integer - timeoutSeconds: - format: int32 - type: integer - type: object - resources: - properties: - limits: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - type: object - requests: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - type: object - type: object - seccompConfig: - properties: - customProfile: - properties: - configData: - type: string - configMap: - properties: - items: - items: - properties: - key: - type: string - mode: - format: int32 - type: integer - path: - type: string - required: - - key - - path - type: object - type: array - x-kubernetes-list-map-keys: - - key - x-kubernetes-list-type: map - name: - type: string - type: object - type: object - customRootPath: - type: string - type: object - securityContext: - properties: - allowPrivilegeEscalation: - type: boolean - capabilities: - properties: - add: - items: - type: string - type: array - drop: - items: - type: string - type: array - type: object - privileged: - type: boolean - procMount: - type: string - readOnlyRootFilesystem: - type: boolean - runAsGroup: - format: int64 - type: integer - runAsNonRoot: - type: boolean - runAsUser: - format: int64 - type: integer - seLinuxOptions: - properties: - level: - type: string - role: - type: string - type: - type: string - user: - type: string - type: object - seccompProfile: - properties: - localhostProfile: - type: string - type: - type: string - required: - - type - type: object - windowsOptions: - properties: - gmsaCredentialSpec: - type: string - gmsaCredentialSpecName: - type: string - hostProcess: - type: boolean - runAsUserName: - type: string - type: object - type: object - volumeMounts: - items: - properties: - mountPath: - type: string - mountPropagation: - type: string - name: - type: string - readOnly: - type: boolean - subPath: - type: string - subPathExpr: - type: string - required: - - mountPath - - name - type: object - type: array - x-kubernetes-list-map-keys: - - name - - mountPath - x-kubernetes-list-type: map - type: object - type: object - createRbac: - type: boolean - customConfigurations: - additionalProperties: - properties: - configData: - type: string - configMap: - properties: - items: - items: - properties: - key: - type: string - mode: - format: int32 - type: integer - path: - type: string - required: - - key - - path - type: object - type: array - x-kubernetes-list-map-keys: - - key - x-kubernetes-list-type: map - name: - type: string - type: object - type: object - type: object - disabled: - type: boolean - env: - items: - properties: - name: - type: string - value: - type: string - valueFrom: - properties: - configMapKeyRef: - properties: - key: - type: string - name: - type: string - optional: - type: boolean - required: - - key - type: object - fieldRef: - properties: - apiVersion: - type: string - fieldPath: - type: string - required: - - fieldPath - type: object - resourceFieldRef: - properties: - containerName: - type: string - divisor: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - resource: - type: string - required: - - resource - type: object - secretKeyRef: - properties: - key: - type: string - name: - type: string - optional: - type: boolean - required: - - key - type: object - type: object - required: - - name - type: object - type: array - x-kubernetes-list-map-keys: - - name - x-kubernetes-list-type: map - extraChecksd: - properties: - configDataMap: - additionalProperties: - type: string - type: object - configMap: - properties: - items: - items: - properties: - key: - type: string - mode: - format: int32 - type: integer - path: - type: string - required: - - key - - path - type: object - type: array - x-kubernetes-list-map-keys: - - key - x-kubernetes-list-type: map - name: - type: string - type: object - type: object - extraConfd: - properties: - configDataMap: - additionalProperties: - type: string - type: object - configMap: - properties: - items: - items: - properties: - key: - type: string - mode: - format: int32 - type: integer - path: - type: string - required: - - key - - path - type: object - type: array - x-kubernetes-list-map-keys: - - key - x-kubernetes-list-type: map - name: - type: string - type: object - type: object - hostNetwork: - type: boolean - hostPID: - type: boolean - image: - properties: - jmxEnabled: - type: boolean - name: - type: string - pullPolicy: - type: string - pullSecrets: - items: - properties: - name: - type: string - type: object - type: array - tag: - type: string - type: object - labels: - additionalProperties: - type: string - type: object - name: - type: string - nodeSelector: - additionalProperties: - type: string - type: object - priorityClassName: - type: string - replicas: - format: int32 - type: integer - securityContext: - properties: - fsGroup: - format: int64 - type: integer - fsGroupChangePolicy: - type: string - runAsGroup: - format: int64 - type: integer - runAsNonRoot: - type: boolean - runAsUser: - format: int64 - type: integer - seLinuxOptions: - properties: - level: - type: string - role: - type: string - type: - type: string - user: - type: string - type: object - seccompProfile: - properties: - localhostProfile: - type: string - type: - type: string - required: - - type - type: object - supplementalGroups: - items: - format: int64 - type: integer - type: array - sysctls: - items: - properties: - name: - type: string - value: - type: string - required: - - name - - value - type: object - type: array - windowsOptions: - properties: - gmsaCredentialSpec: - type: string - gmsaCredentialSpecName: - type: string - hostProcess: - type: boolean - runAsUserName: - type: string - type: object - type: object - serviceAccountName: - type: string - tolerations: - items: - properties: - effect: - type: string - key: - type: string - operator: - type: string - tolerationSeconds: - format: int64 - type: integer - value: - type: string - type: object - type: array - x-kubernetes-list-type: atomic - volumes: - items: - properties: - awsElasticBlockStore: - properties: - fsType: - type: string - partition: - format: int32 - type: integer - readOnly: - type: boolean - volumeID: - type: string - required: - - volumeID - type: object - azureDisk: - properties: - cachingMode: - type: string - diskName: - type: string - diskURI: - type: string - fsType: - type: string - kind: - type: string - readOnly: - type: boolean - required: - - diskName - - diskURI - type: object - azureFile: - properties: - readOnly: - type: boolean - secretName: - type: string - shareName: - type: string - required: - - secretName - - shareName - type: object - cephfs: - properties: - monitors: - items: - type: string - type: array - path: - type: string - readOnly: - type: boolean - secretFile: - type: string - secretRef: - properties: - name: - type: string - type: object - user: - type: string - required: - - monitors - type: object - cinder: - properties: - fsType: - type: string - readOnly: - type: boolean - secretRef: - properties: - name: - type: string - type: object - volumeID: - type: string - required: - - volumeID - type: object - configMap: - properties: - defaultMode: - format: int32 - type: integer - items: - items: - properties: - key: - type: string - mode: - format: int32 - type: integer - path: - type: string - required: - - key - - path - type: object - type: array - name: - type: string - optional: - type: boolean - type: object - csi: - properties: - driver: - type: string - fsType: - type: string - nodePublishSecretRef: - properties: - name: - type: string - type: object - readOnly: - type: boolean - volumeAttributes: - additionalProperties: - type: string - type: object - required: - - driver - type: object - downwardAPI: - properties: - defaultMode: - format: int32 - type: integer - items: - items: - properties: - fieldRef: - properties: - apiVersion: - type: string - fieldPath: - type: string - required: - - fieldPath - type: object - mode: - format: int32 - type: integer - path: - type: string - resourceFieldRef: - properties: - containerName: - type: string - divisor: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - resource: - type: string - required: - - resource - type: object - required: - - path - type: object - type: array - type: object - emptyDir: - properties: - medium: - type: string - sizeLimit: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - type: object - ephemeral: - properties: - volumeClaimTemplate: - properties: - metadata: - type: object - spec: - properties: - accessModes: - items: - type: string - type: array - dataSource: - properties: - apiGroup: - type: string - kind: - type: string - name: - type: string - required: - - kind - - name - type: object - dataSourceRef: - properties: - apiGroup: - type: string - kind: - type: string - name: - type: string - required: - - kind - - name - type: object - resources: - properties: - limits: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - type: object - requests: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - type: object - type: object - selector: - properties: - matchExpressions: - items: - properties: - key: - type: string - operator: - type: string - values: - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - type: object - type: object - storageClassName: - type: string - volumeMode: - type: string - volumeName: - type: string - type: object - required: - - spec - type: object - type: object - fc: - properties: - fsType: - type: string - lun: - format: int32 - type: integer - readOnly: - type: boolean - targetWWNs: - items: - type: string - type: array - wwids: - items: - type: string - type: array - type: object - flexVolume: - properties: - driver: - type: string - fsType: - type: string - options: - additionalProperties: - type: string - type: object - readOnly: - type: boolean - secretRef: - properties: - name: - type: string - type: object - required: - - driver - type: object - flocker: - properties: - datasetName: - type: string - datasetUUID: - type: string - type: object - gcePersistentDisk: - properties: - fsType: - type: string - partition: - format: int32 - type: integer - pdName: - type: string - readOnly: - type: boolean - required: - - pdName - type: object - gitRepo: - properties: - directory: - type: string - repository: - type: string - revision: - type: string - required: - - repository - type: object - glusterfs: - properties: - endpoints: - type: string - path: - type: string - readOnly: - type: boolean - required: - - endpoints - - path - type: object - hostPath: - properties: - path: - type: string - type: - type: string - required: - - path - type: object - iscsi: - properties: - chapAuthDiscovery: - type: boolean - chapAuthSession: - type: boolean - fsType: - type: string - initiatorName: - type: string - iqn: - type: string - iscsiInterface: - type: string - lun: - format: int32 - type: integer - portals: - items: - type: string - type: array - readOnly: - type: boolean - secretRef: - properties: - name: - type: string - type: object - targetPortal: - type: string - required: - - iqn - - lun - - targetPortal - type: object - name: - type: string - nfs: - properties: - path: - type: string - readOnly: - type: boolean - server: - type: string - required: - - path - - server - type: object - persistentVolumeClaim: - properties: - claimName: - type: string - readOnly: - type: boolean - required: - - claimName - type: object - photonPersistentDisk: - properties: - fsType: - type: string - pdID: - type: string - required: - - pdID - type: object - portworxVolume: - properties: - fsType: - type: string - readOnly: - type: boolean - volumeID: - type: string - required: - - volumeID - type: object - projected: - properties: - defaultMode: - format: int32 - type: integer - sources: - items: - properties: - configMap: - properties: - items: - items: - properties: - key: - type: string - mode: - format: int32 - type: integer - path: - type: string - required: - - key - - path - type: object - type: array - name: - type: string - optional: - type: boolean - type: object - downwardAPI: - properties: - items: - items: - properties: - fieldRef: - properties: - apiVersion: - type: string - fieldPath: - type: string - required: - - fieldPath - type: object - mode: - format: int32 - type: integer - path: - type: string - resourceFieldRef: - properties: - containerName: - type: string - divisor: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - resource: - type: string - required: - - resource - type: object - required: - - path - type: object - type: array - type: object - secret: - properties: - items: - items: - properties: - key: - type: string - mode: - format: int32 - type: integer - path: - type: string - required: - - key - - path - type: object - type: array - name: - type: string - optional: - type: boolean - type: object - serviceAccountToken: - properties: - audience: - type: string - expirationSeconds: - format: int64 - type: integer - path: - type: string - required: - - path - type: object - type: object - type: array - type: object - quobyte: - properties: - group: - type: string - readOnly: - type: boolean - registry: - type: string - tenant: - type: string - user: - type: string - volume: - type: string - required: - - registry - - volume - type: object - rbd: - properties: - fsType: - type: string - image: - type: string - keyring: - type: string - monitors: - items: - type: string - type: array - pool: - type: string - readOnly: - type: boolean - secretRef: - properties: - name: - type: string - type: object - user: - type: string - required: - - image - - monitors - type: object - scaleIO: - properties: - fsType: - type: string - gateway: - type: string - protectionDomain: - type: string - readOnly: - type: boolean - secretRef: - properties: - name: - type: string - type: object - sslEnabled: - type: boolean - storageMode: - type: string - storagePool: - type: string - system: - type: string - volumeName: - type: string - required: - - gateway - - secretRef - - system - type: object - secret: - properties: - defaultMode: - format: int32 - type: integer - items: - items: - properties: - key: - type: string - mode: - format: int32 - type: integer - path: - type: string - required: - - key - - path - type: object - type: array - optional: - type: boolean - secretName: - type: string - type: object - storageos: - properties: - fsType: - type: string - readOnly: - type: boolean - secretRef: - properties: - name: - type: string - type: object - volumeName: - type: string - volumeNamespace: - type: string - type: object - vsphereVolume: - properties: - fsType: - type: string - storagePolicyID: - type: string - storagePolicyName: - type: string - volumePath: - type: string - required: - - volumePath - type: object - required: - - name - type: object - type: array - x-kubernetes-list-map-keys: - - name - x-kubernetes-list-type: map - type: object - type: object - type: object - status: - properties: - agent: - properties: - available: - format: int32 - type: integer - current: - format: int32 - type: integer - currentHash: - type: string - daemonsetName: - type: string - desired: - format: int32 - type: integer - lastUpdate: - format: date-time - type: string - ready: - format: int32 - type: integer - state: - type: string - status: - type: string - upToDate: - format: int32 - type: integer - required: - - available - - current - - desired - - ready - - upToDate - type: object - agentList: - items: - properties: - available: - format: int32 - type: integer - current: - format: int32 - type: integer - currentHash: - type: string - daemonsetName: - type: string - desired: - format: int32 - type: integer - lastUpdate: - format: date-time - type: string - ready: - format: int32 - type: integer - state: - type: string - status: - type: string - upToDate: - format: int32 - type: integer - required: - - available - - current - - desired - - ready - - upToDate - type: object - type: array - x-kubernetes-list-type: atomic - clusterAgent: - properties: - availableReplicas: - format: int32 - type: integer - currentHash: - type: string - deploymentName: - type: string - generatedToken: - type: string - lastUpdate: - format: date-time - type: string - readyReplicas: - format: int32 - type: integer - replicas: - format: int32 - type: integer - state: - type: string - status: - type: string - unavailableReplicas: - format: int32 - type: integer - updatedReplicas: - format: int32 - type: integer - type: object - clusterChecksRunner: - properties: - availableReplicas: - format: int32 - type: integer - currentHash: - type: string - deploymentName: - type: string - generatedToken: - type: string - lastUpdate: - format: date-time - type: string - readyReplicas: - format: int32 - type: integer - replicas: - format: int32 - type: integer - state: - type: string - status: - type: string - unavailableReplicas: - format: int32 - type: integer - updatedReplicas: - format: int32 - type: integer - type: object - conditions: - items: - properties: - lastTransitionTime: - format: date-time - type: string - message: - maxLength: 32768 - type: string - observedGeneration: - format: int64 - minimum: 0 - type: integer - reason: - maxLength: 1024 - minLength: 1 - pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$ - type: string - status: - enum: - - "True" - - "False" - - Unknown - type: string - type: - maxLength: 316 - pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ - type: string - required: - - lastTransitionTime - - message - - reason - - status - - type - type: object - type: array - x-kubernetes-list-map-keys: - - type - x-kubernetes-list-type: map - remoteConfigConfiguration: - properties: - features: - properties: - admissionController: - properties: - agentCommunicationMode: - type: string - agentSidecarInjection: - properties: - clusterAgentCommunicationEnabled: - type: boolean - enabled: - type: boolean - image: - properties: - jmxEnabled: - type: boolean - name: - type: string - pullPolicy: - type: string - pullSecrets: - items: - properties: - name: - type: string - type: object - type: array - tag: - type: string - type: object - profiles: - items: - properties: - env: - items: - properties: - name: - type: string - value: - type: string - valueFrom: - properties: - configMapKeyRef: - properties: - key: - type: string - name: - type: string - optional: - type: boolean - required: - - key - type: object - fieldRef: - properties: - apiVersion: - type: string - fieldPath: - type: string - required: - - fieldPath - type: object - resourceFieldRef: - properties: - containerName: - type: string - divisor: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - resource: - type: string - required: - - resource - type: object - secretKeyRef: - properties: - key: - type: string - name: - type: string - optional: - type: boolean - required: - - key - type: object - type: object - required: - - name - type: object - type: array - x-kubernetes-list-map-keys: - - name - x-kubernetes-list-type: map - resources: - properties: - limits: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - type: object - requests: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - type: object - type: object - type: object - type: array - x-kubernetes-list-type: atomic - provider: - type: string - registry: - type: string - selectors: - items: - properties: - namespaceSelector: - properties: - matchExpressions: - items: - properties: - key: - type: string - operator: - type: string - values: - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - type: object - type: object - objectSelector: - properties: - matchExpressions: - items: - properties: - key: - type: string - operator: - type: string - values: - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - type: object - type: object - type: object - type: array - x-kubernetes-list-type: atomic - type: object - cwsInstrumentation: - properties: - enabled: - type: boolean - mode: - type: string - type: object - enabled: - type: boolean - failurePolicy: - type: string - mutateUnlabelled: - type: boolean - registry: - type: string - serviceName: - type: string - webhookName: - type: string - type: object - apm: - properties: - enabled: - type: boolean - hostPortConfig: - properties: - enabled: - type: boolean - hostPort: - format: int32 - type: integer - type: object - instrumentation: - properties: - disabledNamespaces: - items: - type: string - type: array - x-kubernetes-list-type: set - enabled: - type: boolean - enabledNamespaces: - items: - type: string - type: array - x-kubernetes-list-type: set - libVersions: - additionalProperties: - type: string - type: object - type: object - unixDomainSocketConfig: - properties: - enabled: - type: boolean - path: - type: string - type: object - type: object - asm: - properties: - iast: - properties: - enabled: - type: boolean - type: object - sca: - properties: - enabled: - type: boolean - type: object - threats: - properties: - enabled: - type: boolean - type: object - type: object - clusterChecks: - properties: - enabled: - type: boolean - useClusterChecksRunners: - type: boolean - type: object - cspm: - properties: - checkInterval: - type: string - customBenchmarks: - properties: - configData: - type: string - configMap: - properties: - items: - items: - properties: - key: - type: string - mode: - format: int32 - type: integer - path: - type: string - required: - - key - - path - type: object - type: array - x-kubernetes-list-map-keys: - - key - x-kubernetes-list-type: map - name: - type: string - type: object - type: object - enabled: - type: boolean - hostBenchmarks: - properties: - enabled: - type: boolean - type: object - type: object - cws: - properties: - customPolicies: - properties: - configData: - type: string - configMap: - properties: - items: - items: - properties: - key: - type: string - mode: - format: int32 - type: integer - path: - type: string - required: - - key - - path - type: object - type: array - x-kubernetes-list-map-keys: - - key - x-kubernetes-list-type: map - name: - type: string - type: object - type: object - enabled: - type: boolean - network: - properties: - enabled: - type: boolean - type: object - remoteConfiguration: - properties: - enabled: - type: boolean - type: object - securityProfiles: - properties: - enabled: - type: boolean - type: object - syscallMonitorEnabled: - type: boolean - type: object - dogstatsd: - properties: - hostPortConfig: - properties: - enabled: - type: boolean - hostPort: - format: int32 - type: integer - type: object - mapperProfiles: - properties: - configData: - type: string - configMap: - properties: - items: - items: - properties: - key: - type: string - mode: - format: int32 - type: integer - path: - type: string - required: - - key - - path - type: object - type: array - x-kubernetes-list-map-keys: - - key - x-kubernetes-list-type: map - name: - type: string - type: object - type: object - originDetectionEnabled: - type: boolean - tagCardinality: - type: string - unixDomainSocketConfig: - properties: - enabled: - type: boolean - path: - type: string - type: object - type: object - ebpfCheck: - properties: - enabled: - type: boolean - type: object - eventCollection: - properties: - collectKubernetesEvents: - type: boolean - type: object - externalMetricsServer: - properties: - enabled: - type: boolean - endpoint: - properties: - credentials: - properties: - apiKey: - type: string - apiSecret: - properties: - keyName: - type: string - secretName: - type: string - required: - - secretName - type: object - appKey: - type: string - appSecret: - properties: - keyName: - type: string - secretName: - type: string - required: - - secretName - type: object - type: object - url: - type: string - type: object - port: - format: int32 - type: integer - registerAPIService: - type: boolean - useDatadogMetrics: - type: boolean - wpaController: - type: boolean - type: object - helmCheck: - properties: - collectEvents: - type: boolean - enabled: - type: boolean - valuesAsTags: - additionalProperties: - type: string - type: object - type: object - kubeStateMetricsCore: - properties: - conf: - properties: - configData: - type: string - configMap: - properties: - items: - items: - properties: - key: - type: string - mode: - format: int32 - type: integer - path: - type: string - required: - - key - - path - type: object - type: array - x-kubernetes-list-map-keys: - - key - x-kubernetes-list-type: map - name: - type: string - type: object - type: object - enabled: - type: boolean - type: object - liveContainerCollection: - properties: - enabled: - type: boolean - type: object - liveProcessCollection: - properties: - enabled: - type: boolean - scrubProcessArguments: - type: boolean - stripProcessArguments: - type: boolean - type: object - logCollection: - properties: - containerCollectAll: - type: boolean - containerCollectUsingFiles: - type: boolean - containerLogsPath: - type: string - containerSymlinksPath: - type: string - enabled: - type: boolean - openFilesLimit: - format: int32 - type: integer - podLogsPath: - type: string - tempStoragePath: - type: string - type: object - npm: - properties: - collectDNSStats: - type: boolean - enableConntrack: - type: boolean - enabled: - type: boolean - type: object - oomKill: - properties: - enabled: - type: boolean - type: object - orchestratorExplorer: - properties: - conf: - properties: - configData: - type: string - configMap: - properties: - items: - items: - properties: - key: - type: string - mode: - format: int32 - type: integer - path: - type: string - required: - - key - - path - type: object - type: array - x-kubernetes-list-map-keys: - - key - x-kubernetes-list-type: map - name: - type: string - type: object - type: object - customResources: - items: - type: string - type: array - x-kubernetes-list-type: set - ddUrl: - type: string - enabled: - type: boolean - extraTags: - items: - type: string - type: array - x-kubernetes-list-type: set - scrubContainers: - type: boolean - type: object - otlp: - properties: - receiver: - properties: - protocols: - properties: - grpc: - properties: - enabled: - type: boolean - endpoint: - type: string - type: object - http: - properties: - enabled: - type: boolean - endpoint: - type: string - type: object - type: object - type: object - type: object - processDiscovery: - properties: - enabled: - type: boolean - type: object - prometheusScrape: - properties: - additionalConfigs: - type: string - enableServiceEndpoints: - type: boolean - enabled: - type: boolean - version: - type: integer - type: object - remoteConfiguration: - properties: - enabled: - type: boolean - type: object - sbom: - properties: - containerImage: - properties: - analyzers: - items: - type: string - type: array - x-kubernetes-list-type: set - enabled: - type: boolean - type: object - enabled: - type: boolean - host: - properties: - analyzers: - items: - type: string - type: array - x-kubernetes-list-type: set - enabled: - type: boolean - type: object - type: object - tcpQueueLength: - properties: - enabled: - type: boolean - type: object - usm: - properties: - enabled: - type: boolean - type: object - type: object - type: object - type: object - type: object - served: true - storage: true - subresources: - status: {} -status: - acceptedNames: - kind: "" - plural: "" - conditions: [] - storedVersions: [] \ No newline at end of file diff --git a/test/datadog-operator/baseline/Operator_Deployment_default.yaml b/test/datadog-operator/baseline/Operator_Deployment_default.yaml index 053b5291e..c96e6030e 100644 --- a/test/datadog-operator/baseline/Operator_Deployment_default.yaml +++ b/test/datadog-operator/baseline/Operator_Deployment_default.yaml @@ -7,9 +7,9 @@ metadata: namespace: datadog-agent labels: app.kubernetes.io/name: datadog-operator - helm.sh/chart: datadog-operator-1.8.4 + helm.sh/chart: datadog-operator-2.0.0 app.kubernetes.io/instance: datadog-operator - app.kubernetes.io/version: "1.7.0" + app.kubernetes.io/version: "1.8.0" app.kubernetes.io/managed-by: Helm spec: replicas: 1 @@ -35,7 +35,7 @@ spec: serviceAccountName: datadog-operator containers: - name: datadog-operator - image: "gcr.io/datadoghq/operator:1.7.0" + image: "gcr.io/datadoghq/operator:1.8.0" imagePullPolicy: IfNotPresent env: - name: WATCH_NAMESPACE diff --git a/test/datadog-operator/baseline/Operator_Deployment_with_certManager.yaml b/test/datadog-operator/baseline/Operator_Deployment_with_certManager.yaml deleted file mode 100644 index 9e064e9e4..000000000 --- a/test/datadog-operator/baseline/Operator_Deployment_with_certManager.yaml +++ /dev/null @@ -1,85 +0,0 @@ ---- -# Source: datadog-operator/templates/deployment.yaml -apiVersion: apps/v1 -kind: Deployment -metadata: - name: datadog-operator - namespace: datadog-agent - labels: - app.kubernetes.io/name: datadog-operator - helm.sh/chart: datadog-operator-1.8.4 - app.kubernetes.io/instance: datadog-operator - app.kubernetes.io/version: "1.7.0" - app.kubernetes.io/managed-by: Helm -spec: - replicas: 1 - selector: - matchLabels: - app.kubernetes.io/name: datadog-operator - app.kubernetes.io/instance: datadog-operator - template: - metadata: - labels: - app.kubernetes.io/name: datadog-operator - app.kubernetes.io/instance: datadog-operator - annotations: - ad.datadoghq.com/datadog-operator.check_names: '["openmetrics"]' - ad.datadoghq.com/datadog-operator.init_configs: '[{}]' - ad.datadoghq.com/datadog-operator.instances: | - [{ - "prometheus_url": "http://%%host%%:8383/metrics", - "namespace": "datadog.operator", - "metrics": ["*"] - }] - spec: - serviceAccountName: datadog-operator - containers: - - name: datadog-operator - image: "gcr.io/datadoghq/operator:1.7.0" - imagePullPolicy: IfNotPresent - env: - - name: WATCH_NAMESPACE - valueFrom: - fieldRef: - fieldPath: metadata.namespace - - name: POD_NAME - valueFrom: - fieldRef: - fieldPath: metadata.name - - name: DD_TOOL_VERSION - value: helm - args: - - "-supportExtendedDaemonset=false" - - "-logEncoder=json" - - "-metrics-addr=:8383" - - "-loglevel=info" - - "-operatorMetricsEnabled=true" - - "-introspectionEnabled=false" - - "-datadogAgentProfileEnabled=false" - - "-datadogMonitorEnabled=false" - - "-datadogAgentEnabled=true" - - "-datadogSLOEnabled=false" - - "-remoteConfigEnabled=false" - ports: - - name: metrics - containerPort: 8383 - protocol: TCP - - name: webhook - containerPort: 9443 - protocol: TCP - livenessProbe: - httpGet: - path: /healthz/ - port: 8081 - periodSeconds: 10 - resources: - {} - volumeMounts: - - mountPath: /tmp/k8s-webhook-server/serving-certs - name: cert - readOnly: true - volumes: - - name: cert - secret: - defaultMode: 420 - secretName: datadog-operator-webhook-server-cert \ No newline at end of file diff --git a/test/datadog-operator/baseline_test.go b/test/datadog-operator/baseline_test.go index ef2e4b984..46e863dbd 100644 --- a/test/datadog-operator/baseline_test.go +++ b/test/datadog-operator/baseline_test.go @@ -32,22 +32,6 @@ func Test_baseline_manifests(t *testing.T) { assertions: verifyOperatorDeployment, skipTest: SkipTest, }, - { - name: "Operator Deployment with cert manager enabled", - command: common.HelmCommand{ - ReleaseName: "datadog-operator", - ChartPath: "../../charts/datadog-operator", - ShowOnly: []string{"templates/deployment.yaml"}, - Values: []string{"../../charts/datadog-operator/values.yaml"}, - Overrides: map[string]string{ - "datadogCRDs.migration.datadogAgents.useCertManager": "true", - "datadogCRDs.migration.datadogAgents.conversionWebhook.enabled": "true", - }, - }, - baselineManifestPath: "./baseline/Operator_Deployment_with_certManager.yaml", - assertions: verifyOperatorDeployment, - skipTest: SkipTest, - }, { name: "DatadogAgent CRD default", command: common.HelmCommand{ @@ -62,23 +46,6 @@ func Test_baseline_manifests(t *testing.T) { assertions: verifyDatadogAgent, skipTest: SkipTest, }, - { - name: "DatadogAgent CRD with cert manager enabled", - command: common.HelmCommand{ - ReleaseName: "datadog-operator", - ChartPath: "../../charts/datadog-operator", - // datadogCRDs is an alias defined in the chart dependency - ShowOnly: []string{"charts/datadogCRDs/templates/datadoghq.com_datadogagents_v1.yaml"}, - Values: []string{"../../charts/datadog-operator/values.yaml"}, - Overrides: map[string]string{ - "datadogCRDs.migration.datadogAgents.useCertManager": "true", - "datadogCRDs.migration.datadogAgents.conversionWebhook.enabled": "true", - }, - }, - baselineManifestPath: "./baseline/DatadogAgent_CRD_with_certManager.yaml", - assertions: verifyDatadogAgent, - skipTest: SkipTest, - }, } for _, tt := range tests { diff --git a/test/datadog-operator/operator_deployment_test.go b/test/datadog-operator/operator_deployment_test.go index eb59e42c2..e34685157 100644 --- a/test/datadog-operator/operator_deployment_test.go +++ b/test/datadog-operator/operator_deployment_test.go @@ -44,60 +44,6 @@ func Test_operator_chart(t *testing.T) { assertions: verifyDeployment, skipTest: SkipTest, }, - { - name: "Verify Operator 1.0 cert secret name", - command: common.HelmCommand{ - ReleaseName: "random-string-as-release-name", - ChartPath: "../../charts/datadog-operator", - ShowOnly: []string{"templates/deployment.yaml"}, - Values: []string{"../../charts/datadog-operator/values.yaml"}, - Overrides: map[string]string{ - "datadogCRDs.migration.datadogAgents.useCertManager": "true", - "datadogCRDs.migration.datadogAgents.conversionWebhook.enabled": "true", - }, - }, - assertions: verifyDeploymentCertSecretName, - skipTest: SkipTest, - }, - { - name: "Verify Operator 1.0 conversionWebhook.enabled=true", - command: common.HelmCommand{ - ReleaseName: "random-string-as-release-name", - ChartPath: "../../charts/datadog-operator", - ShowOnly: []string{"templates/deployment.yaml"}, - Values: []string{"../../charts/datadog-operator/values.yaml"}, - Overrides: map[string]string{ - "datadogCRDs.migration.datadogAgents.conversionWebhook.enabled": "true", - }, - }, - assertions: verifyConversionWebhookEnabledTrue, - skipTest: SkipTest, - }, - { - name: "Verify Operator 1.0 conversionWebhook.enabled=false", - command: common.HelmCommand{ - ReleaseName: "random-string-as-release-name", - ChartPath: "../../charts/datadog-operator", - ShowOnly: []string{"templates/deployment.yaml"}, - Values: []string{"../../charts/datadog-operator/values.yaml"}, - Overrides: map[string]string{ - "datadogCRDs.migration.datadogAgents.conversionWebhook.enabled": "false", - }, - }, - assertions: verifyConversionWebhookEnabledFalse, - skipTest: SkipTest, - }, - { - name: "Verify Operator 1.0 conversionWebhook.enabled default", - command: common.HelmCommand{ - ReleaseName: "random-string-as-release-name", - ChartPath: "../../charts/datadog-operator", - ShowOnly: []string{"templates/deployment.yaml"}, - Values: []string{"../../charts/datadog-operator/values.yaml"}, - }, - assertions: verifyConversionWebhookEnabledFalse, - skipTest: SkipTest, - }, { name: "Rendering all does not fail", command: common.HelmCommand{ @@ -131,40 +77,11 @@ func verifyDeployment(t *testing.T, manifest string) { assert.Equal(t, 1, len(deployment.Spec.Template.Spec.Containers)) operatorContainer := deployment.Spec.Template.Spec.Containers[0] assert.Equal(t, v1.PullPolicy("IfNotPresent"), operatorContainer.ImagePullPolicy) - assert.Equal(t, "gcr.io/datadoghq/operator:1.7.0", operatorContainer.Image) + assert.Equal(t, "gcr.io/datadoghq/operator:1.8.0", operatorContainer.Image) assert.NotContains(t, operatorContainer.Args, "-webhookEnabled=false") -} - -func verifyDeploymentCertSecretName(t *testing.T, manifest string) { - var deployment appsv1.Deployment - common.Unmarshal(t, manifest, &deployment) - - var mode = int32(420) - assert.Contains(t, deployment.Spec.Template.Spec.Volumes, v1.Volume{ - Name: "cert", - VolumeSource: v1.VolumeSource{ - Secret: &v1.SecretVolumeSource{ - DefaultMode: &mode, - SecretName: "random-string-as-release-name-webhook-server-cert", - }, - }, - }) -} - -func verifyConversionWebhookEnabledTrue(t *testing.T, manifest string) { - var deployment appsv1.Deployment - common.Unmarshal(t, manifest, &deployment) - operatorContainer := deployment.Spec.Template.Spec.Containers[0] assert.NotContains(t, operatorContainer.Args, "-webhookEnabled=true") } -func verifyConversionWebhookEnabledFalse(t *testing.T, manifest string) { - var deployment appsv1.Deployment - common.Unmarshal(t, manifest, &deployment) - operatorContainer := deployment.Spec.Template.Spec.Containers[0] - assert.NotContains(t, operatorContainer.Args, "-webhookEnabled=false") -} - func verifyAll(t *testing.T, manifest string) { assert.True(t, manifest != "") } diff --git a/test/datadog/baseline/agent-clusterchecks-deployment_default.yaml b/test/datadog/baseline/agent-clusterchecks-deployment_default.yaml index a455a0780..4cf8b1f8e 100644 --- a/test/datadog/baseline/agent-clusterchecks-deployment_default.yaml +++ b/test/datadog/baseline/agent-clusterchecks-deployment_default.yaml @@ -6,7 +6,7 @@ metadata: name: datadog-clusterchecks namespace: datadog-agent labels: - helm.sh/chart: 'datadog-3.68.0' + helm.sh/chart: 'datadog-3.69.3' app.kubernetes.io/name: "datadog" app.kubernetes.io/instance: "datadog" app.kubernetes.io/managed-by: Helm @@ -36,8 +36,8 @@ spec: name: datadog-clusterchecks annotations: - checksum/clusteragent_token: b6f86c2f5bedfdb5004c60faa7201e578be2b0be3818cd517e958f3b76a07ae3 - checksum/install_info: 9a6b3a0afdc7e755915a24989677c6d492582d562fdd38a2270518ae18310357 + checksum/clusteragent_token: 898b7de0d59fe1803c9e99f2010332dae52edfc36ef050f7f77c7ab12b8709c5 + checksum/install_info: 88c52cd7ef5158f4eb2738b4c3b575985b7d139c6b2a25213c46c5a6266e22e7 spec: serviceAccountName: datadog-cluster-checks automountServiceAccountToken: true @@ -45,7 +45,7 @@ spec: [] initContainers: - name: init-volume - image: "gcr.io/datadoghq/agent:7.55.1" + image: "gcr.io/datadoghq/agent:7.55.2" imagePullPolicy: IfNotPresent command: ["bash", "-c"] args: @@ -57,7 +57,7 @@ spec: resources: {} - name: init-config - image: "gcr.io/datadoghq/agent:7.55.1" + image: "gcr.io/datadoghq/agent:7.55.2" imagePullPolicy: IfNotPresent command: ["bash", "-c"] args: @@ -70,7 +70,7 @@ spec: {} containers: - name: agent - image: "gcr.io/datadoghq/agent:7.55.1" + image: "gcr.io/datadoghq/agent:7.55.2" command: ["bash", "-c"] args: - rm -rf /etc/datadog-agent/conf.d && touch /etc/datadog-agent/datadog.yaml && exec agent run diff --git a/test/datadog/baseline/cluster-agent-deployment_default.yaml b/test/datadog/baseline/cluster-agent-deployment_default.yaml index b8edde200..a7858e1f3 100644 --- a/test/datadog/baseline/cluster-agent-deployment_default.yaml +++ b/test/datadog/baseline/cluster-agent-deployment_default.yaml @@ -6,7 +6,7 @@ metadata: name: datadog-cluster-agent namespace: datadog-agent labels: - helm.sh/chart: 'datadog-3.68.0' + helm.sh/chart: 'datadog-3.69.3' app.kubernetes.io/name: "datadog" app.kubernetes.io/instance: "datadog" app.kubernetes.io/managed-by: Helm @@ -36,17 +36,17 @@ spec: name: datadog-cluster-agent annotations: - checksum/clusteragent_token: 459abf22e9c0b7c33f45f92b6e33f2f95b1d7a196953d49defa4dbf5559716db - checksum/clusteragent-configmap: 1870b1d37dffa2a9ff20295dd22d1ce1a0c508d09e47e7143bea43fbf3e6939e - checksum/api_key: 28e63a1c4b64c11f42208b7a22e1a9cac1e2c837cea1ca56788b8b748b370e5c + checksum/clusteragent_token: 1e89899244fb44ae50129b361b512027fd59eeec723dc4e43ec8c54084de2f92 + checksum/clusteragent-configmap: fa5c139d4a60573ab9b4ecd4827360c3718bde0bcaaf5c9f1eae8ae24ff48edf + checksum/api_key: 43fd540dba2ec5835bddb0920a960e152d63d0dc44c95cdb376dfd5c8c39bdd4 checksum/application_key: 01ba4719c80b6fe911b091a7c05124b64eeece964e09c058ef8f9805daca546b - checksum/install_info: 9a6b3a0afdc7e755915a24989677c6d492582d562fdd38a2270518ae18310357 + checksum/install_info: 88c52cd7ef5158f4eb2738b4c3b575985b7d139c6b2a25213c46c5a6266e22e7 spec: serviceAccountName: datadog-cluster-agent automountServiceAccountToken: true initContainers: - name: init-volume - image: "gcr.io/datadoghq/cluster-agent:7.55.1" + image: "gcr.io/datadoghq/cluster-agent:7.55.2" imagePullPolicy: IfNotPresent command: - cp @@ -59,7 +59,7 @@ spec: mountPath: /opt/datadog-agent containers: - name: cluster-agent - image: "gcr.io/datadoghq/cluster-agent:7.55.1" + image: "gcr.io/datadoghq/cluster-agent:7.55.2" imagePullPolicy: IfNotPresent resources: {} diff --git a/test/datadog/baseline/cluster-agent-deployment_default_advanced_AC_injection.yaml b/test/datadog/baseline/cluster-agent-deployment_default_advanced_AC_injection.yaml index e46646e69..32656490f 100644 --- a/test/datadog/baseline/cluster-agent-deployment_default_advanced_AC_injection.yaml +++ b/test/datadog/baseline/cluster-agent-deployment_default_advanced_AC_injection.yaml @@ -6,7 +6,7 @@ metadata: name: datadog-cluster-agent namespace: datadog-agent labels: - helm.sh/chart: 'datadog-3.68.0' + helm.sh/chart: 'datadog-3.69.3' app.kubernetes.io/name: "datadog" app.kubernetes.io/instance: "datadog" app.kubernetes.io/managed-by: Helm @@ -36,17 +36,17 @@ spec: name: datadog-cluster-agent annotations: - checksum/clusteragent_token: b30c3fd9a0ddb5efc2ce81df6b5668148dda9e587e2877e60ab5a98176fe1fa5 - checksum/clusteragent-configmap: 1870b1d37dffa2a9ff20295dd22d1ce1a0c508d09e47e7143bea43fbf3e6939e - checksum/api_key: 28e63a1c4b64c11f42208b7a22e1a9cac1e2c837cea1ca56788b8b748b370e5c + checksum/clusteragent_token: 7991408bb52fa0f7419e6e11edf9a98b11a769fe9fd4574652c99d896a836f3a + checksum/clusteragent-configmap: fa5c139d4a60573ab9b4ecd4827360c3718bde0bcaaf5c9f1eae8ae24ff48edf + checksum/api_key: 43fd540dba2ec5835bddb0920a960e152d63d0dc44c95cdb376dfd5c8c39bdd4 checksum/application_key: 01ba4719c80b6fe911b091a7c05124b64eeece964e09c058ef8f9805daca546b - checksum/install_info: 9a6b3a0afdc7e755915a24989677c6d492582d562fdd38a2270518ae18310357 + checksum/install_info: 88c52cd7ef5158f4eb2738b4c3b575985b7d139c6b2a25213c46c5a6266e22e7 spec: serviceAccountName: datadog-cluster-agent automountServiceAccountToken: true initContainers: - name: init-volume - image: "gcr.io/datadoghq/cluster-agent:7.55.1" + image: "gcr.io/datadoghq/cluster-agent:7.55.2" imagePullPolicy: IfNotPresent command: - cp @@ -59,7 +59,7 @@ spec: mountPath: /opt/datadog-agent containers: - name: cluster-agent - image: "gcr.io/datadoghq/cluster-agent:7.55.1" + image: "gcr.io/datadoghq/cluster-agent:7.55.2" imagePullPolicy: IfNotPresent resources: {} diff --git a/test/datadog/baseline/cluster-agent-deployment_default_minimal_AC_injection.yaml b/test/datadog/baseline/cluster-agent-deployment_default_minimal_AC_injection.yaml index c17bcad9d..25417c0a1 100644 --- a/test/datadog/baseline/cluster-agent-deployment_default_minimal_AC_injection.yaml +++ b/test/datadog/baseline/cluster-agent-deployment_default_minimal_AC_injection.yaml @@ -6,7 +6,7 @@ metadata: name: datadog-cluster-agent namespace: datadog-agent labels: - helm.sh/chart: 'datadog-3.68.0' + helm.sh/chart: 'datadog-3.69.3' app.kubernetes.io/name: "datadog" app.kubernetes.io/instance: "datadog" app.kubernetes.io/managed-by: Helm @@ -36,17 +36,17 @@ spec: name: datadog-cluster-agent annotations: - checksum/clusteragent_token: 9970ddeb0c78cac061f61440e3235abd3701e14f4e3e4adbd5bd8ccf7b171042 - checksum/clusteragent-configmap: 1870b1d37dffa2a9ff20295dd22d1ce1a0c508d09e47e7143bea43fbf3e6939e - checksum/api_key: 28e63a1c4b64c11f42208b7a22e1a9cac1e2c837cea1ca56788b8b748b370e5c + checksum/clusteragent_token: 1c7f1ed04182e5250ad3cdd92f5e0549d68b792b85514efd1343d473b4b0ed31 + checksum/clusteragent-configmap: fa5c139d4a60573ab9b4ecd4827360c3718bde0bcaaf5c9f1eae8ae24ff48edf + checksum/api_key: 43fd540dba2ec5835bddb0920a960e152d63d0dc44c95cdb376dfd5c8c39bdd4 checksum/application_key: 01ba4719c80b6fe911b091a7c05124b64eeece964e09c058ef8f9805daca546b - checksum/install_info: 9a6b3a0afdc7e755915a24989677c6d492582d562fdd38a2270518ae18310357 + checksum/install_info: 88c52cd7ef5158f4eb2738b4c3b575985b7d139c6b2a25213c46c5a6266e22e7 spec: serviceAccountName: datadog-cluster-agent automountServiceAccountToken: true initContainers: - name: init-volume - image: "gcr.io/datadoghq/cluster-agent:7.55.1" + image: "gcr.io/datadoghq/cluster-agent:7.55.2" imagePullPolicy: IfNotPresent command: - cp @@ -59,7 +59,7 @@ spec: mountPath: /opt/datadog-agent containers: - name: cluster-agent - image: "gcr.io/datadoghq/cluster-agent:7.55.1" + image: "gcr.io/datadoghq/cluster-agent:7.55.2" imagePullPolicy: IfNotPresent resources: {} @@ -119,7 +119,7 @@ spec: - name: DD_ADMISSION_CONTROLLER_AGENT_SIDECAR_IMAGE_NAME value: agent - name: DD_ADMISSION_CONTROLLER_AGENT_SIDECAR_IMAGE_TAG - value: 7.55.1 + value: 7.55.2 - name: DD_REMOTE_CONFIGURATION_ENABLED value: "false" - name: DD_CLUSTER_CHECKS_ENABLED diff --git a/test/datadog/baseline/daemonset_default.yaml b/test/datadog/baseline/daemonset_default.yaml index 964f555c5..4b877c588 100644 --- a/test/datadog/baseline/daemonset_default.yaml +++ b/test/datadog/baseline/daemonset_default.yaml @@ -6,7 +6,7 @@ metadata: name: datadog namespace: datadog-agent labels: - helm.sh/chart: 'datadog-3.68.0' + helm.sh/chart: 'datadog-3.69.3' app.kubernetes.io/name: "datadog" app.kubernetes.io/instance: "datadog" app.kubernetes.io/managed-by: Helm @@ -30,8 +30,8 @@ spec: name: datadog annotations: - checksum/clusteragent_token: 179d0baafb25372e797d4253ad5e40a628e62ad44086dcb4401a466741784615 - checksum/install_info: 9a6b3a0afdc7e755915a24989677c6d492582d562fdd38a2270518ae18310357 + checksum/clusteragent_token: de542da9e3ea422b2ed413961187c1fe5bd28d1608c78a8bb16a4bc64b508e9b + checksum/install_info: 88c52cd7ef5158f4eb2738b4c3b575985b7d139c6b2a25213c46c5a6266e22e7 checksum/autoconf-config: 74234e98afe7498fb5daf1f36ac2d78acc339464f950703b8c019892f982b90b checksum/confd-config: 44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a checksum/checksd-config: 44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a @@ -42,7 +42,7 @@ spec: hostPID: true containers: - name: agent - image: "gcr.io/datadoghq/agent:7.55.1" + image: "gcr.io/datadoghq/agent:7.55.2" imagePullPolicy: IfNotPresent command: ["agent", "run"] @@ -76,9 +76,14 @@ spec: value: "false" - + - name: DD_PROCESS_CONFIG_PROCESS_COLLECTION_ENABLED + value: "false" + - name: DD_PROCESS_CONFIG_CONTAINER_COLLECTION_ENABLED + value: "true" - name: DD_PROCESS_AGENT_DISCOVERY_ENABLED value: "true" + - name: DD_STRIP_PROCESS_ARGS + value: "false" - name: DD_PROCESS_CONFIG_RUN_IN_CORE_AGENT_ENABLED value: "false" - name: DD_LOG_LEVEL @@ -117,7 +122,7 @@ spec: - name: DD_IGNORE_AUTOCONF value: "kubernetes_state" - name: DD_CONTAINER_LIFECYCLE_ENABLED - value: "true" + value: "true" - name: DD_ORCHESTRATOR_EXPLORER_ENABLED value: "true" - name: DD_EXPVAR_PORT @@ -197,7 +202,7 @@ spec: successThreshold: 1 timeoutSeconds: 5 - name: trace-agent - image: "gcr.io/datadoghq/agent:7.55.1" + image: "gcr.io/datadoghq/agent:7.55.2" imagePullPolicy: IfNotPresent command: ["trace-agent", "-config=/etc/datadog-agent/datadog.yaml"] resources: @@ -303,7 +308,7 @@ spec: port: 8126 timeoutSeconds: 5 - name: process-agent - image: "gcr.io/datadoghq/agent:7.55.1" + image: "gcr.io/datadoghq/agent:7.55.2" imagePullPolicy: IfNotPresent command: ["process-agent", "--cfgpath=/etc/datadog-agent/datadog.yaml"] resources: @@ -341,9 +346,14 @@ spec: name: datadog-cluster-agent key: token - + - name: DD_PROCESS_CONFIG_PROCESS_COLLECTION_ENABLED + value: "false" + - name: DD_PROCESS_CONFIG_CONTAINER_COLLECTION_ENABLED + value: "true" - name: DD_PROCESS_AGENT_DISCOVERY_ENABLED value: "true" + - name: DD_STRIP_PROCESS_ARGS + value: "false" - name: DD_PROCESS_CONFIG_RUN_IN_CORE_AGENT_ENABLED value: "false" - name: DD_LOG_LEVEL @@ -395,7 +405,7 @@ spec: - name: init-volume - image: "gcr.io/datadoghq/agent:7.55.1" + image: "gcr.io/datadoghq/agent:7.55.2" imagePullPolicy: IfNotPresent command: ["bash", "-c"] args: @@ -408,7 +418,7 @@ spec: {} - name: init-config - image: "gcr.io/datadoghq/agent:7.55.1" + image: "gcr.io/datadoghq/agent:7.55.2" imagePullPolicy: IfNotPresent command: - bash diff --git a/test/datadog/baseline/other_default.yaml b/test/datadog/baseline/other_default.yaml index f2b1944eb..cdb527639 100644 --- a/test/datadog/baseline/other_default.yaml +++ b/test/datadog/baseline/other_default.yaml @@ -6,7 +6,7 @@ metadata: name: datadog-clusterchecks namespace: datadog-agent labels: - helm.sh/chart: 'datadog-3.68.0' + helm.sh/chart: 'datadog-3.69.3' app.kubernetes.io/name: "datadog" app.kubernetes.io/instance: "datadog" app.kubernetes.io/managed-by: Helm @@ -24,7 +24,7 @@ metadata: name: datadog-cluster-agent namespace: datadog-agent labels: - helm.sh/chart: 'datadog-3.68.0' + helm.sh/chart: 'datadog-3.69.3' app.kubernetes.io/name: "datadog" app.kubernetes.io/instance: "datadog" app.kubernetes.io/managed-by: Helm @@ -41,13 +41,13 @@ kind: ServiceAccount automountServiceAccountToken: true metadata: labels: - helm.sh/chart: 'datadog-3.68.0' + helm.sh/chart: 'datadog-3.69.3' app.kubernetes.io/name: "datadog" app.kubernetes.io/instance: "datadog" app.kubernetes.io/managed-by: Helm app.kubernetes.io/version: "7" app: "datadog" - chart: "datadog-3.68.0" + chart: "datadog-3.69.3" heritage: "Helm" release: "datadog" name: datadog-cluster-checks @@ -60,10 +60,10 @@ automountServiceAccountToken: true metadata: labels: app: "datadog" - chart: "datadog-3.68.0" + chart: "datadog-3.69.3" heritage: "Helm" release: "datadog" - helm.sh/chart: 'datadog-3.68.0' + helm.sh/chart: 'datadog-3.69.3' app.kubernetes.io/name: "datadog" app.kubernetes.io/instance: "datadog" app.kubernetes.io/managed-by: Helm @@ -79,7 +79,7 @@ metadata: name: datadog namespace: datadog-agent labels: - helm.sh/chart: 'datadog-3.68.0' + helm.sh/chart: 'datadog-3.69.3' app.kubernetes.io/name: "datadog" app.kubernetes.io/instance: "datadog" app.kubernetes.io/managed-by: Helm @@ -92,14 +92,14 @@ metadata: name: datadog-cluster-agent namespace: datadog-agent labels: - helm.sh/chart: 'datadog-3.68.0' + helm.sh/chart: 'datadog-3.69.3' app.kubernetes.io/name: "datadog" app.kubernetes.io/instance: "datadog" app.kubernetes.io/managed-by: Helm app.kubernetes.io/version: "7" type: Opaque data: - token: "VEw0RnJvVnp3RkJUNXFtcDcwbGgySDNkV2d3VkNGbUs=" + token: "Y2NkeDBJRG50UWdHTlRiUWtIMTNRV2x2Wkk2VVA5VEE=" --- # Source: datadog/templates/cluster-agent-confd-configmap.yaml apiVersion: v1 @@ -108,7 +108,7 @@ metadata: name: datadog-cluster-agent-confd namespace: datadog-agent labels: - helm.sh/chart: 'datadog-3.68.0' + helm.sh/chart: 'datadog-3.69.3' app.kubernetes.io/name: "datadog" app.kubernetes.io/instance: "datadog" app.kubernetes.io/managed-by: Helm @@ -157,20 +157,20 @@ metadata: name: datadog-installinfo namespace: datadog-agent labels: - helm.sh/chart: 'datadog-3.68.0' + helm.sh/chart: 'datadog-3.69.3' app.kubernetes.io/name: "datadog" app.kubernetes.io/instance: "datadog" app.kubernetes.io/managed-by: Helm app.kubernetes.io/version: "7" annotations: - checksum/install_info: 9a6b3a0afdc7e755915a24989677c6d492582d562fdd38a2270518ae18310357 + checksum/install_info: 88c52cd7ef5158f4eb2738b4c3b575985b7d139c6b2a25213c46c5a6266e22e7 data: install_info: | --- install_method: tool: helm tool_version: Helm - installer_version: datadog-3.68.0 + installer_version: datadog-3.69.3 --- # Source: datadog/templates/kpi-telemetry-configmap.yaml apiVersion: v1 @@ -179,22 +179,22 @@ metadata: name: datadog-kpi-telemetry-configmap namespace: datadog-agent labels: - helm.sh/chart: 'datadog-3.68.0' + helm.sh/chart: 'datadog-3.69.3' app.kubernetes.io/name: "datadog" app.kubernetes.io/instance: "datadog" app.kubernetes.io/managed-by: Helm app.kubernetes.io/version: "7" data: install_type: k8s_manual - install_id: "50096d3c-dfdd-4dcd-b22a-b547b24cd97a" - install_time: "1721285287" + install_id: "ea017c66-3746-4347-86ef-32a14ddda1c7" + install_time: "1723838680" --- # Source: datadog/templates/cluster-agent-rbac.yaml apiVersion: "rbac.authorization.k8s.io/v1" kind: ClusterRole metadata: labels: - helm.sh/chart: 'datadog-3.68.0' + helm.sh/chart: 'datadog-3.69.3' app.kubernetes.io/name: "datadog" app.kubernetes.io/instance: "datadog" app.kubernetes.io/managed-by: Helm @@ -409,7 +409,7 @@ apiVersion: "rbac.authorization.k8s.io/v1" kind: ClusterRole metadata: labels: - helm.sh/chart: 'datadog-3.68.0' + helm.sh/chart: 'datadog-3.69.3' app.kubernetes.io/name: "datadog" app.kubernetes.io/instance: "datadog" app.kubernetes.io/managed-by: Helm @@ -505,7 +505,7 @@ kind: ClusterRole metadata: name: datadog labels: - helm.sh/chart: 'datadog-3.68.0' + helm.sh/chart: 'datadog-3.69.3' app.kubernetes.io/name: "datadog" app.kubernetes.io/instance: "datadog" app.kubernetes.io/managed-by: Helm @@ -553,7 +553,7 @@ apiVersion: "rbac.authorization.k8s.io/v1" kind: ClusterRoleBinding metadata: labels: - helm.sh/chart: 'datadog-3.68.0' + helm.sh/chart: 'datadog-3.69.3' app.kubernetes.io/name: "datadog" app.kubernetes.io/instance: "datadog" app.kubernetes.io/managed-by: Helm @@ -573,7 +573,7 @@ apiVersion: "rbac.authorization.k8s.io/v1" kind: ClusterRoleBinding metadata: labels: - helm.sh/chart: 'datadog-3.68.0' + helm.sh/chart: 'datadog-3.69.3' app.kubernetes.io/name: "datadog" app.kubernetes.io/instance: "datadog" app.kubernetes.io/managed-by: Helm @@ -593,7 +593,7 @@ apiVersion: "rbac.authorization.k8s.io/v1" kind: ClusterRoleBinding metadata: labels: - helm.sh/chart: 'datadog-3.68.0' + helm.sh/chart: 'datadog-3.69.3' app.kubernetes.io/name: "datadog" app.kubernetes.io/instance: "datadog" app.kubernetes.io/managed-by: Helm @@ -614,7 +614,7 @@ kind: ClusterRoleBinding metadata: name: datadog labels: - helm.sh/chart: 'datadog-3.68.0' + helm.sh/chart: 'datadog-3.69.3' app.kubernetes.io/name: "datadog" app.kubernetes.io/instance: "datadog" app.kubernetes.io/managed-by: Helm @@ -633,7 +633,7 @@ apiVersion: "rbac.authorization.k8s.io/v1" kind: Role metadata: labels: - helm.sh/chart: 'datadog-3.68.0' + helm.sh/chart: 'datadog-3.69.3' app.kubernetes.io/name: "datadog" app.kubernetes.io/instance: "datadog" app.kubernetes.io/managed-by: Helm @@ -650,7 +650,7 @@ apiVersion: "rbac.authorization.k8s.io/v1" kind: Role metadata: labels: - helm.sh/chart: 'datadog-3.68.0' + helm.sh/chart: 'datadog-3.69.3' app.kubernetes.io/name: "datadog" app.kubernetes.io/instance: "datadog" app.kubernetes.io/managed-by: Helm @@ -672,7 +672,7 @@ apiVersion: "rbac.authorization.k8s.io/v1" kind: RoleBinding metadata: labels: - helm.sh/chart: 'datadog-3.68.0' + helm.sh/chart: 'datadog-3.69.3' app.kubernetes.io/name: "datadog" app.kubernetes.io/instance: "datadog" app.kubernetes.io/managed-by: Helm @@ -693,7 +693,7 @@ apiVersion: "rbac.authorization.k8s.io/v1" kind: RoleBinding metadata: labels: - helm.sh/chart: 'datadog-3.68.0' + helm.sh/chart: 'datadog-3.69.3' app.kubernetes.io/name: "datadog" app.kubernetes.io/instance: "datadog" app.kubernetes.io/managed-by: Helm @@ -716,7 +716,7 @@ metadata: name: datadog-cluster-agent namespace: datadog-agent labels: - helm.sh/chart: 'datadog-3.68.0' + helm.sh/chart: 'datadog-3.69.3' app.kubernetes.io/name: "datadog" app.kubernetes.io/instance: "datadog" app.kubernetes.io/managed-by: Helm @@ -738,10 +738,10 @@ metadata: namespace: datadog-agent labels: app: "datadog" - chart: "datadog-3.68.0" + chart: "datadog-3.69.3" release: "datadog" heritage: "Helm" - helm.sh/chart: 'datadog-3.68.0' + helm.sh/chart: 'datadog-3.69.3' app.kubernetes.io/name: "datadog" app.kubernetes.io/instance: "datadog" app.kubernetes.io/managed-by: Helm @@ -764,10 +764,10 @@ metadata: namespace: datadog-agent labels: app: "datadog" - chart: "datadog-3.68.0" + chart: "datadog-3.69.3" release: "datadog" heritage: "Helm" - helm.sh/chart: 'datadog-3.68.0' + helm.sh/chart: 'datadog-3.69.3' app.kubernetes.io/name: "datadog" app.kubernetes.io/instance: "datadog" app.kubernetes.io/managed-by: Helm @@ -793,7 +793,7 @@ metadata: name: datadog namespace: datadog-agent labels: - helm.sh/chart: 'datadog-3.68.0' + helm.sh/chart: 'datadog-3.69.3' app.kubernetes.io/name: "datadog" app.kubernetes.io/instance: "datadog" app.kubernetes.io/managed-by: Helm @@ -817,8 +817,8 @@ spec: name: datadog annotations: - checksum/clusteragent_token: e14d4eae995370df8bff980ef455f891a9e141e06368fe62958554c779d31766 - checksum/install_info: 9a6b3a0afdc7e755915a24989677c6d492582d562fdd38a2270518ae18310357 + checksum/clusteragent_token: 2eda47b55579b010297762c6bc060f2992f6c3663c187124b71071457e50321d + checksum/install_info: 88c52cd7ef5158f4eb2738b4c3b575985b7d139c6b2a25213c46c5a6266e22e7 checksum/autoconf-config: 74234e98afe7498fb5daf1f36ac2d78acc339464f950703b8c019892f982b90b checksum/confd-config: 44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a checksum/checksd-config: 44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a @@ -829,7 +829,7 @@ spec: hostPID: true containers: - name: agent - image: "gcr.io/datadoghq/agent:7.55.1" + image: "gcr.io/datadoghq/agent:7.55.2" imagePullPolicy: IfNotPresent command: ["agent", "run"] @@ -863,9 +863,14 @@ spec: value: "false" - + - name: DD_PROCESS_CONFIG_PROCESS_COLLECTION_ENABLED + value: "false" + - name: DD_PROCESS_CONFIG_CONTAINER_COLLECTION_ENABLED + value: "true" - name: DD_PROCESS_AGENT_DISCOVERY_ENABLED value: "true" + - name: DD_STRIP_PROCESS_ARGS + value: "false" - name: DD_PROCESS_CONFIG_RUN_IN_CORE_AGENT_ENABLED value: "false" - name: DD_LOG_LEVEL @@ -905,7 +910,7 @@ spec: - name: DD_IGNORE_AUTOCONF value: "kubernetes_state" - name: DD_CONTAINER_LIFECYCLE_ENABLED - value: "true" + value: "true" - name: DD_ORCHESTRATOR_EXPLORER_ENABLED value: "true" - name: DD_EXPVAR_PORT @@ -985,7 +990,7 @@ spec: successThreshold: 1 timeoutSeconds: 5 - name: trace-agent - image: "gcr.io/datadoghq/agent:7.55.1" + image: "gcr.io/datadoghq/agent:7.55.2" imagePullPolicy: IfNotPresent command: ["trace-agent", "-config=/etc/datadog-agent/datadog.yaml"] resources: @@ -1091,7 +1096,7 @@ spec: port: 8126 timeoutSeconds: 5 - name: process-agent - image: "gcr.io/datadoghq/agent:7.55.1" + image: "gcr.io/datadoghq/agent:7.55.2" imagePullPolicy: IfNotPresent command: ["process-agent", "--cfgpath=/etc/datadog-agent/datadog.yaml"] resources: @@ -1129,9 +1134,14 @@ spec: name: datadog-cluster-agent key: token - + - name: DD_PROCESS_CONFIG_PROCESS_COLLECTION_ENABLED + value: "false" + - name: DD_PROCESS_CONFIG_CONTAINER_COLLECTION_ENABLED + value: "true" - name: DD_PROCESS_AGENT_DISCOVERY_ENABLED value: "true" + - name: DD_STRIP_PROCESS_ARGS + value: "false" - name: DD_PROCESS_CONFIG_RUN_IN_CORE_AGENT_ENABLED value: "false" - name: DD_LOG_LEVEL @@ -1183,7 +1193,7 @@ spec: - name: init-volume - image: "gcr.io/datadoghq/agent:7.55.1" + image: "gcr.io/datadoghq/agent:7.55.2" imagePullPolicy: IfNotPresent command: ["bash", "-c"] args: @@ -1196,7 +1206,7 @@ spec: {} - name: init-config - image: "gcr.io/datadoghq/agent:7.55.1" + image: "gcr.io/datadoghq/agent:7.55.2" imagePullPolicy: IfNotPresent command: - bash @@ -1301,7 +1311,7 @@ metadata: name: datadog-clusterchecks namespace: datadog-agent labels: - helm.sh/chart: 'datadog-3.68.0' + helm.sh/chart: 'datadog-3.69.3' app.kubernetes.io/name: "datadog" app.kubernetes.io/instance: "datadog" app.kubernetes.io/managed-by: Helm @@ -1331,8 +1341,8 @@ spec: name: datadog-clusterchecks annotations: - checksum/clusteragent_token: 6236d64c33330168fac8f433ce53e171946653cfee9bbedc10708f4bffd12237 - checksum/install_info: 9a6b3a0afdc7e755915a24989677c6d492582d562fdd38a2270518ae18310357 + checksum/clusteragent_token: df513ccb46ac6f45f78030ba267aede6b25632a9d5beda28d8d1e3edf07a1601 + checksum/install_info: 88c52cd7ef5158f4eb2738b4c3b575985b7d139c6b2a25213c46c5a6266e22e7 spec: serviceAccountName: datadog-cluster-checks automountServiceAccountToken: true @@ -1340,7 +1350,7 @@ spec: [] initContainers: - name: init-volume - image: "gcr.io/datadoghq/agent:7.55.1" + image: "gcr.io/datadoghq/agent:7.55.2" imagePullPolicy: IfNotPresent command: ["bash", "-c"] args: @@ -1352,7 +1362,7 @@ spec: resources: {} - name: init-config - image: "gcr.io/datadoghq/agent:7.55.1" + image: "gcr.io/datadoghq/agent:7.55.2" imagePullPolicy: IfNotPresent command: ["bash", "-c"] args: @@ -1365,7 +1375,7 @@ spec: {} containers: - name: agent - image: "gcr.io/datadoghq/agent:7.55.1" + image: "gcr.io/datadoghq/agent:7.55.2" command: ["bash", "-c"] args: - rm -rf /etc/datadog-agent/conf.d && touch /etc/datadog-agent/datadog.yaml && exec agent run @@ -1492,7 +1502,7 @@ metadata: name: datadog-cluster-agent namespace: datadog-agent labels: - helm.sh/chart: 'datadog-3.68.0' + helm.sh/chart: 'datadog-3.69.3' app.kubernetes.io/name: "datadog" app.kubernetes.io/instance: "datadog" app.kubernetes.io/managed-by: Helm @@ -1522,15 +1532,15 @@ spec: name: datadog-cluster-agent annotations: - checksum/clusteragent_token: 982e3679f4d216c771b4be67a945049a92c86c024fc7fe3b3715ea293b599ccd - checksum/clusteragent-configmap: da78943b0a2b4039c8db933c5af5009ba72516f8625b14b5815a83e4080f38ac - checksum/install_info: 9a6b3a0afdc7e755915a24989677c6d492582d562fdd38a2270518ae18310357 + checksum/clusteragent_token: 61cab1de9ffa31fa392576b66b69e7fef5e5918ac8257f49fa119b96c0941f34 + checksum/clusteragent-configmap: 7d7437f233eef67301769d5141b59f31f12ac10c0354e17bf5ae9405058ea53b + checksum/install_info: 88c52cd7ef5158f4eb2738b4c3b575985b7d139c6b2a25213c46c5a6266e22e7 spec: serviceAccountName: datadog-cluster-agent automountServiceAccountToken: true initContainers: - name: init-volume - image: "gcr.io/datadoghq/cluster-agent:7.55.1" + image: "gcr.io/datadoghq/cluster-agent:7.55.2" imagePullPolicy: IfNotPresent command: - cp @@ -1543,7 +1553,7 @@ spec: mountPath: /opt/datadog-agent containers: - name: cluster-agent - image: "gcr.io/datadoghq/cluster-agent:7.55.1" + image: "gcr.io/datadoghq/cluster-agent:7.55.2" imagePullPolicy: IfNotPresent resources: {} diff --git a/test/datadog/dca_AC_sidecar_test.go b/test/datadog/dca_AC_sidecar_test.go index 52479187a..d2c483956 100644 --- a/test/datadog/dca_AC_sidecar_test.go +++ b/test/datadog/dca_AC_sidecar_test.go @@ -91,7 +91,8 @@ func verifyDeploymentFargateMinimal(t *testing.T, manifest string) { // Default will be set by DCA assert.Empty(t, acConfigEnv[DDSidecarRegistry]) assert.Equal(t, "agent", acConfigEnv[DDSidecarImageName]) - assert.Equal(t, "7.55.1", acConfigEnv[DDSidecarImageTag]) + // chart default, so commenting out + // assert.Equal(t, "7.55.1", acConfigEnv[DDSidecarImageTag]) assert.Empty(t, acConfigEnv[DDSidecarSelectors]) assert.Empty(t, acConfigEnv[DDSidecarProfiles]) } From 45133edef2be52d90504bea629d74bdabcf5600d Mon Sep 17 00:00:00 2001 From: Etienne Lefebvre Date: Wed, 21 Aug 2024 11:45:22 +0200 Subject: [PATCH 105/209] [Synthetics] Private Location: Release 1.50.0 (#1498) --- charts/synthetics-private-location/CHANGELOG.md | 4 ++++ charts/synthetics-private-location/Chart.yaml | 4 ++-- charts/synthetics-private-location/README.md | 4 ++-- charts/synthetics-private-location/values.yaml | 2 +- 4 files changed, 9 insertions(+), 5 deletions(-) diff --git a/charts/synthetics-private-location/CHANGELOG.md b/charts/synthetics-private-location/CHANGELOG.md index 3c657877d..fca293393 100644 --- a/charts/synthetics-private-location/CHANGELOG.md +++ b/charts/synthetics-private-location/CHANGELOG.md @@ -1,5 +1,9 @@ # Datadog changelog +## 0.17.1 + +* Update private location image version to `1.50.0`. + ## 0.17.0 * Add `podDisruptionBudget` to allow creating and configuring PodDisruptionBudget for deployment. diff --git a/charts/synthetics-private-location/Chart.yaml b/charts/synthetics-private-location/Chart.yaml index 903ae6744..f154d04d8 100644 --- a/charts/synthetics-private-location/Chart.yaml +++ b/charts/synthetics-private-location/Chart.yaml @@ -1,7 +1,7 @@ apiVersion: v2 name: synthetics-private-location -version: 0.17.0 -appVersion: 1.49.0 +version: 0.17.1 +appVersion: 1.50.0 description: Datadog Synthetics Private Location keywords: - monitoring diff --git a/charts/synthetics-private-location/README.md b/charts/synthetics-private-location/README.md index f824b1ae2..38d5ff1f1 100644 --- a/charts/synthetics-private-location/README.md +++ b/charts/synthetics-private-location/README.md @@ -1,6 +1,6 @@ # Datadog Synthetics Private Location -![Version: 0.17.0](https://img.shields.io/badge/Version-0.17.0-informational?style=flat-square) ![AppVersion: 1.49.0](https://img.shields.io/badge/AppVersion-1.49.0-informational?style=flat-square) +![Version: 0.17.1](https://img.shields.io/badge/Version-0.17.1-informational?style=flat-square) ![AppVersion: 1.50.0](https://img.shields.io/badge/AppVersion-1.50.0-informational?style=flat-square) [Datadog](https://www.datadoghq.com/) is a hosted infrastructure monitoring platform. This chart adds a Datadog Synthetics Private Location Deployment. For more information about synthetics monitoring with Datadog, please refer to the [Datadog documentation website](https://docs.datadoghq.com/synthetics/private_locations/?tab=helmchart). @@ -41,7 +41,7 @@ helm install datadog/synthetics-private-location --set-file confi | hostAliases | list | `[]` | Add entries to Datadog Synthetics Private Location PODs' /etc/hosts | | image.pullPolicy | string | `"IfNotPresent"` | Define the pullPolicy for Datadog Synthetics Private Location image | | image.repository | string | `"gcr.io/datadoghq/synthetics-private-location-worker"` | Repository to use for Datadog Synthetics Private Location image | -| image.tag | string | `"1.49.0"` | Define the Datadog Synthetics Private Location version to use | +| image.tag | string | `"1.50.0"` | Define the Datadog Synthetics Private Location version to use | | imagePullSecrets | list | `[]` | Datadog Synthetics Private Location repository pullSecret (ex: specify docker registry credentials) | | nameOverride | string | `""` | Override name of app | | nodeSelector | object | `{}` | Allows to schedule Datadog Synthetics Private Location on specific nodes | diff --git a/charts/synthetics-private-location/values.yaml b/charts/synthetics-private-location/values.yaml index dceffe2e3..dfb6d3e35 100644 --- a/charts/synthetics-private-location/values.yaml +++ b/charts/synthetics-private-location/values.yaml @@ -15,7 +15,7 @@ image: # image.pullPolicy -- Define the pullPolicy for Datadog Synthetics Private Location image pullPolicy: IfNotPresent # image.tag -- Define the Datadog Synthetics Private Location version to use - tag: 1.49.0 + tag: 1.50.0 # dnsPolicy -- DNS Policy to set to the Datadog Synthetics Private Location PODs dnsPolicy: ClusterFirst From 7a2ae9db680f2fc1cfcf9f604d6b43f022541925 Mon Sep 17 00:00:00 2001 From: Jennifer Chen <32009013+jennchenn@users.noreply.github.com> Date: Wed, 21 Aug 2024 13:32:37 -0400 Subject: [PATCH 106/209] Set default agent/cluster agent version to 7.56.0 (#1500) --- charts/datadog/CHANGELOG.md | 4 ++++ charts/datadog/Chart.yaml | 2 +- charts/datadog/README.md | 8 ++++---- charts/datadog/values.yaml | 6 +++--- 4 files changed, 12 insertions(+), 8 deletions(-) diff --git a/charts/datadog/CHANGELOG.md b/charts/datadog/CHANGELOG.md index 24989cd5f..993299200 100644 --- a/charts/datadog/CHANGELOG.md +++ b/charts/datadog/CHANGELOG.md @@ -1,5 +1,9 @@ # Datadog changelog +## 3.70.0 + +* Set default `Agent` and `Cluster-Agent` version to `7.56.0`. + ## 3.69.3 * Update `datadog-crds` dependency to `1.7.2`. diff --git a/charts/datadog/Chart.yaml b/charts/datadog/Chart.yaml index f189e2844..9edc12d62 100644 --- a/charts/datadog/Chart.yaml +++ b/charts/datadog/Chart.yaml @@ -1,6 +1,6 @@ apiVersion: v1 name: datadog -version: 3.69.3 +version: 3.70.0 appVersion: "7" description: Datadog Agent keywords: diff --git a/charts/datadog/README.md b/charts/datadog/README.md index cfad6fd18..f54b1288c 100644 --- a/charts/datadog/README.md +++ b/charts/datadog/README.md @@ -1,6 +1,6 @@ # Datadog -![Version: 3.69.3](https://img.shields.io/badge/Version-3.69.3-informational?style=flat-square) ![AppVersion: 7](https://img.shields.io/badge/AppVersion-7-informational?style=flat-square) +![Version: 3.70.0](https://img.shields.io/badge/Version-3.70.0-informational?style=flat-square) ![AppVersion: 7](https://img.shields.io/badge/AppVersion-7-informational?style=flat-square) [Datadog](https://www.datadoghq.com/) is a hosted infrastructure monitoring platform. This chart adds the Datadog Agent to all nodes in your cluster via a DaemonSet. It also optionally depends on the [kube-state-metrics chart](https://github.com/prometheus-community/helm-charts/tree/main/charts/kube-state-metrics). For more information about monitoring Kubernetes with Datadog, please refer to the [Datadog documentation website](https://docs.datadoghq.com/agent/basic_agent_usage/kubernetes/). @@ -515,7 +515,7 @@ helm install \ | agents.image.pullPolicy | string | `"IfNotPresent"` | Datadog Agent image pull policy | | agents.image.pullSecrets | list | `[]` | Datadog Agent repository pullSecret (ex: specify docker registry credentials) | | agents.image.repository | string | `nil` | Override default registry + image.name for Agent | -| agents.image.tag | string | `"7.55.2"` | Define the Agent version to use | +| agents.image.tag | string | `"7.56.0"` | Define the Agent version to use | | agents.image.tagSuffix | string | `""` | Suffix to append to Agent tag | | agents.localService.forceLocalServiceEnabled | bool | `false` | Force the creation of the internal traffic policy service to target the agent running on the local node. By default, the internal traffic service is created only on Kubernetes 1.22+ where the feature became beta and enabled by default. This option allows to force the creation of the internal traffic service on kubernetes 1.21 where the feature was alpha and required a feature gate to be explicitly enabled. | | agents.localService.overrideName | string | `""` | Name of the internal traffic service to target the agent running on the local node | @@ -590,7 +590,7 @@ helm install \ | clusterAgent.image.pullPolicy | string | `"IfNotPresent"` | Cluster Agent image pullPolicy | | clusterAgent.image.pullSecrets | list | `[]` | Cluster Agent repository pullSecret (ex: specify docker registry credentials) | | clusterAgent.image.repository | string | `nil` | Override default registry + image.name for Cluster Agent | -| clusterAgent.image.tag | string | `"7.55.2"` | Cluster Agent image tag to use | +| clusterAgent.image.tag | string | `"7.56.0"` | Cluster Agent image tag to use | | clusterAgent.livenessProbe | object | Every 15s / 6 KO / 1 OK | Override default Cluster Agent liveness probe settings | | clusterAgent.metricsProvider.aggregator | string | `"avg"` | Define the aggregator the cluster agent will use to process the metrics. The options are (avg, min, max, sum) | | clusterAgent.metricsProvider.createReaderRbac | bool | `true` | Create `external-metrics-reader` RBAC automatically (to allow HPA to read data from Cluster Agent) | @@ -642,7 +642,7 @@ helm install \ | clusterChecksRunner.image.pullPolicy | string | `"IfNotPresent"` | Datadog Agent image pull policy | | clusterChecksRunner.image.pullSecrets | list | `[]` | Datadog Agent repository pullSecret (ex: specify docker registry credentials) | | clusterChecksRunner.image.repository | string | `nil` | Override default registry + image.name for Cluster Check Runners | -| clusterChecksRunner.image.tag | string | `"7.55.2"` | Define the Agent version to use | +| clusterChecksRunner.image.tag | string | `"7.56.0"` | Define the Agent version to use | | clusterChecksRunner.image.tagSuffix | string | `""` | Suffix to append to Agent tag | | clusterChecksRunner.livenessProbe | object | Every 15s / 6 KO / 1 OK | Override default agent liveness probe settings | | clusterChecksRunner.networkPolicy.create | bool | `false` | If true, create a NetworkPolicy for the cluster checks runners. DEPRECATED. Use datadog.networkPolicy.create instead | diff --git a/charts/datadog/values.yaml b/charts/datadog/values.yaml index bfcb12367..39e255ab4 100644 --- a/charts/datadog/values.yaml +++ b/charts/datadog/values.yaml @@ -955,7 +955,7 @@ clusterAgent: name: cluster-agent # clusterAgent.image.tag -- Cluster Agent image tag to use - tag: 7.55.2 + tag: 7.56.0 # clusterAgent.image.digest -- Cluster Agent image digest to use, takes precedence over tag if specified digest: "" @@ -1448,7 +1448,7 @@ agents: name: agent # agents.image.tag -- Define the Agent version to use - tag: 7.55.2 + tag: 7.56.0 # agents.image.digest -- Define Agent image digest to use, takes precedence over tag if specified digest: "" @@ -1954,7 +1954,7 @@ clusterChecksRunner: name: agent # clusterChecksRunner.image.tag -- Define the Agent version to use - tag: 7.55.2 + tag: 7.56.0 # clusterChecksRunner.image.digest -- Define Agent image digest to use, takes precedence over tag if specified digest: "" From ef09ed21c4224cabfc086c42eeeddc2c852cade6 Mon Sep 17 00:00:00 2001 From: Oliver Li Date: Thu, 22 Aug 2024 12:41:44 -0400 Subject: [PATCH 107/209] Private action runner helm chart YAML formatting tweaks (#1499) * Private action runner helm chart YAML formatting tweaks * bump chart version * update changelog * update readme --- charts/private-action-runner/CHANGELOG.md | 4 + charts/private-action-runner/Chart.yaml | 2 +- charts/private-action-runner/README.md | 2 +- charts/private-action-runner/README.md.gotmpl | 2 +- .../examples/config.yaml | 4 +- charts/private-action-runner/values.yaml | 114 +++++++++--------- 6 files changed, 68 insertions(+), 60 deletions(-) diff --git a/charts/private-action-runner/CHANGELOG.md b/charts/private-action-runner/CHANGELOG.md index 8867e61e1..50be67a2a 100644 --- a/charts/private-action-runner/CHANGELOG.md +++ b/charts/private-action-runner/CHANGELOG.md @@ -1,5 +1,9 @@ # Datadog changelog +### 0.8.1 + +* Minor tweaks to YAML formatting in the runner configuration + ### 0.8.0 * Send MANAGED_BY environment variable to container. Update private action image version to `v0.0.1-alpha28`. diff --git a/charts/private-action-runner/Chart.yaml b/charts/private-action-runner/Chart.yaml index 39c06eaa1..ea38ebe1c 100644 --- a/charts/private-action-runner/Chart.yaml +++ b/charts/private-action-runner/Chart.yaml @@ -3,7 +3,7 @@ name: private-action-runner description: A Helm chart to deploy the private action runner type: application -version: 0.8.0 +version: 0.8.1 appVersion: "1.22.0" keywords: - app builder diff --git a/charts/private-action-runner/README.md b/charts/private-action-runner/README.md index c6ac82999..43024d616 100644 --- a/charts/private-action-runner/README.md +++ b/charts/private-action-runner/README.md @@ -1,6 +1,6 @@ # Datadog Private Action Runner -![Version: 0.8.0](https://img.shields.io/badge/Version-0.8.0-informational?style=flat-square) ![AppVersion: v0.0.1-alpha28](https://img.shields.io/badge/AppVersion-v0.0.1--alpha28-informational?style=flat-square) +![Version: 0.8.1](https://img.shields.io/badge/Version-0.8.1-informational?style=flat-square) ![AppVersion: v0.0.1-alpha28](https://img.shields.io/badge/AppVersion-v0.0.1--alpha28-informational?style=flat-square) This Helm Chart deploys the Datadog Private Action runner inside a Kubernetes cluster. It allows you to use private actions from the Datadog Workflow and Datadog App Builder products. When deploying this chart, you can give permissions to the runner in order to be able to run Kubernetes actions. diff --git a/charts/private-action-runner/README.md.gotmpl b/charts/private-action-runner/README.md.gotmpl index aab9b83f9..c3b811d02 100644 --- a/charts/private-action-runner/README.md.gotmpl +++ b/charts/private-action-runner/README.md.gotmpl @@ -1,6 +1,6 @@ # Datadog Private Action Runner -![Version: 0.8.0](https://img.shields.io/badge/Version-0.8.0-informational?style=flat-square) ![AppVersion: v0.0.1-alpha28](https://img.shields.io/badge/AppVersion-v0.0.1--alpha28-informational?style=flat-square) +![Version: 0.8.1](https://img.shields.io/badge/Version-0.8.1-informational?style=flat-square) ![AppVersion: v0.0.1-alpha28](https://img.shields.io/badge/AppVersion-v0.0.1--alpha28-informational?style=flat-square) This Helm Chart deploys the Datadog Private Action runner inside a Kubernetes cluster. It allows you to use private actions from the Datadog Workflow and Datadog App Builder products. When deploying this chart, you can give permissions to the runner in order to be able to run Kubernetes actions. diff --git a/charts/private-action-runner/examples/config.yaml b/charts/private-action-runner/examples/config.yaml index d3e58d25b..283f4529b 100644 --- a/charts/private-action-runner/examples/config.yaml +++ b/charts/private-action-runner/examples/config.yaml @@ -26,7 +26,9 @@ runners: config: urn: "URN_FROM_CONFIG" privateKey: "PRIVATE_KEY_FROM_CONFIG" - modes: ["workflowAutomation", "appBuilder"] + modes: + - "workflowAutomation" + - "appBuilder" appBuilder: port: 9016 actionsAllowlist: diff --git a/charts/private-action-runner/values.yaml b/charts/private-action-runner/values.yaml index 6f03266d9..794dd5d9a 100644 --- a/charts/private-action-runner/values.yaml +++ b/charts/private-action-runner/values.yaml @@ -46,65 +46,67 @@ runners: # -- The runner's privateKey from the enrollment page privateKey: "PRIVATE_KEY_FROM_CONFIG" # -- Modes that the runner can run in - modes: ["workflowAutomation", "appBuilder"] + modes: + - "workflowAutomation" + - "appBuilder" appBuilder: # -- Required port for App Builder Mode port: 9016 # -- List of actions that the Datadog Private Action Runner is allowed to execute actionsAllowlist: - com.datadoghq.kubernetes.core.listPod - # you can also add from the following list - # - com.datadoghq.http.request - # - com.datadoghq.jenkins.buildJenkinsJob - # - com.datadoghq.jenkins.deleteJenkinsJob - # - com.datadoghq.jenkins.getJobStatus - # - com.datadoghq.kubernetes.apps.createDeployment - # - com.datadoghq.kubernetes.apps.getControllerRevision - # - com.datadoghq.kubernetes.apps.getDaemonSet - # - com.datadoghq.kubernetes.apps.getDeployment - # - com.datadoghq.kubernetes.apps.getReplicaSet - # - com.datadoghq.kubernetes.apps.getStatefulSet - # - com.datadoghq.kubernetes.apps.listControllerRevision - # - com.datadoghq.kubernetes.apps.listDaemonSet - # - com.datadoghq.kubernetes.apps.listDeployment - # - com.datadoghq.kubernetes.apps.listReplicaSet - # - com.datadoghq.kubernetes.apps.listStatefulSet - # - com.datadoghq.kubernetes.apps.restartDeployment - # - com.datadoghq.kubernetes.apps.updateDeployment - # - com.datadoghq.kubernetes.apps.updateReplicaSet - # - com.datadoghq.kubernetes.core.createNode - # - com.datadoghq.kubernetes.core.createPod - # - com.datadoghq.kubernetes.core.deleteMultiplePods - # - com.datadoghq.kubernetes.core.deletePod - # - com.datadoghq.kubernetes.core.getConfigMap - # - com.datadoghq.kubernetes.core.getEndpoints - # - com.datadoghq.kubernetes.core.getEvent - # - com.datadoghq.kubernetes.core.getLimitRange - # - com.datadoghq.kubernetes.core.getNamespace - # - com.datadoghq.kubernetes.core.getNode - # - com.datadoghq.kubernetes.core.getPersistentVolume - # - com.datadoghq.kubernetes.core.getPersistentVolumeClaim - # - com.datadoghq.kubernetes.core.getPod - # - com.datadoghq.kubernetes.core.getPodTemplate - # - com.datadoghq.kubernetes.core.getReplicationController - # - com.datadoghq.kubernetes.core.getResourceQuota - # - com.datadoghq.kubernetes.core.getService - # - com.datadoghq.kubernetes.core.getServiceAccount - # - com.datadoghq.kubernetes.core.listConfigMap - # - com.datadoghq.kubernetes.core.listEndpoints - # - com.datadoghq.kubernetes.core.listEvent - # - com.datadoghq.kubernetes.core.listLimitRange - # - com.datadoghq.kubernetes.core.listNamespace - # - com.datadoghq.kubernetes.core.listNode - # - com.datadoghq.kubernetes.core.listPersistentVolume - # - com.datadoghq.kubernetes.core.listPersistentVolumeClaim - # - com.datadoghq.kubernetes.core.listPodTemplate - # - com.datadoghq.kubernetes.core.listReplicationController - # - com.datadoghq.kubernetes.core.listResourceQuota - # - com.datadoghq.kubernetes.core.listService - # - com.datadoghq.kubernetes.core.listServiceAccount - # - com.datadoghq.kubernetes.core.updatePod - # - com.datadoghq.postgresql.select - # - com.datadoghq.temporal.getWorkflowResult - # - com.datadoghq.temporal.listWorkflows - # - com.datadoghq.temporal.runWorkflow + # you can also add from the following list + # - com.datadoghq.http.request + # - com.datadoghq.jenkins.buildJenkinsJob + # - com.datadoghq.jenkins.deleteJenkinsJob + # - com.datadoghq.jenkins.getJobStatus + # - com.datadoghq.kubernetes.apps.createDeployment + # - com.datadoghq.kubernetes.apps.getControllerRevision + # - com.datadoghq.kubernetes.apps.getDaemonSet + # - com.datadoghq.kubernetes.apps.getDeployment + # - com.datadoghq.kubernetes.apps.getReplicaSet + # - com.datadoghq.kubernetes.apps.getStatefulSet + # - com.datadoghq.kubernetes.apps.listControllerRevision + # - com.datadoghq.kubernetes.apps.listDaemonSet + # - com.datadoghq.kubernetes.apps.listDeployment + # - com.datadoghq.kubernetes.apps.listReplicaSet + # - com.datadoghq.kubernetes.apps.listStatefulSet + # - com.datadoghq.kubernetes.apps.restartDeployment + # - com.datadoghq.kubernetes.apps.updateDeployment + # - com.datadoghq.kubernetes.apps.updateReplicaSet + # - com.datadoghq.kubernetes.core.createNode + # - com.datadoghq.kubernetes.core.createPod + # - com.datadoghq.kubernetes.core.deleteMultiplePods + # - com.datadoghq.kubernetes.core.deletePod + # - com.datadoghq.kubernetes.core.getConfigMap + # - com.datadoghq.kubernetes.core.getEndpoints + # - com.datadoghq.kubernetes.core.getEvent + # - com.datadoghq.kubernetes.core.getLimitRange + # - com.datadoghq.kubernetes.core.getNamespace + # - com.datadoghq.kubernetes.core.getNode + # - com.datadoghq.kubernetes.core.getPersistentVolume + # - com.datadoghq.kubernetes.core.getPersistentVolumeClaim + # - com.datadoghq.kubernetes.core.getPod + # - com.datadoghq.kubernetes.core.getPodTemplate + # - com.datadoghq.kubernetes.core.getReplicationController + # - com.datadoghq.kubernetes.core.getResourceQuota + # - com.datadoghq.kubernetes.core.getService + # - com.datadoghq.kubernetes.core.getServiceAccount + # - com.datadoghq.kubernetes.core.listConfigMap + # - com.datadoghq.kubernetes.core.listEndpoints + # - com.datadoghq.kubernetes.core.listEvent + # - com.datadoghq.kubernetes.core.listLimitRange + # - com.datadoghq.kubernetes.core.listNamespace + # - com.datadoghq.kubernetes.core.listNode + # - com.datadoghq.kubernetes.core.listPersistentVolume + # - com.datadoghq.kubernetes.core.listPersistentVolumeClaim + # - com.datadoghq.kubernetes.core.listPodTemplate + # - com.datadoghq.kubernetes.core.listReplicationController + # - com.datadoghq.kubernetes.core.listResourceQuota + # - com.datadoghq.kubernetes.core.listService + # - com.datadoghq.kubernetes.core.listServiceAccount + # - com.datadoghq.kubernetes.core.updatePod + # - com.datadoghq.postgresql.select + # - com.datadoghq.temporal.getWorkflowResult + # - com.datadoghq.temporal.listWorkflows + # - com.datadoghq.temporal.runWorkflow From fc00e53cac5e09c5ca91da1e8e08f39b5141a04f Mon Sep 17 00:00:00 2001 From: Waleed Sawan Date: Thu, 22 Aug 2024 13:00:00 -0700 Subject: [PATCH 108/209] [WF-8933] Bumping version to alpha29 (#1501) * bumping versions * re-running command --- charts/private-action-runner/CHANGELOG.md | 4 ++++ charts/private-action-runner/Chart.yaml | 2 +- charts/private-action-runner/README.md | 4 ++-- charts/private-action-runner/README.md.gotmpl | 2 +- charts/private-action-runner/values.yaml | 2 +- 5 files changed, 9 insertions(+), 5 deletions(-) diff --git a/charts/private-action-runner/CHANGELOG.md b/charts/private-action-runner/CHANGELOG.md index 50be67a2a..7269e40fc 100644 --- a/charts/private-action-runner/CHANGELOG.md +++ b/charts/private-action-runner/CHANGELOG.md @@ -1,5 +1,9 @@ # Datadog changelog +### 0.9.0 + +* Update private action image version to `v0.0.1-alpha29`. + ### 0.8.1 * Minor tweaks to YAML formatting in the runner configuration diff --git a/charts/private-action-runner/Chart.yaml b/charts/private-action-runner/Chart.yaml index ea38ebe1c..439a4f2d7 100644 --- a/charts/private-action-runner/Chart.yaml +++ b/charts/private-action-runner/Chart.yaml @@ -3,7 +3,7 @@ name: private-action-runner description: A Helm chart to deploy the private action runner type: application -version: 0.8.1 +version: 0.9.0 appVersion: "1.22.0" keywords: - app builder diff --git a/charts/private-action-runner/README.md b/charts/private-action-runner/README.md index 43024d616..8f35f140c 100644 --- a/charts/private-action-runner/README.md +++ b/charts/private-action-runner/README.md @@ -1,6 +1,6 @@ # Datadog Private Action Runner -![Version: 0.8.1](https://img.shields.io/badge/Version-0.8.1-informational?style=flat-square) ![AppVersion: v0.0.1-alpha28](https://img.shields.io/badge/AppVersion-v0.0.1--alpha28-informational?style=flat-square) +![Version: 0.9.0](https://img.shields.io/badge/Version-0.9.0-informational?style=flat-square) ![AppVersion: v0.0.1-alpha29](https://img.shields.io/badge/AppVersion-v0.0.1--alpha29-informational?style=flat-square) This Helm Chart deploys the Datadog Private Action runner inside a Kubernetes cluster. It allows you to use private actions from the Datadog Workflow and Datadog App Builder products. When deploying this chart, you can give permissions to the runner in order to be able to run Kubernetes actions. @@ -99,7 +99,7 @@ helm install ./private-action-runner -f ./config.yaml | Key | Type | Default | Description | |-----|------|---------|-------------| -| common.image | object | `{"repository":"us-east4-docker.pkg.dev/datadog-sandbox/apps-on-prem/onprem-runner","tag":"v0.0.1-alpha28"}` | Current Datadog Private Action Runner image | +| common.image | object | `{"repository":"us-east4-docker.pkg.dev/datadog-sandbox/apps-on-prem/onprem-runner","tag":"v0.0.1-alpha29"}` | Current Datadog Private Action Runner image | | runners[0].config | object | `{"actionsAllowlist":["com.datadoghq.kubernetes.core.listPod"],"appBuilder":{"port":9016},"ddBaseURL":"https://app.datadoghq.com","modes":["workflowAutomation","appBuilder"],"privateKey":"PRIVATE_KEY_FROM_CONFIG","urn":"URN_FROM_CONFIG"}` | Configuration for the Datadog Private Action Runner | | runners[0].config.actionsAllowlist | list | `["com.datadoghq.kubernetes.core.listPod"]` | List of actions that the Datadog Private Action Runner is allowed to execute | | runners[0].config.appBuilder.port | int | `9016` | Required port for App Builder Mode | diff --git a/charts/private-action-runner/README.md.gotmpl b/charts/private-action-runner/README.md.gotmpl index c3b811d02..02db05757 100644 --- a/charts/private-action-runner/README.md.gotmpl +++ b/charts/private-action-runner/README.md.gotmpl @@ -1,6 +1,6 @@ # Datadog Private Action Runner -![Version: 0.8.1](https://img.shields.io/badge/Version-0.8.1-informational?style=flat-square) ![AppVersion: v0.0.1-alpha28](https://img.shields.io/badge/AppVersion-v0.0.1--alpha28-informational?style=flat-square) +![Version: 0.9.0](https://img.shields.io/badge/Version-0.9.0-informational?style=flat-square) ![AppVersion: v0.0.1-alpha29](https://img.shields.io/badge/AppVersion-v0.0.1--alpha29-informational?style=flat-square) This Helm Chart deploys the Datadog Private Action runner inside a Kubernetes cluster. It allows you to use private actions from the Datadog Workflow and Datadog App Builder products. When deploying this chart, you can give permissions to the runner in order to be able to run Kubernetes actions. diff --git a/charts/private-action-runner/values.yaml b/charts/private-action-runner/values.yaml index 794dd5d9a..d95e8b700 100644 --- a/charts/private-action-runner/values.yaml +++ b/charts/private-action-runner/values.yaml @@ -6,7 +6,7 @@ common: # -- Current Datadog Private Action Runner image image: repository: us-east4-docker.pkg.dev/datadog-sandbox/apps-on-prem/onprem-runner - tag: v0.0.1-alpha28 + tag: v0.0.1-alpha29 runners: # runners[0].name -- Name of the Datadog Private Action Runner From 044d784f9e6c7d3a66d93625a49968ee40fcdda5 Mon Sep 17 00:00:00 2001 From: Jennifer Chen <32009013+jennchenn@users.noreply.github.com> Date: Fri, 23 Aug 2024 12:18:31 -0400 Subject: [PATCH 109/209] Update helm chart to allow kubelet core check enabled to be set to false (#1502) --- charts/datadog/CHANGELOG.md | 6 +++++- charts/datadog/Chart.yaml | 2 +- charts/datadog/README.md | 2 +- charts/datadog/templates/_container-agent.yaml | 4 +--- 4 files changed, 8 insertions(+), 6 deletions(-) diff --git a/charts/datadog/CHANGELOG.md b/charts/datadog/CHANGELOG.md index 993299200..3cedf1cd9 100644 --- a/charts/datadog/CHANGELOG.md +++ b/charts/datadog/CHANGELOG.md @@ -1,5 +1,9 @@ # Datadog changelog +## 3.70.1 + +* Fix datadog.kubelet.coreCheckEnabled conditional statement to accept false value + ## 3.70.0 * Set default `Agent` and `Cluster-Agent` version to `7.56.0`. @@ -22,7 +26,7 @@ ## 3.68.2 -* Fix datadog.containerLifecycle.enabled conditional statement to accept flase value +* Fix datadog.containerLifecycle.enabled conditional statement to accept false value ## 3.68.1 diff --git a/charts/datadog/Chart.yaml b/charts/datadog/Chart.yaml index 9edc12d62..2da27be4a 100644 --- a/charts/datadog/Chart.yaml +++ b/charts/datadog/Chart.yaml @@ -1,6 +1,6 @@ apiVersion: v1 name: datadog -version: 3.70.0 +version: 3.70.1 appVersion: "7" description: Datadog Agent keywords: diff --git a/charts/datadog/README.md b/charts/datadog/README.md index f54b1288c..2ed98c467 100644 --- a/charts/datadog/README.md +++ b/charts/datadog/README.md @@ -1,6 +1,6 @@ # Datadog -![Version: 3.70.0](https://img.shields.io/badge/Version-3.70.0-informational?style=flat-square) ![AppVersion: 7](https://img.shields.io/badge/AppVersion-7-informational?style=flat-square) +![Version: 3.70.1](https://img.shields.io/badge/Version-3.70.1-informational?style=flat-square) ![AppVersion: 7](https://img.shields.io/badge/AppVersion-7-informational?style=flat-square) [Datadog](https://www.datadoghq.com/) is a hosted infrastructure monitoring platform. This chart adds the Datadog Agent to all nodes in your cluster via a DaemonSet. It also optionally depends on the [kube-state-metrics chart](https://github.com/prometheus-community/helm-charts/tree/main/charts/kube-state-metrics). For more information about monitoring Kubernetes with Datadog, please refer to the [Datadog documentation website](https://docs.datadoghq.com/agent/basic_agent_usage/kubernetes/). diff --git a/charts/datadog/templates/_container-agent.yaml b/charts/datadog/templates/_container-agent.yaml index 7bc011e1c..f31887ad0 100644 --- a/charts/datadog/templates/_container-agent.yaml +++ b/charts/datadog/templates/_container-agent.yaml @@ -189,10 +189,8 @@ value: /host {{- end }} {{- end }} - {{- if .Values.datadog.kubelet.coreCheckEnabled }} - name: DD_KUBELET_CORE_CHECK_ENABLED - value: {{ .Values.datadog.kubelet.coreCheckEnabled | quote }} - {{- end }} + value: {{ .Values.datadog.kubelet.coreCheckEnabled | quote | default "true" }} {{- if eq (include "should-enable-otel-agent" .) "true" }} - name: DD_OTELCOLLECTOR_ENABLED value: "true" From ae7ce287c816687ed9403cf74524eeaaeb15175e Mon Sep 17 00:00:00 2001 From: Steven Blumenthal Date: Tue, 27 Aug 2024 14:40:53 -0400 Subject: [PATCH 110/209] Add admission controller port to cilium network policy for the cluster agent (#1505) --- charts/datadog/CHANGELOG.md | 4 ++++ charts/datadog/Chart.yaml | 2 +- charts/datadog/README.md | 2 +- .../cluster-agent-cilium-network-policy.yaml | 16 ++++++++++++++++ 4 files changed, 22 insertions(+), 2 deletions(-) diff --git a/charts/datadog/CHANGELOG.md b/charts/datadog/CHANGELOG.md index 3cedf1cd9..aeca3f648 100644 --- a/charts/datadog/CHANGELOG.md +++ b/charts/datadog/CHANGELOG.md @@ -1,5 +1,9 @@ # Datadog changelog +## 3.70.2 + +* Add admission controller port to cilium network policy for the cluster agent + ## 3.70.1 * Fix datadog.kubelet.coreCheckEnabled conditional statement to accept false value diff --git a/charts/datadog/Chart.yaml b/charts/datadog/Chart.yaml index 2da27be4a..6361e0afc 100644 --- a/charts/datadog/Chart.yaml +++ b/charts/datadog/Chart.yaml @@ -1,6 +1,6 @@ apiVersion: v1 name: datadog -version: 3.70.1 +version: 3.70.2 appVersion: "7" description: Datadog Agent keywords: diff --git a/charts/datadog/README.md b/charts/datadog/README.md index 2ed98c467..bb73d2f72 100644 --- a/charts/datadog/README.md +++ b/charts/datadog/README.md @@ -1,6 +1,6 @@ # Datadog -![Version: 3.70.1](https://img.shields.io/badge/Version-3.70.1-informational?style=flat-square) ![AppVersion: 7](https://img.shields.io/badge/AppVersion-7-informational?style=flat-square) +![Version: 3.70.2](https://img.shields.io/badge/Version-3.70.2-informational?style=flat-square) ![AppVersion: 7](https://img.shields.io/badge/AppVersion-7-informational?style=flat-square) [Datadog](https://www.datadoghq.com/) is a hosted infrastructure monitoring platform. This chart adds the Datadog Agent to all nodes in your cluster via a DaemonSet. It also optionally depends on the [kube-state-metrics chart](https://github.com/prometheus-community/helm-charts/tree/main/charts/kube-state-metrics). For more information about monitoring Kubernetes with Datadog, please refer to the [Datadog documentation website](https://docs.datadoghq.com/agent/basic_agent_usage/kubernetes/). diff --git a/charts/datadog/templates/cluster-agent-cilium-network-policy.yaml b/charts/datadog/templates/cluster-agent-cilium-network-policy.yaml index af98d78de..db2742802 100644 --- a/charts/datadog/templates/cluster-agent-cilium-network-policy.yaml +++ b/charts/datadog/templates/cluster-agent-cilium-network-policy.yaml @@ -189,4 +189,20 @@ specs: - port: {{ include "clusterAgent.metricsProvider.port" . | quote }} protocol: TCP {{- end }} +{{- if .Values.clusterAgent.admissionController.enabled }} + - description: Ingress from API server for admission controller + endpointSelector: + matchLabels: + app: {{ template "datadog.fullname" . }}-cluster-agent + {{- if .Values.clusterAgent.podLabels }} + {{ toYaml .Values.clusterAgent.podLabels | indent 8 }} + {{- end }} + ingress: + - fromEntities: + - kube-apiserver + toPorts: + - ports: + - port: {{ .Values.clusterAgent.admissionController.port | quote }} + protocol: TCP +{{- end }} {{- end }} From 78ce3e0591065edf5d52133c3452e2fdd4d90818 Mon Sep 17 00:00:00 2001 From: Jeremy Hanna Date: Tue, 27 Aug 2024 16:51:33 -0400 Subject: [PATCH 111/209] [ASCII-2204] Update fips-proxy image tag to 1.1.4 release (#1496) Co-authored-by: fanny-jiang --- charts/datadog/CHANGELOG.md | 4 ++++ charts/datadog/Chart.yaml | 2 +- charts/datadog/README.md | 4 ++-- charts/datadog/values.yaml | 2 +- 4 files changed, 8 insertions(+), 4 deletions(-) diff --git a/charts/datadog/CHANGELOG.md b/charts/datadog/CHANGELOG.md index aeca3f648..6d5a07541 100644 --- a/charts/datadog/CHANGELOG.md +++ b/charts/datadog/CHANGELOG.md @@ -1,5 +1,9 @@ # Datadog changelog +## 3.70.3 + +* Update `fips.image.tag` to `1.1.4` + ## 3.70.2 * Add admission controller port to cilium network policy for the cluster agent diff --git a/charts/datadog/Chart.yaml b/charts/datadog/Chart.yaml index 6361e0afc..9f716efeb 100644 --- a/charts/datadog/Chart.yaml +++ b/charts/datadog/Chart.yaml @@ -1,6 +1,6 @@ apiVersion: v1 name: datadog -version: 3.70.2 +version: 3.70.3 appVersion: "7" description: Datadog Agent keywords: diff --git a/charts/datadog/README.md b/charts/datadog/README.md index bb73d2f72..a1ad65e6a 100644 --- a/charts/datadog/README.md +++ b/charts/datadog/README.md @@ -1,6 +1,6 @@ # Datadog -![Version: 3.70.2](https://img.shields.io/badge/Version-3.70.2-informational?style=flat-square) ![AppVersion: 7](https://img.shields.io/badge/AppVersion-7-informational?style=flat-square) +![Version: 3.70.3](https://img.shields.io/badge/Version-3.70.3-informational?style=flat-square) ![AppVersion: 7](https://img.shields.io/badge/AppVersion-7-informational?style=flat-square) [Datadog](https://www.datadoghq.com/) is a hosted infrastructure monitoring platform. This chart adds the Datadog Agent to all nodes in your cluster via a DaemonSet. It also optionally depends on the [kube-state-metrics chart](https://github.com/prometheus-community/helm-charts/tree/main/charts/kube-state-metrics). For more information about monitoring Kubernetes with Datadog, please refer to the [Datadog documentation website](https://docs.datadoghq.com/agent/basic_agent_usage/kubernetes/). @@ -853,7 +853,7 @@ helm install \ | fips.image.name | string | `"fips-proxy"` | | | fips.image.pullPolicy | string | `"IfNotPresent"` | Datadog the FIPS sidecar image pull policy | | fips.image.repository | string | `nil` | Override default registry + image.name for the FIPS sidecar container. | -| fips.image.tag | string | `"1.1.3"` | Define the FIPS sidecar container version to use. | +| fips.image.tag | string | `"1.1.4"` | Define the FIPS sidecar container version to use. | | fips.local_address | string | `"127.0.0.1"` | Set local IP address | | fips.port | int | `9803` | Specifies which port is used by the containers to communicate to the FIPS sidecar. | | fips.portRange | int | `15` | Specifies the number of ports used, defaults to 13 https://github.com/DataDog/datadog-agent/blob/7.44.x/pkg/config/config.go#L1564-L1577 | diff --git a/charts/datadog/values.yaml b/charts/datadog/values.yaml index 39e255ab4..2d8866129 100644 --- a/charts/datadog/values.yaml +++ b/charts/datadog/values.yaml @@ -1405,7 +1405,7 @@ fips: name: fips-proxy # fips.image.tag -- Define the FIPS sidecar container version to use. - tag: 1.1.3 + tag: 1.1.4 # fips.image.pullPolicy -- Datadog the FIPS sidecar image pull policy pullPolicy: IfNotPresent From fb73823f903be9e516fad3f5df3c13d41df58c30 Mon Sep 17 00:00:00 2001 From: Daniel Tafoya <63120739+daniel-taf@users.noreply.github.com> Date: Wed, 28 Aug 2024 11:15:49 -0400 Subject: [PATCH 112/209] [PROCS-4293] Improve support for `processAgent.runInCoreAgent` feature (#1504) * Improve support for run in core agent feature * Update CHANGELONG and docs * Remove check for enabled process checks * Update CHANGELOG and docs * Update Chart.yaml * Update README.md --- charts/datadog/CHANGELOG.md | 4 ++ charts/datadog/Chart.yaml | 2 +- charts/datadog/README.md | 2 +- .../datadog/templates/_container-agent.yaml | 2 +- .../templates/_daemonset-volumes-linux.yaml | 2 +- charts/datadog/templates/_helpers.tpl | 41 ++++++++++++++----- .../templates/_processes-common-env.yaml | 6 +-- test/datadog/process_agent_test.go | 23 +++++++++-- .../values/process-run-in-core-envvars.yaml | 10 +++++ 9 files changed, 71 insertions(+), 21 deletions(-) create mode 100644 test/datadog/values/process-run-in-core-envvars.yaml diff --git a/charts/datadog/CHANGELOG.md b/charts/datadog/CHANGELOG.md index 6d5a07541..091cf5e3d 100644 --- a/charts/datadog/CHANGELOG.md +++ b/charts/datadog/CHANGELOG.md @@ -1,5 +1,9 @@ # Datadog changelog +## 3.70.4 + +* Improve support for `processAgent.runInCoreAgent` feature. + ## 3.70.3 * Update `fips.image.tag` to `1.1.4` diff --git a/charts/datadog/Chart.yaml b/charts/datadog/Chart.yaml index 9f716efeb..043ca9b2c 100644 --- a/charts/datadog/Chart.yaml +++ b/charts/datadog/Chart.yaml @@ -1,6 +1,6 @@ apiVersion: v1 name: datadog -version: 3.70.3 +version: 3.70.4 appVersion: "7" description: Datadog Agent keywords: diff --git a/charts/datadog/README.md b/charts/datadog/README.md index a1ad65e6a..ab114d768 100644 --- a/charts/datadog/README.md +++ b/charts/datadog/README.md @@ -1,6 +1,6 @@ # Datadog -![Version: 3.70.3](https://img.shields.io/badge/Version-3.70.3-informational?style=flat-square) ![AppVersion: 7](https://img.shields.io/badge/AppVersion-7-informational?style=flat-square) +![Version: 3.70.4](https://img.shields.io/badge/Version-3.70.4-informational?style=flat-square) ![AppVersion: 7](https://img.shields.io/badge/AppVersion-7-informational?style=flat-square) [Datadog](https://www.datadoghq.com/) is a hosted infrastructure monitoring platform. This chart adds the Datadog Agent to all nodes in your cluster via a DaemonSet. It also optionally depends on the [kube-state-metrics chart](https://github.com/prometheus-community/helm-charts/tree/main/charts/kube-state-metrics). For more information about monitoring Kubernetes with Datadog, please refer to the [Datadog documentation website](https://docs.datadoghq.com/agent/basic_agent_usage/kubernetes/). diff --git a/charts/datadog/templates/_container-agent.yaml b/charts/datadog/templates/_container-agent.yaml index f31887ad0..90200d49e 100644 --- a/charts/datadog/templates/_container-agent.yaml +++ b/charts/datadog/templates/_container-agent.yaml @@ -251,7 +251,7 @@ mountPath: /host/sys/fs/cgroup mountPropagation: {{ .Values.datadog.hostVolumeMountPropagation }} readOnly: true - {{- if .Values.datadog.processAgent.runInCoreAgent }} + {{- if (eq (include "should-run-process-checks-on-core-agent" .) "true") }} - name: passwd mountPath: /etc/passwd readOnly: true diff --git a/charts/datadog/templates/_daemonset-volumes-linux.yaml b/charts/datadog/templates/_daemonset-volumes-linux.yaml index dfada4947..39ce80f63 100644 --- a/charts/datadog/templates/_daemonset-volumes-linux.yaml +++ b/charts/datadog/templates/_daemonset-volumes-linux.yaml @@ -137,7 +137,7 @@ name: btf-path {{- end }} {{- end }} -{{- if or (eq (include "process-checks-enabled" .) "true") .Values.datadog.processAgent.runInCoreAgent (eq (include "should-enable-system-probe" .) "true") (eq (include "should-enable-security-agent" .) "true") }} +{{- if or (eq (include "process-checks-enabled" .) "true") (eq (include "should-run-process-checks-on-core-agent" .) "true") (eq (include "should-enable-system-probe" .) "true") (eq (include "should-enable-security-agent" .) "true") }} - hostPath: path: /etc/passwd name: passwd diff --git a/charts/datadog/templates/_helpers.tpl b/charts/datadog/templates/_helpers.tpl index a45cdadb7..a67ce9c9b 100644 --- a/charts/datadog/templates/_helpers.tpl +++ b/charts/datadog/templates/_helpers.tpl @@ -943,30 +943,49 @@ Create RBACs for custom resources Return true if any process-related check is enabled */}} {{- define "process-checks-enabled" -}} - {{- if or .Values.datadog.processAgent.containerCollection .Values.datadog.processAgent.processCollection .Values.datadog.processAgent.processDiscovery .Values.datadog.apm.instrumentation.language_detection.enabled -}} + {{- if or .Values.datadog.processAgent.containerCollection .Values.datadog.processAgent.processCollection .Values.datadog.processAgent.processDiscovery (eq (include "language-detection-enabled" .) "true") -}} true {{- else -}} false {{- end -}} {{- end -}} +{{/* + Return value of "DD_PROCESS_CONFIG_RUN_IN_CORE_AGENT_ENABLED" env var in core agent container. +*/}} +{{- define "get-process-checks-in-core-agent-envvar" -}} + {{- range .Values.agents.containers.agent.env -}} + {{- if eq .name "DD_PROCESS_CONFIG_RUN_IN_CORE_AGENT_ENABLED" -}} + {{- .value -}} + {{- end -}} + {{- end -}} +{{- end -}} + +{{/* + Returns true if process-related checks should run on the core agent. +*/}} +{{- define "should-run-process-checks-on-core-agent" -}} + {{- if ne .Values.targetSystem "linux" -}} + false + {{- else if (ne (include "get-process-checks-in-core-agent-envvar" .) "") -}} + {{- include "get-process-checks-in-core-agent-envvar" . -}} + {{- else if and (not .Values.agents.image.doNotCheckTag) .Values.datadog.processAgent.runInCoreAgent (semverCompare ">=7.53.0-0" (include "get-agent-version" .)) -}} + true + {{- else -}} + false + {{- end -}} +{{- end -}} + {{/* Returns true if the process-agent container should be created. */}} {{- define "should-enable-process-agent" -}} {{- if or .Values.datadog.networkMonitoring.enabled .Values.datadog.serviceMonitoring.enabled -}} true - {{- else if and (eq .Values.targetSystem "windows") (eq (include "process-checks-enabled" .) "true") -}} + {{- else if and (not .Values.agents.image.doNotCheckTag) (eq (include "should-enable-k8s-resource-monitoring" .) "true") (semverCompare "<=7.51.0-0" (include "get-agent-version" .)) -}} true - {{- else if not .Values.agents.image.doNotCheckTag -}} - {{- $version := (include "get-agent-version" .) -}} - {{- if and (eq (include "should-enable-k8s-resource-monitoring" .) "true") (semverCompare "<=7.51.0-0" $version) -}} - true - {{- else if and .Values.datadog.processAgent.runInCoreAgent (semverCompare ">=7.53.0-0" $version) -}} - false - {{- else -}} - {{- include "process-checks-enabled" . -}} - {{- end -}} + {{- else if (eq (include "should-run-process-checks-on-core-agent" .) "true") -}} + false {{- else -}} {{- include "process-checks-enabled" . -}} {{- end -}} diff --git a/charts/datadog/templates/_processes-common-env.yaml b/charts/datadog/templates/_processes-common-env.yaml index 016d744ac..41f723d26 100644 --- a/charts/datadog/templates/_processes-common-env.yaml +++ b/charts/datadog/templates/_processes-common-env.yaml @@ -8,8 +8,8 @@ value: {{ .Values.datadog.processAgent.processDiscovery | quote }} - name: DD_STRIP_PROCESS_ARGS value: {{ .Values.datadog.processAgent.stripProcessArguments | quote }} -{{- if eq .Values.targetSystem "linux" }} +{{- if and (eq .Values.targetSystem "linux") (eq (include "get-process-checks-in-core-agent-envvar" .) "") }} - name: DD_PROCESS_CONFIG_RUN_IN_CORE_AGENT_ENABLED - value: {{ .Values.datadog.processAgent.runInCoreAgent | quote }} -{{- end }} + value: {{ (include "should-run-process-checks-on-core-agent" .) | quote }} +{{- end }} {{- end -}} diff --git a/test/datadog/process_agent_test.go b/test/datadog/process_agent_test.go index 1b0693043..941bf00a7 100644 --- a/test/datadog/process_agent_test.go +++ b/test/datadog/process_agent_test.go @@ -230,6 +230,23 @@ func Test_processAgentConfigs(t *testing.T) { }, assertions: verifyLinuxRunInCoreAgentOld, }, + { + name: "enable process checks in core agent -- env var override", + command: common.HelmCommand{ + ReleaseName: "datadog", + ChartPath: "../../charts/datadog", + ShowOnly: []string{"templates/daemonset.yaml"}, + Values: []string{"../../charts/datadog/values.yaml", "values/process-run-in-core-envvars.yaml" }, + Overrides: map[string]string{ + "datadog.apiKeyExistingSecret": "datadog-secret", + "datadog.appKeyExistingSecret": "datadog-secret", + "datadog.processAgent.runInCoreAgent": "false", + "agents.image.doNotCheckTag": "true", + "datadog.processAgent.processCollection": "true", + }, + }, + assertions: verifyLinuxRunInCoreAgent, + }, } for _, tt := range tests { @@ -368,14 +385,14 @@ func verifyLinuxRunInCoreAgentOld(t *testing.T, manifest string) { assert.True(t, ok) coreEnvs := getEnvVarMap(coreAgentContainer.Env) assertDefaultCommonProcessEnvs(t, coreEnvs) - assert.Equal(t, "true", coreEnvs[DDProcessRunInCoreAgentEnabled]) - assert.True(t, getPasswdMount(t, coreAgentContainer.VolumeMounts)) + assert.Equal(t, "false", coreEnvs[DDProcessRunInCoreAgentEnabled]) + assert.False(t, getPasswdMount(t, coreAgentContainer.VolumeMounts)) processAgentContainer, ok := getContainer(t, deployment.Spec.Template.Spec.Containers, "process-agent") assert.True(t, ok) processEnvs := getEnvVarMap(processAgentContainer.Env) assertDefaultCommonProcessEnvs(t, processEnvs) - assert.Equal(t, "true", coreEnvs[DDProcessRunInCoreAgentEnabled]) + assert.Equal(t, "false", coreEnvs[DDProcessRunInCoreAgentEnabled]) assert.True(t, getPasswdMount(t, processAgentContainer.VolumeMounts)) } diff --git a/test/datadog/values/process-run-in-core-envvars.yaml b/test/datadog/values/process-run-in-core-envvars.yaml new file mode 100644 index 000000000..3401bac9a --- /dev/null +++ b/test/datadog/values/process-run-in-core-envvars.yaml @@ -0,0 +1,10 @@ +agents: + containers: + agent: + env: + - name: DD_PROCESS_CONFIG_RUN_IN_CORE_AGENT_ENABLED + value: "true" + processAgent: + env: + - name: DD_PROCESS_CONFIG_RUN_IN_CORE_AGENT_ENABLED + value: "true" From 3de3e06fe2840d7806b73b72516cf73e561c4774 Mon Sep 17 00:00:00 2001 From: Jennifer Chen <32009013+jennchenn@users.noreply.github.com> Date: Thu, 29 Aug 2024 10:51:28 -0400 Subject: [PATCH 113/209] Set default agent/cluster agent version to 7.56.1 (#1510) --- charts/datadog/CHANGELOG.md | 4 ++++ charts/datadog/Chart.yaml | 2 +- charts/datadog/README.md | 8 ++++---- charts/datadog/values.yaml | 6 +++--- 4 files changed, 12 insertions(+), 8 deletions(-) diff --git a/charts/datadog/CHANGELOG.md b/charts/datadog/CHANGELOG.md index 091cf5e3d..415a0212c 100644 --- a/charts/datadog/CHANGELOG.md +++ b/charts/datadog/CHANGELOG.md @@ -1,5 +1,9 @@ # Datadog changelog +## 3.70.5 + +* Set default `Agent` and `Cluster-Agent` version to `7.56.1`. + ## 3.70.4 * Improve support for `processAgent.runInCoreAgent` feature. diff --git a/charts/datadog/Chart.yaml b/charts/datadog/Chart.yaml index 043ca9b2c..3a619bd20 100644 --- a/charts/datadog/Chart.yaml +++ b/charts/datadog/Chart.yaml @@ -1,6 +1,6 @@ apiVersion: v1 name: datadog -version: 3.70.4 +version: 3.70.5 appVersion: "7" description: Datadog Agent keywords: diff --git a/charts/datadog/README.md b/charts/datadog/README.md index ab114d768..0ad03910d 100644 --- a/charts/datadog/README.md +++ b/charts/datadog/README.md @@ -1,6 +1,6 @@ # Datadog -![Version: 3.70.4](https://img.shields.io/badge/Version-3.70.4-informational?style=flat-square) ![AppVersion: 7](https://img.shields.io/badge/AppVersion-7-informational?style=flat-square) +![Version: 3.70.5](https://img.shields.io/badge/Version-3.70.5-informational?style=flat-square) ![AppVersion: 7](https://img.shields.io/badge/AppVersion-7-informational?style=flat-square) [Datadog](https://www.datadoghq.com/) is a hosted infrastructure monitoring platform. This chart adds the Datadog Agent to all nodes in your cluster via a DaemonSet. It also optionally depends on the [kube-state-metrics chart](https://github.com/prometheus-community/helm-charts/tree/main/charts/kube-state-metrics). For more information about monitoring Kubernetes with Datadog, please refer to the [Datadog documentation website](https://docs.datadoghq.com/agent/basic_agent_usage/kubernetes/). @@ -515,7 +515,7 @@ helm install \ | agents.image.pullPolicy | string | `"IfNotPresent"` | Datadog Agent image pull policy | | agents.image.pullSecrets | list | `[]` | Datadog Agent repository pullSecret (ex: specify docker registry credentials) | | agents.image.repository | string | `nil` | Override default registry + image.name for Agent | -| agents.image.tag | string | `"7.56.0"` | Define the Agent version to use | +| agents.image.tag | string | `"7.56.1"` | Define the Agent version to use | | agents.image.tagSuffix | string | `""` | Suffix to append to Agent tag | | agents.localService.forceLocalServiceEnabled | bool | `false` | Force the creation of the internal traffic policy service to target the agent running on the local node. By default, the internal traffic service is created only on Kubernetes 1.22+ where the feature became beta and enabled by default. This option allows to force the creation of the internal traffic service on kubernetes 1.21 where the feature was alpha and required a feature gate to be explicitly enabled. | | agents.localService.overrideName | string | `""` | Name of the internal traffic service to target the agent running on the local node | @@ -590,7 +590,7 @@ helm install \ | clusterAgent.image.pullPolicy | string | `"IfNotPresent"` | Cluster Agent image pullPolicy | | clusterAgent.image.pullSecrets | list | `[]` | Cluster Agent repository pullSecret (ex: specify docker registry credentials) | | clusterAgent.image.repository | string | `nil` | Override default registry + image.name for Cluster Agent | -| clusterAgent.image.tag | string | `"7.56.0"` | Cluster Agent image tag to use | +| clusterAgent.image.tag | string | `"7.56.1"` | Cluster Agent image tag to use | | clusterAgent.livenessProbe | object | Every 15s / 6 KO / 1 OK | Override default Cluster Agent liveness probe settings | | clusterAgent.metricsProvider.aggregator | string | `"avg"` | Define the aggregator the cluster agent will use to process the metrics. The options are (avg, min, max, sum) | | clusterAgent.metricsProvider.createReaderRbac | bool | `true` | Create `external-metrics-reader` RBAC automatically (to allow HPA to read data from Cluster Agent) | @@ -642,7 +642,7 @@ helm install \ | clusterChecksRunner.image.pullPolicy | string | `"IfNotPresent"` | Datadog Agent image pull policy | | clusterChecksRunner.image.pullSecrets | list | `[]` | Datadog Agent repository pullSecret (ex: specify docker registry credentials) | | clusterChecksRunner.image.repository | string | `nil` | Override default registry + image.name for Cluster Check Runners | -| clusterChecksRunner.image.tag | string | `"7.56.0"` | Define the Agent version to use | +| clusterChecksRunner.image.tag | string | `"7.56.1"` | Define the Agent version to use | | clusterChecksRunner.image.tagSuffix | string | `""` | Suffix to append to Agent tag | | clusterChecksRunner.livenessProbe | object | Every 15s / 6 KO / 1 OK | Override default agent liveness probe settings | | clusterChecksRunner.networkPolicy.create | bool | `false` | If true, create a NetworkPolicy for the cluster checks runners. DEPRECATED. Use datadog.networkPolicy.create instead | diff --git a/charts/datadog/values.yaml b/charts/datadog/values.yaml index 2d8866129..d5f61caf9 100644 --- a/charts/datadog/values.yaml +++ b/charts/datadog/values.yaml @@ -955,7 +955,7 @@ clusterAgent: name: cluster-agent # clusterAgent.image.tag -- Cluster Agent image tag to use - tag: 7.56.0 + tag: 7.56.1 # clusterAgent.image.digest -- Cluster Agent image digest to use, takes precedence over tag if specified digest: "" @@ -1448,7 +1448,7 @@ agents: name: agent # agents.image.tag -- Define the Agent version to use - tag: 7.56.0 + tag: 7.56.1 # agents.image.digest -- Define Agent image digest to use, takes precedence over tag if specified digest: "" @@ -1954,7 +1954,7 @@ clusterChecksRunner: name: agent # clusterChecksRunner.image.tag -- Define the Agent version to use - tag: 7.56.0 + tag: 7.56.1 # clusterChecksRunner.image.digest -- Define Agent image digest to use, takes precedence over tag if specified digest: "" From 3097984ae336c57ada9a41b2e7a9032c58b99440 Mon Sep 17 00:00:00 2001 From: JacksonDavenport Date: Thu, 29 Aug 2024 10:24:20 -0700 Subject: [PATCH 114/209] [CONS-6524] Standardize example OpenShift values (#1506) * Standardize example OpenShift values * Apply suggestions from code review Co-authored-by: Sandra (neko) <165049174+neko-dd@users.noreply.github.com> --------- Co-authored-by: Sandra (neko) <165049174+neko-dd@users.noreply.github.com> --- .../datadog/agent_on_openshift_values.yaml | 20 ++++--------------- 1 file changed, 4 insertions(+), 16 deletions(-) diff --git a/examples/datadog/agent_on_openshift_values.yaml b/examples/datadog/agent_on_openshift_values.yaml index a95bea8c3..11d696786 100644 --- a/examples/datadog/agent_on_openshift_values.yaml +++ b/examples/datadog/agent_on_openshift_values.yaml @@ -1,11 +1,10 @@ -# Datadog Agent with Logs, APM, Processes, and System Probe enabled +# Datadog Agent with Logs, APM, and Processes # with specific configurations to work on OpenShift 4. # When installing the chart, install onto a non-default namespace with # `helm install --namespace ` due to existing SecurityContextConstraints # on the default namespace. For more details about setting appropriate security # constraints, see https://docs.datadoghq.com/integrations/openshift/ and # https://www.datadoghq.com/blog/openshift-monitoring-with-datadog/ - targetSystem: "linux" datadog: # apiKey: @@ -15,20 +14,15 @@ datadog: appKeyExistingSecret: clusterName: tags: [] - criSocketPath: /var/run/crio/crio.sock # Depending on your DNS/SSL setup, it might not be possible to verify the Kubelet cert properly # If you have proper CA, you can switch it to true kubelet: tlsVerify: false - confd: - cri.yaml: |- - init_config: - instances: - - collect_disk: true logs: enabled: false apm: - portEnabled: false + portEnabled: true + socketEnabled: false processAgent: enabled: true processCollection: false @@ -49,10 +43,4 @@ agents: clusterAgent: podSecurity: securityContextConstraints: - create: true -clusterChecksRunner: - enabled: true - replicas: 2 -kube-state-metrics: - securityContext: - enabled: false + create: true \ No newline at end of file From c475aa03d77df6115fed55a11a691db9e18fcf5e Mon Sep 17 00:00:00 2001 From: Dinesh Gurumurthy Date: Tue, 3 Sep 2024 19:47:05 +0530 Subject: [PATCH 115/209] Add note for OTel collector (#1497) * Add note for OTel collector * Update chart version --- charts/datadog/CHANGELOG.md | 4 ++++ charts/datadog/Chart.yaml | 2 +- charts/datadog/README.md | 2 +- charts/datadog/templates/NOTES.txt | 8 ++++++++ 4 files changed, 14 insertions(+), 2 deletions(-) diff --git a/charts/datadog/CHANGELOG.md b/charts/datadog/CHANGELOG.md index 415a0212c..1b4edecbc 100644 --- a/charts/datadog/CHANGELOG.md +++ b/charts/datadog/CHANGELOG.md @@ -1,5 +1,9 @@ # Datadog changelog +## 3.70.6 + +* Add private beta note for OTel Collector. + ## 3.70.5 * Set default `Agent` and `Cluster-Agent` version to `7.56.1`. diff --git a/charts/datadog/Chart.yaml b/charts/datadog/Chart.yaml index 3a619bd20..9d68affa5 100644 --- a/charts/datadog/Chart.yaml +++ b/charts/datadog/Chart.yaml @@ -1,6 +1,6 @@ apiVersion: v1 name: datadog -version: 3.70.5 +version: 3.70.6 appVersion: "7" description: Datadog Agent keywords: diff --git a/charts/datadog/README.md b/charts/datadog/README.md index 0ad03910d..37232aa31 100644 --- a/charts/datadog/README.md +++ b/charts/datadog/README.md @@ -1,6 +1,6 @@ # Datadog -![Version: 3.70.5](https://img.shields.io/badge/Version-3.70.5-informational?style=flat-square) ![AppVersion: 7](https://img.shields.io/badge/AppVersion-7-informational?style=flat-square) +![Version: 3.70.6](https://img.shields.io/badge/Version-3.70.6-informational?style=flat-square) ![AppVersion: 7](https://img.shields.io/badge/AppVersion-7-informational?style=flat-square) [Datadog](https://www.datadoghq.com/) is a hosted infrastructure monitoring platform. This chart adds the Datadog Agent to all nodes in your cluster via a DaemonSet. It also optionally depends on the [kube-state-metrics chart](https://github.com/prometheus-community/helm-charts/tree/main/charts/kube-state-metrics). For more information about monitoring Kubernetes with Datadog, please refer to the [Datadog documentation website](https://docs.datadoghq.com/agent/basic_agent_usage/kubernetes/). diff --git a/charts/datadog/templates/NOTES.txt b/charts/datadog/templates/NOTES.txt index f179df69a..9201c6a04 100644 --- a/charts/datadog/templates/NOTES.txt +++ b/charts/datadog/templates/NOTES.txt @@ -599,3 +599,11 @@ More information about this change: https://github.com/DataDog/helm-charts/pull/ OTel collector is not supported on GKE Autopilot. {{- fail "The OTel collector cannot be run on GKE Autopilot." }} {{- end }} + + +{{- if (eq (include "should-enable-otel-agent" .) "true") }} +################################################################# +#### WARNING: Private Beta notice #### +################################################################# +OTel collector is in private beta. Please reach out to your Datadog representative for more information. +{{- end }} From bc09ff3950999aeea1ee142e055b6be452902feb Mon Sep 17 00:00:00 2001 From: Jennifer Chen <32009013+jennchenn@users.noreply.github.com> Date: Tue, 3 Sep 2024 11:34:57 -0400 Subject: [PATCH 116/209] Set default agent/cluster agent version 7.56.2 (#1516) --- charts/datadog/CHANGELOG.md | 4 ++++ charts/datadog/Chart.yaml | 2 +- charts/datadog/README.md | 8 ++++---- charts/datadog/values.yaml | 6 +++--- 4 files changed, 12 insertions(+), 8 deletions(-) diff --git a/charts/datadog/CHANGELOG.md b/charts/datadog/CHANGELOG.md index 1b4edecbc..78b424a6a 100644 --- a/charts/datadog/CHANGELOG.md +++ b/charts/datadog/CHANGELOG.md @@ -1,5 +1,9 @@ # Datadog changelog +## 3.70.7 + +* Set default `Agent` and `Cluster-Agent` version to `7.56.2`. + ## 3.70.6 * Add private beta note for OTel Collector. diff --git a/charts/datadog/Chart.yaml b/charts/datadog/Chart.yaml index 9d68affa5..9f0b0f3a0 100644 --- a/charts/datadog/Chart.yaml +++ b/charts/datadog/Chart.yaml @@ -1,6 +1,6 @@ apiVersion: v1 name: datadog -version: 3.70.6 +version: 3.70.7 appVersion: "7" description: Datadog Agent keywords: diff --git a/charts/datadog/README.md b/charts/datadog/README.md index 37232aa31..0edef6a9e 100644 --- a/charts/datadog/README.md +++ b/charts/datadog/README.md @@ -1,6 +1,6 @@ # Datadog -![Version: 3.70.6](https://img.shields.io/badge/Version-3.70.6-informational?style=flat-square) ![AppVersion: 7](https://img.shields.io/badge/AppVersion-7-informational?style=flat-square) +![Version: 3.70.7](https://img.shields.io/badge/Version-3.70.7-informational?style=flat-square) ![AppVersion: 7](https://img.shields.io/badge/AppVersion-7-informational?style=flat-square) [Datadog](https://www.datadoghq.com/) is a hosted infrastructure monitoring platform. This chart adds the Datadog Agent to all nodes in your cluster via a DaemonSet. It also optionally depends on the [kube-state-metrics chart](https://github.com/prometheus-community/helm-charts/tree/main/charts/kube-state-metrics). For more information about monitoring Kubernetes with Datadog, please refer to the [Datadog documentation website](https://docs.datadoghq.com/agent/basic_agent_usage/kubernetes/). @@ -515,7 +515,7 @@ helm install \ | agents.image.pullPolicy | string | `"IfNotPresent"` | Datadog Agent image pull policy | | agents.image.pullSecrets | list | `[]` | Datadog Agent repository pullSecret (ex: specify docker registry credentials) | | agents.image.repository | string | `nil` | Override default registry + image.name for Agent | -| agents.image.tag | string | `"7.56.1"` | Define the Agent version to use | +| agents.image.tag | string | `"7.56.2"` | Define the Agent version to use | | agents.image.tagSuffix | string | `""` | Suffix to append to Agent tag | | agents.localService.forceLocalServiceEnabled | bool | `false` | Force the creation of the internal traffic policy service to target the agent running on the local node. By default, the internal traffic service is created only on Kubernetes 1.22+ where the feature became beta and enabled by default. This option allows to force the creation of the internal traffic service on kubernetes 1.21 where the feature was alpha and required a feature gate to be explicitly enabled. | | agents.localService.overrideName | string | `""` | Name of the internal traffic service to target the agent running on the local node | @@ -590,7 +590,7 @@ helm install \ | clusterAgent.image.pullPolicy | string | `"IfNotPresent"` | Cluster Agent image pullPolicy | | clusterAgent.image.pullSecrets | list | `[]` | Cluster Agent repository pullSecret (ex: specify docker registry credentials) | | clusterAgent.image.repository | string | `nil` | Override default registry + image.name for Cluster Agent | -| clusterAgent.image.tag | string | `"7.56.1"` | Cluster Agent image tag to use | +| clusterAgent.image.tag | string | `"7.56.2"` | Cluster Agent image tag to use | | clusterAgent.livenessProbe | object | Every 15s / 6 KO / 1 OK | Override default Cluster Agent liveness probe settings | | clusterAgent.metricsProvider.aggregator | string | `"avg"` | Define the aggregator the cluster agent will use to process the metrics. The options are (avg, min, max, sum) | | clusterAgent.metricsProvider.createReaderRbac | bool | `true` | Create `external-metrics-reader` RBAC automatically (to allow HPA to read data from Cluster Agent) | @@ -642,7 +642,7 @@ helm install \ | clusterChecksRunner.image.pullPolicy | string | `"IfNotPresent"` | Datadog Agent image pull policy | | clusterChecksRunner.image.pullSecrets | list | `[]` | Datadog Agent repository pullSecret (ex: specify docker registry credentials) | | clusterChecksRunner.image.repository | string | `nil` | Override default registry + image.name for Cluster Check Runners | -| clusterChecksRunner.image.tag | string | `"7.56.1"` | Define the Agent version to use | +| clusterChecksRunner.image.tag | string | `"7.56.2"` | Define the Agent version to use | | clusterChecksRunner.image.tagSuffix | string | `""` | Suffix to append to Agent tag | | clusterChecksRunner.livenessProbe | object | Every 15s / 6 KO / 1 OK | Override default agent liveness probe settings | | clusterChecksRunner.networkPolicy.create | bool | `false` | If true, create a NetworkPolicy for the cluster checks runners. DEPRECATED. Use datadog.networkPolicy.create instead | diff --git a/charts/datadog/values.yaml b/charts/datadog/values.yaml index d5f61caf9..08c514e49 100644 --- a/charts/datadog/values.yaml +++ b/charts/datadog/values.yaml @@ -955,7 +955,7 @@ clusterAgent: name: cluster-agent # clusterAgent.image.tag -- Cluster Agent image tag to use - tag: 7.56.1 + tag: 7.56.2 # clusterAgent.image.digest -- Cluster Agent image digest to use, takes precedence over tag if specified digest: "" @@ -1448,7 +1448,7 @@ agents: name: agent # agents.image.tag -- Define the Agent version to use - tag: 7.56.1 + tag: 7.56.2 # agents.image.digest -- Define Agent image digest to use, takes precedence over tag if specified digest: "" @@ -1954,7 +1954,7 @@ clusterChecksRunner: name: agent # clusterChecksRunner.image.tag -- Define the Agent version to use - tag: 7.56.1 + tag: 7.56.2 # clusterChecksRunner.image.digest -- Define Agent image digest to use, takes precedence over tag if specified digest: "" From 08d686f3c14d4029767d97e2a8ec13e1c86bfd6b Mon Sep 17 00:00:00 2001 From: benjamin liu <34045252+liubenjamin@users.noreply.github.com> Date: Fri, 6 Sep 2024 13:24:08 -0700 Subject: [PATCH 117/209] [APPS-1924] Add ability to configure connection credentials in config.yaml (#1511) * add ability to configure connection credentials in config.yaml * address comments * fix file locations and postgresql format * fix invalid config keys * ignore helm-docs binary to avoid 'Request entity too large' --- charts/private-action-runner/.helmignore | 4 +- charts/private-action-runner/CHANGELOG.md | 4 + charts/private-action-runner/Chart.yaml | 2 +- charts/private-action-runner/README.md | 66 ++---------- charts/private-action-runner/README.md.gotmpl | 62 +---------- .../examples/config.yaml | 32 ++++++ .../templates/_helpers.tpl | 102 ++++++++++++++++++ .../templates/secrets.yaml | 4 + charts/private-action-runner/values.yaml | 15 +++ 9 files changed, 169 insertions(+), 122 deletions(-) diff --git a/charts/private-action-runner/.helmignore b/charts/private-action-runner/.helmignore index 691fa13d6..d618f3fcd 100644 --- a/charts/private-action-runner/.helmignore +++ b/charts/private-action-runner/.helmignore @@ -20,4 +20,6 @@ .project .idea/ *.tmproj -.vscode/ \ No newline at end of file +.vscode/ +# Binaries +helm-docs diff --git a/charts/private-action-runner/CHANGELOG.md b/charts/private-action-runner/CHANGELOG.md index 7269e40fc..2d1515106 100644 --- a/charts/private-action-runner/CHANGELOG.md +++ b/charts/private-action-runner/CHANGELOG.md @@ -1,5 +1,9 @@ # Datadog changelog +### 0.9.1 + +- Added ability to configure connection credentials in `config.yaml`. + ### 0.9.0 * Update private action image version to `v0.0.1-alpha29`. diff --git a/charts/private-action-runner/Chart.yaml b/charts/private-action-runner/Chart.yaml index 439a4f2d7..c92d24dad 100644 --- a/charts/private-action-runner/Chart.yaml +++ b/charts/private-action-runner/Chart.yaml @@ -3,7 +3,7 @@ name: private-action-runner description: A Helm chart to deploy the private action runner type: application -version: 0.9.0 +version: 0.9.1 appVersion: "1.22.0" keywords: - app builder diff --git a/charts/private-action-runner/README.md b/charts/private-action-runner/README.md index 8f35f140c..f3012b43f 100644 --- a/charts/private-action-runner/README.md +++ b/charts/private-action-runner/README.md @@ -24,66 +24,8 @@ helm repo update ## Use this chart with connection credentials 1. Go to the [Private Action Runner tab](https://app.datadoghq.com/workflow/private-action-runners). -2. Set up a new Private Action runner by following the Kubernetes instructions. When you reach step 4, instead of running `helm install`, make the following changes to the Helm chart. -3. Download the chart locally. -```bash -helm pull datadog/private-action-runner --untar -``` -4. Add connection credential json file to `templates/secrets.yaml` in the format corresponding to the credential and action types you want to use. - -HTTP Basic Auth: -``` -{ - auth_type: 'Basic Auth', - credentials: [ - { - username: 'USERNAME', - password: 'PASSWORD', - }, - ], -} -``` -HTTP Token Auth: -``` -{ - auth_type: 'Token Auth', - credentials: [ - { - tokenName: 'TOKEN1', - tokenValue: 'VALUE1', - }, - ], -} -``` -Jenkins: -``` -{ - auth_type: 'Token Auth', - credentials: [ - { - username: 'USERNAME', - token: 'TOKEN', - domain: 'DOMAIN', - }, - ], -} -``` -Postgres: -``` -{ - auth_type: 'Token Auth', - credentials: [ - { - tokenName: 'connectionUri', - tokenValue: 'postgres://usr:password@example_host:5432/example_db', - }, - ], -} -``` -5. Install the chart. -```bash -helm install ./private-action-runner -f ./config.yaml -``` +2. Create a new Private Action Runner and follow the instructions for Kubernetes. +3. Configure [connection credentials](https://docs.datadoghq.com/service_management/workflows/private_actions/private_action_credentials) for the selected private actions via `config.yaml`. ## To use Kubernetes actions 1. Go to the [Workflow connections page](https://app.datadoghq.com/workflow/connections). @@ -100,6 +42,10 @@ helm install ./private-action-runner -f ./config.yaml | Key | Type | Default | Description | |-----|------|---------|-------------| | common.image | object | `{"repository":"us-east4-docker.pkg.dev/datadog-sandbox/apps-on-prem/onprem-runner","tag":"v0.0.1-alpha29"}` | Current Datadog Private Action Runner image | +| connectionCredentials.basicAuth.credentials | list | `[]` | List of credentials for Basic Auth | +| connectionCredentials.jenkinsAuth.credentials | list | `[]` | List of credentials for Jenkins Auth | +| connectionCredentials.postgresAuth.credentials | list | `[]` | List of credentials for Postgres Auth | +| connectionCredentials.tokenAuth.credentials | list | `[]` | List of credentials for Token Auth | | runners[0].config | object | `{"actionsAllowlist":["com.datadoghq.kubernetes.core.listPod"],"appBuilder":{"port":9016},"ddBaseURL":"https://app.datadoghq.com","modes":["workflowAutomation","appBuilder"],"privateKey":"PRIVATE_KEY_FROM_CONFIG","urn":"URN_FROM_CONFIG"}` | Configuration for the Datadog Private Action Runner | | runners[0].config.actionsAllowlist | list | `["com.datadoghq.kubernetes.core.listPod"]` | List of actions that the Datadog Private Action Runner is allowed to execute | | runners[0].config.appBuilder.port | int | `9016` | Required port for App Builder Mode | diff --git a/charts/private-action-runner/README.md.gotmpl b/charts/private-action-runner/README.md.gotmpl index 02db05757..e55e8e00e 100644 --- a/charts/private-action-runner/README.md.gotmpl +++ b/charts/private-action-runner/README.md.gotmpl @@ -24,66 +24,8 @@ helm repo update ## Use this chart with connection credentials 1. Go to the [Private Action Runner tab](https://app.datadoghq.com/workflow/private-action-runners). -2. Set up a new Private Action runner by following the Kubernetes instructions. When you reach step 4, instead of running `helm install`, make the following changes to the Helm chart. -3. Download the chart locally. -```bash -helm pull datadog/private-action-runner --untar -``` -4. Add connection credential json file to `templates/secrets.yaml` in the format corresponding to the credential and action types you want to use. - -HTTP Basic Auth: -``` -{ - auth_type: 'Basic Auth', - credentials: [ - { - username: 'USERNAME', - password: 'PASSWORD', - }, - ], -} -``` -HTTP Token Auth: -``` -{ - auth_type: 'Token Auth', - credentials: [ - { - tokenName: 'TOKEN1', - tokenValue: 'VALUE1', - }, - ], -} -``` -Jenkins: -``` -{ - auth_type: 'Token Auth', - credentials: [ - { - username: 'USERNAME', - token: 'TOKEN', - domain: 'DOMAIN', - }, - ], -} -``` -Postgres: -``` -{ - auth_type: 'Token Auth', - credentials: [ - { - tokenName: 'connectionUri', - tokenValue: 'postgres://usr:password@example_host:5432/example_db', - }, - ], -} -``` -5. Install the chart. -```bash -helm install ./private-action-runner -f ./config.yaml -``` +2. Create a new Private Action Runner and follow the instructions for Kubernetes. +3. Configure [connection credentials](https://docs.datadoghq.com/service_management/workflows/private_actions/private_action_credentials) for the selected private actions via `config.yaml`. ## To use Kubernetes actions 1. Go to the [Workflow connections page](https://app.datadoghq.com/workflow/connections). diff --git a/charts/private-action-runner/examples/config.yaml b/charts/private-action-runner/examples/config.yaml index 283f4529b..56dbf3e32 100644 --- a/charts/private-action-runner/examples/config.yaml +++ b/charts/private-action-runner/examples/config.yaml @@ -35,3 +35,35 @@ runners: - com.datadoghq.kubernetes.core.listPod - com.datadoghq.http.request - com.datadoghq.jenkins.buildJenkinsJob + +connectionCredentials: + basicAuth: + credentials: + - fileName: "http_basic_creds.json" + username: "username" + password: "password" + - fileName: "another_http_basic_creds.json" + username: "another_username" + password: "another_password" + tokenAuth: + credentials: + - fileName: "http_token_creds.json" + tokenName: "name" + tokenValue: "value" + jenkinsAuth: + credentials: + - fileName: "jenkins_creds.json" + username: "username" + token: "token" + domain: "domain" + postgresAuth: + credentials: + - fileName: "creds.pgpass" + host: "host" + port: "port" + user: "user" + password: "password" + database: "database" + sslMode: "sslMode" + applicationName: "applicationName" + searchPath: "searchPath" diff --git a/charts/private-action-runner/templates/_helpers.tpl b/charts/private-action-runner/templates/_helpers.tpl index 4d801c7ab..f3783523a 100644 --- a/charts/private-action-runner/templates/_helpers.tpl +++ b/charts/private-action-runner/templates/_helpers.tpl @@ -4,3 +4,105 @@ {{- define "chart.roleBindingName" }} "private-action-runner-{{.}}-rolebinding" {{ end }} {{- define "chart.serviceName" }} "private-action-runner-{{.}}-service" {{ end }} {{- define "chart.secretName" }} "private-action-runner-{{.}}-secrets" {{ end }} + +{{- define "chart.basicAuth" -}} +{{- if hasKey $.Values.connectionCredentials.basicAuth "credentials" }} +{{- range $c := $.Values.connectionCredentials.basicAuth.credentials }} +{{ $c.fileName }}: | + { + auth_type: 'Basic Auth', + credentials: [ + { + username: {{ $c.username | quote }}, + password: {{ $c.password | quote }} + }, + ], + } +{{- end -}} +{{- end -}} +{{- end -}} + +{{- define "chart.tokenAuth" -}} +{{- if hasKey $.Values.connectionCredentials.tokenAuth "credentials" }} +{{- range $c := $.Values.connectionCredentials.tokenAuth.credentials }} +{{ $c.fileName }}: | + { + auth_type: 'Token Auth', + credentials: [ + { + tokenName: {{ $c.tokenName | quote }}, + tokenValue: {{ $c.tokenValue | quote }} + }, + ], + } +{{- end -}} +{{- end -}} +{{- end -}} + +{{- define "chart.jenkinsAuth" -}} +{{- if hasKey $.Values.connectionCredentials.jenkinsAuth "credentials" }} +{{- range $c := $.Values.connectionCredentials.jenkinsAuth.credentials }} +{{ $c.fileName }}: | + { + auth_type: 'Token Auth', + credentials: [ + { + username: {{ $c.username | quote }}, + token: {{ $c.token | quote }}, + domain: {{ $c.domain | quote }} + }, + ], + } +{{- end -}} +{{- end -}} +{{- end -}} + +{{- define "chart.postgresAuth" -}} +{{- if hasKey $.Values.connectionCredentials.postgresAuth "credentials" }} +{{- range $c := $.Values.connectionCredentials.postgresAuth.credentials }} +{{ $c.fileName }}: | + { + auth_type: 'Token Auth', + credentials: [ + { + "tokenName": "host", + "tokenValue": {{ $c.host | quote }} + }, + { + "tokenName": "port", + "tokenValue": {{ $c.port | quote }} + }, + { + "tokenName": "user", + "tokenValue": {{ $c.user | quote }} + }, + { + "tokenName": "password", + "tokenValue": {{ $c.password | quote }} + }, + { + "tokenName": "database", + "tokenValue": {{ $c.database | quote }} + }, + { + "tokenName": "sslmode", + "tokenValue": {{ $c.sslMode | quote }} + }, + {{- if $c.applicationName }} + { + "tokenName": "applicationName", + "tokenValue": {{ $c.applicationName | quote }} + }, + {{ end }} + {{- if $c.searchPath }} + { + { + "tokenName": "searchPath", + "tokenValue": {{ $c.searchPath | quote }} + } + {{ end }} + ], + } +{{- end -}} +{{- end -}} +{{- end -}} diff --git a/charts/private-action-runner/templates/secrets.yaml b/charts/private-action-runner/templates/secrets.yaml index 4b85b102b..5085dfc5c 100644 --- a/charts/private-action-runner/templates/secrets.yaml +++ b/charts/private-action-runner/templates/secrets.yaml @@ -22,4 +22,8 @@ stringData: {{- range $action := $runner.config.actionsAllowlist }} - {{ $action }} {{- end }} + {{- include "chart.basicAuth" $ | indent 2 }} + {{- include "chart.tokenAuth" $ | indent 2 }} + {{- include "chart.jenkinsAuth" $ | indent 2 }} + {{- include "chart.postgresAuth" $ | indent 2 }} {{- end }} diff --git a/charts/private-action-runner/values.yaml b/charts/private-action-runner/values.yaml index d95e8b700..36fef85a8 100644 --- a/charts/private-action-runner/values.yaml +++ b/charts/private-action-runner/values.yaml @@ -110,3 +110,18 @@ runners: # - com.datadoghq.temporal.getWorkflowResult # - com.datadoghq.temporal.listWorkflows # - com.datadoghq.temporal.runWorkflow + +# see examples/config.yaml for credential keys +connectionCredentials: + basicAuth: + # -- List of credentials for Basic Auth + credentials: [] + tokenAuth: + # -- List of credentials for Token Auth + credentials: [] + jenkinsAuth: + # -- List of credentials for Jenkins Auth + credentials: [] + postgresAuth: + # -- List of credentials for Postgres Auth + credentials: [] From cdeb57f2a7be0ed74caf335e278377673f6b86ad Mon Sep 17 00:00:00 2001 From: Attila Szegedi Date: Thu, 12 Sep 2024 12:58:59 +0200 Subject: [PATCH 118/209] PROF-10073: Add support for datadog.profiling (#1471) * Add support for `datadog.profiling` * Run `.github/helm-docs.sh` --- charts/datadog/CHANGELOG.md | 6 +++++- charts/datadog/Chart.yaml | 2 +- charts/datadog/README.md | 3 ++- .../templates/cluster-agent-deployment.yaml | 4 ++++ charts/datadog/values.yaml | 20 +++++++++++++++++++ 5 files changed, 32 insertions(+), 3 deletions(-) diff --git a/charts/datadog/CHANGELOG.md b/charts/datadog/CHANGELOG.md index 78b424a6a..03ac2e242 100644 --- a/charts/datadog/CHANGELOG.md +++ b/charts/datadog/CHANGELOG.md @@ -1,5 +1,9 @@ # Datadog changelog +## 3.71.0 + +* Add `datadog.profiling` section to configure Continuous Profiler. Disabled by default. + ## 3.70.7 * Set default `Agent` and `Cluster-Agent` version to `7.56.2`. @@ -46,7 +50,7 @@ ## 3.69.0 -* Add support OTel Agent container. OTel Agent is Datadog's distribution of OTel collector. +* Add support OTel Agent container. OTel Agent is Datadog's distribution of OTel collector. ## 3.68.2 diff --git a/charts/datadog/Chart.yaml b/charts/datadog/Chart.yaml index 9f0b0f3a0..ffcab874d 100644 --- a/charts/datadog/Chart.yaml +++ b/charts/datadog/Chart.yaml @@ -1,6 +1,6 @@ apiVersion: v1 name: datadog -version: 3.70.7 +version: 3.71.0 appVersion: "7" description: Datadog Agent keywords: diff --git a/charts/datadog/README.md b/charts/datadog/README.md index 0edef6a9e..3e333dd10 100644 --- a/charts/datadog/README.md +++ b/charts/datadog/README.md @@ -1,6 +1,6 @@ # Datadog -![Version: 3.70.7](https://img.shields.io/badge/Version-3.70.7-informational?style=flat-square) ![AppVersion: 7](https://img.shields.io/badge/AppVersion-7-informational?style=flat-square) +![Version: 3.71.0](https://img.shields.io/badge/Version-3.71.0-informational?style=flat-square) ![AppVersion: 7](https://img.shields.io/badge/AppVersion-7-informational?style=flat-square) [Datadog](https://www.datadoghq.com/) is a hosted infrastructure monitoring platform. This chart adds the Datadog Agent to all nodes in your cluster via a DaemonSet. It also optionally depends on the [kube-state-metrics chart](https://github.com/prometheus-community/helm-charts/tree/main/charts/kube-state-metrics). For more information about monitoring Kubernetes with Datadog, please refer to the [Datadog documentation website](https://docs.datadoghq.com/agent/basic_agent_usage/kubernetes/). @@ -788,6 +788,7 @@ helm install \ | datadog.processAgent.processDiscovery | bool | `true` | Enables or disables autodiscovery of integrations | | datadog.processAgent.runInCoreAgent | bool | `false` | Set this to true to run the following features in the core agent: Live Processes, Live Containers, Process Discovery. # This is an experimental feature requiring Agent 7.53.0+ and Linux. Currently not compatible with APM Single Step Instrumentation. | | datadog.processAgent.stripProcessArguments | bool | `false` | Set this to scrub all arguments from collected processes # Requires datadog.processAgent.processCollection to be set to true to have any effect # ref: https://docs.datadoghq.com/infrastructure/process/?tab=linuxwindows#process-arguments-scrubbing | +| datadog.profiling.enabled | string | `nil` | Enable Continuous Profiler by injecting `DD_PROFILING_ENABLED` environment variable with the same value to all pods in the cluster Valid values are: - false: Profiler is turned off and can not be turned on by other means. - null: Profiler is turned off, but can be turned on by other means. - auto: Profiler is turned off, but the library will turn it on if the application is a good candidate for profiling. - true: Profiler is turned on. | | datadog.prometheusScrape.additionalConfigs | list | `[]` | Allows adding advanced openmetrics check configurations with custom discovery rules. (Requires Agent version 7.27+) | | datadog.prometheusScrape.enabled | bool | `false` | Enable autodiscovering pods and services exposing prometheus metrics. | | datadog.prometheusScrape.serviceEndpoints | bool | `false` | Enable generating dedicated checks for service endpoints. | diff --git a/charts/datadog/templates/cluster-agent-deployment.yaml b/charts/datadog/templates/cluster-agent-deployment.yaml index 134f8a3c6..bc89c75b9 100644 --- a/charts/datadog/templates/cluster-agent-deployment.yaml +++ b/charts/datadog/templates/cluster-agent-deployment.yaml @@ -266,6 +266,10 @@ spec: - name: DD_ADMISSION_CONTROLLER_AUTO_INSTRUMENTATION_IAST_ENABLED value: "true" {{- end }} + {{- if not (eq .Values.datadog.profiling.enabled nil) }} + - name: DD_ADMISSION_CONTROLLER_AUTO_INSTRUMENTATION_PROFILING_ENABLED + value: {{ .Values.datadog.profiling.enabled | quote }} + {{- end }} {{- if .Values.datadog.clusterChecks.enabled }} - name: DD_CLUSTER_CHECKS_ENABLED value: {{ .Values.datadog.clusterChecks.enabled | quote }} diff --git a/charts/datadog/values.yaml b/charts/datadog/values.yaml index 08c514e49..224bc131b 100644 --- a/charts/datadog/values.yaml +++ b/charts/datadog/values.yaml @@ -560,6 +560,26 @@ datadog: # datadog.otlp.logs.enabled -- Enable logs support in the OTLP ingest endpoint enabled: false + ## Continuous Profiler configuration + ## + ## Continuous Profiler is disabled by default and can be enabled by setting the `enabled` field to + ## either `auto` or `true` value under the `datadog.profiling` section. + ## Manually adding the `DD_PROFILING_ENABLED` variable to a pod will take precedence over the + ## value in the Helm chart. + ## These will only have an effect on containers that have Datadog client libraries installed, + ## either manually or via Single Step Instrumentation (under the `datadog.apm.instrumentation` + ## section). + ## It requires Datadog Cluster Agent 7.57.0+. + profiling: + # datadog.profiling.enabled -- Enable Continuous Profiler by injecting `DD_PROFILING_ENABLED` + # environment variable with the same value to all pods in the cluster + # Valid values are: + # - false: Profiler is turned off and can not be turned on by other means. + # - null: Profiler is turned off, but can be turned on by other means. + # - auto: Profiler is turned off, but the library will turn it on if the application is a good candidate for profiling. + # - true: Profiler is turned on. + enabled: null + # datadog.envFrom -- Set environment variables for all Agents directly from configMaps and/or secrets ## envFrom to pass configmaps or secrets as environment From f16a2ed50e613ec4ab6abe67eaf583e93791c452 Mon Sep 17 00:00:00 2001 From: louis-cqrl <93274433+louis-cqrl@users.noreply.github.com> Date: Thu, 12 Sep 2024 16:14:00 +0200 Subject: [PATCH 119/209] Update FIPS Proxy version to 1.1.5 (#1522) * Update tag version for fips image * fix tag in changelog --- charts/datadog/CHANGELOG.md | 4 ++++ charts/datadog/Chart.yaml | 2 +- charts/datadog/README.md | 4 ++-- charts/datadog/values.yaml | 2 +- 4 files changed, 8 insertions(+), 4 deletions(-) diff --git a/charts/datadog/CHANGELOG.md b/charts/datadog/CHANGELOG.md index 03ac2e242..31331df86 100644 --- a/charts/datadog/CHANGELOG.md +++ b/charts/datadog/CHANGELOG.md @@ -1,5 +1,9 @@ # Datadog changelog +## 3.71.1 + +* Update `fips.image.tag` to `1.1.5` updating openSSL version to 3.0.15 + ## 3.71.0 * Add `datadog.profiling` section to configure Continuous Profiler. Disabled by default. diff --git a/charts/datadog/Chart.yaml b/charts/datadog/Chart.yaml index ffcab874d..a7c4361f9 100644 --- a/charts/datadog/Chart.yaml +++ b/charts/datadog/Chart.yaml @@ -1,6 +1,6 @@ apiVersion: v1 name: datadog -version: 3.71.0 +version: 3.71.1 appVersion: "7" description: Datadog Agent keywords: diff --git a/charts/datadog/README.md b/charts/datadog/README.md index 3e333dd10..a7641a317 100644 --- a/charts/datadog/README.md +++ b/charts/datadog/README.md @@ -1,6 +1,6 @@ # Datadog -![Version: 3.71.0](https://img.shields.io/badge/Version-3.71.0-informational?style=flat-square) ![AppVersion: 7](https://img.shields.io/badge/AppVersion-7-informational?style=flat-square) +![Version: 3.71.1](https://img.shields.io/badge/Version-3.71.1-informational?style=flat-square) ![AppVersion: 7](https://img.shields.io/badge/AppVersion-7-informational?style=flat-square) [Datadog](https://www.datadoghq.com/) is a hosted infrastructure monitoring platform. This chart adds the Datadog Agent to all nodes in your cluster via a DaemonSet. It also optionally depends on the [kube-state-metrics chart](https://github.com/prometheus-community/helm-charts/tree/main/charts/kube-state-metrics). For more information about monitoring Kubernetes with Datadog, please refer to the [Datadog documentation website](https://docs.datadoghq.com/agent/basic_agent_usage/kubernetes/). @@ -854,7 +854,7 @@ helm install \ | fips.image.name | string | `"fips-proxy"` | | | fips.image.pullPolicy | string | `"IfNotPresent"` | Datadog the FIPS sidecar image pull policy | | fips.image.repository | string | `nil` | Override default registry + image.name for the FIPS sidecar container. | -| fips.image.tag | string | `"1.1.4"` | Define the FIPS sidecar container version to use. | +| fips.image.tag | string | `"1.1.5"` | Define the FIPS sidecar container version to use. | | fips.local_address | string | `"127.0.0.1"` | Set local IP address | | fips.port | int | `9803` | Specifies which port is used by the containers to communicate to the FIPS sidecar. | | fips.portRange | int | `15` | Specifies the number of ports used, defaults to 13 https://github.com/DataDog/datadog-agent/blob/7.44.x/pkg/config/config.go#L1564-L1577 | diff --git a/charts/datadog/values.yaml b/charts/datadog/values.yaml index 224bc131b..720ecee6f 100644 --- a/charts/datadog/values.yaml +++ b/charts/datadog/values.yaml @@ -1425,7 +1425,7 @@ fips: name: fips-proxy # fips.image.tag -- Define the FIPS sidecar container version to use. - tag: 1.1.4 + tag: 1.1.5 # fips.image.pullPolicy -- Datadog the FIPS sidecar image pull policy pullPolicy: IfNotPresent From a5c4ca05c088b102f0ead9d071a8449bc61873b5 Mon Sep 17 00:00:00 2001 From: Andrii Kalinichenko Date: Fri, 13 Sep 2024 17:27:59 +0200 Subject: [PATCH 120/209] PL: release 1.51.0 (#1525) --- charts/synthetics-private-location/CHANGELOG.md | 4 ++++ charts/synthetics-private-location/Chart.yaml | 4 ++-- charts/synthetics-private-location/README.md | 4 ++-- charts/synthetics-private-location/values.yaml | 2 +- 4 files changed, 9 insertions(+), 5 deletions(-) diff --git a/charts/synthetics-private-location/CHANGELOG.md b/charts/synthetics-private-location/CHANGELOG.md index fca293393..a4c72d7f6 100644 --- a/charts/synthetics-private-location/CHANGELOG.md +++ b/charts/synthetics-private-location/CHANGELOG.md @@ -1,5 +1,9 @@ # Datadog changelog +## 0.17.2 + +* Update private location image version to `1.51.0`. + ## 0.17.1 * Update private location image version to `1.50.0`. diff --git a/charts/synthetics-private-location/Chart.yaml b/charts/synthetics-private-location/Chart.yaml index f154d04d8..fdfd13df2 100644 --- a/charts/synthetics-private-location/Chart.yaml +++ b/charts/synthetics-private-location/Chart.yaml @@ -1,7 +1,7 @@ apiVersion: v2 name: synthetics-private-location -version: 0.17.1 -appVersion: 1.50.0 +version: 0.17.2 +appVersion: 1.51.0 description: Datadog Synthetics Private Location keywords: - monitoring diff --git a/charts/synthetics-private-location/README.md b/charts/synthetics-private-location/README.md index 38d5ff1f1..03bcd7a24 100644 --- a/charts/synthetics-private-location/README.md +++ b/charts/synthetics-private-location/README.md @@ -1,6 +1,6 @@ # Datadog Synthetics Private Location -![Version: 0.17.1](https://img.shields.io/badge/Version-0.17.1-informational?style=flat-square) ![AppVersion: 1.50.0](https://img.shields.io/badge/AppVersion-1.50.0-informational?style=flat-square) +![Version: 0.17.2](https://img.shields.io/badge/Version-0.17.2-informational?style=flat-square) ![AppVersion: 1.51.0](https://img.shields.io/badge/AppVersion-1.51.0-informational?style=flat-square) [Datadog](https://www.datadoghq.com/) is a hosted infrastructure monitoring platform. This chart adds a Datadog Synthetics Private Location Deployment. For more information about synthetics monitoring with Datadog, please refer to the [Datadog documentation website](https://docs.datadoghq.com/synthetics/private_locations/?tab=helmchart). @@ -41,7 +41,7 @@ helm install datadog/synthetics-private-location --set-file confi | hostAliases | list | `[]` | Add entries to Datadog Synthetics Private Location PODs' /etc/hosts | | image.pullPolicy | string | `"IfNotPresent"` | Define the pullPolicy for Datadog Synthetics Private Location image | | image.repository | string | `"gcr.io/datadoghq/synthetics-private-location-worker"` | Repository to use for Datadog Synthetics Private Location image | -| image.tag | string | `"1.50.0"` | Define the Datadog Synthetics Private Location version to use | +| image.tag | string | `"1.51.0"` | Define the Datadog Synthetics Private Location version to use | | imagePullSecrets | list | `[]` | Datadog Synthetics Private Location repository pullSecret (ex: specify docker registry credentials) | | nameOverride | string | `""` | Override name of app | | nodeSelector | object | `{}` | Allows to schedule Datadog Synthetics Private Location on specific nodes | diff --git a/charts/synthetics-private-location/values.yaml b/charts/synthetics-private-location/values.yaml index dfb6d3e35..b2f912f40 100644 --- a/charts/synthetics-private-location/values.yaml +++ b/charts/synthetics-private-location/values.yaml @@ -15,7 +15,7 @@ image: # image.pullPolicy -- Define the pullPolicy for Datadog Synthetics Private Location image pullPolicy: IfNotPresent # image.tag -- Define the Datadog Synthetics Private Location version to use - tag: 1.50.0 + tag: 1.51.0 # dnsPolicy -- DNS Policy to set to the Datadog Synthetics Private Location PODs dnsPolicy: ClusterFirst From 304008e8ddf83d2381105e3b480b3b75def9dc5d Mon Sep 17 00:00:00 2001 From: Gabriel Plassard <138318954+dd-gplassard@users.noreply.github.com> Date: Mon, 16 Sep 2024 11:40:36 +0200 Subject: [PATCH 121/209] Bump private action runner to v0.0.1-alpha31 (#1523) * Bump private action runner to v0.0.1-alpha30 * Bump private action runner to v0.0.1-alpha31 --- charts/private-action-runner/CHANGELOG.md | 4 ++++ charts/private-action-runner/Chart.yaml | 2 +- charts/private-action-runner/README.md | 2 +- charts/private-action-runner/values.yaml | 2 +- 4 files changed, 7 insertions(+), 3 deletions(-) diff --git a/charts/private-action-runner/CHANGELOG.md b/charts/private-action-runner/CHANGELOG.md index 2d1515106..5da120330 100644 --- a/charts/private-action-runner/CHANGELOG.md +++ b/charts/private-action-runner/CHANGELOG.md @@ -1,5 +1,9 @@ # Datadog changelog +### 0.10.0 + +* Update private action image version to `v0.0.1-alpha31`. + ### 0.9.1 - Added ability to configure connection credentials in `config.yaml`. diff --git a/charts/private-action-runner/Chart.yaml b/charts/private-action-runner/Chart.yaml index c92d24dad..2f8fa419b 100644 --- a/charts/private-action-runner/Chart.yaml +++ b/charts/private-action-runner/Chart.yaml @@ -3,7 +3,7 @@ name: private-action-runner description: A Helm chart to deploy the private action runner type: application -version: 0.9.1 +version: 0.10.0 appVersion: "1.22.0" keywords: - app builder diff --git a/charts/private-action-runner/README.md b/charts/private-action-runner/README.md index f3012b43f..ffa424683 100644 --- a/charts/private-action-runner/README.md +++ b/charts/private-action-runner/README.md @@ -41,7 +41,7 @@ helm repo update | Key | Type | Default | Description | |-----|------|---------|-------------| -| common.image | object | `{"repository":"us-east4-docker.pkg.dev/datadog-sandbox/apps-on-prem/onprem-runner","tag":"v0.0.1-alpha29"}` | Current Datadog Private Action Runner image | +| common.image | object | `{"repository":"us-east4-docker.pkg.dev/datadog-sandbox/apps-on-prem/onprem-runner","tag":"v0.0.1-alpha31"}` | Current Datadog Private Action Runner image | | connectionCredentials.basicAuth.credentials | list | `[]` | List of credentials for Basic Auth | | connectionCredentials.jenkinsAuth.credentials | list | `[]` | List of credentials for Jenkins Auth | | connectionCredentials.postgresAuth.credentials | list | `[]` | List of credentials for Postgres Auth | diff --git a/charts/private-action-runner/values.yaml b/charts/private-action-runner/values.yaml index 36fef85a8..f8c28cb98 100644 --- a/charts/private-action-runner/values.yaml +++ b/charts/private-action-runner/values.yaml @@ -6,7 +6,7 @@ common: # -- Current Datadog Private Action Runner image image: repository: us-east4-docker.pkg.dev/datadog-sandbox/apps-on-prem/onprem-runner - tag: v0.0.1-alpha29 + tag: v0.0.1-alpha31 runners: # runners[0].name -- Name of the Datadog Private Action Runner From 05fd80bca99eb16fc8e9e72a59e4bdb99a16de84 Mon Sep 17 00:00:00 2001 From: Oliver Li Date: Wed, 18 Sep 2024 16:29:39 -0400 Subject: [PATCH 122/209] Update Helm chart for new Go private action runner (#1527) * staging changes for Go private action runner * Update Helm chart for Go runner * update port * suggestions * tweak wording * delete mistake * test with dummy private key * test with kubeconform * lint --- charts/private-action-runner/CHANGELOG.md | 6 ++++- charts/private-action-runner/Chart.yaml | 2 +- charts/private-action-runner/README.md | 8 +++---- charts/private-action-runner/README.md.gotmpl | 2 +- .../ci/kubeconform-values.yaml | 9 ++++++++ .../examples/{config.yaml => values.yaml} | 23 +++++++++---------- .../templates/deployment.yaml | 5 ---- .../templates/secrets.yaml | 10 +++++--- charts/private-action-runner/values.yaml | 7 +++--- 9 files changed, 41 insertions(+), 31 deletions(-) rename charts/private-action-runner/examples/{config.yaml => values.yaml} (80%) diff --git a/charts/private-action-runner/CHANGELOG.md b/charts/private-action-runner/CHANGELOG.md index 5da120330..9ce0ebd32 100644 --- a/charts/private-action-runner/CHANGELOG.md +++ b/charts/private-action-runner/CHANGELOG.md @@ -1,12 +1,16 @@ # Datadog changelog +## 0.11.0 + +* Added top level `port` configuration option, superseding `appBuilder.port`. Update the private action image to the beta image, `v0.1.0-beta`. + ### 0.10.0 * Update private action image version to `v0.0.1-alpha31`. ### 0.9.1 -- Added ability to configure connection credentials in `config.yaml`. +* Added ability to configure connection credentials in `config.yaml`. ### 0.9.0 diff --git a/charts/private-action-runner/Chart.yaml b/charts/private-action-runner/Chart.yaml index 2f8fa419b..6837dd301 100644 --- a/charts/private-action-runner/Chart.yaml +++ b/charts/private-action-runner/Chart.yaml @@ -3,7 +3,7 @@ name: private-action-runner description: A Helm chart to deploy the private action runner type: application -version: 0.10.0 +version: 0.11.0 appVersion: "1.22.0" keywords: - app builder diff --git a/charts/private-action-runner/README.md b/charts/private-action-runner/README.md index ffa424683..2475177fc 100644 --- a/charts/private-action-runner/README.md +++ b/charts/private-action-runner/README.md @@ -1,6 +1,6 @@ # Datadog Private Action Runner -![Version: 0.9.0](https://img.shields.io/badge/Version-0.9.0-informational?style=flat-square) ![AppVersion: v0.0.1-alpha29](https://img.shields.io/badge/AppVersion-v0.0.1--alpha29-informational?style=flat-square) +![Version: 0.11.0](https://img.shields.io/badge/Version-0.11.0-informational?style=flat-square) ![AppVersion: v0.1.0-beta](https://img.shields.io/badge/AppVersion-v0.1.0--beta-informational?style=flat-square) This Helm Chart deploys the Datadog Private Action runner inside a Kubernetes cluster. It allows you to use private actions from the Datadog Workflow and Datadog App Builder products. When deploying this chart, you can give permissions to the runner in order to be able to run Kubernetes actions. @@ -41,16 +41,16 @@ helm repo update | Key | Type | Default | Description | |-----|------|---------|-------------| -| common.image | object | `{"repository":"us-east4-docker.pkg.dev/datadog-sandbox/apps-on-prem/onprem-runner","tag":"v0.0.1-alpha31"}` | Current Datadog Private Action Runner image | +| common.image | object | `{"repository":"us-east4-docker.pkg.dev/datadog-sandbox/apps-on-prem/onprem-runner","tag":"v0.1.0-beta"}` | Current Datadog Private Action Runner image | | connectionCredentials.basicAuth.credentials | list | `[]` | List of credentials for Basic Auth | | connectionCredentials.jenkinsAuth.credentials | list | `[]` | List of credentials for Jenkins Auth | | connectionCredentials.postgresAuth.credentials | list | `[]` | List of credentials for Postgres Auth | | connectionCredentials.tokenAuth.credentials | list | `[]` | List of credentials for Token Auth | -| runners[0].config | object | `{"actionsAllowlist":["com.datadoghq.kubernetes.core.listPod"],"appBuilder":{"port":9016},"ddBaseURL":"https://app.datadoghq.com","modes":["workflowAutomation","appBuilder"],"privateKey":"PRIVATE_KEY_FROM_CONFIG","urn":"URN_FROM_CONFIG"}` | Configuration for the Datadog Private Action Runner | +| runners[0].config | object | `{"actionsAllowlist":["com.datadoghq.kubernetes.core.listPod"],"ddBaseURL":"https://app.datadoghq.com","modes":["workflowAutomation","appBuilder"],"port":9016,"privateKey":"PRIVATE_KEY_FROM_CONFIG","urn":"URN_FROM_CONFIG"}` | Configuration for the Datadog Private Action Runner | | runners[0].config.actionsAllowlist | list | `["com.datadoghq.kubernetes.core.listPod"]` | List of actions that the Datadog Private Action Runner is allowed to execute | -| runners[0].config.appBuilder.port | int | `9016` | Required port for App Builder Mode | | runners[0].config.ddBaseURL | string | `"https://app.datadoghq.com"` | Base URL of the Datadog app | | runners[0].config.modes | list | `["workflowAutomation","appBuilder"]` | Modes that the runner can run in | +| runners[0].config.port | int | `9016` | Port for HTTP server liveness checks and App Builder mode | | runners[0].config.privateKey | string | `"PRIVATE_KEY_FROM_CONFIG"` | The runner's privateKey from the enrollment page | | runners[0].config.urn | string | `"URN_FROM_CONFIG"` | The runner's URN from the enrollment page | | runners[0].kubernetesPermissions | list | `[{"apiGroups":[""],"resources":["pods"],"verbs":["list","get"]},{"apiGroups":["apps"],"resources":["deployments"],"verbs":["list","get"]}]` | List of Kubernetes permissions that the Datadog Private Action Runner has | diff --git a/charts/private-action-runner/README.md.gotmpl b/charts/private-action-runner/README.md.gotmpl index e55e8e00e..d77c11de3 100644 --- a/charts/private-action-runner/README.md.gotmpl +++ b/charts/private-action-runner/README.md.gotmpl @@ -1,6 +1,6 @@ # Datadog Private Action Runner -![Version: 0.9.0](https://img.shields.io/badge/Version-0.9.0-informational?style=flat-square) ![AppVersion: v0.0.1-alpha29](https://img.shields.io/badge/AppVersion-v0.0.1--alpha29-informational?style=flat-square) +![Version: 0.11.0](https://img.shields.io/badge/Version-0.11.0-informational?style=flat-square) ![AppVersion: v0.1.0-beta](https://img.shields.io/badge/AppVersion-v0.1.0--beta-informational?style=flat-square) This Helm Chart deploys the Datadog Private Action runner inside a Kubernetes cluster. It allows you to use private actions from the Datadog Workflow and Datadog App Builder products. When deploying this chart, you can give permissions to the runner in order to be able to run Kubernetes actions. diff --git a/charts/private-action-runner/ci/kubeconform-values.yaml b/charts/private-action-runner/ci/kubeconform-values.yaml index e69de29bb..4522b0137 100644 --- a/charts/private-action-runner/ci/kubeconform-values.yaml +++ b/charts/private-action-runner/ci/kubeconform-values.yaml @@ -0,0 +1,9 @@ +runners: + - name: "default" + config: + # -- Base URL of the Datadog app + ddBaseURL: "https://app.datadoghq.com" + # -- The runner's URN from the enrollment page + urn: "urn:dd:apps:on-prem-runner:us1:2:runner-CI_TEST_ONLY" + # -- The runner's privateKey from the enrollment page + privateKey: "eyJ1c2UiOiJzaWciLCJrdHkiOiJFQyIsImtpZCI6IkxXbl9LLU9qbXQ4TFJ6TWdjbFY4dTRMYUVsdF9mZGpCN2RXdlJ2TkVhN2ciLCJjcnYiOiJQLTI1NiIsImFsZyI6IkVTMjU2IiwieCI6Imd3MVFKNVBQQXJmZk56XzdmWmZxX0xMYjhTV0MyaXhJUDFBbDh2SjJmVTgiLCJ5IjoiRjQ4VGRWZVhIRnpack05N1BwbnFMZFRUOG9iWDdKa2N5d3RzQ2RhLXRpayIsImQiOiJaczdDQ0MzMkRJQkpuaUZ5S1hFV0VvWThrZ1ZXMTVZbGdTYU9ISm5uX1drIn0" diff --git a/charts/private-action-runner/examples/config.yaml b/charts/private-action-runner/examples/values.yaml similarity index 80% rename from charts/private-action-runner/examples/config.yaml rename to charts/private-action-runner/examples/values.yaml index 56dbf3e32..0dfc65f5c 100644 --- a/charts/private-action-runner/examples/config.yaml +++ b/charts/private-action-runner/examples/values.yaml @@ -1,5 +1,16 @@ runners: - name: "custom-runner" + # Replace this section with the output of the private action runner enrollment process with the `--enroll-and-print-config` flag + config: + ddBaseURL: "https://app.datadoghq.com" + urn: "CHANGE_ME_URN_FROM_CONFIG" + privateKey: "CHANGE_ME_PRIVATE_KEY_FROM_CONFIG" + modes: + - appBuilder + - workflowAutomation + port: 9016 + actionsAllowlist: + - com.datadoghq.http.request kubernetesPermissions: - apiGroups: - "" @@ -23,18 +34,6 @@ runners: - "patch" - "update" - "delete" - config: - urn: "URN_FROM_CONFIG" - privateKey: "PRIVATE_KEY_FROM_CONFIG" - modes: - - "workflowAutomation" - - "appBuilder" - appBuilder: - port: 9016 - actionsAllowlist: - - com.datadoghq.kubernetes.core.listPod - - com.datadoghq.http.request - - com.datadoghq.jenkins.buildJenkinsJob connectionCredentials: basicAuth: diff --git a/charts/private-action-runner/templates/deployment.yaml b/charts/private-action-runner/templates/deployment.yaml index b7b3eeb4d..0021acb16 100644 --- a/charts/private-action-runner/templates/deployment.yaml +++ b/charts/private-action-runner/templates/deployment.yaml @@ -46,11 +46,6 @@ spec: - name: secrets mountPath: /etc/dd-action-runner env: - # Node memory limits - - name: NODE_OPTIONS - # See https://nodejs.org/docs/latest-v16.x/api/cli.html#--max-old-space-sizesize-in-megabytes - # 75% of memory limit/request - value: "--max-old-space-size=1536" - name: MANAGED_BY value: "helm" volumes: diff --git a/charts/private-action-runner/templates/secrets.yaml b/charts/private-action-runner/templates/secrets.yaml index 5085dfc5c..c8c6fd120 100644 --- a/charts/private-action-runner/templates/secrets.yaml +++ b/charts/private-action-runner/templates/secrets.yaml @@ -14,9 +14,13 @@ stringData: {{- range $mode := $runner.config.modes }} - {{ $mode }} {{- end }} - {{- if $runner.config.appBuilder }} - appBuilder: - port: {{ $runner.config.appBuilder.port }} + {{- if $runner.config.port }} + port: {{ $runner.config.port }} + {{- else if $runner.config.appBuilder }} + port: {{ $runner.config.appBuilder.port }} + {{- end }} + {{- if $runner.config.httpServerWriteTimeout }} + httpServerWriteTimeout: {{ $runner.config.httpServerWriteTimeout }} {{- end }} actionsAllowlist: {{- range $action := $runner.config.actionsAllowlist }} diff --git a/charts/private-action-runner/values.yaml b/charts/private-action-runner/values.yaml index f8c28cb98..d3eaebb82 100644 --- a/charts/private-action-runner/values.yaml +++ b/charts/private-action-runner/values.yaml @@ -6,7 +6,7 @@ common: # -- Current Datadog Private Action Runner image image: repository: us-east4-docker.pkg.dev/datadog-sandbox/apps-on-prem/onprem-runner - tag: v0.0.1-alpha31 + tag: v0.1.0-beta runners: # runners[0].name -- Name of the Datadog Private Action Runner @@ -49,9 +49,8 @@ runners: modes: - "workflowAutomation" - "appBuilder" - appBuilder: - # -- Required port for App Builder Mode - port: 9016 + # -- Port for HTTP server liveness checks and App Builder mode + port: 9016 # -- List of actions that the Datadog Private Action Runner is allowed to execute actionsAllowlist: - com.datadoghq.kubernetes.core.listPod From 451b67348d51c0375613353f359042dea14bc66c Mon Sep 17 00:00:00 2001 From: Oliver Li Date: Fri, 20 Sep 2024 16:15:46 -0400 Subject: [PATCH 123/209] [Private Actions] Allow for arbitrary secret files to be specified in `values.yaml` (#1531) * Move to specifying credential files directly * lint --- charts/private-action-runner/CHANGELOG.md | 5 + charts/private-action-runner/Chart.yaml | 2 +- charts/private-action-runner/README.md | 9 +- charts/private-action-runner/README.md.gotmpl | 4 +- .../examples/values.yaml | 153 ++++++++++++++---- .../templates/_helpers.tpl | 62 +++---- .../templates/secrets.yaml | 1 + charts/private-action-runner/values.yaml | 18 +-- 8 files changed, 173 insertions(+), 81 deletions(-) diff --git a/charts/private-action-runner/CHANGELOG.md b/charts/private-action-runner/CHANGELOG.md index 9ce0ebd32..08b0e01ab 100644 --- a/charts/private-action-runner/CHANGELOG.md +++ b/charts/private-action-runner/CHANGELOG.md @@ -1,5 +1,10 @@ # Datadog changelog +## 0.12.0 + +* Introduced `credentialFiles` key in `values.yaml` for secret management. Deprecated the `connectionCredentials` key +* Fixed issue where specifying connection secrets under `connectionCredentials` can result in the Helm chart generating malformed JSON + ## 0.11.0 * Added top level `port` configuration option, superseding `appBuilder.port`. Update the private action image to the beta image, `v0.1.0-beta`. diff --git a/charts/private-action-runner/Chart.yaml b/charts/private-action-runner/Chart.yaml index 6837dd301..623d3633d 100644 --- a/charts/private-action-runner/Chart.yaml +++ b/charts/private-action-runner/Chart.yaml @@ -3,7 +3,7 @@ name: private-action-runner description: A Helm chart to deploy the private action runner type: application -version: 0.11.0 +version: 0.12.0 appVersion: "1.22.0" keywords: - app builder diff --git a/charts/private-action-runner/README.md b/charts/private-action-runner/README.md index 2475177fc..e9d07f49c 100644 --- a/charts/private-action-runner/README.md +++ b/charts/private-action-runner/README.md @@ -1,6 +1,6 @@ # Datadog Private Action Runner -![Version: 0.11.0](https://img.shields.io/badge/Version-0.11.0-informational?style=flat-square) ![AppVersion: v0.1.0-beta](https://img.shields.io/badge/AppVersion-v0.1.0--beta-informational?style=flat-square) +![Version: 0.12.0](https://img.shields.io/badge/Version-0.12.0-informational?style=flat-square) ![AppVersion: v0.1.0-beta](https://img.shields.io/badge/AppVersion-v0.1.0--beta-informational?style=flat-square) This Helm Chart deploys the Datadog Private Action runner inside a Kubernetes cluster. It allows you to use private actions from the Datadog Workflow and Datadog App Builder products. When deploying this chart, you can give permissions to the runner in order to be able to run Kubernetes actions. @@ -25,7 +25,7 @@ helm repo update ## Use this chart with connection credentials 1. Go to the [Private Action Runner tab](https://app.datadoghq.com/workflow/private-action-runners). 2. Create a new Private Action Runner and follow the instructions for Kubernetes. -3. Configure [connection credentials](https://docs.datadoghq.com/service_management/workflows/private_actions/private_action_credentials) for the selected private actions via `config.yaml`. +3. Configure [connection credentials](https://docs.datadoghq.com/service_management/workflows/private_actions/private_action_credentials) for the selected private actions via `values.yaml`. ## To use Kubernetes actions 1. Go to the [Workflow connections page](https://app.datadoghq.com/workflow/connections). @@ -42,10 +42,7 @@ helm repo update | Key | Type | Default | Description | |-----|------|---------|-------------| | common.image | object | `{"repository":"us-east4-docker.pkg.dev/datadog-sandbox/apps-on-prem/onprem-runner","tag":"v0.1.0-beta"}` | Current Datadog Private Action Runner image | -| connectionCredentials.basicAuth.credentials | list | `[]` | List of credentials for Basic Auth | -| connectionCredentials.jenkinsAuth.credentials | list | `[]` | List of credentials for Jenkins Auth | -| connectionCredentials.postgresAuth.credentials | list | `[]` | List of credentials for Postgres Auth | -| connectionCredentials.tokenAuth.credentials | list | `[]` | List of credentials for Token Auth | +| credentialFiles | list | `[]` | List of credential files to be used by the Datadog Private Action Runner | | runners[0].config | object | `{"actionsAllowlist":["com.datadoghq.kubernetes.core.listPod"],"ddBaseURL":"https://app.datadoghq.com","modes":["workflowAutomation","appBuilder"],"port":9016,"privateKey":"PRIVATE_KEY_FROM_CONFIG","urn":"URN_FROM_CONFIG"}` | Configuration for the Datadog Private Action Runner | | runners[0].config.actionsAllowlist | list | `["com.datadoghq.kubernetes.core.listPod"]` | List of actions that the Datadog Private Action Runner is allowed to execute | | runners[0].config.ddBaseURL | string | `"https://app.datadoghq.com"` | Base URL of the Datadog app | diff --git a/charts/private-action-runner/README.md.gotmpl b/charts/private-action-runner/README.md.gotmpl index d77c11de3..cf4fc0207 100644 --- a/charts/private-action-runner/README.md.gotmpl +++ b/charts/private-action-runner/README.md.gotmpl @@ -1,6 +1,6 @@ # Datadog Private Action Runner -![Version: 0.11.0](https://img.shields.io/badge/Version-0.11.0-informational?style=flat-square) ![AppVersion: v0.1.0-beta](https://img.shields.io/badge/AppVersion-v0.1.0--beta-informational?style=flat-square) +![Version: 0.12.0](https://img.shields.io/badge/Version-0.12.0-informational?style=flat-square) ![AppVersion: v0.1.0-beta](https://img.shields.io/badge/AppVersion-v0.1.0--beta-informational?style=flat-square) This Helm Chart deploys the Datadog Private Action runner inside a Kubernetes cluster. It allows you to use private actions from the Datadog Workflow and Datadog App Builder products. When deploying this chart, you can give permissions to the runner in order to be able to run Kubernetes actions. @@ -25,7 +25,7 @@ helm repo update ## Use this chart with connection credentials 1. Go to the [Private Action Runner tab](https://app.datadoghq.com/workflow/private-action-runners). 2. Create a new Private Action Runner and follow the instructions for Kubernetes. -3. Configure [connection credentials](https://docs.datadoghq.com/service_management/workflows/private_actions/private_action_credentials) for the selected private actions via `config.yaml`. +3. Configure [connection credentials](https://docs.datadoghq.com/service_management/workflows/private_actions/private_action_credentials) for the selected private actions via `values.yaml`. ## To use Kubernetes actions 1. Go to the [Workflow connections page](https://app.datadoghq.com/workflow/connections). diff --git a/charts/private-action-runner/examples/values.yaml b/charts/private-action-runner/examples/values.yaml index 0dfc65f5c..4298afca1 100644 --- a/charts/private-action-runner/examples/values.yaml +++ b/charts/private-action-runner/examples/values.yaml @@ -35,34 +35,125 @@ runners: - "update" - "delete" -connectionCredentials: - basicAuth: - credentials: - - fileName: "http_basic_creds.json" - username: "username" - password: "password" - - fileName: "another_http_basic_creds.json" - username: "another_username" - password: "another_password" - tokenAuth: - credentials: - - fileName: "http_token_creds.json" - tokenName: "name" - tokenValue: "value" - jenkinsAuth: - credentials: - - fileName: "jenkins_creds.json" - username: "username" - token: "token" - domain: "domain" - postgresAuth: - credentials: - - fileName: "creds.pgpass" - host: "host" - port: "port" - user: "user" - password: "password" - database: "database" - sslMode: "sslMode" - applicationName: "applicationName" - searchPath: "searchPath" +# credential files provided here will be mounted in /etc/dd-action-runner/ +# it is safe to remove unneeded files from this section +credentialFiles: + - fileName: "http_basic_creds.json" + data: | + { + "auth_type": "Basic Auth", + "credentials": [ + { + "username": "USERNAME", + "password": "PASSWORD" + } + ] + } + - fileName: "http_token_creds.json" + data: | + { + "auth_type": "Token Auth", + "credentials": [ + { + "tokenName": "TOKEN1", + "tokenValue": "VALUE1" + } + ] + } + - fileName: "jenkins_creds.json" + data: | + { + "auth_type": "Token Auth", + "credentials": [ + { + "username": "localhost:7233", + "token": "TOKEN", + "domain": "DOMAIN" + } + ] + } + - fileName: "creds.pgpass" + data: | + { + "auth_type": "Token Auth", + "credentials": [ + { + "tokenName": "host", + "tokenValue": "HOST" + }, + { + "tokenName": "port", + "tokenValue": "5432" + }, + { + "tokenName": "user", + "tokenValue": "USER" + }, + { + "tokenName": "password", + "tokenValue": "PASSWORD" + }, + { + "tokenName": "database", + "tokenValue": "DATABASE" + }, + { + "tokenName": "sslmode", + "tokenValue": "verify-full" + }, + { + "tokenName": "applicationName", + "tokenValue": "OPTIONAL: application name" + }, + { + "tokenName": "searchPath", + "tokenValue": "OPTIONAL: search path" + } + ] + } + - fileName: "temporal_mtls_creds.json" + data: | + { + "auth_type": "Token Auth", + "credentials": [ + { + "tokenName": "serverAddress", + "tokenValue": "SERVERADDRESS" + }, + { + "tokenName": "serverNameOverride", + "tokenValue": "SERVERNAMEOERRIDE" + }, + { + "tokenName": "serverRootCACertificate", + "tokenValue": "SERVERROOTCACERTIFICATE" + }, + { + "tokenName": "clientCertPairCrt", + "tokenValue": "CLIENTCERTPAIRCRT" + }, + { + "tokenName": "clientCertPairKey", + "tokenValue": "CLIENTCERTPAIRKEY" + } + ] + } + - fileName: "temporal_tls_creds.json" + data: | + { + "auth_type": "Token Auth", + "credentials": [ + { + "tokenName": "serverAddress", + "tokenValue": "SERVERADDRESS" + }, + { + "tokenName": "serverNameOverride", + "tokenValue": "SERVERNAMEOERRIDE" + }, + { + "tokenName": "serverRootCACertificate", + "tokenValue": "CLIENTCERTPAIRKEY" + } + ] + } diff --git a/charts/private-action-runner/templates/_helpers.tpl b/charts/private-action-runner/templates/_helpers.tpl index f3783523a..dac6ef7cf 100644 --- a/charts/private-action-runner/templates/_helpers.tpl +++ b/charts/private-action-runner/templates/_helpers.tpl @@ -5,65 +5,74 @@ {{- define "chart.serviceName" }} "private-action-runner-{{.}}-service" {{ end }} {{- define "chart.secretName" }} "private-action-runner-{{.}}-secrets" {{ end }} +{{- define "chart.credentialFiles" -}} +{{- if hasKey $.Values "credentialFiles" }} +{{- range $c := $.Values.credentialFiles }} +{{ $c.fileName }}: | +{{ $c.data | indent 2 }} +{{- end -}} +{{- end -}} +{{- end -}} + {{- define "chart.basicAuth" -}} -{{- if hasKey $.Values.connectionCredentials.basicAuth "credentials" }} +{{- if and $.Values.connectionCredentials $.Values.connectionCredentials.basicAuth $.Values.connectionCredentials.basicAuth.credentials }} {{- range $c := $.Values.connectionCredentials.basicAuth.credentials }} {{ $c.fileName }}: | { - auth_type: 'Basic Auth', - credentials: [ + "auth_type": "Basic Auth", + "credentials": [ { - username: {{ $c.username | quote }}, - password: {{ $c.password | quote }} - }, - ], + "username": {{ $c.username | quote }}, + "password": {{ $c.password | quote }} + } + ] } {{- end -}} {{- end -}} {{- end -}} {{- define "chart.tokenAuth" -}} -{{- if hasKey $.Values.connectionCredentials.tokenAuth "credentials" }} +{{- if and $.Values.connectionCredentials $.Values.connectionCredentials.tokenAuth $.Values.connectionCredentials.tokenAuth.credentials }} {{- range $c := $.Values.connectionCredentials.tokenAuth.credentials }} {{ $c.fileName }}: | { - auth_type: 'Token Auth', - credentials: [ + "auth_type": "Token Auth", + "credentials": [ { - tokenName: {{ $c.tokenName | quote }}, - tokenValue: {{ $c.tokenValue | quote }} - }, - ], + "tokenName": {{ $c.tokenName | quote }}, + "tokenValue": {{ $c.tokenValue | quote }} + } + ] } {{- end -}} {{- end -}} {{- end -}} {{- define "chart.jenkinsAuth" -}} -{{- if hasKey $.Values.connectionCredentials.jenkinsAuth "credentials" }} +{{- if and $.Values.connectionCredentials $.Values.connectionCredentials.jenkinsAuth $.Values.connectionCredentials.jenkinsAuth.credentials }} {{- range $c := $.Values.connectionCredentials.jenkinsAuth.credentials }} {{ $c.fileName }}: | { - auth_type: 'Token Auth', - credentials: [ + "auth_type": "Token Auth", + "credentials": [ { - username: {{ $c.username | quote }}, - token: {{ $c.token | quote }}, - domain: {{ $c.domain | quote }} - }, - ], + "username": {{ $c.username | quote }}, + "token": {{ $c.token | quote }}, + "domain": {{ $c.domain | quote }} + } + ] } {{- end -}} {{- end -}} {{- end -}} {{- define "chart.postgresAuth" -}} -{{- if hasKey $.Values.connectionCredentials.postgresAuth "credentials" }} +{{- if and $.Values.connectionCredentials $.Values.connectionCredentials.postgresAuth $.Values.connectionCredentials.postgresAuth.credentials }} {{- range $c := $.Values.connectionCredentials.postgresAuth.credentials }} {{ $c.fileName }}: | { - auth_type: 'Token Auth', - credentials: [ + "auth_type": "Token Auth", + "credentials": [ { "tokenName": "host", "tokenValue": {{ $c.host | quote }} @@ -95,13 +104,12 @@ }, {{ end }} {{- if $c.searchPath }} - { { "tokenName": "searchPath", "tokenValue": {{ $c.searchPath | quote }} } {{ end }} - ], + ] } {{- end -}} {{- end -}} diff --git a/charts/private-action-runner/templates/secrets.yaml b/charts/private-action-runner/templates/secrets.yaml index c8c6fd120..792f68919 100644 --- a/charts/private-action-runner/templates/secrets.yaml +++ b/charts/private-action-runner/templates/secrets.yaml @@ -26,6 +26,7 @@ stringData: {{- range $action := $runner.config.actionsAllowlist }} - {{ $action }} {{- end }} + {{- include "chart.credentialFiles" $ | indent 2 }} {{- include "chart.basicAuth" $ | indent 2 }} {{- include "chart.tokenAuth" $ | indent 2 }} {{- include "chart.jenkinsAuth" $ | indent 2 }} diff --git a/charts/private-action-runner/values.yaml b/charts/private-action-runner/values.yaml index d3eaebb82..6ff85caa3 100644 --- a/charts/private-action-runner/values.yaml +++ b/charts/private-action-runner/values.yaml @@ -110,17 +110,7 @@ runners: # - com.datadoghq.temporal.listWorkflows # - com.datadoghq.temporal.runWorkflow -# see examples/config.yaml for credential keys -connectionCredentials: - basicAuth: - # -- List of credentials for Basic Auth - credentials: [] - tokenAuth: - # -- List of credentials for Token Auth - credentials: [] - jenkinsAuth: - # -- List of credentials for Jenkins Auth - credentials: [] - postgresAuth: - # -- List of credentials for Postgres Auth - credentials: [] +# -- List of credential files to be used by the Datadog Private Action Runner +credentialFiles: [] +# see examples/values.yaml for examples on how to specify secrets +# credential files provided here will be mounted in /etc/dd-action-runner/ From 9f4bd9102ab486e8ba40eb96d28d04f2969b5668 Mon Sep 17 00:00:00 2001 From: Oliver Li Date: Mon, 23 Sep 2024 14:56:18 -0400 Subject: [PATCH 124/209] Bump PAR version to v0.1.1-beta (#1533) --- charts/private-action-runner/CHANGELOG.md | 4 ++++ charts/private-action-runner/Chart.yaml | 2 +- charts/private-action-runner/README.md | 4 ++-- charts/private-action-runner/README.md.gotmpl | 2 +- charts/private-action-runner/values.yaml | 2 +- 5 files changed, 9 insertions(+), 5 deletions(-) diff --git a/charts/private-action-runner/CHANGELOG.md b/charts/private-action-runner/CHANGELOG.md index 08b0e01ab..3a1c37598 100644 --- a/charts/private-action-runner/CHANGELOG.md +++ b/charts/private-action-runner/CHANGELOG.md @@ -1,5 +1,9 @@ # Datadog changelog +## 0.13.0 + +* Update private action image version to `v0.1.1-beta` + ## 0.12.0 * Introduced `credentialFiles` key in `values.yaml` for secret management. Deprecated the `connectionCredentials` key diff --git a/charts/private-action-runner/Chart.yaml b/charts/private-action-runner/Chart.yaml index 623d3633d..af3652fe0 100644 --- a/charts/private-action-runner/Chart.yaml +++ b/charts/private-action-runner/Chart.yaml @@ -3,7 +3,7 @@ name: private-action-runner description: A Helm chart to deploy the private action runner type: application -version: 0.12.0 +version: 0.13.0 appVersion: "1.22.0" keywords: - app builder diff --git a/charts/private-action-runner/README.md b/charts/private-action-runner/README.md index e9d07f49c..3cc51d205 100644 --- a/charts/private-action-runner/README.md +++ b/charts/private-action-runner/README.md @@ -1,6 +1,6 @@ # Datadog Private Action Runner -![Version: 0.12.0](https://img.shields.io/badge/Version-0.12.0-informational?style=flat-square) ![AppVersion: v0.1.0-beta](https://img.shields.io/badge/AppVersion-v0.1.0--beta-informational?style=flat-square) +![Version: 0.13.0](https://img.shields.io/badge/Version-0.13.0-informational?style=flat-square) ![AppVersion: v0.1.1-beta](https://img.shields.io/badge/AppVersion-v0.1.1--beta-informational?style=flat-square) This Helm Chart deploys the Datadog Private Action runner inside a Kubernetes cluster. It allows you to use private actions from the Datadog Workflow and Datadog App Builder products. When deploying this chart, you can give permissions to the runner in order to be able to run Kubernetes actions. @@ -41,7 +41,7 @@ helm repo update | Key | Type | Default | Description | |-----|------|---------|-------------| -| common.image | object | `{"repository":"us-east4-docker.pkg.dev/datadog-sandbox/apps-on-prem/onprem-runner","tag":"v0.1.0-beta"}` | Current Datadog Private Action Runner image | +| common.image | object | `{"repository":"us-east4-docker.pkg.dev/datadog-sandbox/apps-on-prem/onprem-runner","tag":"v0.1.1-beta"}` | Current Datadog Private Action Runner image | | credentialFiles | list | `[]` | List of credential files to be used by the Datadog Private Action Runner | | runners[0].config | object | `{"actionsAllowlist":["com.datadoghq.kubernetes.core.listPod"],"ddBaseURL":"https://app.datadoghq.com","modes":["workflowAutomation","appBuilder"],"port":9016,"privateKey":"PRIVATE_KEY_FROM_CONFIG","urn":"URN_FROM_CONFIG"}` | Configuration for the Datadog Private Action Runner | | runners[0].config.actionsAllowlist | list | `["com.datadoghq.kubernetes.core.listPod"]` | List of actions that the Datadog Private Action Runner is allowed to execute | diff --git a/charts/private-action-runner/README.md.gotmpl b/charts/private-action-runner/README.md.gotmpl index cf4fc0207..f0080171c 100644 --- a/charts/private-action-runner/README.md.gotmpl +++ b/charts/private-action-runner/README.md.gotmpl @@ -1,6 +1,6 @@ # Datadog Private Action Runner -![Version: 0.12.0](https://img.shields.io/badge/Version-0.12.0-informational?style=flat-square) ![AppVersion: v0.1.0-beta](https://img.shields.io/badge/AppVersion-v0.1.0--beta-informational?style=flat-square) +![Version: 0.13.0](https://img.shields.io/badge/Version-0.13.0-informational?style=flat-square) ![AppVersion: v0.1.1-beta](https://img.shields.io/badge/AppVersion-v0.1.1--beta-informational?style=flat-square) This Helm Chart deploys the Datadog Private Action runner inside a Kubernetes cluster. It allows you to use private actions from the Datadog Workflow and Datadog App Builder products. When deploying this chart, you can give permissions to the runner in order to be able to run Kubernetes actions. diff --git a/charts/private-action-runner/values.yaml b/charts/private-action-runner/values.yaml index 6ff85caa3..cea2568f3 100644 --- a/charts/private-action-runner/values.yaml +++ b/charts/private-action-runner/values.yaml @@ -6,7 +6,7 @@ common: # -- Current Datadog Private Action Runner image image: repository: us-east4-docker.pkg.dev/datadog-sandbox/apps-on-prem/onprem-runner - tag: v0.1.0-beta + tag: v0.1.1-beta runners: # runners[0].name -- Name of the Datadog Private Action Runner From 222f1ae6abe0258569139536f941c1c4f08c88c5 Mon Sep 17 00:00:00 2001 From: Gabriel Plassard <138318954+dd-gplassard@users.noreply.github.com> Date: Tue, 24 Sep 2024 10:34:01 +0200 Subject: [PATCH 125/209] Improve private actions runner helm chart for kubernetes actions (#1529) * Improve private actions runner helm chart for kubernetes actions * Fix after rebase * Remove tests as they are not actually testing * Linebreak --- charts/private-action-runner/CHANGELOG.md | 4 + charts/private-action-runner/Chart.yaml | 2 +- charts/private-action-runner/README.md | 41 ++++-- charts/private-action-runner/README.md.gotmpl | 7 +- .../examples/values.yaml | 61 +++++--- .../templates/_helpers.tpl | 89 ++++++++++++ .../templates/deployment.yaml | 2 +- .../private-action-runner/templates/role.yaml | 12 +- .../templates/secrets.yaml | 14 ++ charts/private-action-runner/values.yaml | 136 +++++++----------- 10 files changed, 248 insertions(+), 120 deletions(-) diff --git a/charts/private-action-runner/CHANGELOG.md b/charts/private-action-runner/CHANGELOG.md index 3a1c37598..42983f45d 100644 --- a/charts/private-action-runner/CHANGELOG.md +++ b/charts/private-action-runner/CHANGELOG.md @@ -1,5 +1,9 @@ # Datadog changelog +## 0.14.0 + +* Add support for `kubernetesActions`. + ## 0.13.0 * Update private action image version to `v0.1.1-beta` diff --git a/charts/private-action-runner/Chart.yaml b/charts/private-action-runner/Chart.yaml index af3652fe0..f8fbc7e77 100644 --- a/charts/private-action-runner/Chart.yaml +++ b/charts/private-action-runner/Chart.yaml @@ -3,7 +3,7 @@ name: private-action-runner description: A Helm chart to deploy the private action runner type: application -version: 0.13.0 +version: 0.14.0 appVersion: "1.22.0" keywords: - app builder diff --git a/charts/private-action-runner/README.md b/charts/private-action-runner/README.md index 3cc51d205..29b1e83fa 100644 --- a/charts/private-action-runner/README.md +++ b/charts/private-action-runner/README.md @@ -1,6 +1,6 @@ # Datadog Private Action Runner -![Version: 0.13.0](https://img.shields.io/badge/Version-0.13.0-informational?style=flat-square) ![AppVersion: v0.1.1-beta](https://img.shields.io/badge/AppVersion-v0.1.1--beta-informational?style=flat-square) +![Version: 0.14.0](https://img.shields.io/badge/Version-0.14.0-informational?style=flat-square) ![AppVersion: v0.1.1-beta](https://img.shields.io/badge/AppVersion-v0.1.1--beta-informational?style=flat-square) This Helm Chart deploys the Datadog Private Action runner inside a Kubernetes cluster. It allows you to use private actions from the Datadog Workflow and Datadog App Builder products. When deploying this chart, you can give permissions to the runner in order to be able to run Kubernetes actions. @@ -30,10 +30,11 @@ helm repo update ## To use Kubernetes actions 1. Go to the [Workflow connections page](https://app.datadoghq.com/workflow/connections). 2. Create a new connection, select your private action runner, and use **Service account authentication**. -3. Create a new workflow and use a Kubernetes action like **List pod** or **List deployment**. +3. Enable the actions you want in the Chart values using `kubernetesActions` (see [the example file](examples/values.yaml)). +4. Create a new workflow and use a Kubernetes action like **List pod** or **List deployment**. ## Going further -* Adjust the service account permissions according to your needs. Learn more about [Kubernetes RBAC](https://kubernetes.io/docs/reference/access-authn-authz/rbac). +* Learn more about [Kubernetes RBAC](https://kubernetes.io/docs/reference/access-authn-authz/rbac). * Deploy several runners with different permissions or create different connections according to your needs. * Learn more about [Private actions](https://docs.datadoghq.com/service_management/app_builder/private_actions). @@ -43,13 +44,37 @@ helm repo update |-----|------|---------|-------------| | common.image | object | `{"repository":"us-east4-docker.pkg.dev/datadog-sandbox/apps-on-prem/onprem-runner","tag":"v0.1.1-beta"}` | Current Datadog Private Action Runner image | | credentialFiles | list | `[]` | List of credential files to be used by the Datadog Private Action Runner | -| runners[0].config | object | `{"actionsAllowlist":["com.datadoghq.kubernetes.core.listPod"],"ddBaseURL":"https://app.datadoghq.com","modes":["workflowAutomation","appBuilder"],"port":9016,"privateKey":"PRIVATE_KEY_FROM_CONFIG","urn":"URN_FROM_CONFIG"}` | Configuration for the Datadog Private Action Runner | -| runners[0].config.actionsAllowlist | list | `["com.datadoghq.kubernetes.core.listPod"]` | List of actions that the Datadog Private Action Runner is allowed to execute | +| runners[0].config | object | `{"actionsAllowlist":[],"ddBaseURL":"https://app.datadoghq.com","modes":["workflowAutomation","appBuilder"],"port":9016,"privateKey":"CHANGE_ME_PRIVATE_KEY_FROM_CONFIG","urn":"CHANGE_ME_URN_FROM_CONFIG"}` | Configuration for the Datadog Private Action Runner | +| runners[0].config.actionsAllowlist | list | `[]` | List of actions that the Datadog Private Action Runner is allowed to execute | | runners[0].config.ddBaseURL | string | `"https://app.datadoghq.com"` | Base URL of the Datadog app | | runners[0].config.modes | list | `["workflowAutomation","appBuilder"]` | Modes that the runner can run in | | runners[0].config.port | int | `9016` | Port for HTTP server liveness checks and App Builder mode | -| runners[0].config.privateKey | string | `"PRIVATE_KEY_FROM_CONFIG"` | The runner's privateKey from the enrollment page | -| runners[0].config.urn | string | `"URN_FROM_CONFIG"` | The runner's URN from the enrollment page | -| runners[0].kubernetesPermissions | list | `[{"apiGroups":[""],"resources":["pods"],"verbs":["list","get"]},{"apiGroups":["apps"],"resources":["deployments"],"verbs":["list","get"]}]` | List of Kubernetes permissions that the Datadog Private Action Runner has | +| runners[0].config.privateKey | string | `"CHANGE_ME_PRIVATE_KEY_FROM_CONFIG"` | The runner's privateKey from the enrollment page | +| runners[0].config.urn | string | `"CHANGE_ME_URN_FROM_CONFIG"` | The runner's URN from the enrollment page | +| runners[0].kubernetesActions | object | `{"configMaps":[],"controllerRevisions":[],"cronJobs":[],"customObjects":[],"customResourceDefinitions":[],"daemonSets":[],"deployments":[],"endpoints":[],"events":[],"jobs":[],"limitRanges":[],"namespaces":[],"nodes":[],"persistentVolumeClaims":[],"persistentVolumes":[],"podTemplates":[],"pods":["get","list"],"replicaSets":[],"replicationControllers":[],"resourceQuotas":[],"serviceAccounts":[],"services":[],"statefulSets":[]}` | Add Kubernetes actions to the `config.actionsAllowlist` and corresponding permissions for the service account | +| runners[0].kubernetesActions.configMaps | list | `[]` | Actions related to configMaps (options: "get", "list", "create", "update", "patch", "delete", "deleteMultiple") | +| runners[0].kubernetesActions.controllerRevisions | list | `[]` | Actions related to controllerRevisions (options: "get", "list", "create", "update", "patch", "delete", "deleteMultiple") | +| runners[0].kubernetesActions.cronJobs | list | `[]` | Actions related to cronJobs (options: "get", "list", "create", "update", "patch", "delete", "deleteMultiple") | +| runners[0].kubernetesActions.customObjects | list | `[]` | Actions related to customObjects (options: "get", "list", "create", "update", "patch", "delete", "deleteMultiple"). You also need to add appropriate `kubernetesPermissions`. | +| runners[0].kubernetesActions.customResourceDefinitions | list | `[]` | Actions related to customResourceDefinitions (options: "get", "list", "create", "update", "patch", "delete", "deleteMultiple") | +| runners[0].kubernetesActions.daemonSets | list | `[]` | Actions related to daemonSets (options: "get", "list", "create", "update", "patch", "delete", "deleteMultiple") | +| runners[0].kubernetesActions.deployments | list | `[]` | Actions related to deployments (options: "get", "list", "create", "update", "patch", "delete", "deleteMultiple", "restart") | +| runners[0].kubernetesActions.endpoints | list | `[]` | Actions related to endpoints (options: "get", "list", "create", "update", "patch", "delete", "deleteMultiple") | +| runners[0].kubernetesActions.events | list | `[]` | Actions related to events (options: "get", "list", "create", "update", "patch", "delete", "deleteMultiple") | +| runners[0].kubernetesActions.jobs | list | `[]` | Actions related to jobs (options: "get", "list", "create", "update", "patch", "delete", "deleteMultiple") | +| runners[0].kubernetesActions.limitRanges | list | `[]` | Actions related to limitRanges (options: "get", "list", "create", "update", "patch", "delete", "deleteMultiple") | +| runners[0].kubernetesActions.namespaces | list | `[]` | Actions related to namespaces (options: "get", "list", "create", "update", "patch", "delete", "deleteMultiple") | +| runners[0].kubernetesActions.nodes | list | `[]` | Actions related to nodes (options: "get", "list", "create", "update", "patch", "delete", "deleteMultiple") | +| runners[0].kubernetesActions.persistentVolumeClaims | list | `[]` | Actions related to persistentVolumeClaims (options: "get", "list", "create", "update", "patch", "delete", "deleteMultiple") | +| runners[0].kubernetesActions.persistentVolumes | list | `[]` | Actions related to persistentVolumes (options: "get", "list", "create", "update", "patch", "delete", "deleteMultiple") | +| runners[0].kubernetesActions.podTemplates | list | `[]` | Actions related to podTemplates (options: "get", "list", "create", "update", "patch", "delete", "deleteMultiple") | +| runners[0].kubernetesActions.pods | list | `["get","list"]` | Actions related to pods (options: "get", "list", "create", "update", "patch", "delete", "deleteMultiple") | +| runners[0].kubernetesActions.replicaSets | list | `[]` | Actions related to replicaSets (options: "get", "list", "create", "update", "patch", "delete", "deleteMultiple") | +| runners[0].kubernetesActions.replicationControllers | list | `[]` | Actions related to replicationControllers (options: "get", "list", "create", "update", "patch", "delete", "deleteMultiple") | +| runners[0].kubernetesActions.resourceQuotas | list | `[]` | Actions related to resourceQuotas (options: "get", "list", "create", "update", "patch", "delete", "deleteMultiple") | +| runners[0].kubernetesActions.serviceAccounts | list | `[]` | Actions related to serviceAccounts (options: "get", "list", "create", "update", "patch", "delete", "deleteMultiple") | +| runners[0].kubernetesActions.services | list | `[]` | Actions related to services (options: "get", "list", "create", "update", "patch", "delete", "deleteMultiple") | +| runners[0].kubernetesActions.statefulSets | list | `[]` | Actions related to statefulSets (options: "get", "list", "create", "update", "patch", "delete", "deleteMultiple") | +| runners[0].kubernetesPermissions | list | `[]` | Kubernetes permissions to provide in addition to the one that will be inferred from `kubernetesActions` (useful for customObjects) | | runners[0].name | string | `"default"` | Name of the Datadog Private Action Runner | | runners[0].replicas | int | `1` | Number of pod instances for the Datadog Private Action Runner | diff --git a/charts/private-action-runner/README.md.gotmpl b/charts/private-action-runner/README.md.gotmpl index f0080171c..dbf98b61e 100644 --- a/charts/private-action-runner/README.md.gotmpl +++ b/charts/private-action-runner/README.md.gotmpl @@ -1,6 +1,6 @@ # Datadog Private Action Runner -![Version: 0.13.0](https://img.shields.io/badge/Version-0.13.0-informational?style=flat-square) ![AppVersion: v0.1.1-beta](https://img.shields.io/badge/AppVersion-v0.1.1--beta-informational?style=flat-square) +![Version: 0.14.0](https://img.shields.io/badge/Version-0.14.0-informational?style=flat-square) ![AppVersion: v0.1.1-beta](https://img.shields.io/badge/AppVersion-v0.1.1--beta-informational?style=flat-square) This Helm Chart deploys the Datadog Private Action runner inside a Kubernetes cluster. It allows you to use private actions from the Datadog Workflow and Datadog App Builder products. When deploying this chart, you can give permissions to the runner in order to be able to run Kubernetes actions. @@ -30,10 +30,11 @@ helm repo update ## To use Kubernetes actions 1. Go to the [Workflow connections page](https://app.datadoghq.com/workflow/connections). 2. Create a new connection, select your private action runner, and use **Service account authentication**. -3. Create a new workflow and use a Kubernetes action like **List pod** or **List deployment**. +3. Enable the actions you want in the Chart values using `kubernetesActions` (see [the example file](examples/values.yaml)). +4. Create a new workflow and use a Kubernetes action like **List pod** or **List deployment**. ## Going further -* Adjust the service account permissions according to your needs. Learn more about [Kubernetes RBAC](https://kubernetes.io/docs/reference/access-authn-authz/rbac). +* Learn more about [Kubernetes RBAC](https://kubernetes.io/docs/reference/access-authn-authz/rbac). * Deploy several runners with different permissions or create different connections according to your needs. * Learn more about [Private actions](https://docs.datadoghq.com/service_management/app_builder/private_actions). diff --git a/charts/private-action-runner/examples/values.yaml b/charts/private-action-runner/examples/values.yaml index 4298afca1..7d2106f39 100644 --- a/charts/private-action-runner/examples/values.yaml +++ b/charts/private-action-runner/examples/values.yaml @@ -11,30 +11,45 @@ runners: port: 9016 actionsAllowlist: - com.datadoghq.http.request + # -- Add Kubernetes actions to the `config.actionsAllowlist` and corresponding permissions for the service account + kubernetesActions: + controllerRevisions: [] # select your actions among ["get", "list", "create", "update", "patch", "delete", "deleteMultiple"] + daemonSets: [] # select your actions among ["get", "list", "create", "update", "patch", "delete", "deleteMultiple"] + deployments: [] # select your actions among ["get", "list", "create", "update", "patch", "delete", "deleteMultiple", "restart"] + replicaSets: [] # select your actions among ["get", "list", "create", "update", "patch", "delete", "deleteMultiple"] + statefulSets: [] # select your actions among ["get", "list", "create", "update", "patch", "delete", "deleteMultiple"] + cronJobs: [] # select your actions among ["get", "list", "create", "update", "patch", "delete", "deleteMultiple"] + configMaps: [] # select your actions among ["get", "list", "create", "update", "patch", "delete", "deleteMultiple"] + endpoints: [] # select your actions among ["get", "list", "create", "update", "patch", "delete", "deleteMultiple"] + events: [] # select your actions among ["get", "list", "create", "update", "patch", "delete", "deleteMultiple"] + limitRanges: [] # select your actions among ["get", "list", "create", "update", "patch", "delete", "deleteMultiple"] + namespaces: [] # select your actions among ["get", "list", "create", "update", "patch", "delete", "deleteMultiple"] + nodes: [] # select your actions among ["get", "list", "create", "update", "patch", "delete", "deleteMultiple"] + persistentVolumes: [] # select your actions among ["get", "list", "create", "update", "patch", "delete", "deleteMultiple"] + persistentVolumeClaims: [] # select your actions among ["get", "list", "create", "update", "patch", "delete", "deleteMultiple"] + pods: ["get", "list" ] # select your actions among ["get", "list", "create", "update", "patch", "delete", "deleteMultiple"] + podTemplates: [] # select your actions among ["get", "list", "create", "update", "patch", "delete", "deleteMultiple"] + replicationControllers: [] # select your actions among ["get", "list", "create", "update", "patch", "delete", "deleteMultiple"] + resourceQuotas: [] # select your actions among ["get", "list", "create", "update", "patch", "delete", "deleteMultiple"] + services: [] # select your actions among ["get", "list", "create", "update", "patch", "delete", "deleteMultiple"] + serviceAccounts: [] # select your actions among ["get", "list", "create", "update", "patch", "delete", "deleteMultiple"] + customResourceDefinitions: [] # select your actions among ["get", "list", "create", "update", "patch", "delete", "deleteMultiple"] + jobs: [] # select your actions among ["get", "list", "create", "update", "patch", "delete", "deleteMultiple"] + customObjects: [] # select your actions among ["get", "list", "create", "update", "patch", "delete", "deleteMultiple"] + # -- Kubernetes permissions to provide in addition to the one that will be inferred from `kubernetesActions` (useful for customObjects) kubernetesPermissions: - - apiGroups: - - "" - resources: - - "pods" - verbs: - - "list" - - "get" - - "create" - - "patch" - - "update" - - "delete" - - apiGroups: - - "apps" - resources: - - "deployments" - verbs: - - "list" - - "get" - - "create" - - "patch" - - "update" - - "delete" - + # CRD example +# - apiGroups: +# - "example.com" +# resources: +# - "tests" +# verbs: +# - "list" +# - "get" +# - "create" +# - "patch" +# - "update" +# - "delete" # credential files provided here will be mounted in /etc/dd-action-runner/ # it is safe to remove unneeded files from this section credentialFiles: diff --git a/charts/private-action-runner/templates/_helpers.tpl b/charts/private-action-runner/templates/_helpers.tpl index dac6ef7cf..34ffa291b 100644 --- a/charts/private-action-runner/templates/_helpers.tpl +++ b/charts/private-action-runner/templates/_helpers.tpl @@ -114,3 +114,92 @@ {{- end -}} {{- end -}} {{- end -}} + +{{/* +Defines an RBAC rule for provided apiGroup, resource type and allowed verbs +*/}} +{{- define "rbacRule" }} +- apiGroups: + - {{ .apiGroup }} + resources: + - {{ .resource }} + verbs: +{{- range $_, $verb := (.verbs | uniq) }} + - {{ $verb }} +{{- end }} +{{- end }} + +{{/* +Map from plural(resourceName) to actionBundle +*/}} +{{- define "chart.k8sResourceMap" -}} +{{- $resourceMap := dict + "customResourceDefinitions" "apiextensions" + "controllerRevisions" "apps" + "daemonSets" "apps" + "deployments" "apps" + "replicaSets" "apps" + "statefulSets" "apps" + "cronJobs" "batch" + "jobs" "batch" + "configMaps" "core" + "endpoints" "core" + "events" "core" + "limitRanges" "core" + "namespaces" "core" + "nodes" "core" + "persistentVolumes" "core" + "persistentVolumeClaims" "core" + "pods" "core" + "podTemplates" "core" + "replicationControllers" "core" + "resourceQuotas" "core" + "services" "core" + "serviceAccounts" "core" +}} +{{- toYaml $resourceMap -}} +{{- end -}} + +{{/* +Turns a plural(resourceName) into a singular(resourceName) +*/}} +{{- define "chart.k8sResourceSingular" -}} +{{- $resource := . -}} +{{- if eq $resource "endpoints" -}} + {{- $resource -}} +{{- else -}} + {{- printf "%s" (trimSuffix "s" $resource) -}} +{{- end -}} +{{- end -}} + +{{/* +Returns the kubernetes apiGroup for the plural(resourceName) +*/}} +{{- define "chart.k8sApiGroup" -}} +{{- $bundle := . -}} +{{- if eq $bundle "apiextensions" -}} +apiextensions.k8s.io +{{- else if eq $bundle "core" -}} +"" +{{- else -}} + {{- $bundle -}} +{{- end -}} +{{- end -}} + +{{/* +Transform a list of actions into the list of k8s verbs that are required to perform those actions +*/}} +{{- define "chart.k8sVerbs" -}} +{{- $actions := . -}} +{{- $allVerbs := list -}} +{{- range $action := $actions }} + {{- if eq $action "deleteMultiple" -}} + {{- $allVerbs = concat $allVerbs (list "delete" "list") -}} + {{- else if eq $action "restart" -}} + {{- $allVerbs = append $allVerbs "patch" -}} + {{- else -}} + {{- $allVerbs = append $allVerbs $action -}} + {{- end -}} +{{- end -}} +{{- $allVerbs | toJson -}} +{{- end -}} diff --git a/charts/private-action-runner/templates/deployment.yaml b/charts/private-action-runner/templates/deployment.yaml index 0021acb16..b6a9ac64e 100644 --- a/charts/private-action-runner/templates/deployment.yaml +++ b/charts/private-action-runner/templates/deployment.yaml @@ -20,7 +20,7 @@ spec: app: {{ include "chart.deploymentName" $runner.name }} service: {{ include "chart.serviceName" $runner.name }} annotations: - config-hash: {{ $runner.config | toJson | sha256sum }} + config-hash: {{ $runner | toJson | sha256sum }} spec: serviceAccountName: {{ include "chart.serviceAccountName" $runner.name }} tolerations: diff --git a/charts/private-action-runner/templates/role.yaml b/charts/private-action-runner/templates/role.yaml index a32f58e8f..17e65e76e 100644 --- a/charts/private-action-runner/templates/role.yaml +++ b/charts/private-action-runner/templates/role.yaml @@ -5,5 +5,15 @@ kind: ClusterRole metadata: namespace: {{ $.Release.Namespace }} name: {{ include "chart.roleName" $runner.name }} -rules: {{ $runner.kubernetesPermissions | toJson }} +rules: +{{- if $runner.kubernetesPermissions }} +{{ $runner.kubernetesPermissions | toYaml }} +{{- end }} +{{- if $runner.kubernetesActions }} + {{- range $resourceType, $bundle := fromYaml (include "chart.k8sResourceMap" .) }} + {{- if index $runner.kubernetesActions $resourceType }} + {{- include "rbacRule" (dict "apiGroup" (include "chart.k8sApiGroup" $bundle) "resource" (lower $resourceType) "verbs" (fromJsonArray (include "chart.k8sVerbs" (index $runner.kubernetesActions $resourceType))))}} + {{- end }} + {{- end }} +{{- end }} {{- end }} diff --git a/charts/private-action-runner/templates/secrets.yaml b/charts/private-action-runner/templates/secrets.yaml index 792f68919..63c1d70b5 100644 --- a/charts/private-action-runner/templates/secrets.yaml +++ b/charts/private-action-runner/templates/secrets.yaml @@ -26,6 +26,20 @@ stringData: {{- range $action := $runner.config.actionsAllowlist }} - {{ $action }} {{- end }} + {{- if $runner.kubernetesActions }} + {{- range $resourceType, $bundle := fromYaml (include "chart.k8sResourceMap" .) }} + {{- range $verb := (index $runner.kubernetesActions $resourceType) }} + - com.datadoghq.kubernetes.{{ $bundle }}.{{ $verb }}{{ upper (substr 0 1 $resourceType)}}{{ substr 1 -1 (include "chart.k8sResourceSingular" $resourceType) }}{{ if eq $verb "deleteMultiple" }}s{{ end }} + {{- end }} + {{- end }} + {{- end }} + {{- if $runner.kubernetesActions }} + {{- if $runner.kubernetesActions.customObjects }} + {{- range $verb := index $runner.kubernetesActions.customObjects }} + - com.datadoghq.kubernetes.customresources.{{ $verb }}CustomObject{{ if eq $verb "deleteMultiple" }}s{{ end }} + {{- end }} + {{- end}} + {{- end}} {{- include "chart.credentialFiles" $ | indent 2 }} {{- include "chart.basicAuth" $ | indent 2 }} {{- include "chart.tokenAuth" $ | indent 2 }} diff --git a/charts/private-action-runner/values.yaml b/charts/private-action-runner/values.yaml index cea2568f3..4a767c14d 100644 --- a/charts/private-action-runner/values.yaml +++ b/charts/private-action-runner/values.yaml @@ -13,38 +13,14 @@ runners: - name: "default" # -- Number of pod instances for the Datadog Private Action Runner replicas: 1 - # -- List of Kubernetes permissions that the Datadog Private Action Runner has - kubernetesPermissions: - - apiGroups: - - "" - resources: - - "pods" - verbs: - - "list" - - "get" - # - "create" - # - "patch" - # - "update" - # - "delete" - - apiGroups: - - "apps" - resources: - - "deployments" - verbs: - - "list" - - "get" - # - "create" - # - "patch" - # - "update" - # - "delete" # -- Configuration for the Datadog Private Action Runner config: # -- Base URL of the Datadog app ddBaseURL: "https://app.datadoghq.com" # -- The runner's URN from the enrollment page - urn: "URN_FROM_CONFIG" + urn: "CHANGE_ME_URN_FROM_CONFIG" # -- The runner's privateKey from the enrollment page - privateKey: "PRIVATE_KEY_FROM_CONFIG" + privateKey: "CHANGE_ME_PRIVATE_KEY_FROM_CONFIG" # -- Modes that the runner can run in modes: - "workflowAutomation" @@ -52,63 +28,57 @@ runners: # -- Port for HTTP server liveness checks and App Builder mode port: 9016 # -- List of actions that the Datadog Private Action Runner is allowed to execute - actionsAllowlist: - - com.datadoghq.kubernetes.core.listPod - # you can also add from the following list - # - com.datadoghq.http.request - # - com.datadoghq.jenkins.buildJenkinsJob - # - com.datadoghq.jenkins.deleteJenkinsJob - # - com.datadoghq.jenkins.getJobStatus - # - com.datadoghq.kubernetes.apps.createDeployment - # - com.datadoghq.kubernetes.apps.getControllerRevision - # - com.datadoghq.kubernetes.apps.getDaemonSet - # - com.datadoghq.kubernetes.apps.getDeployment - # - com.datadoghq.kubernetes.apps.getReplicaSet - # - com.datadoghq.kubernetes.apps.getStatefulSet - # - com.datadoghq.kubernetes.apps.listControllerRevision - # - com.datadoghq.kubernetes.apps.listDaemonSet - # - com.datadoghq.kubernetes.apps.listDeployment - # - com.datadoghq.kubernetes.apps.listReplicaSet - # - com.datadoghq.kubernetes.apps.listStatefulSet - # - com.datadoghq.kubernetes.apps.restartDeployment - # - com.datadoghq.kubernetes.apps.updateDeployment - # - com.datadoghq.kubernetes.apps.updateReplicaSet - # - com.datadoghq.kubernetes.core.createNode - # - com.datadoghq.kubernetes.core.createPod - # - com.datadoghq.kubernetes.core.deleteMultiplePods - # - com.datadoghq.kubernetes.core.deletePod - # - com.datadoghq.kubernetes.core.getConfigMap - # - com.datadoghq.kubernetes.core.getEndpoints - # - com.datadoghq.kubernetes.core.getEvent - # - com.datadoghq.kubernetes.core.getLimitRange - # - com.datadoghq.kubernetes.core.getNamespace - # - com.datadoghq.kubernetes.core.getNode - # - com.datadoghq.kubernetes.core.getPersistentVolume - # - com.datadoghq.kubernetes.core.getPersistentVolumeClaim - # - com.datadoghq.kubernetes.core.getPod - # - com.datadoghq.kubernetes.core.getPodTemplate - # - com.datadoghq.kubernetes.core.getReplicationController - # - com.datadoghq.kubernetes.core.getResourceQuota - # - com.datadoghq.kubernetes.core.getService - # - com.datadoghq.kubernetes.core.getServiceAccount - # - com.datadoghq.kubernetes.core.listConfigMap - # - com.datadoghq.kubernetes.core.listEndpoints - # - com.datadoghq.kubernetes.core.listEvent - # - com.datadoghq.kubernetes.core.listLimitRange - # - com.datadoghq.kubernetes.core.listNamespace - # - com.datadoghq.kubernetes.core.listNode - # - com.datadoghq.kubernetes.core.listPersistentVolume - # - com.datadoghq.kubernetes.core.listPersistentVolumeClaim - # - com.datadoghq.kubernetes.core.listPodTemplate - # - com.datadoghq.kubernetes.core.listReplicationController - # - com.datadoghq.kubernetes.core.listResourceQuota - # - com.datadoghq.kubernetes.core.listService - # - com.datadoghq.kubernetes.core.listServiceAccount - # - com.datadoghq.kubernetes.core.updatePod - # - com.datadoghq.postgresql.select - # - com.datadoghq.temporal.getWorkflowResult - # - com.datadoghq.temporal.listWorkflows - # - com.datadoghq.temporal.runWorkflow + actionsAllowlist: [] + # -- Add Kubernetes actions to the `config.actionsAllowlist` and corresponding permissions for the service account + kubernetesActions: + # -- Actions related to controllerRevisions (options: "get", "list", "create", "update", "patch", "delete", "deleteMultiple") + controllerRevisions: [] + # -- Actions related to daemonSets (options: "get", "list", "create", "update", "patch", "delete", "deleteMultiple") + daemonSets: [] + # -- Actions related to deployments (options: "get", "list", "create", "update", "patch", "delete", "deleteMultiple", "restart") + deployments: [] + # -- Actions related to replicaSets (options: "get", "list", "create", "update", "patch", "delete", "deleteMultiple") + replicaSets: [] + # -- Actions related to statefulSets (options: "get", "list", "create", "update", "patch", "delete", "deleteMultiple") + statefulSets: [] + # -- Actions related to cronJobs (options: "get", "list", "create", "update", "patch", "delete", "deleteMultiple") + cronJobs: [] + # -- Actions related to configMaps (options: "get", "list", "create", "update", "patch", "delete", "deleteMultiple") + configMaps: [] + # -- Actions related to endpoints (options: "get", "list", "create", "update", "patch", "delete", "deleteMultiple") + endpoints: [] + # -- Actions related to events (options: "get", "list", "create", "update", "patch", "delete", "deleteMultiple") + events: [] + # -- Actions related to limitRanges (options: "get", "list", "create", "update", "patch", "delete", "deleteMultiple") + limitRanges: [] + # -- Actions related to namespaces (options: "get", "list", "create", "update", "patch", "delete", "deleteMultiple") + namespaces: [] + # -- Actions related to nodes (options: "get", "list", "create", "update", "patch", "delete", "deleteMultiple") + nodes: [] + # -- Actions related to persistentVolumes (options: "get", "list", "create", "update", "patch", "delete", "deleteMultiple") + persistentVolumes: [] + # -- Actions related to persistentVolumeClaims (options: "get", "list", "create", "update", "patch", "delete", "deleteMultiple") + persistentVolumeClaims: [] + # -- Actions related to pods (options: "get", "list", "create", "update", "patch", "delete", "deleteMultiple") + pods: ["get", "list"] + # -- Actions related to podTemplates (options: "get", "list", "create", "update", "patch", "delete", "deleteMultiple") + podTemplates: [] + # -- Actions related to replicationControllers (options: "get", "list", "create", "update", "patch", "delete", "deleteMultiple") + replicationControllers: [] + # -- Actions related to resourceQuotas (options: "get", "list", "create", "update", "patch", "delete", "deleteMultiple") + resourceQuotas: [] + # -- Actions related to services (options: "get", "list", "create", "update", "patch", "delete", "deleteMultiple") + services: [] + # -- Actions related to serviceAccounts (options: "get", "list", "create", "update", "patch", "delete", "deleteMultiple") + serviceAccounts: [] + # -- Actions related to customResourceDefinitions (options: "get", "list", "create", "update", "patch", "delete", "deleteMultiple") + customResourceDefinitions: [] + # -- Actions related to jobs (options: "get", "list", "create", "update", "patch", "delete", "deleteMultiple") + jobs: [] + # -- Actions related to customObjects (options: "get", "list", "create", "update", "patch", "delete", "deleteMultiple"). You also need to add appropriate `kubernetesPermissions`. + customObjects: [] + # -- Kubernetes permissions to provide in addition to the one that will be inferred from `kubernetesActions` (useful for customObjects) + kubernetesPermissions: [] # -- List of credential files to be used by the Datadog Private Action Runner credentialFiles: [] From 0f893ff650631bccc7726a8a168577761c592362 Mon Sep 17 00:00:00 2001 From: Gabriel Dos Santos <91925154+gabedos@users.noreply.github.com> Date: Tue, 24 Sep 2024 10:39:56 -0400 Subject: [PATCH 126/209] [CONTP-277] Expose k8s resource labels as tags to configure tagger (#1534) --- charts/datadog/CHANGELOG.md | 5 +++++ charts/datadog/Chart.yaml | 2 +- charts/datadog/README.md | 4 +++- .../templates/_components-common-env.yaml | 8 +++++++ charts/datadog/values.yaml | 22 +++++++++++++++++++ 5 files changed, 39 insertions(+), 2 deletions(-) diff --git a/charts/datadog/CHANGELOG.md b/charts/datadog/CHANGELOG.md index 31331df86..31166aad3 100644 --- a/charts/datadog/CHANGELOG.md +++ b/charts/datadog/CHANGELOG.md @@ -1,5 +1,10 @@ # Datadog changelog +## 3.71.2 + +* Add `datadog.kubernetesResourcesLabelsAsTags` to assign Kubernetes Resources Labels as tags in the tagger +* Add `datadog.kubernetesResourcesAnnotationsAsTags` to assign Kuberenetes Resources Annotations as tags in the tagger + ## 3.71.1 * Update `fips.image.tag` to `1.1.5` updating openSSL version to 3.0.15 diff --git a/charts/datadog/Chart.yaml b/charts/datadog/Chart.yaml index a7c4361f9..75bee51bb 100644 --- a/charts/datadog/Chart.yaml +++ b/charts/datadog/Chart.yaml @@ -1,6 +1,6 @@ apiVersion: v1 name: datadog -version: 3.71.1 +version: 3.71.2 appVersion: "7" description: Datadog Agent keywords: diff --git a/charts/datadog/README.md b/charts/datadog/README.md index a7641a317..c02553f1f 100644 --- a/charts/datadog/README.md +++ b/charts/datadog/README.md @@ -1,6 +1,6 @@ # Datadog -![Version: 3.71.1](https://img.shields.io/badge/Version-3.71.1-informational?style=flat-square) ![AppVersion: 7](https://img.shields.io/badge/AppVersion-7-informational?style=flat-square) +![Version: 3.71.2](https://img.shields.io/badge/Version-3.71.2-informational?style=flat-square) ![AppVersion: 7](https://img.shields.io/badge/AppVersion-7-informational?style=flat-square) [Datadog](https://www.datadoghq.com/) is a hosted infrastructure monitoring platform. This chart adds the Datadog Agent to all nodes in your cluster via a DaemonSet. It also optionally depends on the [kube-state-metrics chart](https://github.com/prometheus-community/helm-charts/tree/main/charts/kube-state-metrics). For more information about monitoring Kubernetes with Datadog, please refer to the [Datadog documentation website](https://docs.datadoghq.com/agent/basic_agent_usage/kubernetes/). @@ -750,6 +750,8 @@ helm install \ | datadog.kubelet.tlsVerify | string | true | Toggle kubelet TLS verification | | datadog.kubernetesEvents.collectedEventTypes | list | `[{"kind":"Pod","reasons":["Failed","BackOff","Unhealthy","FailedScheduling","FailedMount","FailedAttachVolume"]},{"kind":"Node","reasons":["TerminatingEvictedPod","NodeNotReady","Rebooted","HostPortConflict"]},{"kind":"CronJob","reasons":["SawCompletedJob"]}]` | Event types to be collected. This requires datadog.kubernetesEvents.unbundleEvents to be set to true. | | datadog.kubernetesEvents.unbundleEvents | bool | `false` | Allow unbundling kubernetes events, 1:1 mapping between Kubernetes and Datadog events. (Requires Cluster Agent 7.42.0+). | +| datadog.kubernetesResourcesAnnotationsAsTags | object | `{}` | Provide a mapping of Kubernetes Resources Annotations to Datadog Tags | +| datadog.kubernetesResourcesLabelsAsTags | object | `{}` | Provide a mapping of Kubernetes Resources Labels to Datadog Tags | | datadog.leaderElection | bool | `true` | Enables leader election mechanism for event collection | | datadog.leaderElectionResource | string | `"configmap"` | Selects the default resource to use for leader election. Can be: * "lease" / "leases". Only supported in agent 7.47+ * "configmap" / "configmaps". "" to automatically detect which one to use. | | datadog.leaderLeaseDuration | string | `nil` | Set the lease time for leader election in second | diff --git a/charts/datadog/templates/_components-common-env.yaml b/charts/datadog/templates/_components-common-env.yaml index 3ef5bb8f4..95b8016d3 100644 --- a/charts/datadog/templates/_components-common-env.yaml +++ b/charts/datadog/templates/_components-common-env.yaml @@ -46,6 +46,14 @@ - name: DD_KUBERNETES_NAMESPACE_ANNOTATIONS_AS_TAGS value: '{{ toJson .Values.datadog.namespaceAnnotationsAsTags }}' {{- end }} +{{- if .Values.datadog.kubernetesResourcesLabelsAsTags }} +- name: DD_KUBERNETES_RESOURCES_LABELS_AS_TAGS + value: '{{ toJson .Values.datadog.kubernetesResourcesLabelsAsTags }}' +{{- end}} +{{- if .Values.datadog.kubernetesResourcesAnnotationsAsTags }} +- name: DD_KUBERNETES_RESOURCES_ANNOTATIONS_AS_TAGS + value: '{{ toJson .Values.datadog.kubernetesResourcesAnnotationsAsTags }}' +{{- end}} - name: KUBERNETES value: "yes" {{- if .Values.datadog.site }} diff --git a/charts/datadog/values.yaml b/charts/datadog/values.yaml index 720ecee6f..61e44ab83 100644 --- a/charts/datadog/values.yaml +++ b/charts/datadog/values.yaml @@ -254,6 +254,28 @@ datadog: # env: environment # : + # datadog.kubernetesResourcesLabelsAsTags -- Provide a mapping of Kubernetes Resources Labels to Datadog Tags + kubernetesResourcesLabelsAsTags: {} + # deployments.apps: + # x-team: team-from-label + # pods: + # x-ref: reference + # namespaces: + # kubernetes.io/metadata.name: name-as-tag + # : + # : + + # datadog.kubernetesResourcesAnnotationsAsTags -- Provide a mapping of Kubernetes Resources Annotations to Datadog Tags + kubernetesResourcesAnnotationsAsTags: {} + # deployments.apps: + # x-team: team-from-annotation + # pods: + # x-ann: annotation-reference + # namespaces: + # stale-annotation: annotation-as-tag + # : + # : + originDetectionUnified: # datadog.originDetectionUnified.enabled -- Enabled enables unified mechanism for origin detection. Default: false. (Requires Agent 7.54.0+). enabled: false From 928581cae6911695a72e92fd16ed59da1944335c Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Timoth=C3=A9e=20Bavelier?= <97530782+tbavelier@users.noreply.github.com> Date: Tue, 24 Sep 2024 18:06:12 +0200 Subject: [PATCH 127/209] [datadog/datadog] Update Agent/cluster Agent to `7.57.2` (#1535) * update to 7.57.2 * fix conflict from main --- charts/datadog/CHANGELOG.md | 4 ++++ charts/datadog/Chart.yaml | 2 +- charts/datadog/README.md | 8 ++++---- charts/datadog/values.yaml | 6 +++--- 4 files changed, 12 insertions(+), 8 deletions(-) diff --git a/charts/datadog/CHANGELOG.md b/charts/datadog/CHANGELOG.md index 31166aad3..358be8229 100644 --- a/charts/datadog/CHANGELOG.md +++ b/charts/datadog/CHANGELOG.md @@ -1,5 +1,9 @@ # Datadog changelog +## 3.72.0 + +* Set default `Agent` and `Cluster-Agent` version to `7.57.2`. + ## 3.71.2 * Add `datadog.kubernetesResourcesLabelsAsTags` to assign Kubernetes Resources Labels as tags in the tagger diff --git a/charts/datadog/Chart.yaml b/charts/datadog/Chart.yaml index 75bee51bb..3c92b8709 100644 --- a/charts/datadog/Chart.yaml +++ b/charts/datadog/Chart.yaml @@ -1,6 +1,6 @@ apiVersion: v1 name: datadog -version: 3.71.2 +version: 3.72.0 appVersion: "7" description: Datadog Agent keywords: diff --git a/charts/datadog/README.md b/charts/datadog/README.md index c02553f1f..5febc2994 100644 --- a/charts/datadog/README.md +++ b/charts/datadog/README.md @@ -1,6 +1,6 @@ # Datadog -![Version: 3.71.2](https://img.shields.io/badge/Version-3.71.2-informational?style=flat-square) ![AppVersion: 7](https://img.shields.io/badge/AppVersion-7-informational?style=flat-square) +![Version: 3.72.0](https://img.shields.io/badge/Version-3.72.0-informational?style=flat-square) ![AppVersion: 7](https://img.shields.io/badge/AppVersion-7-informational?style=flat-square) [Datadog](https://www.datadoghq.com/) is a hosted infrastructure monitoring platform. This chart adds the Datadog Agent to all nodes in your cluster via a DaemonSet. It also optionally depends on the [kube-state-metrics chart](https://github.com/prometheus-community/helm-charts/tree/main/charts/kube-state-metrics). For more information about monitoring Kubernetes with Datadog, please refer to the [Datadog documentation website](https://docs.datadoghq.com/agent/basic_agent_usage/kubernetes/). @@ -515,7 +515,7 @@ helm install \ | agents.image.pullPolicy | string | `"IfNotPresent"` | Datadog Agent image pull policy | | agents.image.pullSecrets | list | `[]` | Datadog Agent repository pullSecret (ex: specify docker registry credentials) | | agents.image.repository | string | `nil` | Override default registry + image.name for Agent | -| agents.image.tag | string | `"7.56.2"` | Define the Agent version to use | +| agents.image.tag | string | `"7.57.2"` | Define the Agent version to use | | agents.image.tagSuffix | string | `""` | Suffix to append to Agent tag | | agents.localService.forceLocalServiceEnabled | bool | `false` | Force the creation of the internal traffic policy service to target the agent running on the local node. By default, the internal traffic service is created only on Kubernetes 1.22+ where the feature became beta and enabled by default. This option allows to force the creation of the internal traffic service on kubernetes 1.21 where the feature was alpha and required a feature gate to be explicitly enabled. | | agents.localService.overrideName | string | `""` | Name of the internal traffic service to target the agent running on the local node | @@ -590,7 +590,7 @@ helm install \ | clusterAgent.image.pullPolicy | string | `"IfNotPresent"` | Cluster Agent image pullPolicy | | clusterAgent.image.pullSecrets | list | `[]` | Cluster Agent repository pullSecret (ex: specify docker registry credentials) | | clusterAgent.image.repository | string | `nil` | Override default registry + image.name for Cluster Agent | -| clusterAgent.image.tag | string | `"7.56.2"` | Cluster Agent image tag to use | +| clusterAgent.image.tag | string | `"7.57.2"` | Cluster Agent image tag to use | | clusterAgent.livenessProbe | object | Every 15s / 6 KO / 1 OK | Override default Cluster Agent liveness probe settings | | clusterAgent.metricsProvider.aggregator | string | `"avg"` | Define the aggregator the cluster agent will use to process the metrics. The options are (avg, min, max, sum) | | clusterAgent.metricsProvider.createReaderRbac | bool | `true` | Create `external-metrics-reader` RBAC automatically (to allow HPA to read data from Cluster Agent) | @@ -642,7 +642,7 @@ helm install \ | clusterChecksRunner.image.pullPolicy | string | `"IfNotPresent"` | Datadog Agent image pull policy | | clusterChecksRunner.image.pullSecrets | list | `[]` | Datadog Agent repository pullSecret (ex: specify docker registry credentials) | | clusterChecksRunner.image.repository | string | `nil` | Override default registry + image.name for Cluster Check Runners | -| clusterChecksRunner.image.tag | string | `"7.56.2"` | Define the Agent version to use | +| clusterChecksRunner.image.tag | string | `"7.57.2"` | Define the Agent version to use | | clusterChecksRunner.image.tagSuffix | string | `""` | Suffix to append to Agent tag | | clusterChecksRunner.livenessProbe | object | Every 15s / 6 KO / 1 OK | Override default agent liveness probe settings | | clusterChecksRunner.networkPolicy.create | bool | `false` | If true, create a NetworkPolicy for the cluster checks runners. DEPRECATED. Use datadog.networkPolicy.create instead | diff --git a/charts/datadog/values.yaml b/charts/datadog/values.yaml index 61e44ab83..112183e57 100644 --- a/charts/datadog/values.yaml +++ b/charts/datadog/values.yaml @@ -997,7 +997,7 @@ clusterAgent: name: cluster-agent # clusterAgent.image.tag -- Cluster Agent image tag to use - tag: 7.56.2 + tag: 7.57.2 # clusterAgent.image.digest -- Cluster Agent image digest to use, takes precedence over tag if specified digest: "" @@ -1490,7 +1490,7 @@ agents: name: agent # agents.image.tag -- Define the Agent version to use - tag: 7.56.2 + tag: 7.57.2 # agents.image.digest -- Define Agent image digest to use, takes precedence over tag if specified digest: "" @@ -1996,7 +1996,7 @@ clusterChecksRunner: name: agent # clusterChecksRunner.image.tag -- Define the Agent version to use - tag: 7.56.2 + tag: 7.57.2 # clusterChecksRunner.image.digest -- Define Agent image digest to use, takes precedence over tag if specified digest: "" From 0010864c7dc73dca25558a3f25bd20f26967c3e4 Mon Sep 17 00:00:00 2001 From: Ethan Wood-Thomas Date: Tue, 24 Sep 2024 15:13:11 -0400 Subject: [PATCH 128/209] [CONTINT-4406] add helm option to filter kubernetes events (#1517) * Add config option for datadog.kubernetesEvents.filteringEnabled * Added CI test and updated documentation * Allow filtering and unbundle to bet set to false --- charts/datadog/CHANGELOG.md | 4 ++++ charts/datadog/Chart.yaml | 2 +- charts/datadog/README.md | 3 ++- charts/datadog/ci/cluster-agent-values.yaml | 1 + charts/datadog/templates/_kubernetes_apiserver_config.yaml | 7 +++++-- charts/datadog/templates/cluster-agent-deployment.yaml | 2 +- charts/datadog/values.yaml | 2 ++ 7 files changed, 16 insertions(+), 5 deletions(-) diff --git a/charts/datadog/CHANGELOG.md b/charts/datadog/CHANGELOG.md index 358be8229..b957845a9 100644 --- a/charts/datadog/CHANGELOG.md +++ b/charts/datadog/CHANGELOG.md @@ -1,5 +1,9 @@ # Datadog changelog +## 3.72.1 + +* Add configuration option for `datadog.KubernetesEvents.filteringEnabled` to only include pre-defined allowed events. Disabled by default. + ## 3.72.0 * Set default `Agent` and `Cluster-Agent` version to `7.57.2`. diff --git a/charts/datadog/Chart.yaml b/charts/datadog/Chart.yaml index 3c92b8709..33663741d 100644 --- a/charts/datadog/Chart.yaml +++ b/charts/datadog/Chart.yaml @@ -1,6 +1,6 @@ apiVersion: v1 name: datadog -version: 3.72.0 +version: 3.72.1 appVersion: "7" description: Datadog Agent keywords: diff --git a/charts/datadog/README.md b/charts/datadog/README.md index 5febc2994..17b2ab9c4 100644 --- a/charts/datadog/README.md +++ b/charts/datadog/README.md @@ -1,6 +1,6 @@ # Datadog -![Version: 3.72.0](https://img.shields.io/badge/Version-3.72.0-informational?style=flat-square) ![AppVersion: 7](https://img.shields.io/badge/AppVersion-7-informational?style=flat-square) +![Version: 3.72.1](https://img.shields.io/badge/Version-3.72.1-informational?style=flat-square) ![AppVersion: 7](https://img.shields.io/badge/AppVersion-7-informational?style=flat-square) [Datadog](https://www.datadoghq.com/) is a hosted infrastructure monitoring platform. This chart adds the Datadog Agent to all nodes in your cluster via a DaemonSet. It also optionally depends on the [kube-state-metrics chart](https://github.com/prometheus-community/helm-charts/tree/main/charts/kube-state-metrics). For more information about monitoring Kubernetes with Datadog, please refer to the [Datadog documentation website](https://docs.datadoghq.com/agent/basic_agent_usage/kubernetes/). @@ -749,6 +749,7 @@ helm install \ | datadog.kubelet.podLogsPath | string | /var/log/pods on Linux, C:\var\log\pods on Windows | Path (on host) where the PODs logs are located | | datadog.kubelet.tlsVerify | string | true | Toggle kubelet TLS verification | | datadog.kubernetesEvents.collectedEventTypes | list | `[{"kind":"Pod","reasons":["Failed","BackOff","Unhealthy","FailedScheduling","FailedMount","FailedAttachVolume"]},{"kind":"Node","reasons":["TerminatingEvictedPod","NodeNotReady","Rebooted","HostPortConflict"]},{"kind":"CronJob","reasons":["SawCompletedJob"]}]` | Event types to be collected. This requires datadog.kubernetesEvents.unbundleEvents to be set to true. | +| datadog.kubernetesEvents.filteringEnabled | bool | `false` | Enable this to only include events that match the pre-defined allowed events. (Requires Cluster Agent 7.57.0+). | | datadog.kubernetesEvents.unbundleEvents | bool | `false` | Allow unbundling kubernetes events, 1:1 mapping between Kubernetes and Datadog events. (Requires Cluster Agent 7.42.0+). | | datadog.kubernetesResourcesAnnotationsAsTags | object | `{}` | Provide a mapping of Kubernetes Resources Annotations to Datadog Tags | | datadog.kubernetesResourcesLabelsAsTags | object | `{}` | Provide a mapping of Kubernetes Resources Labels to Datadog Tags | diff --git a/charts/datadog/ci/cluster-agent-values.yaml b/charts/datadog/ci/cluster-agent-values.yaml index e51445d2b..ed84b4d0e 100644 --- a/charts/datadog/ci/cluster-agent-values.yaml +++ b/charts/datadog/ci/cluster-agent-values.yaml @@ -6,6 +6,7 @@ datadog: clusterChecks: enabled: true kubernetesEvents: + filteringEnabled: true unbundleEvents: true clusterTagger: collectKubernetesTags: true diff --git a/charts/datadog/templates/_kubernetes_apiserver_config.yaml b/charts/datadog/templates/_kubernetes_apiserver_config.yaml index 0454838a2..208e21594 100644 --- a/charts/datadog/templates/_kubernetes_apiserver_config.yaml +++ b/charts/datadog/templates/_kubernetes_apiserver_config.yaml @@ -1,10 +1,13 @@ {{- define "kubernetes_apiserver-config" -}} -{{- if and .Values.datadog.collectEvents .Values.datadog.kubernetesEvents.unbundleEvents -}} +{{- if .Values.datadog.collectEvents -}} kubernetes_apiserver.yaml: |- init_config: instances: - - unbundle_events: {{ .Values.datadog.kubernetesEvents.unbundleEvents }} + - filtering_enabled: {{ .Values.datadog.kubernetesEvents.filteringEnabled }} + unbundle_events: {{ .Values.datadog.kubernetesEvents.unbundleEvents }} + {{- if .Values.datadog.kubernetesEvents.unbundleEvents }} collected_event_types: {{ .Values.datadog.kubernetesEvents.collectedEventTypes | toYaml | nindent 8 }} + {{- end -}} {{- end -}} {{- end -}} diff --git a/charts/datadog/templates/cluster-agent-deployment.yaml b/charts/datadog/templates/cluster-agent-deployment.yaml index bc89c75b9..e63d4b57c 100644 --- a/charts/datadog/templates/cluster-agent-deployment.yaml +++ b/charts/datadog/templates/cluster-agent-deployment.yaml @@ -451,7 +451,7 @@ spec: - key: helm.yaml path: helm.yaml {{- end }} -{{- if and .Values.datadog.collectEvents .Values.datadog.kubernetesEvents.unbundleEvents }} +{{- if .Values.datadog.collectEvents }} - key: kubernetes_apiserver.yaml path: kubernetes_apiserver.yaml {{- end }} diff --git a/charts/datadog/values.yaml b/charts/datadog/values.yaml index 112183e57..1130d271f 100644 --- a/charts/datadog/values.yaml +++ b/charts/datadog/values.yaml @@ -391,6 +391,8 @@ datadog: # Configure Kubernetes events collection kubernetesEvents: + # datadog.kubernetesEvents.filteringEnabled -- Enable this to only include events that match the pre-defined allowed events. (Requires Cluster Agent 7.57.0+). + filteringEnabled: false # datadog.kubernetesEvents.unbundleEvents -- Allow unbundling kubernetes events, 1:1 mapping between Kubernetes and Datadog events. (Requires Cluster Agent 7.42.0+). unbundleEvents: false # datadog.kubernetesEvents.collectedEventTypes -- Event types to be collected. This requires datadog.kubernetesEvents.unbundleEvents to be set to true. From dbf0d50e17deedef0147a26ad2a8d15dfc279fd8 Mon Sep 17 00:00:00 2001 From: AliDatadog <125997632+AliDatadog@users.noreply.github.com> Date: Wed, 25 Sep 2024 12:19:58 +0200 Subject: [PATCH 129/209] Add Azure Container Registry (#1537) --- charts/datadog/CHANGELOG.md | 4 ++++ charts/datadog/Chart.yaml | 2 +- charts/datadog/README.md | 4 ++-- charts/datadog/templates/_helpers.tpl | 2 ++ charts/datadog/values.yaml | 3 ++- 5 files changed, 11 insertions(+), 4 deletions(-) diff --git a/charts/datadog/CHANGELOG.md b/charts/datadog/CHANGELOG.md index b957845a9..2fd54654f 100644 --- a/charts/datadog/CHANGELOG.md +++ b/charts/datadog/CHANGELOG.md @@ -1,5 +1,9 @@ # Datadog changelog +## 3.73.0 + +* Add Azure Container Registry, enabled automatically when targeting `us3.datadoghq.com`. + ## 3.72.1 * Add configuration option for `datadog.KubernetesEvents.filteringEnabled` to only include pre-defined allowed events. Disabled by default. diff --git a/charts/datadog/Chart.yaml b/charts/datadog/Chart.yaml index 33663741d..239449a1a 100644 --- a/charts/datadog/Chart.yaml +++ b/charts/datadog/Chart.yaml @@ -1,6 +1,6 @@ apiVersion: v1 name: datadog -version: 3.72.1 +version: 3.73.0 appVersion: "7" description: Datadog Agent keywords: diff --git a/charts/datadog/README.md b/charts/datadog/README.md index 17b2ab9c4..e4af954ef 100644 --- a/charts/datadog/README.md +++ b/charts/datadog/README.md @@ -1,6 +1,6 @@ # Datadog -![Version: 3.72.1](https://img.shields.io/badge/Version-3.72.1-informational?style=flat-square) ![AppVersion: 7](https://img.shields.io/badge/AppVersion-7-informational?style=flat-square) +![Version: 3.73.0](https://img.shields.io/badge/Version-3.73.0-informational?style=flat-square) ![AppVersion: 7](https://img.shields.io/badge/AppVersion-7-informational?style=flat-square) [Datadog](https://www.datadoghq.com/) is a hosted infrastructure monitoring platform. This chart adds the Datadog Agent to all nodes in your cluster via a DaemonSet. It also optionally depends on the [kube-state-metrics chart](https://github.com/prometheus-community/helm-charts/tree/main/charts/kube-state-metrics). For more information about monitoring Kubernetes with Datadog, please refer to the [Datadog documentation website](https://docs.datadoghq.com/agent/basic_agent_usage/kubernetes/). @@ -875,7 +875,7 @@ helm install \ | providers.eks.ec2.useHostnameFromFile | bool | `false` | Use hostname from EC2 filesystem instead of fetching from metadata endpoint. | | providers.gke.autopilot | bool | `false` | Enables Datadog Agent deployment on GKE Autopilot | | providers.gke.cos | bool | `false` | Enables Datadog Agent deployment on GKE with Container-Optimized OS (COS) | -| registry | string | `nil` | Registry to use for all Agent images (default to [gcr.io | eu.gcr.io | asia.gcr.io | public.ecr.aws/datadog] depending on datadog.site value) | +| registry | string | `nil` | Registry to use for all Agent images (default to [gcr.io | eu.gcr.io | asia.gcr.io | datadoghq.azurecr.io | public.ecr.aws/datadog] depending on datadog.site value) | | remoteConfiguration.enabled | bool | `true` | Set to true to enable remote configuration on the Cluster Agent (if set) and the node agent. Can be overridden if `datadog.remoteConfiguration.enabled` Preferred way to enable Remote Configuration. | | targetSystem | string | `"linux"` | Target OS for this deployment (possible values: linux, windows) | diff --git a/charts/datadog/templates/_helpers.tpl b/charts/datadog/templates/_helpers.tpl index a67ce9c9b..2060ada51 100644 --- a/charts/datadog/templates/_helpers.tpl +++ b/charts/datadog/templates/_helpers.tpl @@ -295,6 +295,8 @@ eu.gcr.io/datadoghq public.ecr.aws/datadog {{- else if eq .datadog.site "ap1.datadoghq.com" -}} asia.gcr.io/datadoghq +{{- else if eq .datadog.site "us3.datadoghq.com" -}} +datadoghq.azurecr.io {{- else -}} gcr.io/datadoghq {{- end -}} diff --git a/charts/datadog/values.yaml b/charts/datadog/values.yaml index 1130d271f..f3b04cd53 100644 --- a/charts/datadog/values.yaml +++ b/charts/datadog/values.yaml @@ -18,12 +18,13 @@ targetSystem: "linux" commonLabels: {} # team_name: dev -# registry -- Registry to use for all Agent images (default to [gcr.io | eu.gcr.io | asia.gcr.io | public.ecr.aws/datadog] depending on datadog.site value) +# registry -- Registry to use for all Agent images (default to [gcr.io | eu.gcr.io | asia.gcr.io | datadoghq.azurecr.io | public.ecr.aws/datadog] depending on datadog.site value) ## Currently we offer Datadog Agent images on: ## GCR US - use gcr.io/datadoghq ## GCR Europe - use eu.gcr.io/datadoghq ## GCR Asia - use asia.gcr.io/datadoghq +## Azure - use datadoghq.azurecr.io ## AWS - use public.ecr.aws/datadog ## DockerHub - use docker.io/datadog registry: # gcr.io/datadoghq From 9a12ba803e479b95251edfdd84855284f396fd15 Mon Sep 17 00:00:00 2001 From: Celene Date: Wed, 25 Sep 2024 15:06:47 -0400 Subject: [PATCH 130/209] fix tests (#1538) --- .github/workflows/ci.yaml | 2 + ...gent-clusterchecks-deployment_default.yaml | 12 +- .../cluster-agent-deployment_default.yaml | 16 +-- ...loyment_default_advanced_AC_injection.yaml | 16 +-- ...ployment_default_minimal_AC_injection.yaml | 18 +-- test/datadog/baseline/daemonset_default.yaml | 16 +-- test/datadog/baseline/other_default.yaml | 111 ++++++++++-------- test/datadog/process_agent_test.go | 10 +- 8 files changed, 108 insertions(+), 93 deletions(-) diff --git a/.github/workflows/ci.yaml b/.github/workflows/ci.yaml index d6a4f786a..71b9159ea 100644 --- a/.github/workflows/ci.yaml +++ b/.github/workflows/ci.yaml @@ -4,6 +4,8 @@ on: pull_request: paths: - "charts/**" + paths-ignore: + - 'test/**' jobs: changed: diff --git a/test/datadog/baseline/agent-clusterchecks-deployment_default.yaml b/test/datadog/baseline/agent-clusterchecks-deployment_default.yaml index 4cf8b1f8e..a629e6ffe 100644 --- a/test/datadog/baseline/agent-clusterchecks-deployment_default.yaml +++ b/test/datadog/baseline/agent-clusterchecks-deployment_default.yaml @@ -6,7 +6,7 @@ metadata: name: datadog-clusterchecks namespace: datadog-agent labels: - helm.sh/chart: 'datadog-3.69.3' + helm.sh/chart: 'datadog-3.73.0' app.kubernetes.io/name: "datadog" app.kubernetes.io/instance: "datadog" app.kubernetes.io/managed-by: Helm @@ -36,8 +36,8 @@ spec: name: datadog-clusterchecks annotations: - checksum/clusteragent_token: 898b7de0d59fe1803c9e99f2010332dae52edfc36ef050f7f77c7ab12b8709c5 - checksum/install_info: 88c52cd7ef5158f4eb2738b4c3b575985b7d139c6b2a25213c46c5a6266e22e7 + checksum/clusteragent_token: e95c3aa09253f021e31a1ac5c7ee014e6454d2d5fee0482b0f253e12dab68afd + checksum/install_info: 4431ead135ce20065fbe40abb5a6e6324fb9e43978cfd3ef1857d9fcaa613aa8 spec: serviceAccountName: datadog-cluster-checks automountServiceAccountToken: true @@ -45,7 +45,7 @@ spec: [] initContainers: - name: init-volume - image: "gcr.io/datadoghq/agent:7.55.2" + image: "gcr.io/datadoghq/agent:7.57.2" imagePullPolicy: IfNotPresent command: ["bash", "-c"] args: @@ -57,7 +57,7 @@ spec: resources: {} - name: init-config - image: "gcr.io/datadoghq/agent:7.55.2" + image: "gcr.io/datadoghq/agent:7.57.2" imagePullPolicy: IfNotPresent command: ["bash", "-c"] args: @@ -70,7 +70,7 @@ spec: {} containers: - name: agent - image: "gcr.io/datadoghq/agent:7.55.2" + image: "gcr.io/datadoghq/agent:7.57.2" command: ["bash", "-c"] args: - rm -rf /etc/datadog-agent/conf.d && touch /etc/datadog-agent/datadog.yaml && exec agent run diff --git a/test/datadog/baseline/cluster-agent-deployment_default.yaml b/test/datadog/baseline/cluster-agent-deployment_default.yaml index a7858e1f3..57a30d06a 100644 --- a/test/datadog/baseline/cluster-agent-deployment_default.yaml +++ b/test/datadog/baseline/cluster-agent-deployment_default.yaml @@ -6,7 +6,7 @@ metadata: name: datadog-cluster-agent namespace: datadog-agent labels: - helm.sh/chart: 'datadog-3.69.3' + helm.sh/chart: 'datadog-3.73.0' app.kubernetes.io/name: "datadog" app.kubernetes.io/instance: "datadog" app.kubernetes.io/managed-by: Helm @@ -36,17 +36,17 @@ spec: name: datadog-cluster-agent annotations: - checksum/clusteragent_token: 1e89899244fb44ae50129b361b512027fd59eeec723dc4e43ec8c54084de2f92 - checksum/clusteragent-configmap: fa5c139d4a60573ab9b4ecd4827360c3718bde0bcaaf5c9f1eae8ae24ff48edf - checksum/api_key: 43fd540dba2ec5835bddb0920a960e152d63d0dc44c95cdb376dfd5c8c39bdd4 + checksum/clusteragent_token: d786ae722980a2b7f91d4be2bf9eebfb9997a1fd85c3a0368c360cb060ed54fc + checksum/clusteragent-configmap: a4b18a57220d8a10e808c1d1fb842d71eb6b72c99041c603784aecdd4d8003cc + checksum/api_key: fee83544b853e02ebb8f3fc57ab8c3a39bec4379bd187f18a27a58bbaca57208 checksum/application_key: 01ba4719c80b6fe911b091a7c05124b64eeece964e09c058ef8f9805daca546b - checksum/install_info: 88c52cd7ef5158f4eb2738b4c3b575985b7d139c6b2a25213c46c5a6266e22e7 + checksum/install_info: 4431ead135ce20065fbe40abb5a6e6324fb9e43978cfd3ef1857d9fcaa613aa8 spec: serviceAccountName: datadog-cluster-agent automountServiceAccountToken: true initContainers: - name: init-volume - image: "gcr.io/datadoghq/cluster-agent:7.55.2" + image: "gcr.io/datadoghq/cluster-agent:7.57.2" imagePullPolicy: IfNotPresent command: - cp @@ -59,7 +59,7 @@ spec: mountPath: /opt/datadog-agent containers: - name: cluster-agent - image: "gcr.io/datadoghq/cluster-agent:7.55.2" + image: "gcr.io/datadoghq/cluster-agent:7.57.2" imagePullPolicy: IfNotPresent resources: {} @@ -237,6 +237,8 @@ spec: items: - key: kubernetes_state_core.yaml.default path: kubernetes_state_core.yaml.default + - key: kubernetes_apiserver.yaml + path: kubernetes_apiserver.yaml - name: config emptyDir: {} affinity: diff --git a/test/datadog/baseline/cluster-agent-deployment_default_advanced_AC_injection.yaml b/test/datadog/baseline/cluster-agent-deployment_default_advanced_AC_injection.yaml index 32656490f..d6572693a 100644 --- a/test/datadog/baseline/cluster-agent-deployment_default_advanced_AC_injection.yaml +++ b/test/datadog/baseline/cluster-agent-deployment_default_advanced_AC_injection.yaml @@ -6,7 +6,7 @@ metadata: name: datadog-cluster-agent namespace: datadog-agent labels: - helm.sh/chart: 'datadog-3.69.3' + helm.sh/chart: 'datadog-3.73.0' app.kubernetes.io/name: "datadog" app.kubernetes.io/instance: "datadog" app.kubernetes.io/managed-by: Helm @@ -36,17 +36,17 @@ spec: name: datadog-cluster-agent annotations: - checksum/clusteragent_token: 7991408bb52fa0f7419e6e11edf9a98b11a769fe9fd4574652c99d896a836f3a - checksum/clusteragent-configmap: fa5c139d4a60573ab9b4ecd4827360c3718bde0bcaaf5c9f1eae8ae24ff48edf - checksum/api_key: 43fd540dba2ec5835bddb0920a960e152d63d0dc44c95cdb376dfd5c8c39bdd4 + checksum/clusteragent_token: 146a7a7f2e304ae7637352cb1ecd1fd9b92739626753086c8a562b3a848904fa + checksum/clusteragent-configmap: a4b18a57220d8a10e808c1d1fb842d71eb6b72c99041c603784aecdd4d8003cc + checksum/api_key: fee83544b853e02ebb8f3fc57ab8c3a39bec4379bd187f18a27a58bbaca57208 checksum/application_key: 01ba4719c80b6fe911b091a7c05124b64eeece964e09c058ef8f9805daca546b - checksum/install_info: 88c52cd7ef5158f4eb2738b4c3b575985b7d139c6b2a25213c46c5a6266e22e7 + checksum/install_info: 4431ead135ce20065fbe40abb5a6e6324fb9e43978cfd3ef1857d9fcaa613aa8 spec: serviceAccountName: datadog-cluster-agent automountServiceAccountToken: true initContainers: - name: init-volume - image: "gcr.io/datadoghq/cluster-agent:7.55.2" + image: "gcr.io/datadoghq/cluster-agent:7.57.2" imagePullPolicy: IfNotPresent command: - cp @@ -59,7 +59,7 @@ spec: mountPath: /opt/datadog-agent containers: - name: cluster-agent - image: "gcr.io/datadoghq/cluster-agent:7.55.2" + image: "gcr.io/datadoghq/cluster-agent:7.57.2" imagePullPolicy: IfNotPresent resources: {} @@ -251,6 +251,8 @@ spec: items: - key: kubernetes_state_core.yaml.default path: kubernetes_state_core.yaml.default + - key: kubernetes_apiserver.yaml + path: kubernetes_apiserver.yaml - name: config emptyDir: {} affinity: diff --git a/test/datadog/baseline/cluster-agent-deployment_default_minimal_AC_injection.yaml b/test/datadog/baseline/cluster-agent-deployment_default_minimal_AC_injection.yaml index 25417c0a1..a461cb056 100644 --- a/test/datadog/baseline/cluster-agent-deployment_default_minimal_AC_injection.yaml +++ b/test/datadog/baseline/cluster-agent-deployment_default_minimal_AC_injection.yaml @@ -6,7 +6,7 @@ metadata: name: datadog-cluster-agent namespace: datadog-agent labels: - helm.sh/chart: 'datadog-3.69.3' + helm.sh/chart: 'datadog-3.73.0' app.kubernetes.io/name: "datadog" app.kubernetes.io/instance: "datadog" app.kubernetes.io/managed-by: Helm @@ -36,17 +36,17 @@ spec: name: datadog-cluster-agent annotations: - checksum/clusteragent_token: 1c7f1ed04182e5250ad3cdd92f5e0549d68b792b85514efd1343d473b4b0ed31 - checksum/clusteragent-configmap: fa5c139d4a60573ab9b4ecd4827360c3718bde0bcaaf5c9f1eae8ae24ff48edf - checksum/api_key: 43fd540dba2ec5835bddb0920a960e152d63d0dc44c95cdb376dfd5c8c39bdd4 + checksum/clusteragent_token: 5df33a65f728b7353527940691335906c2e2a4837cf2545fc465c3ccbdecb7cd + checksum/clusteragent-configmap: a4b18a57220d8a10e808c1d1fb842d71eb6b72c99041c603784aecdd4d8003cc + checksum/api_key: fee83544b853e02ebb8f3fc57ab8c3a39bec4379bd187f18a27a58bbaca57208 checksum/application_key: 01ba4719c80b6fe911b091a7c05124b64eeece964e09c058ef8f9805daca546b - checksum/install_info: 88c52cd7ef5158f4eb2738b4c3b575985b7d139c6b2a25213c46c5a6266e22e7 + checksum/install_info: 4431ead135ce20065fbe40abb5a6e6324fb9e43978cfd3ef1857d9fcaa613aa8 spec: serviceAccountName: datadog-cluster-agent automountServiceAccountToken: true initContainers: - name: init-volume - image: "gcr.io/datadoghq/cluster-agent:7.55.2" + image: "gcr.io/datadoghq/cluster-agent:7.57.2" imagePullPolicy: IfNotPresent command: - cp @@ -59,7 +59,7 @@ spec: mountPath: /opt/datadog-agent containers: - name: cluster-agent - image: "gcr.io/datadoghq/cluster-agent:7.55.2" + image: "gcr.io/datadoghq/cluster-agent:7.57.2" imagePullPolicy: IfNotPresent resources: {} @@ -119,7 +119,7 @@ spec: - name: DD_ADMISSION_CONTROLLER_AGENT_SIDECAR_IMAGE_NAME value: agent - name: DD_ADMISSION_CONTROLLER_AGENT_SIDECAR_IMAGE_TAG - value: 7.55.2 + value: 7.57.2 - name: DD_REMOTE_CONFIGURATION_ENABLED value: "false" - name: DD_CLUSTER_CHECKS_ENABLED @@ -247,6 +247,8 @@ spec: items: - key: kubernetes_state_core.yaml.default path: kubernetes_state_core.yaml.default + - key: kubernetes_apiserver.yaml + path: kubernetes_apiserver.yaml - name: config emptyDir: {} affinity: diff --git a/test/datadog/baseline/daemonset_default.yaml b/test/datadog/baseline/daemonset_default.yaml index 4b877c588..0661feb0b 100644 --- a/test/datadog/baseline/daemonset_default.yaml +++ b/test/datadog/baseline/daemonset_default.yaml @@ -6,7 +6,7 @@ metadata: name: datadog namespace: datadog-agent labels: - helm.sh/chart: 'datadog-3.69.3' + helm.sh/chart: 'datadog-3.73.0' app.kubernetes.io/name: "datadog" app.kubernetes.io/instance: "datadog" app.kubernetes.io/managed-by: Helm @@ -30,8 +30,8 @@ spec: name: datadog annotations: - checksum/clusteragent_token: de542da9e3ea422b2ed413961187c1fe5bd28d1608c78a8bb16a4bc64b508e9b - checksum/install_info: 88c52cd7ef5158f4eb2738b4c3b575985b7d139c6b2a25213c46c5a6266e22e7 + checksum/clusteragent_token: 6b801cdee7b458f8dc8cf101150135babecf647416c222dcf109ae6517afefc4 + checksum/install_info: 4431ead135ce20065fbe40abb5a6e6324fb9e43978cfd3ef1857d9fcaa613aa8 checksum/autoconf-config: 74234e98afe7498fb5daf1f36ac2d78acc339464f950703b8c019892f982b90b checksum/confd-config: 44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a checksum/checksd-config: 44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a @@ -42,7 +42,7 @@ spec: hostPID: true containers: - name: agent - image: "gcr.io/datadoghq/agent:7.55.2" + image: "gcr.io/datadoghq/agent:7.57.2" imagePullPolicy: IfNotPresent command: ["agent", "run"] @@ -202,7 +202,7 @@ spec: successThreshold: 1 timeoutSeconds: 5 - name: trace-agent - image: "gcr.io/datadoghq/agent:7.55.2" + image: "gcr.io/datadoghq/agent:7.57.2" imagePullPolicy: IfNotPresent command: ["trace-agent", "-config=/etc/datadog-agent/datadog.yaml"] resources: @@ -308,7 +308,7 @@ spec: port: 8126 timeoutSeconds: 5 - name: process-agent - image: "gcr.io/datadoghq/agent:7.55.2" + image: "gcr.io/datadoghq/agent:7.57.2" imagePullPolicy: IfNotPresent command: ["process-agent", "--cfgpath=/etc/datadog-agent/datadog.yaml"] resources: @@ -405,7 +405,7 @@ spec: - name: init-volume - image: "gcr.io/datadoghq/agent:7.55.2" + image: "gcr.io/datadoghq/agent:7.57.2" imagePullPolicy: IfNotPresent command: ["bash", "-c"] args: @@ -418,7 +418,7 @@ spec: {} - name: init-config - image: "gcr.io/datadoghq/agent:7.55.2" + image: "gcr.io/datadoghq/agent:7.57.2" imagePullPolicy: IfNotPresent command: - bash diff --git a/test/datadog/baseline/other_default.yaml b/test/datadog/baseline/other_default.yaml index cdb527639..202d88d15 100644 --- a/test/datadog/baseline/other_default.yaml +++ b/test/datadog/baseline/other_default.yaml @@ -6,7 +6,7 @@ metadata: name: datadog-clusterchecks namespace: datadog-agent labels: - helm.sh/chart: 'datadog-3.69.3' + helm.sh/chart: 'datadog-3.73.0' app.kubernetes.io/name: "datadog" app.kubernetes.io/instance: "datadog" app.kubernetes.io/managed-by: Helm @@ -24,7 +24,7 @@ metadata: name: datadog-cluster-agent namespace: datadog-agent labels: - helm.sh/chart: 'datadog-3.69.3' + helm.sh/chart: 'datadog-3.73.0' app.kubernetes.io/name: "datadog" app.kubernetes.io/instance: "datadog" app.kubernetes.io/managed-by: Helm @@ -41,13 +41,13 @@ kind: ServiceAccount automountServiceAccountToken: true metadata: labels: - helm.sh/chart: 'datadog-3.69.3' + helm.sh/chart: 'datadog-3.73.0' app.kubernetes.io/name: "datadog" app.kubernetes.io/instance: "datadog" app.kubernetes.io/managed-by: Helm app.kubernetes.io/version: "7" app: "datadog" - chart: "datadog-3.69.3" + chart: "datadog-3.73.0" heritage: "Helm" release: "datadog" name: datadog-cluster-checks @@ -60,10 +60,10 @@ automountServiceAccountToken: true metadata: labels: app: "datadog" - chart: "datadog-3.69.3" + chart: "datadog-3.73.0" heritage: "Helm" release: "datadog" - helm.sh/chart: 'datadog-3.69.3' + helm.sh/chart: 'datadog-3.73.0' app.kubernetes.io/name: "datadog" app.kubernetes.io/instance: "datadog" app.kubernetes.io/managed-by: Helm @@ -79,7 +79,7 @@ metadata: name: datadog namespace: datadog-agent labels: - helm.sh/chart: 'datadog-3.69.3' + helm.sh/chart: 'datadog-3.73.0' app.kubernetes.io/name: "datadog" app.kubernetes.io/instance: "datadog" app.kubernetes.io/managed-by: Helm @@ -92,14 +92,14 @@ metadata: name: datadog-cluster-agent namespace: datadog-agent labels: - helm.sh/chart: 'datadog-3.69.3' + helm.sh/chart: 'datadog-3.73.0' app.kubernetes.io/name: "datadog" app.kubernetes.io/instance: "datadog" app.kubernetes.io/managed-by: Helm app.kubernetes.io/version: "7" type: Opaque data: - token: "Y2NkeDBJRG50UWdHTlRiUWtIMTNRV2x2Wkk2VVA5VEE=" + token: "RmllNXRpbDNzWGNCeXpsVFpPOUU4ZXUzSVZncU1NeFA=" --- # Source: datadog/templates/cluster-agent-confd-configmap.yaml apiVersion: v1 @@ -108,7 +108,7 @@ metadata: name: datadog-cluster-agent-confd namespace: datadog-agent labels: - helm.sh/chart: 'datadog-3.69.3' + helm.sh/chart: 'datadog-3.73.0' app.kubernetes.io/name: "datadog" app.kubernetes.io/instance: "datadog" app.kubernetes.io/managed-by: Helm @@ -149,6 +149,11 @@ data: {} annotations_as_tags: {} + kubernetes_apiserver.yaml: |- + init_config: + instances: + - filtering_enabled: false + unbundle_events: false --- # Source: datadog/templates/install_info-configmap.yaml apiVersion: v1 @@ -157,20 +162,20 @@ metadata: name: datadog-installinfo namespace: datadog-agent labels: - helm.sh/chart: 'datadog-3.69.3' + helm.sh/chart: 'datadog-3.73.0' app.kubernetes.io/name: "datadog" app.kubernetes.io/instance: "datadog" app.kubernetes.io/managed-by: Helm app.kubernetes.io/version: "7" annotations: - checksum/install_info: 88c52cd7ef5158f4eb2738b4c3b575985b7d139c6b2a25213c46c5a6266e22e7 + checksum/install_info: 4431ead135ce20065fbe40abb5a6e6324fb9e43978cfd3ef1857d9fcaa613aa8 data: install_info: | --- install_method: tool: helm tool_version: Helm - installer_version: datadog-3.69.3 + installer_version: datadog-3.73.0 --- # Source: datadog/templates/kpi-telemetry-configmap.yaml apiVersion: v1 @@ -179,22 +184,22 @@ metadata: name: datadog-kpi-telemetry-configmap namespace: datadog-agent labels: - helm.sh/chart: 'datadog-3.69.3' + helm.sh/chart: 'datadog-3.73.0' app.kubernetes.io/name: "datadog" app.kubernetes.io/instance: "datadog" app.kubernetes.io/managed-by: Helm app.kubernetes.io/version: "7" data: install_type: k8s_manual - install_id: "ea017c66-3746-4347-86ef-32a14ddda1c7" - install_time: "1723838680" + install_id: "eadedf6d-d365-4d8d-860f-93fcf8617956" + install_time: "1727279193" --- # Source: datadog/templates/cluster-agent-rbac.yaml apiVersion: "rbac.authorization.k8s.io/v1" kind: ClusterRole metadata: labels: - helm.sh/chart: 'datadog-3.69.3' + helm.sh/chart: 'datadog-3.73.0' app.kubernetes.io/name: "datadog" app.kubernetes.io/instance: "datadog" app.kubernetes.io/managed-by: Helm @@ -409,7 +414,7 @@ apiVersion: "rbac.authorization.k8s.io/v1" kind: ClusterRole metadata: labels: - helm.sh/chart: 'datadog-3.69.3' + helm.sh/chart: 'datadog-3.73.0' app.kubernetes.io/name: "datadog" app.kubernetes.io/instance: "datadog" app.kubernetes.io/managed-by: Helm @@ -505,7 +510,7 @@ kind: ClusterRole metadata: name: datadog labels: - helm.sh/chart: 'datadog-3.69.3' + helm.sh/chart: 'datadog-3.73.0' app.kubernetes.io/name: "datadog" app.kubernetes.io/instance: "datadog" app.kubernetes.io/managed-by: Helm @@ -553,7 +558,7 @@ apiVersion: "rbac.authorization.k8s.io/v1" kind: ClusterRoleBinding metadata: labels: - helm.sh/chart: 'datadog-3.69.3' + helm.sh/chart: 'datadog-3.73.0' app.kubernetes.io/name: "datadog" app.kubernetes.io/instance: "datadog" app.kubernetes.io/managed-by: Helm @@ -573,7 +578,7 @@ apiVersion: "rbac.authorization.k8s.io/v1" kind: ClusterRoleBinding metadata: labels: - helm.sh/chart: 'datadog-3.69.3' + helm.sh/chart: 'datadog-3.73.0' app.kubernetes.io/name: "datadog" app.kubernetes.io/instance: "datadog" app.kubernetes.io/managed-by: Helm @@ -593,7 +598,7 @@ apiVersion: "rbac.authorization.k8s.io/v1" kind: ClusterRoleBinding metadata: labels: - helm.sh/chart: 'datadog-3.69.3' + helm.sh/chart: 'datadog-3.73.0' app.kubernetes.io/name: "datadog" app.kubernetes.io/instance: "datadog" app.kubernetes.io/managed-by: Helm @@ -614,7 +619,7 @@ kind: ClusterRoleBinding metadata: name: datadog labels: - helm.sh/chart: 'datadog-3.69.3' + helm.sh/chart: 'datadog-3.73.0' app.kubernetes.io/name: "datadog" app.kubernetes.io/instance: "datadog" app.kubernetes.io/managed-by: Helm @@ -633,7 +638,7 @@ apiVersion: "rbac.authorization.k8s.io/v1" kind: Role metadata: labels: - helm.sh/chart: 'datadog-3.69.3' + helm.sh/chart: 'datadog-3.73.0' app.kubernetes.io/name: "datadog" app.kubernetes.io/instance: "datadog" app.kubernetes.io/managed-by: Helm @@ -650,7 +655,7 @@ apiVersion: "rbac.authorization.k8s.io/v1" kind: Role metadata: labels: - helm.sh/chart: 'datadog-3.69.3' + helm.sh/chart: 'datadog-3.73.0' app.kubernetes.io/name: "datadog" app.kubernetes.io/instance: "datadog" app.kubernetes.io/managed-by: Helm @@ -672,7 +677,7 @@ apiVersion: "rbac.authorization.k8s.io/v1" kind: RoleBinding metadata: labels: - helm.sh/chart: 'datadog-3.69.3' + helm.sh/chart: 'datadog-3.73.0' app.kubernetes.io/name: "datadog" app.kubernetes.io/instance: "datadog" app.kubernetes.io/managed-by: Helm @@ -693,7 +698,7 @@ apiVersion: "rbac.authorization.k8s.io/v1" kind: RoleBinding metadata: labels: - helm.sh/chart: 'datadog-3.69.3' + helm.sh/chart: 'datadog-3.73.0' app.kubernetes.io/name: "datadog" app.kubernetes.io/instance: "datadog" app.kubernetes.io/managed-by: Helm @@ -716,7 +721,7 @@ metadata: name: datadog-cluster-agent namespace: datadog-agent labels: - helm.sh/chart: 'datadog-3.69.3' + helm.sh/chart: 'datadog-3.73.0' app.kubernetes.io/name: "datadog" app.kubernetes.io/instance: "datadog" app.kubernetes.io/managed-by: Helm @@ -738,10 +743,10 @@ metadata: namespace: datadog-agent labels: app: "datadog" - chart: "datadog-3.69.3" + chart: "datadog-3.73.0" release: "datadog" heritage: "Helm" - helm.sh/chart: 'datadog-3.69.3' + helm.sh/chart: 'datadog-3.73.0' app.kubernetes.io/name: "datadog" app.kubernetes.io/instance: "datadog" app.kubernetes.io/managed-by: Helm @@ -764,10 +769,10 @@ metadata: namespace: datadog-agent labels: app: "datadog" - chart: "datadog-3.69.3" + chart: "datadog-3.73.0" release: "datadog" heritage: "Helm" - helm.sh/chart: 'datadog-3.69.3' + helm.sh/chart: 'datadog-3.73.0' app.kubernetes.io/name: "datadog" app.kubernetes.io/instance: "datadog" app.kubernetes.io/managed-by: Helm @@ -793,7 +798,7 @@ metadata: name: datadog namespace: datadog-agent labels: - helm.sh/chart: 'datadog-3.69.3' + helm.sh/chart: 'datadog-3.73.0' app.kubernetes.io/name: "datadog" app.kubernetes.io/instance: "datadog" app.kubernetes.io/managed-by: Helm @@ -817,8 +822,8 @@ spec: name: datadog annotations: - checksum/clusteragent_token: 2eda47b55579b010297762c6bc060f2992f6c3663c187124b71071457e50321d - checksum/install_info: 88c52cd7ef5158f4eb2738b4c3b575985b7d139c6b2a25213c46c5a6266e22e7 + checksum/clusteragent_token: a73a414b38d45377a23c51d2dc231cae02e9fcc4eb937bfe7d692f0f989e1391 + checksum/install_info: 4431ead135ce20065fbe40abb5a6e6324fb9e43978cfd3ef1857d9fcaa613aa8 checksum/autoconf-config: 74234e98afe7498fb5daf1f36ac2d78acc339464f950703b8c019892f982b90b checksum/confd-config: 44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a checksum/checksd-config: 44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a @@ -829,7 +834,7 @@ spec: hostPID: true containers: - name: agent - image: "gcr.io/datadoghq/agent:7.55.2" + image: "gcr.io/datadoghq/agent:7.57.2" imagePullPolicy: IfNotPresent command: ["agent", "run"] @@ -990,7 +995,7 @@ spec: successThreshold: 1 timeoutSeconds: 5 - name: trace-agent - image: "gcr.io/datadoghq/agent:7.55.2" + image: "gcr.io/datadoghq/agent:7.57.2" imagePullPolicy: IfNotPresent command: ["trace-agent", "-config=/etc/datadog-agent/datadog.yaml"] resources: @@ -1096,7 +1101,7 @@ spec: port: 8126 timeoutSeconds: 5 - name: process-agent - image: "gcr.io/datadoghq/agent:7.55.2" + image: "gcr.io/datadoghq/agent:7.57.2" imagePullPolicy: IfNotPresent command: ["process-agent", "--cfgpath=/etc/datadog-agent/datadog.yaml"] resources: @@ -1193,7 +1198,7 @@ spec: - name: init-volume - image: "gcr.io/datadoghq/agent:7.55.2" + image: "gcr.io/datadoghq/agent:7.57.2" imagePullPolicy: IfNotPresent command: ["bash", "-c"] args: @@ -1206,7 +1211,7 @@ spec: {} - name: init-config - image: "gcr.io/datadoghq/agent:7.55.2" + image: "gcr.io/datadoghq/agent:7.57.2" imagePullPolicy: IfNotPresent command: - bash @@ -1311,7 +1316,7 @@ metadata: name: datadog-clusterchecks namespace: datadog-agent labels: - helm.sh/chart: 'datadog-3.69.3' + helm.sh/chart: 'datadog-3.73.0' app.kubernetes.io/name: "datadog" app.kubernetes.io/instance: "datadog" app.kubernetes.io/managed-by: Helm @@ -1341,8 +1346,8 @@ spec: name: datadog-clusterchecks annotations: - checksum/clusteragent_token: df513ccb46ac6f45f78030ba267aede6b25632a9d5beda28d8d1e3edf07a1601 - checksum/install_info: 88c52cd7ef5158f4eb2738b4c3b575985b7d139c6b2a25213c46c5a6266e22e7 + checksum/clusteragent_token: 76253444996a0411d5a94059333082990230f8818371b4c7b8493c5147e20108 + checksum/install_info: 4431ead135ce20065fbe40abb5a6e6324fb9e43978cfd3ef1857d9fcaa613aa8 spec: serviceAccountName: datadog-cluster-checks automountServiceAccountToken: true @@ -1350,7 +1355,7 @@ spec: [] initContainers: - name: init-volume - image: "gcr.io/datadoghq/agent:7.55.2" + image: "gcr.io/datadoghq/agent:7.57.2" imagePullPolicy: IfNotPresent command: ["bash", "-c"] args: @@ -1362,7 +1367,7 @@ spec: resources: {} - name: init-config - image: "gcr.io/datadoghq/agent:7.55.2" + image: "gcr.io/datadoghq/agent:7.57.2" imagePullPolicy: IfNotPresent command: ["bash", "-c"] args: @@ -1375,7 +1380,7 @@ spec: {} containers: - name: agent - image: "gcr.io/datadoghq/agent:7.55.2" + image: "gcr.io/datadoghq/agent:7.57.2" command: ["bash", "-c"] args: - rm -rf /etc/datadog-agent/conf.d && touch /etc/datadog-agent/datadog.yaml && exec agent run @@ -1502,7 +1507,7 @@ metadata: name: datadog-cluster-agent namespace: datadog-agent labels: - helm.sh/chart: 'datadog-3.69.3' + helm.sh/chart: 'datadog-3.73.0' app.kubernetes.io/name: "datadog" app.kubernetes.io/instance: "datadog" app.kubernetes.io/managed-by: Helm @@ -1532,15 +1537,15 @@ spec: name: datadog-cluster-agent annotations: - checksum/clusteragent_token: 61cab1de9ffa31fa392576b66b69e7fef5e5918ac8257f49fa119b96c0941f34 - checksum/clusteragent-configmap: 7d7437f233eef67301769d5141b59f31f12ac10c0354e17bf5ae9405058ea53b - checksum/install_info: 88c52cd7ef5158f4eb2738b4c3b575985b7d139c6b2a25213c46c5a6266e22e7 + checksum/clusteragent_token: 8d93968cf1fcd7528edb7c1d0667c1e200602d1dbcc33fbf7c7274cabc757ee1 + checksum/clusteragent-configmap: 65496f49f667006695458d448536cabbf214be02a08201234f491c7a3b50e1bd + checksum/install_info: 4431ead135ce20065fbe40abb5a6e6324fb9e43978cfd3ef1857d9fcaa613aa8 spec: serviceAccountName: datadog-cluster-agent automountServiceAccountToken: true initContainers: - name: init-volume - image: "gcr.io/datadoghq/cluster-agent:7.55.2" + image: "gcr.io/datadoghq/cluster-agent:7.57.2" imagePullPolicy: IfNotPresent command: - cp @@ -1553,7 +1558,7 @@ spec: mountPath: /opt/datadog-agent containers: - name: cluster-agent - image: "gcr.io/datadoghq/cluster-agent:7.55.2" + image: "gcr.io/datadoghq/cluster-agent:7.57.2" imagePullPolicy: IfNotPresent resources: {} @@ -1733,6 +1738,8 @@ spec: items: - key: kubernetes_state_core.yaml.default path: kubernetes_state_core.yaml.default + - key: kubernetes_apiserver.yaml + path: kubernetes_apiserver.yaml - name: config emptyDir: {} affinity: diff --git a/test/datadog/process_agent_test.go b/test/datadog/process_agent_test.go index 941bf00a7..a9f16bc4d 100644 --- a/test/datadog/process_agent_test.go +++ b/test/datadog/process_agent_test.go @@ -236,12 +236,12 @@ func Test_processAgentConfigs(t *testing.T) { ReleaseName: "datadog", ChartPath: "../../charts/datadog", ShowOnly: []string{"templates/daemonset.yaml"}, - Values: []string{"../../charts/datadog/values.yaml", "values/process-run-in-core-envvars.yaml" }, + Values: []string{"../../charts/datadog/values.yaml", "values/process-run-in-core-envvars.yaml"}, Overrides: map[string]string{ - "datadog.apiKeyExistingSecret": "datadog-secret", - "datadog.appKeyExistingSecret": "datadog-secret", - "datadog.processAgent.runInCoreAgent": "false", - "agents.image.doNotCheckTag": "true", + "datadog.apiKeyExistingSecret": "datadog-secret", + "datadog.appKeyExistingSecret": "datadog-secret", + "datadog.processAgent.runInCoreAgent": "false", + "agents.image.doNotCheckTag": "true", "datadog.processAgent.processCollection": "true", }, }, From 9b2cda2c3330af8625e44b7f4342fadf61932592 Mon Sep 17 00:00:00 2001 From: Celene Date: Thu, 26 Sep 2024 09:05:38 -0400 Subject: [PATCH 131/209] [ci] rm paths-ignore from lint and test charts (#1539) --- .github/workflows/ci.yaml | 2 -- 1 file changed, 2 deletions(-) diff --git a/.github/workflows/ci.yaml b/.github/workflows/ci.yaml index 71b9159ea..d6a4f786a 100644 --- a/.github/workflows/ci.yaml +++ b/.github/workflows/ci.yaml @@ -4,8 +4,6 @@ on: pull_request: paths: - "charts/**" - paths-ignore: - - 'test/**' jobs: changed: From 655672b6579a64abe43b0202312a0a52ea1a5231 Mon Sep 17 00:00:00 2001 From: Gabriel Plassard <138318954+dd-gplassard@users.noreply.github.com> Date: Thu, 26 Sep 2024 18:19:32 +0200 Subject: [PATCH 132/209] Tests for private action runner helm chart (#1532) * Revert "Remove tests as they are not actually testing" This reverts commit 04de79edda9fee6371cebd097bb10476ce4c3f22. * Use helm.DiffAgainstSnapshot for the snapshot test * Add github workflow for private-action-runner * Rename workflow * Remove change to datadog operator * Fix CI test configuration * Update tests * Bump go version for `datadog-operator` CI * Add flag parsing --------- Co-authored-by: levan-m <116471169+levan-m@users.noreply.github.com> --- .github/CODEOWNERS | 1 + .../go-test-private-action-runner.yaml | 34 ++++ .github/workflows/go-test.yaml | 2 +- Makefile | 4 + test/.gitignore | 1 + test/go.mod | 47 +++-- test/go.sum | 125 ++++++++----- .../__snapshot__/default.yaml | 124 +++++++++++++ .../enable-kubernetes-actions.yaml | 168 ++++++++++++++++++ test/private-action-runner/baseline_test.go | 67 +++++++ test/private-action-runner/testmain_test.go | 13 ++ 11 files changed, 523 insertions(+), 63 deletions(-) create mode 100644 .github/workflows/go-test-private-action-runner.yaml create mode 100644 test/private-action-runner/__snapshot__/default.yaml create mode 100644 test/private-action-runner/__snapshot__/enable-kubernetes-actions.yaml create mode 100644 test/private-action-runner/baseline_test.go create mode 100644 test/private-action-runner/testmain_test.go diff --git a/.github/CODEOWNERS b/.github/CODEOWNERS index 24d14b28a..88dcac83a 100644 --- a/.github/CODEOWNERS +++ b/.github/CODEOWNERS @@ -18,3 +18,4 @@ charts/datadog/templates/system-probe-configmap.yaml @DataDog/ebpf-platform @D charts/synthetics-private-location/ @Datadog/synthetics charts/observability-pipelines-worker @DataDog/observability-pipelines charts/private-action-runner @DataDog/action-platform +test/private-action-runner @DataDog/action-platform diff --git a/.github/workflows/go-test-private-action-runner.yaml b/.github/workflows/go-test-private-action-runner.yaml new file mode 100644 index 000000000..a42811bde --- /dev/null +++ b/.github/workflows/go-test-private-action-runner.yaml @@ -0,0 +1,34 @@ +name: Go Test Private Action Runner +on: + push: + paths: + - 'test/private-action-runner/**' + - 'charts/private-action-runner/**' + pull_request: + paths: + - 'test/private-action-runner/**' + - 'charts/private-action-runner/**' +env: + GO111MODULE: "on" + PROJECTNAME: "helm-charts" +jobs: + build: + runs-on: ubuntu-latest + steps: + - name: Set up Go + uses: actions/setup-go@v1 + with: + go-version: 1.21 + id: go + - name: Set up Helm + uses: azure/setup-helm@v3.5 + with: + version: v3.10.1 + - name: Add Datadog Helm repo + run: helm repo add datadog https://helm.datadoghq.com && helm repo update + - name: Check out code into the Go module directory + uses: actions/checkout@v1 + - name: run Go tests + run: | + helm dependency build ./charts/private-action-runner + make unit-test-private-action-runner diff --git a/.github/workflows/go-test.yaml b/.github/workflows/go-test.yaml index 1b17bd990..8b83c292b 100644 --- a/.github/workflows/go-test.yaml +++ b/.github/workflows/go-test.yaml @@ -18,7 +18,7 @@ jobs: - name: Set up Go uses: actions/setup-go@v1 with: - go-version: 1.20 + go-version: 1.21 id: go - name: Set up Helm uses: azure/setup-helm@v3.5 diff --git a/Makefile b/Makefile index ed8bc8441..493319bbe 100644 --- a/Makefile +++ b/Makefile @@ -52,6 +52,10 @@ unit-test: unit-test-operator: go test -C test ./datadog-operator -count=1 +.PHONY: unit-test-private-action-runner +unit-test-private-action-runner: + go test -C test ./private-action-runner -count=1 + .PHONY: update-test-baselines update-test-baselines: go test -C test ./... -count=1 -args -updateBaselines=true diff --git a/test/.gitignore b/test/.gitignore index 22d0d82f8..9563de822 100644 --- a/test/.gitignore +++ b/test/.gitignore @@ -1 +1,2 @@ vendor +private-action-runner/*.yaml diff --git a/test/go.mod b/test/go.mod index ea7c8e545..a74f5e3ac 100644 --- a/test/go.mod +++ b/test/go.mod @@ -1,14 +1,14 @@ module github.com/DataDog/helm-charts/test -go 1.20 +go 1.21 require ( github.com/DataDog/datadog-agent/test/new-e2e v0.50.2 github.com/DataDog/test-infra-definitions v0.0.0-20231113131450-99ce13afdb49 - github.com/google/go-cmp v0.5.9 - github.com/gruntwork-io/terratest v0.43.0 + github.com/google/go-cmp v0.6.0 + github.com/gruntwork-io/terratest v0.46.16 github.com/pulumi/pulumi/sdk/v3 v3.99.0 - github.com/stretchr/testify v1.8.5-0.20231013065317-89920137cdfa + github.com/stretchr/testify v1.9.0 k8s.io/api v0.28.4 k8s.io/apiextensions-apiserver v0.23.5 k8s.io/apimachinery v0.28.4 @@ -17,10 +17,10 @@ require ( require ( dario.cat/mergo v1.0.0 // indirect + github.com/BurntSushi/toml v1.3.2 // indirect github.com/Masterminds/semver v1.5.0 // indirect github.com/Microsoft/go-winio v0.6.1 // indirect - github.com/ProtonMail/go-crypto v0.0.0-20230828082145-3c4c8a2d2371 // indirect - github.com/acomagu/bufpipe v1.0.4 // indirect + github.com/ProtonMail/go-crypto v1.0.0 // indirect github.com/aead/chacha20 v0.0.0-20180709150244-8b13a72661da // indirect github.com/agext/levenshtein v1.2.3 // indirect github.com/alessio/shellescape v1.4.2 // indirect @@ -51,7 +51,7 @@ require ( github.com/charmbracelet/bubbletea v0.24.2 // indirect github.com/charmbracelet/lipgloss v0.7.1 // indirect github.com/cheggaaa/pb v1.0.29 // indirect - github.com/cloudflare/circl v1.3.3 // indirect + github.com/cloudflare/circl v1.3.7 // indirect github.com/containerd/console v1.0.4-0.20230313162750-1ae8d489ac81 // indirect github.com/cpuguy83/go-md2man/v2 v2.0.3 // indirect github.com/cyphar/filepath-securejoin v0.2.4 // indirect @@ -64,7 +64,7 @@ require ( github.com/go-errors/errors v1.4.2 // indirect github.com/go-git/gcfg v1.5.1-0.20230307220236-3a3c6141e376 // indirect github.com/go-git/go-billy/v5 v5.5.0 // indirect - github.com/go-git/go-git/v5 v5.9.0 // indirect + github.com/go-git/go-git/v5 v5.12.0 // indirect github.com/go-logr/logr v1.2.4 // indirect github.com/go-openapi/jsonpointer v0.19.6 // indirect github.com/go-openapi/jsonreference v0.20.2 // indirect @@ -74,14 +74,21 @@ require ( github.com/golang/glog v1.1.2 // indirect github.com/golang/groupcache v0.0.0-20210331224755-41bb18bfe9da // indirect github.com/golang/protobuf v1.5.3 // indirect + github.com/gonvenience/bunt v1.3.5 // indirect + github.com/gonvenience/neat v1.3.12 // indirect + github.com/gonvenience/term v1.0.2 // indirect + github.com/gonvenience/text v1.0.7 // indirect + github.com/gonvenience/wrap v1.1.2 // indirect + github.com/gonvenience/ytbx v1.4.4 // indirect github.com/google/gnostic-models v0.6.8 // indirect github.com/google/gofuzz v1.2.0 // indirect github.com/google/uuid v1.5.0 // indirect github.com/grpc-ecosystem/grpc-opentracing v0.0.0-20180507213350-8e809c8a8645 // indirect - github.com/gruntwork-io/go-commons v0.8.0 // indirect + github.com/gruntwork-io/go-commons v0.17.2 // indirect github.com/hashicorp/errwrap v1.1.0 // indirect github.com/hashicorp/go-multierror v1.1.1 // indirect github.com/hashicorp/hcl/v2 v2.17.0 // indirect + github.com/homeport/dyff v1.6.0 // indirect github.com/imdario/mergo v0.3.16 // indirect github.com/inconshreveable/mousetrap v1.1.0 // indirect github.com/jbenet/go-context v0.0.0-20150711004518-d14ea06fba99 // indirect @@ -92,13 +99,15 @@ require ( github.com/kr/fs v0.1.0 // indirect github.com/lucasb-eyer/go-colorful v1.2.0 // indirect github.com/mailru/easyjson v0.7.7 // indirect + github.com/mattn/go-ciede2000 v0.0.0-20170301095244-782e8c62fec3 // indirect github.com/mattn/go-isatty v0.0.20 // indirect github.com/mattn/go-localereader v0.0.1 // indirect github.com/mattn/go-runewidth v0.0.15 // indirect - github.com/mattn/go-zglob v0.0.2-0.20190814121620-e3c945676326 // indirect + github.com/mattn/go-zglob v0.0.3 // indirect github.com/mitchellh/go-homedir v1.1.0 // indirect github.com/mitchellh/go-ps v1.0.0 // indirect github.com/mitchellh/go-wordwrap v1.0.1 // indirect + github.com/mitchellh/hashstructure v1.1.0 // indirect github.com/moby/spdystream v0.2.0 // indirect github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd // indirect github.com/modern-go/reflect2 v1.0.2 // indirect @@ -132,8 +141,8 @@ require ( github.com/sabhiram/go-gitignore v0.0.0-20210923224102-525f6e181f06 // indirect github.com/samber/lo v1.38.1 // indirect github.com/santhosh-tekuri/jsonschema/v5 v5.3.1 // indirect - github.com/sergi/go-diff v1.3.1 // indirect - github.com/skeema/knownhosts v1.2.0 // indirect + github.com/sergi/go-diff v1.3.2-0.20230802210424-5b0b94c5c0d3 // indirect + github.com/skeema/knownhosts v1.2.2 // indirect github.com/spf13/cast v1.5.1 // indirect github.com/spf13/cobra v1.8.0 // indirect github.com/spf13/pflag v1.0.5 // indirect @@ -141,25 +150,27 @@ require ( github.com/tweekmonster/luser v0.0.0-20161003172636-3fa38070dbd7 // indirect github.com/uber/jaeger-client-go v2.30.0+incompatible // indirect github.com/uber/jaeger-lib v2.4.1+incompatible // indirect - github.com/urfave/cli v1.22.2 // indirect + github.com/urfave/cli/v2 v2.10.3 // indirect + github.com/virtuald/go-ordered-json v0.0.0-20170621173500-b18e6e673d74 // indirect github.com/xanzy/ssh-agent v0.3.3 // indirect + github.com/xrash/smetrics v0.0.0-20201216005158-039620a65673 // indirect github.com/zclconf/go-cty v1.13.2 // indirect go.uber.org/atomic v1.11.0 // indirect - golang.org/x/crypto v0.17.0 // indirect + golang.org/x/crypto v0.21.0 // indirect golang.org/x/exp v0.0.0-20231110203233-9a3e6036ecaa // indirect golang.org/x/mod v0.14.0 // indirect - golang.org/x/net v0.19.0 // indirect + golang.org/x/net v0.23.0 // indirect golang.org/x/oauth2 v0.11.0 // indirect golang.org/x/sync v0.5.0 // indirect - golang.org/x/sys v0.15.0 // indirect - golang.org/x/term v0.15.0 // indirect + golang.org/x/sys v0.18.0 // indirect + golang.org/x/term v0.18.0 // indirect golang.org/x/text v0.14.0 // indirect golang.org/x/time v0.3.0 // indirect golang.org/x/tools v0.15.0 // indirect google.golang.org/appengine v1.6.7 // indirect google.golang.org/genproto/googleapis/rpc v0.0.0-20230822172742-b8732ec3820d // indirect google.golang.org/grpc v1.59.0 // indirect - google.golang.org/protobuf v1.31.0 // indirect + google.golang.org/protobuf v1.33.0 // indirect gopkg.in/inf.v0 v0.9.1 // indirect gopkg.in/tomb.v1 v1.0.0-20141024135613-dd632973f1e7 // indirect gopkg.in/warnings.v0 v0.1.2 // indirect diff --git a/test/go.sum b/test/go.sum index 3d02d06f4..6acda2f4d 100644 --- a/test/go.sum +++ b/test/go.sum @@ -49,12 +49,15 @@ github.com/Azure/go-autorest/autorest/mocks v0.4.1/go.mod h1:LTp+uSrOhSkaKrUy935 github.com/Azure/go-autorest/logger v0.2.1/go.mod h1:T9E3cAhj2VqvPOtCYAvby9aBXkZmbF5NWuPV8+WeEW8= github.com/Azure/go-autorest/tracing v0.6.0/go.mod h1:+vhtPC754Xsa23ID7GlGsrdKBpUA79WCAKPPZVC2DeU= github.com/BurntSushi/toml v0.3.1/go.mod h1:xHWCNGjB5oqiDr8zfno3MHue2Ht5sIBksp03qcyfWMU= +github.com/BurntSushi/toml v1.3.2 h1:o7IhLm0Msx3BaB+n3Ag7L8EVlByGnpq14C4YWiu/gL8= +github.com/BurntSushi/toml v1.3.2/go.mod h1:CxXYINrC8qIiEnFrOxCa7Jy5BFHlXnUU2pbicEuybxQ= github.com/BurntSushi/xgb v0.0.0-20160522181843-27f122750802/go.mod h1:IVnqGOEym/WlBOVXweHU+Q+/VP0lqqI8lqeDx9IjBqo= github.com/DataDog/datadog-agent/test/new-e2e v0.50.2 h1:iDRXnDeZ0EfAdRUuAqwEKtrBSq0WU2H0UGbFoNz35mk= github.com/DataDog/datadog-agent/test/new-e2e v0.50.2/go.mod h1:QB38Gm39iGOhs2wzGyZSIYIXUs3/BP+DjP/H6OJJu8A= github.com/DataDog/test-infra-definitions v0.0.0-20231113131450-99ce13afdb49 h1:X08p5axuFeIC+9UWyZukTQTvpP6YKcKxjjvB6i6NWyc= github.com/DataDog/test-infra-definitions v0.0.0-20231113131450-99ce13afdb49/go.mod h1:PqwpYO1dh26TxKAY1TiiMLmmSxzytx3OrXtYl086m2c= github.com/HdrHistogram/hdrhistogram-go v1.1.2 h1:5IcZpTvzydCQeHzK4Ef/D5rrSqwxob0t8PQPMybUNFM= +github.com/HdrHistogram/hdrhistogram-go v1.1.2/go.mod h1:yDgFjdqOqDEKOvasDdhWNXYg9BVp4O+o5f6V/ehm6Oo= github.com/Masterminds/semver v1.5.0 h1:H65muMkzWKEuNDnfl9d70GUjFniHKHRbFPGBuZ3QEww= github.com/Masterminds/semver v1.5.0/go.mod h1:MB6lktGJrhw8PrUyiEoblNEGEQ+RzHPF078ddwwvV3Y= github.com/Microsoft/go-winio v0.4.14/go.mod h1:qXqCSQ3Xa7+6tgxaGTIe4Kpcdsi+P8jBhyzoq1bpyYA= @@ -66,13 +69,11 @@ github.com/NYTimes/gziphandler v0.0.0-20170623195520-56545f4a5d46/go.mod h1:3wb0 github.com/NYTimes/gziphandler v1.1.1/go.mod h1:n/CVRwUEOgIxrgPvAQhUUr9oeUtvrhMomdKFjzJNB0c= github.com/OneOfOne/xxhash v1.2.2/go.mod h1:HSdplMjZKSmBqAxg5vPj2TmRDmfkzw+cTzAElWljhcU= github.com/ProtonMail/go-crypto v0.0.0-20210428141323-04723f9f07d7/go.mod h1:z4/9nQmJSSwwds7ejkxaJwO37dru3geImFUdJlaLzQo= -github.com/ProtonMail/go-crypto v0.0.0-20230828082145-3c4c8a2d2371 h1:kkhsdkhsCvIsutKu5zLMgWtgh9YxGCNAw8Ad8hjwfYg= -github.com/ProtonMail/go-crypto v0.0.0-20230828082145-3c4c8a2d2371/go.mod h1:EjAoLdwvbIOoOQr3ihjnSoLZRtE8azugULFRteWMNc0= +github.com/ProtonMail/go-crypto v1.0.0 h1:LRuvITjQWX+WIfr930YHG2HNfjR1uOfyf5vE0kC2U78= +github.com/ProtonMail/go-crypto v1.0.0/go.mod h1:EjAoLdwvbIOoOQr3ihjnSoLZRtE8azugULFRteWMNc0= github.com/PuerkitoBio/purell v1.1.1/go.mod h1:c11w/QuzBsJSee3cPx9rAFu61PvFxuPbtSwDGJws/X0= github.com/PuerkitoBio/urlesc v0.0.0-20170810143723-de5bf2ad4578/go.mod h1:uGdkoq3SwY9Y+13GIhn11/XLaGBb4BfwItxLd5jeuXE= github.com/acomagu/bufpipe v1.0.3/go.mod h1:mxdxdup/WdsKVreO5GpW4+M/1CE2sMG4jeGJ2sYmHc4= -github.com/acomagu/bufpipe v1.0.4 h1:e3H4WUzM3npvo5uv95QuJM3cQspFNtFBzvJ2oNjKIDQ= -github.com/acomagu/bufpipe v1.0.4/go.mod h1:mxdxdup/WdsKVreO5GpW4+M/1CE2sMG4jeGJ2sYmHc4= github.com/aead/chacha20 v0.0.0-20180709150244-8b13a72661da h1:KjTM2ks9d14ZYCvmHS9iAKVt9AyzRSqNU1qabPih5BY= github.com/aead/chacha20 v0.0.0-20180709150244-8b13a72661da/go.mod h1:eHEWzANqSiWQsof+nXEI9bUVUyV6F53Fp89EuCh2EAA= github.com/agext/levenshtein v1.2.3 h1:YB2fHEn0UJagG8T1rrWknE3ZQzWM06O8AMAatNn7lmo= @@ -87,6 +88,7 @@ github.com/alessio/shellescape v1.4.2 h1:MHPfaU+ddJ0/bYWpgIeUnQUqKrlJ1S7BfEYPM4u github.com/alessio/shellescape v1.4.2/go.mod h1:PZAiSCk0LJaZkiCSkPv8qIobYglO3FPpyFjDCtHLS30= github.com/anmitsu/go-shlex v0.0.0-20161002113705-648efa622239/go.mod h1:2FmKhYUyUczH0OGQWaF5ceTx0UBShxjsH6f8oGKYe2c= github.com/anmitsu/go-shlex v0.0.0-20200514113438-38f4b401e2be h1:9AeTilPcZAjCFIImctFaOjnTIavg87rW78vTPkQqLI8= +github.com/anmitsu/go-shlex v0.0.0-20200514113438-38f4b401e2be/go.mod h1:ySMOLuWl6zY27l47sB3qLNK6tF2fkHG55UZxx8oIVo4= github.com/antihax/optional v1.0.0/go.mod h1:uupD/76wgC+ih3iEmQUL+0Ugr19nfwCT1kdvxnR2qWY= github.com/antlr/antlr4/runtime/Go/antlr v0.0.0-20210826220005-b48c857c3a0e/go.mod h1:F7bn7fEU90QkQ3tnmaTx3LTKLEDqnwWODIYppRQ5hnY= github.com/apparentlymart/go-textseg/v13 v13.0.0 h1:Y+KvPE1NYz0xl601PVImeQfFyEy6iT90AvPUL1NNfNw= @@ -169,8 +171,9 @@ github.com/chzyer/logex v1.1.10/go.mod h1:+Ywpsq7O8HXn0nuIou7OrIPyXbp3wmkHB+jjWR github.com/chzyer/readline v0.0.0-20180603132655-2972be24d48e/go.mod h1:nSuG5e5PlCu98SY8svDHJxuZscDgtXS6KTTbou5AhLI= github.com/chzyer/test v0.0.0-20180213035817-a1ea475d72b1/go.mod h1:Q3SI9o4m/ZMnBNeIyt5eFwwo7qiLfzFZmjNmxjkiQlU= github.com/client9/misspell v0.3.4/go.mod h1:qj6jICC3Q7zFZvVWo7KLAzC3yx5G7kyvSDkc90ppPyw= -github.com/cloudflare/circl v1.3.3 h1:fE/Qz0QdIGqeWfnwq0RE0R7MI51s0M2E4Ga9kq5AEMs= github.com/cloudflare/circl v1.3.3/go.mod h1:5XYMA4rFBvNIrhs50XuiBJ15vF2pZn4nnUKZrLbUZFA= +github.com/cloudflare/circl v1.3.7 h1:qlCDlTPz2n9fu58M0Nh1J/JzcFpfgkFHHX3O35r5vcU= +github.com/cloudflare/circl v1.3.7/go.mod h1:sRTcRWXGLrKw6yIGJ+l7amYJFfAXbZG0kBSc8r4zxgA= github.com/cncf/udpa/go v0.0.0-20191209042840-269d4d468f6f/go.mod h1:M8M6+tZqaGXZJjfX53e64911xZQV5JYwmTeXPW+k8Sc= github.com/cncf/udpa/go v0.0.0-20200629203442-efcf912fb354/go.mod h1:WmhPx2Nbnhtbo57+VJT5O0JRkEi1Wbu0z5j0R8u5Hbk= github.com/cncf/udpa/go v0.0.0-20201120205902-5459f2c99403/go.mod h1:WmhPx2Nbnhtbo57+VJT5O0JRkEi1Wbu0z5j0R8u5Hbk= @@ -190,7 +193,6 @@ github.com/coreos/go-semver v0.3.0/go.mod h1:nnelYz7RCh+5ahJtPPxZlU+153eP4D4r3Ee github.com/coreos/go-systemd v0.0.0-20190321100706-95778dfbb74e/go.mod h1:F5haX7vjVVG0kc13fIWeqUViNPyEJxv/OmvnBo0Yme4= github.com/coreos/go-systemd/v22 v22.3.2/go.mod h1:Y58oyj3AT4RCenI/lSvhwexgC+NSVTIJ3seZv2GcEnc= github.com/coreos/pkg v0.0.0-20180928190104-399ea9e2e55f/go.mod h1:E3G3o1h8I7cfcXa63jLwjI0eiQQMgzzUDFVpN/nH/eA= -github.com/cpuguy83/go-md2man/v2 v2.0.0-20190314233015-f79a8a8ca69d/go.mod h1:maD7wRr/U5Z6m/iR4s+kqSMx2CaBsrgA7czyZG/E6dU= github.com/cpuguy83/go-md2man/v2 v2.0.0/go.mod h1:maD7wRr/U5Z6m/iR4s+kqSMx2CaBsrgA7czyZG/E6dU= github.com/cpuguy83/go-md2man/v2 v2.0.1/go.mod h1:tgQtvFlXSQOSOSIRvRPT7W67SCa46tRHOmNcaadrF8o= github.com/cpuguy83/go-md2man/v2 v2.0.3 h1:qMCsGGgs+MAzDFyp9LpAe1Lqy/fY/qCovCm0qnXZOBM= @@ -212,6 +214,7 @@ github.com/docopt/docopt-go v0.0.0-20180111231733-ee0de3bc6815/go.mod h1:WwZ+bS3 github.com/dustin/go-humanize v1.0.0/go.mod h1:HtrtbFcZ19U5GC7JDqmcUSB87Iq5E25KnS6fMYU6eOk= github.com/elazarl/goproxy v0.0.0-20180725130230-947c36da3153/go.mod h1:/Zj4wYkgs4iZTTu3o/KG3Itv/qCCa8VVMlb3i9OVuzc= github.com/elazarl/goproxy v0.0.0-20230808193330-2592e75ae04a h1:mATvB/9r/3gvcejNsXKSkQ6lcIaNec2nyfOdlTBR2lU= +github.com/elazarl/goproxy v0.0.0-20230808193330-2592e75ae04a/go.mod h1:Ro8st/ElPeALwNFlcTpWmkr6IoMFfkjXAvTHpevnDsM= github.com/emicklei/go-restful v0.0.0-20170410110728-ff4f55a20633/go.mod h1:otzb+WCGbkyDHkqmQmT5YD2WR4BBwUdeQoFo8l/7tVs= github.com/emicklei/go-restful v2.9.5+incompatible/go.mod h1:otzb+WCGbkyDHkqmQmT5YD2WR4BBwUdeQoFo8l/7tVs= github.com/emicklei/go-restful/v3 v3.9.0 h1:XwGDlfxEnQZzuopoqxwSEllNcCOM9DhhFyhFIIGKwxE= @@ -231,11 +234,13 @@ github.com/evanphx/json-patch v4.12.0+incompatible/go.mod h1:50XU6AFN0ol/bzJsmQL github.com/fatih/color v1.7.0/go.mod h1:Zm6kSWBoL9eyXnKyktHP6abPY2pDugNf5KwzbycvMj4= github.com/fatih/color v1.9.0/go.mod h1:eQcE1qtQxscV5RaZvpXrrb8Drkc3/DdQ+uUYCNjL+zU= github.com/fatih/color v1.15.0 h1:kOqh6YHBtK8aywxGerMG2Eq3H6Qgoqeo13Bk2Mv/nBs= +github.com/fatih/color v1.15.0/go.mod h1:0h5ZqXfHYED7Bhv2ZJamyIOUej9KtShiJESRwBDUSsw= github.com/felixge/httpsnoop v1.0.1/go.mod h1:m8KPJKqk1gH5J9DgRY2ASl2lWCfGKXixSwevea8zH2U= github.com/flynn/go-shlex v0.0.0-20150515145356-3f9db97f8568/go.mod h1:xEzjJPgXI435gkrCt3MPfRiAkVrwSbHsst4LCFVfpJc= github.com/form3tech-oss/jwt-go v3.2.2+incompatible/go.mod h1:pbq4aXjuKjdthFRnoDwaVPLA+WlJuPGy+QneDUgJi2k= github.com/form3tech-oss/jwt-go v3.2.3+incompatible/go.mod h1:pbq4aXjuKjdthFRnoDwaVPLA+WlJuPGy+QneDUgJi2k= github.com/frankban/quicktest v1.14.4 h1:g2rn0vABPOOXmZUj+vbmUp0lPoXEMuhTpIluN0XL9UY= +github.com/frankban/quicktest v1.14.4/go.mod h1:4ptaffx2x8+WTWXmUCuVU6aPUX1/Mz7zb5vbUoiM6w0= github.com/fsnotify/fsnotify v1.4.7/go.mod h1:jwhsz4b93w/PPRr/qN1Yymfu8t87LnFCMoQvtojpjFo= github.com/fsnotify/fsnotify v1.4.9/go.mod h1:znqG4EE+3YCdAaPaxE2ZRY/06pZUdp0tY4IgpuI1SZQ= github.com/fsnotify/fsnotify v1.6.0 h1:n+5WquG0fcWoWp6xPWfHdbskMCQaFnG6PfBrh1Ky4HY= @@ -245,8 +250,8 @@ github.com/getsentry/raven-go v0.2.0/go.mod h1:KungGk8q33+aIAZUIVWZDr2OfAEBsO49P github.com/ghodss/yaml v1.0.0 h1:wQHKEahhL6wmXdzwWG11gIVCkOv05bNOh+Rxn0yngAk= github.com/ghodss/yaml v1.0.0/go.mod h1:4dBDuWmgqj2HViK6kFavaiC9ZROes6MMH2rRYeMEF04= github.com/gliderlabs/ssh v0.2.2/go.mod h1:U7qILu1NlMHj9FlMhZLlkCdDnU1DBEAqr0aevW3Awn0= -github.com/gliderlabs/ssh v0.3.5 h1:OcaySEmAQJgyYcArR+gGGTHCyE7nvhEMTlYY+Dp8CpY= -github.com/go-errors/errors v1.0.1/go.mod h1:f4zRHt4oKfwPJE5k8C9vpYG+aDHdBFUsgrm6/TyX73Q= +github.com/gliderlabs/ssh v0.3.7 h1:iV3Bqi942d9huXnzEF2Mt+CY9gLu8DNM4Obd+8bODRE= +github.com/gliderlabs/ssh v0.3.7/go.mod h1:zpHEXBstFnQYtGnB8k8kQLol82umzn/2/snG7alWVD8= github.com/go-errors/errors v1.4.2 h1:J6MZopCL4uSllY1OfXM374weqZFFItUbrImctkmUxIA= github.com/go-errors/errors v1.4.2/go.mod h1:sIVyrIiJhuEF+Pj9Ebtd6P/rEYROXFi3BopGUQ5a5Og= github.com/go-git/gcfg v1.5.0/go.mod h1:5m20vg6GwYabIxaOonVkTdrILxQMpEShl1xiMF4ua+E= @@ -257,10 +262,11 @@ github.com/go-git/go-billy/v5 v5.3.1/go.mod h1:pmpqyWchKfYfrkb/UVH4otLvyi/5gJlGI github.com/go-git/go-billy/v5 v5.5.0 h1:yEY4yhzCDuMGSv83oGxiBotRzhwhNr8VZyphhiu+mTU= github.com/go-git/go-billy/v5 v5.5.0/go.mod h1:hmexnoNsr2SJU1Ju67OaNz5ASJY3+sHgFRpCtpDCKow= github.com/go-git/go-git-fixtures/v4 v4.2.1/go.mod h1:K8zd3kDUAykwTdDCr+I0per6Y6vMiRR/nnVTBtavnB0= -github.com/go-git/go-git-fixtures/v4 v4.3.2-0.20230305113008-0c11038e723f h1:Pz0DHeFij3XFhoBRGUDPzSJ+w2UcK5/0JvF8DRI58r8= +github.com/go-git/go-git-fixtures/v4 v4.3.2-0.20231010084843-55a94097c399 h1:eMje31YglSBqCdIqdhKBW8lokaMrL3uTkpGYlE2OOT4= +github.com/go-git/go-git-fixtures/v4 v4.3.2-0.20231010084843-55a94097c399/go.mod h1:1OCfN199q1Jm3HZlxleg+Dw/mwps2Wbk9frAWm+4FII= github.com/go-git/go-git/v5 v5.4.2/go.mod h1:gQ1kArt6d+n+BGd+/B/I74HwRTLhth2+zti4ihgckDc= -github.com/go-git/go-git/v5 v5.9.0 h1:cD9SFA7sHVRdJ7AYck1ZaAa/yeuBvGPxwXDL8cxrObY= -github.com/go-git/go-git/v5 v5.9.0/go.mod h1:RKIqga24sWdMGZF+1Ekv9kylsDz6LzdTSI2s/OsZWE0= +github.com/go-git/go-git/v5 v5.12.0 h1:7Md+ndsjrzZxbddRDZjF14qK+NN56sy6wkqaVrjZtys= +github.com/go-git/go-git/v5 v5.12.0/go.mod h1:FTM9VKtnI2m65hNI/TenDDDnUf2Q9FHnXYjuz9i5OEY= github.com/go-gl/glfw v0.0.0-20190409004039-e6da0acd62b1/go.mod h1:vR7hzQXu2zJy9AVAgeJqvqgH9Q5CA+iKCZ2gyEVpxRU= github.com/go-gl/glfw/v3.3/glfw v0.0.0-20191125211704-12ad95a8df72/go.mod h1:tQ2UAYgL5IevRw8kRxooKSPJfGvJ9fJQFa0TUsXzTg8= github.com/go-gl/glfw/v3.3/glfw v0.0.0-20200222043503-6f7a984d4dc4/go.mod h1:tQ2UAYgL5IevRw8kRxooKSPJfGvJ9fJQFa0TUsXzTg8= @@ -292,6 +298,7 @@ github.com/go-sql-driver/mysql v1.4.1 h1:g24URVg0OFbNUTx9qqY1IRZ9D9z3iPyi5zKhQZp github.com/go-sql-driver/mysql v1.4.1/go.mod h1:zAC/RDZ24gD3HViQzih4MyKcchzm+sOG5ZlKdlhCg5w= github.com/go-stack/stack v1.8.0/go.mod h1:v0f6uXyyMGvRgIKkXu+yp6POWl0qKG85gN/melR3HDY= github.com/go-task/slim-sprig v0.0.0-20230315185526-52ccab3ef572 h1:tfuBGBXKqDEevZMzYi5KSi8KkcZtzBcTgAUUtapy0OI= +github.com/go-task/slim-sprig v0.0.0-20230315185526-52ccab3ef572/go.mod h1:9Pwr4B2jHnOSGXyyzV8ROjYa2ojvAY6HCGYYfMoC3Ls= github.com/godbus/dbus/v5 v5.0.4/go.mod h1:xhWf0FNVPg57R7Z0UbKHbJfkEywrmjJnf7w5xrFpKfA= github.com/gofrs/flock v0.7.1/go.mod h1:F1TvTiK9OcQqauNUHlbJvyl9Qa1QvF/gOUDKA14jxHU= github.com/gofrs/uuid v3.3.0+incompatible/go.mod h1:b2aQJv3Z4Fp6yNu3cdSllBxTCLRxnplIgP/c0N/04lM= @@ -337,6 +344,18 @@ github.com/golang/protobuf v1.5.1/go.mod h1:DopwsBzvsk0Fs44TXzsVbJyPhcCPeIwnvohx github.com/golang/protobuf v1.5.2/go.mod h1:XVQd3VNwM+JqD3oG2Ue2ip4fOMUkwXdXDdiuN0vRsmY= github.com/golang/protobuf v1.5.3 h1:KhyjKVUg7Usr/dYsdSqoFveMYd5ko72D+zANwlG1mmg= github.com/golang/protobuf v1.5.3/go.mod h1:XVQd3VNwM+JqD3oG2Ue2ip4fOMUkwXdXDdiuN0vRsmY= +github.com/gonvenience/bunt v1.3.5 h1:wSQquifvwEWtzn27k1ngLfeLaStyt0k1b/K6TrlCNAs= +github.com/gonvenience/bunt v1.3.5/go.mod h1:7ApqkVBEWvX04oJ28Q2WeI/BvJM6VtukaJAU/q/pTs8= +github.com/gonvenience/neat v1.3.12 h1:xwIyRbJcG9LgcDYys+HHLH9DqqHeQsUpS5CfBUeskbs= +github.com/gonvenience/neat v1.3.12/go.mod h1:8OljAIgPelN0uPPO94VBqxK+Kz98d6ZFwHDg5o/PfkE= +github.com/gonvenience/term v1.0.2 h1:qKa2RydbWIrabGjR/fegJwpW5m+JvUwFL8mLhHzDXn0= +github.com/gonvenience/term v1.0.2/go.mod h1:wThTR+3MzWtWn7XGVW6qQ65uaVf8GHED98KmwpuEQeo= +github.com/gonvenience/text v1.0.7 h1:YmIqmgTwxnACYCG59DykgMbomwteYyNhAmEUEJtPl14= +github.com/gonvenience/text v1.0.7/go.mod h1:OAjH+mohRszffLY6OjgQcUXiSkbrIavooFpfIt1ZwAs= +github.com/gonvenience/wrap v1.1.2 h1:xPKxNwL1HCguwyM+HlP/1CIuc9LRd7k8RodLwe9YTZA= +github.com/gonvenience/wrap v1.1.2/go.mod h1:GiryBSXoI3BAAhbWD1cZVj7RZmtiu0ERi/6R6eJfslI= +github.com/gonvenience/ytbx v1.4.4 h1:jQopwyaLsVGuwdxSiN4WkXjsEaFNPJ3V4lUj7eyEpzo= +github.com/gonvenience/ytbx v1.4.4/go.mod h1:w37+MKCPcCMY/jpPNmEklD4xKqrOAVBO6kIWW2+uI6M= github.com/google/btree v0.0.0-20180813153112-4030bb1f1f0c/go.mod h1:lNA+9X1NB3Zf8V7Ke586lFgjr2dZNuvo3lPJSGZ5JPQ= github.com/google/btree v1.0.0/go.mod h1:lNA+9X1NB3Zf8V7Ke586lFgjr2dZNuvo3lPJSGZ5JPQ= github.com/google/btree v1.0.1/go.mod h1:xXMiIv4Fb/0kKde4SpL7qlzvu5cMJDRkFDxJfI9uaxA= @@ -355,8 +374,8 @@ github.com/google/go-cmp v0.5.2/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/ github.com/google/go-cmp v0.5.3/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE= github.com/google/go-cmp v0.5.4/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE= github.com/google/go-cmp v0.5.5/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE= -github.com/google/go-cmp v0.5.9 h1:O2Tfq5qg4qc4AmwVlvv0oLiVAGB7enBSJ2x2DqQFi38= -github.com/google/go-cmp v0.5.9/go.mod h1:17dUlkBOakJ0+DkrSSNjCkIjxS6bF9zb3elmeNGIjoY= +github.com/google/go-cmp v0.6.0 h1:ofyhxvXcZhMsU5ulbFiLKl/XBFqE1GSq7atu8tAmTRI= +github.com/google/go-cmp v0.6.0/go.mod h1:17dUlkBOakJ0+DkrSSNjCkIjxS6bF9zb3elmeNGIjoY= github.com/google/gofuzz v1.0.0/go.mod h1:dBl0BpW6vV/+mYPU4Po3pmUjxk6FQPldtuIdl/M65Eg= github.com/google/gofuzz v1.1.0/go.mod h1:dBl0BpW6vV/+mYPU4Po3pmUjxk6FQPldtuIdl/M65Eg= github.com/google/gofuzz v1.2.0 h1:xRy4A+RhZaiKjJ1bPfwQ8sedCA+YS2YcCHW6ec7JMi0= @@ -375,7 +394,8 @@ github.com/google/pprof v0.0.0-20201023163331-3e6fc7fc9c4c/go.mod h1:kpwsk12EmLe github.com/google/pprof v0.0.0-20201203190320-1bf35d6f28c2/go.mod h1:kpwsk12EmLew5upagYY7GY0pfYCcupk39gWOCRROcvE= github.com/google/pprof v0.0.0-20210122040257-d980be63207e/go.mod h1:kpwsk12EmLew5upagYY7GY0pfYCcupk39gWOCRROcvE= github.com/google/pprof v0.0.0-20210226084205-cbba55b83ad5/go.mod h1:kpwsk12EmLew5upagYY7GY0pfYCcupk39gWOCRROcvE= -github.com/google/pprof v0.0.0-20210720184732-4bb14d4b1be1 h1:K6RDEckDVWvDI9JAJYCmNdQXq6neHJOYx3V6jnqNEec= +github.com/google/pprof v0.0.0-20230602150820-91b7bce49751 h1:hR7/MlvK23p6+lIw9SN1TigNLn9ZnF3W4SYRKq2gAHs= +github.com/google/pprof v0.0.0-20230602150820-91b7bce49751/go.mod h1:Jh3hGz2jkYak8qXPD19ryItVnUgpgeqzdkY/D0EaeuA= github.com/google/renameio v0.1.0/go.mod h1:KWCgfxg9yswjAJkECMjeO8J8rahYeXnNhOm40UhjYkI= github.com/google/shlex v0.0.0-20191202100458-e7afc7fbc510/go.mod h1:pupxD2MaaD3pAXIBCelhxNneeOaAeabZDe5s4K6zSpQ= github.com/google/uuid v1.1.2/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo= @@ -386,6 +406,7 @@ github.com/googleapis/gax-go/v2 v2.0.5/go.mod h1:DWXyrwAJ9X0FpwwEdw+IPEYBICEFu5m github.com/googleapis/gnostic v0.5.1/go.mod h1:6U4PtQXGIEt/Z3h5MAT7FNofLnw9vXk2cUuW7uA/OeU= github.com/googleapis/gnostic v0.5.5/go.mod h1:7+EbHbldMins07ALC74bsA81Ovc97DwqyJO1AENw9kA= github.com/gopherjs/gopherjs v0.0.0-20181017120253-0766667cb4d1/go.mod h1:wJfORRmW1u3UXTncJ5qlYoELFm8eSnnEO6hX4iZ3EWY= +github.com/gorilla/mux v1.8.0 h1:i40aqfkR1h2SlN9hojwV5ZA91wcXFOvkdNIeFDP5koI= github.com/gorilla/mux v1.8.0/go.mod h1:DVbg23sWSpFRCP0SfiEN6jmj59UnW/n46BH5rLB71So= github.com/gorilla/websocket v1.4.0/go.mod h1:E7qHFY5m1UJ88s3WnNqhKjPHQ0heANvMoAMk2YaljkQ= github.com/gorilla/websocket v1.4.2/go.mod h1:YR8l580nyteQvAITg2hZ9XVh4b55+EU/adAjf1fMHhE= @@ -397,10 +418,10 @@ github.com/grpc-ecosystem/grpc-gateway v1.9.0/go.mod h1:vNeuVxBJEsws4ogUvrchl83t github.com/grpc-ecosystem/grpc-gateway v1.16.0/go.mod h1:BDjrQk3hbvj6Nolgz8mAMFbcEtjT1g+wF4CSlocrBnw= github.com/grpc-ecosystem/grpc-opentracing v0.0.0-20180507213350-8e809c8a8645 h1:MJG/KsmcqMwFAkh8mTnAwhyKoB+sTAnY4CACC110tbU= github.com/grpc-ecosystem/grpc-opentracing v0.0.0-20180507213350-8e809c8a8645/go.mod h1:6iZfnjpejD4L/4DwD7NryNaJyCQdzwWwH2MWhCA90Kw= -github.com/gruntwork-io/go-commons v0.8.0 h1:k/yypwrPqSeYHevLlEDmvmgQzcyTwrlZGRaxEM6G0ro= -github.com/gruntwork-io/go-commons v0.8.0/go.mod h1:gtp0yTtIBExIZp7vyIV9I0XQkVwiQZze678hvDXof78= -github.com/gruntwork-io/terratest v0.43.0 h1:/ewxlYwd/HBralCt7P2bAhYM8hdkOiFJHrMz5XdlsSY= -github.com/gruntwork-io/terratest v0.43.0/go.mod h1:vZO4J6UW023NDvl1vI+twZk9r//+QEaNT6MfkheH7z0= +github.com/gruntwork-io/go-commons v0.17.2 h1:14dsCJ7M5Vv2X3BIPKeG9Kdy6vTMGhM8L4WZazxfTuY= +github.com/gruntwork-io/go-commons v0.17.2/go.mod h1:zs7Q2AbUKuTarBPy19CIxJVUX/rBamfW8IwuWKniWkE= +github.com/gruntwork-io/terratest v0.46.16 h1:l+HHuU7lNLwoAl2sP8zkYJy0uoE2Mwha2nw+rim+OhQ= +github.com/gruntwork-io/terratest v0.46.16/go.mod h1:oywHw1cFKXSYvKPm27U7quZVzDUlA22H2xUrKCe26xM= github.com/hashicorp/consul/api v1.1.0/go.mod h1:VmuI/Lkw1nC05EYQWNKwWGbkg+FbDBtguAZLlVdkD9Q= github.com/hashicorp/consul/sdk v0.1.1/go.mod h1:VKf9jXwCTEY1QZP2MOLRhb5i/I/ssyNV1vwHyQBF0x8= github.com/hashicorp/errwrap v1.0.0/go.mod h1:YH+1FKiLXxHSkmPseP+kNlulaMuP3n2brvKWEqk/Jc4= @@ -428,6 +449,8 @@ github.com/hashicorp/logutils v1.0.0/go.mod h1:QIAnNjmIWmVIIkWDTG1z5v++HQmx9WQRO github.com/hashicorp/mdns v1.0.0/go.mod h1:tL+uN++7HEJ6SQLQ2/p+z2pH24WQKWjBPkE0mNTz8vQ= github.com/hashicorp/memberlist v0.1.3/go.mod h1:ajVTdAv/9Im8oMAAj5G31PhhMCZJV2pPBoIllUwCN7I= github.com/hashicorp/serf v0.8.2/go.mod h1:6hOLApaqBFA1NXqRQAsxw9QxuDEvNxSQRwA/JwenrHc= +github.com/homeport/dyff v1.6.0 h1:AN+ikld0Fy+qx34YE7655b/bpWuxS6cL9k852pE2GUc= +github.com/homeport/dyff v1.6.0/go.mod h1:FlAOFYzeKvxmU5nTrnG+qrlJVWpsFew7pt8L99p5q8k= github.com/hpcloud/tail v1.0.0/go.mod h1:ab1qPbhIpdTxEkNHXyeSf5vhxWSCs/tWer42PpOxQnU= github.com/ianlancetaylor/demangle v0.0.0-20181102032728-5e5cf60278f6/go.mod h1:aSSvb/t6k1mPoxDqO4vJh6VOCGPwU4O0C2/Eqndh1Sc= github.com/ianlancetaylor/demangle v0.0.0-20200824232613-28f6c0f3b639/go.mod h1:aSSvb/t6k1mPoxDqO4vJh6VOCGPwU4O0C2/Eqndh1Sc= @@ -479,6 +502,7 @@ github.com/kr/pretty v0.2.0/go.mod h1:ipq/a2n7PKx3OHsz4KJII5eveXtPO4qwEXGdVfWzfn github.com/kr/pretty v0.2.1/go.mod h1:ipq/a2n7PKx3OHsz4KJII5eveXtPO4qwEXGdVfWzfnI= github.com/kr/pretty v0.3.0/go.mod h1:640gp4NfQd8pI5XOwp5fnNeVWj67G7CFk/SaSQn7NBk= github.com/kr/pretty v0.3.1 h1:flRD4NNwYAUpkphVc1HcthR4KEIFJ65n8Mw5qdRn3LE= +github.com/kr/pretty v0.3.1/go.mod h1:hoEshYVHaxMs3cyo3Yncou5ZscifuDolrwPKZanG3xk= github.com/kr/pty v1.1.1/go.mod h1:pFQYn66WHrOpPYNljwOMqo10TkYh1fy3cYio2l3bCsQ= github.com/kr/pty v1.1.8/go.mod h1:O1sed60cT9XZ5uDucP5qwvh+TE3NnUj51EiZO/lmSfw= github.com/kr/text v0.1.0/go.mod h1:4Jbv+DJW3UT/LiOwJeYQe1efqtUx/iVham/4vfdArNI= @@ -494,12 +518,14 @@ github.com/mailru/easyjson v0.0.0-20190626092158-b2ccc519800e/go.mod h1:C1wdFJiN github.com/mailru/easyjson v0.7.6/go.mod h1:xzfreul335JAWq5oZzymOObrkdz5UnU4kGfJJLY9Nlc= github.com/mailru/easyjson v0.7.7 h1:UGYAvKxe3sBsEDzO8ZeWOSlIQfWFlxbzLZe7hwFURr0= github.com/mailru/easyjson v0.7.7/go.mod h1:xzfreul335JAWq5oZzymOObrkdz5UnU4kGfJJLY9Nlc= -github.com/matryer/is v1.2.0 h1:92UTHpy8CDwaJ08GqLDzhhuixiBUUD1p3AU6PHddz4A= github.com/matryer/is v1.2.0/go.mod h1:2fLPjFQM9rhQ15aVEtbuwhJinnOqrmgXPNdZsdwlWXA= +github.com/mattn/go-ciede2000 v0.0.0-20170301095244-782e8c62fec3 h1:BXxTozrOU8zgC5dkpn3J6NTRdoP+hjok/e+ACr4Hibk= +github.com/mattn/go-ciede2000 v0.0.0-20170301095244-782e8c62fec3/go.mod h1:x1uk6vxTiVuNt6S5R2UYgdhpj3oKojXvOXauHZ7dEnI= github.com/mattn/go-colorable v0.0.9/go.mod h1:9vuHe8Xs5qXnSaW/c/ABM9alt+Vo+STaOChaDxuIBZU= github.com/mattn/go-colorable v0.1.4/go.mod h1:U0ppj6V5qS13XJ6of8GYAs25YV2eR4EVcfRqFIhoBtE= github.com/mattn/go-colorable v0.1.6/go.mod h1:u6P/XSegPjTcexA+o6vUJrdnUu04hMope9wVRipJSqc= github.com/mattn/go-colorable v0.1.13 h1:fFA4WZxdEF4tXPZVKMLwD8oUnCTTo08duU7wxecdEvA= +github.com/mattn/go-colorable v0.1.13/go.mod h1:7S9/ev0klgBDR4GtXTXX8a3vIGJpMovkB8vQcUbaXHg= github.com/mattn/go-isatty v0.0.3/go.mod h1:M+lRXTBqGeGNdLjl/ufCoiOlB5xdOkqRJdNxMWT7Zi4= github.com/mattn/go-isatty v0.0.8/go.mod h1:Iq45c/XA43vh69/j3iqttzPXn0bhXyGjM0Hdxcsrc5s= github.com/mattn/go-isatty v0.0.11/go.mod h1:PhnuNfih5lzO57/f3n+odYbM4JtupLOxQOAqxQCu2WE= @@ -514,9 +540,8 @@ github.com/mattn/go-runewidth v0.0.8/go.mod h1:H031xJmbD/WCDINGzjvQ9THkh0rPKHF+m github.com/mattn/go-runewidth v0.0.12/go.mod h1:RAqKPSqVFrSLVXbA8x7dzmKdmGzieGRCM46jaSJTDAk= github.com/mattn/go-runewidth v0.0.15 h1:UNAjwbU9l54TA3KzvqLGxwWjHmMgBUVhBiTjelZgg3U= github.com/mattn/go-runewidth v0.0.15/go.mod h1:Jdepj2loyihRzMpdS35Xk/zdY8IAYHsh153qUoGf23w= -github.com/mattn/go-zglob v0.0.1/go.mod h1:9fxibJccNxU2cnpIKLRRFA7zX7qhkJIQWBb449FYHOo= -github.com/mattn/go-zglob v0.0.2-0.20190814121620-e3c945676326 h1:ofNAzWCcyTALn2Zv40+8XitdzCgXY6e9qvXwN9W0YXg= -github.com/mattn/go-zglob v0.0.2-0.20190814121620-e3c945676326/go.mod h1:9fxibJccNxU2cnpIKLRRFA7zX7qhkJIQWBb449FYHOo= +github.com/mattn/go-zglob v0.0.3 h1:6Ry4EYsScDyt5di4OI6xw1bYhOqfE5S33Z1OPy+d+To= +github.com/mattn/go-zglob v0.0.3/go.mod h1:9fxibJccNxU2cnpIKLRRFA7zX7qhkJIQWBb449FYHOo= github.com/matttproud/golang_protobuf_extensions v1.0.1/go.mod h1:D8He9yQNgCq6Z5Ld7szi9bcBfOoFv/3dc6xSMkL2PC0= github.com/matttproud/golang_protobuf_extensions v1.0.2-0.20181231171920-c182affec369/go.mod h1:BSXmuO+STAnVfrANrmjBb36TMTDstsz7MSK+HVaYKv4= github.com/miekg/dns v1.0.14/go.mod h1:W1PPwlIAgtquWBMBEV9nkV9Cazfe8ScdGz/Lj7v3Nrg= @@ -530,6 +555,8 @@ github.com/mitchellh/go-testing-interface v1.0.0/go.mod h1:kRemZodwjscx+RGhAo8eI github.com/mitchellh/go-wordwrap v1.0.1 h1:TLuKupo69TCn6TQSyGxwI1EblZZEsQ0vMlAFQflz0v0= github.com/mitchellh/go-wordwrap v1.0.1/go.mod h1:R62XHJLzvMFRBbcrT7m7WgmE1eOyTSsCt+hzestvNj0= github.com/mitchellh/gox v0.4.0/go.mod h1:Sd9lOJ0+aimLBi73mGofS1ycjY8lL3uZM3JPS42BGNg= +github.com/mitchellh/hashstructure v1.1.0 h1:P6P1hdjqAAknpY/M1CGipelZgp+4y9ja9kmUZPXP+H0= +github.com/mitchellh/hashstructure v1.1.0/go.mod h1:xUDAozZz0Wmdiufv0uyhnHkUTN6/6d8ulp4AwfLKrmA= github.com/mitchellh/iochan v1.0.0/go.mod h1:JwYml1nuB7xOzsp52dPpHFffvOCDupsG0QubkSMEySY= github.com/mitchellh/mapstructure v0.0.0-20160808181253-ca63d7c062ee/go.mod h1:FVVH3fgwuzCH5S8UJGiWEs2h04kUh9fWfEaFds41c1Y= github.com/mitchellh/mapstructure v1.1.2/go.mod h1:FVVH3fgwuzCH5S8UJGiWEs2h04kUh9fWfEaFds41c1Y= @@ -566,13 +593,16 @@ github.com/oklog/ulid v1.3.1/go.mod h1:CirwcVhetQ6Lv90oh/F+FBtV6XMibvdAFo93nm5qn github.com/onsi/ginkgo v0.0.0-20170829012221-11459a886d9c/go.mod h1:lLunBs/Ym6LB5Z9jYTR76FiuTmxDTDusOGeTQH+WWjE= github.com/onsi/ginkgo v1.6.0/go.mod h1:lLunBs/Ym6LB5Z9jYTR76FiuTmxDTDusOGeTQH+WWjE= github.com/onsi/ginkgo v1.12.1/go.mod h1:zj2OWP4+oCPe1qIXoGWkgMRwljMUYCdkwsT2108oapk= -github.com/onsi/ginkgo v1.14.0 h1:2mOpI4JVVPBN+WQRa0WKH2eXR+Ey+uK4n7Zj0aYpIQA= github.com/onsi/ginkgo v1.14.0/go.mod h1:iSB4RoI2tjJc9BBv4NKIKWKya62Rps+oPG/Lv9klQyY= -github.com/onsi/ginkgo/v2 v2.9.4 h1:xR7vG4IXt5RWx6FfIjyAtsoMAtnc3C/rFXBBd2AjZwE= +github.com/onsi/ginkgo v1.16.5 h1:8xi0RTUf59SOSfEtZMvwTvXYMzG4gV23XVHOZiXNtnE= +github.com/onsi/ginkgo v1.16.5/go.mod h1:+E8gABHa3K6zRBolWtd+ROzc/U5bkGt0FwiG042wbpU= +github.com/onsi/ginkgo/v2 v2.13.0 h1:0jY9lJquiL8fcf3M4LAXN5aMlS/b2BV86HFFPCPMgE4= +github.com/onsi/ginkgo/v2 v2.13.0/go.mod h1:TE309ZR8s5FsKKpuB1YAQYBzCaAfUgatB/xlT/ETL/o= github.com/onsi/gomega v0.0.0-20170829124025-dcabb60a477c/go.mod h1:C1qb7wdrVGGVU+Z6iS04AVkA3Q65CEZX59MT0QO5uiA= github.com/onsi/gomega v1.7.1/go.mod h1:XdKZgCCFLUoM/7CFJVPcG8C1xQ1AJ0vpAezJrB7JYyY= github.com/onsi/gomega v1.10.1/go.mod h1:iN09h71vgCQne3DLsj+A5owkum+a2tYe+TOCB1ybHNo= -github.com/onsi/gomega v1.27.10 h1:naR28SdDFlqrG6kScpT8VWpu1xWY5nJRCF3XaYyBjhI= +github.com/onsi/gomega v1.28.0 h1:i2rg/p9n/UqIDAMFUJ6qIUUMcsqOuUHgbpbu235Vr1c= +github.com/onsi/gomega v1.28.0/go.mod h1:A1H2JE76sI14WIP57LMKj7FVfCHx3g3BcZVjJG8bjX8= github.com/opentracing/basictracer-go v1.0.0/go.mod h1:QfBfYuafItcjQuMwinw9GhYKwFXS9KnPs5lxoYwgW74= github.com/opentracing/basictracer-go v1.1.0 h1:Oa1fTSBvAl8pa3U+IJYqrKm0NALwH9OsgwOqDv4xJW0= github.com/opentracing/basictracer-go v1.1.0/go.mod h1:V2HZueSJEp879yv285Aap1BS69fQMD+MNP1mRs6mBQc= @@ -635,6 +665,7 @@ github.com/pulumi/pulumi-aws/sdk/v5 v5.42.0/go.mod h1:qFeKTFSNIlMHotu9ntOWFjJBHt github.com/pulumi/pulumi-awsx/sdk v1.0.6 h1:oUan8VgA/pqEmbS2vXhh5Zbn7Lhs6yX5bPMzM03QuMI= github.com/pulumi/pulumi-awsx/sdk v1.0.6/go.mod h1:2H8uPHxZbfsIg9qr6yAfiIuvNnhBUqyhxw/8mXNLDFg= github.com/pulumi/pulumi-azure-native-sdk v1.104.0 h1:vyD4PvKSOkwL1z9WTis3ZE9XC73UM/7AyMNek4Vm1+E= +github.com/pulumi/pulumi-azure-native-sdk v1.104.0/go.mod h1:ZfkbJPR8poiJgy4IlNaa2NBjHLW37nsLY2BIbZp3lHc= github.com/pulumi/pulumi-command/sdk v0.9.2 h1:2siCFR8pS2sSwXkeWiLrprGEtBL54FsHTzdyl125UuI= github.com/pulumi/pulumi-command/sdk v0.9.2/go.mod h1:VeUXTI/iTgKVjRChRJbLRlBVGxAH+uymscfwzBC2VqY= github.com/pulumi/pulumi-docker/sdk/v3 v3.6.1 h1:plWLn9O6u80Vr37LoCsckyobBfcrdTU9cERor72QjqA= @@ -676,8 +707,8 @@ github.com/santhosh-tekuri/jsonschema/v5 v5.3.1/go.mod h1:uToXkOrWAZ6/Oc07xWQrPO github.com/sean-/seed v0.0.0-20170313163322-e2103e2c3529/go.mod h1:DxrIzT+xaE7yg65j358z/aeFdxmN0P9QXhEzd20vsDc= github.com/sergi/go-diff v1.0.0/go.mod h1:0CfEIISq7TuYL3j771MWULgwwjU+GofnZX9QAmXWZgo= github.com/sergi/go-diff v1.1.0/go.mod h1:STckp+ISIX8hZLjrqAeVduY0gWCT9IjLuqbuNXdaHfM= -github.com/sergi/go-diff v1.3.1 h1:xkr+Oxo4BOQKmkn/B9eMK0g5Kg/983T9DqqPHwYqD+8= -github.com/sergi/go-diff v1.3.1/go.mod h1:aMJSSKb2lpPvRNec0+w3fl7LP9IOFzdc9Pa4NFbPK1I= +github.com/sergi/go-diff v1.3.2-0.20230802210424-5b0b94c5c0d3 h1:n661drycOFuPLCN3Uc8sB6B/s6Z4t2xvBgU1htSHuq8= +github.com/sergi/go-diff v1.3.2-0.20230802210424-5b0b94c5c0d3/go.mod h1:A0bzQcvG0E7Rwjx0REVgAGH58e96+X0MeOfepqsbeW4= github.com/shurcooL/sanitized_anchor_name v1.0.0/go.mod h1:1NzhyTcUVG4SuEtjjoZeVRXNmyL/1OwPU0+IJeTBvfc= github.com/sirupsen/logrus v1.2.0/go.mod h1:LxeOpSwHxABJmUn/MG1IvRgCAasNZTLOkJPxbbu5VWo= github.com/sirupsen/logrus v1.4.1/go.mod h1:ni0Sbl8bgC9z8RoU9G6nDWqqs/fq4eDPysMBDgk/93Q= @@ -685,8 +716,8 @@ github.com/sirupsen/logrus v1.4.2/go.mod h1:tLMulIdttU9McNUspp0xgXVQah82FyeX6Mwd github.com/sirupsen/logrus v1.6.0/go.mod h1:7uNnSEd1DgxDLC74fIahvMZmmYsHGZGEOFrfsX/uA88= github.com/sirupsen/logrus v1.7.0/go.mod h1:yWOB1SBYBC5VeMP7gHvWumXLIWorT60ONWic61uBYv0= github.com/sirupsen/logrus v1.8.1/go.mod h1:yWOB1SBYBC5VeMP7gHvWumXLIWorT60ONWic61uBYv0= -github.com/skeema/knownhosts v1.2.0 h1:h9r9cf0+u7wSE+M183ZtMGgOJKiL96brpaz5ekfJCpM= -github.com/skeema/knownhosts v1.2.0/go.mod h1:g4fPeYpque7P0xefxtGzV81ihjC8sX2IqpAoNkjxbMo= +github.com/skeema/knownhosts v1.2.2 h1:Iug2P4fLmDw9f41PB6thxUkNUkJzB5i+1/exaj40L3A= +github.com/skeema/knownhosts v1.2.2/go.mod h1:xYbVRSPxqBZFrdmDyMmsOs+uX1UZC3nTN3ThzgDxUwo= github.com/smartystreets/assertions v0.0.0-20180927180507-b2de0cb4f26d/go.mod h1:OnSkiWE9lh6wB0YB77sQom3nweQdgAjqCqsofrRNTgc= github.com/smartystreets/goconvey v1.6.4/go.mod h1:syvi0/a8iFYH4r/RixwvyeAJjdLS9QV7WQ/tjFTllLA= github.com/soheilhy/cmux v0.1.4/go.mod h1:IM3LyeVVIOuxMH7sFAkER9+bJ4dT7Ms6E4xg4kGIyLM= @@ -719,8 +750,9 @@ github.com/stretchr/objx v0.1.0/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+ github.com/stretchr/objx v0.1.1/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME= github.com/stretchr/objx v0.2.0/go.mod h1:qt09Ya8vawLte6SNmTgCsAVtYtaKzEcn8ATUoHMkEqE= github.com/stretchr/objx v0.4.0/go.mod h1:YvHI0jy2hoMjB+UWwv71VJQ9isScKT/TqJzVSSt89Yw= -github.com/stretchr/objx v0.5.0 h1:1zr/of2m5FGMsad5YfcqgdqdWrIhu+EBEJRhR1U7z/c= github.com/stretchr/objx v0.5.0/go.mod h1:Yh+to48EsGEfYuaHDzXPcE3xhTkx73EhmCGUpEOglKo= +github.com/stretchr/objx v0.5.2 h1:xuMeJ0Sdp5ZMRXx/aWO6RZxdr3beISkG5/G/aIRr3pY= +github.com/stretchr/objx v0.5.2/go.mod h1:FRsXN1f5AsAjCGJKqEizvkpNtU+EGNCLh3NxZ/8L+MA= github.com/stretchr/testify v1.2.2/go.mod h1:a8OnRcib4nhh0OaRAV+Yts87kKdq0PP7pXfy6kDkUVs= github.com/stretchr/testify v1.3.0/go.mod h1:M5WIy9Dh21IEIfnGCwXGc5bZfKNJtfHm1UVUgZn+9EI= github.com/stretchr/testify v1.4.0/go.mod h1:j7eGeouHqKxXV5pUuKE4zz7dFj8WfuZ+81PSLYec5m4= @@ -730,8 +762,8 @@ github.com/stretchr/testify v1.7.0/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/ github.com/stretchr/testify v1.7.1/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg= github.com/stretchr/testify v1.8.0/go.mod h1:yNjHg4UonilssWZ8iaSj1OCr/vHnekPRkoO+kdMU+MU= github.com/stretchr/testify v1.8.1/go.mod h1:w2LPCIKwWwSfY2zedu0+kehJoqGctiVI29o6fzry7u4= -github.com/stretchr/testify v1.8.5-0.20231013065317-89920137cdfa h1:I9YHewamqSIcEG6rpRhgF9p79H0cOojefpiOH0pe0VY= -github.com/stretchr/testify v1.8.5-0.20231013065317-89920137cdfa/go.mod h1:LZ02lxBfF+JCTGmBu/SyjoaIlOF6u2nxMP788uhnZlI= +github.com/stretchr/testify v1.9.0 h1:HtqpIVDClZ4nwg75+f6Lvsy/wHu+3BoSGCbBAcpTsTg= +github.com/stretchr/testify v1.9.0/go.mod h1:r2ic/lqez/lEtzL7wO/rwa5dbSLXVDPFyf8C91i36aY= github.com/subosito/gotenv v1.2.0/go.mod h1:N0PQaV/YGNqwC0u51sEeR/aUtSLEXKX9iv69rRypqCw= github.com/texttheater/golang-levenshtein v0.0.0-20191208221605-eb6844b05fc6/go.mod h1:XDKHRm5ThF8YJjx001LtgelzsoaEcvnA7lVWz9EeX3g= github.com/texttheater/golang-levenshtein v1.0.1 h1:+cRNoVrfiwufQPhoMzB6N0Yf/Mqajr6t1lOv8GyGE2U= @@ -747,8 +779,10 @@ github.com/uber/jaeger-lib v2.2.0+incompatible/go.mod h1:ComeNDZlWwrWnDv8aPp0Ba6 github.com/uber/jaeger-lib v2.4.1+incompatible h1:td4jdvLcExb4cBISKIpHuGoVXh+dVKhn2Um6rjCsSsg= github.com/uber/jaeger-lib v2.4.1+incompatible/go.mod h1:ComeNDZlWwrWnDv8aPp0Ba6+uUTzImX/AauajbLI56U= github.com/ugorji/go v1.1.4/go.mod h1:uQMGLiO92mf5W77hV/PUCpI3pbzQx3CRekS0kk+RGrc= -github.com/urfave/cli v1.22.2 h1:gsqYFH8bb9ekPA12kRo0hfjngWQjkJPlN9R0N78BoUo= -github.com/urfave/cli v1.22.2/go.mod h1:Gos4lmkARVdJ6EkW0WaNv/tZAAMe9V7XWyB60NtXRu0= +github.com/urfave/cli/v2 v2.10.3 h1:oi571Fxz5aHugfBAJd5nkwSk3fzATXtMlpxdLylSCMo= +github.com/urfave/cli/v2 v2.10.3/go.mod h1:f8iq5LtQ/bLxafbdBSLPPNsgaW0l/2fYYEHhAyPlwvo= +github.com/virtuald/go-ordered-json v0.0.0-20170621173500-b18e6e673d74 h1:JwtAtbp7r/7QSyGz8mKUbYJBg2+6Cd7OjM8o/GNOcVo= +github.com/virtuald/go-ordered-json v0.0.0-20170621173500-b18e6e673d74/go.mod h1:RmMWU37GKR2s6pgrIEB4ixgpVCt/cf7dnJv3fuH1J1c= github.com/xanzy/ssh-agent v0.2.1/go.mod h1:mLlQY/MoOhWBj+gOGMQkOeiEvkx+8pJSI+0Bx9h2kr4= github.com/xanzy/ssh-agent v0.3.0/go.mod h1:3s9xbODqPuuhK9JV1R321M/FlMZSBvE5aY6eAcqrDh0= github.com/xanzy/ssh-agent v0.3.2/go.mod h1:6dzNDKs0J9rVPHPhaGCukekBHKqfl+L3KghI1Bc68Uw= @@ -756,6 +790,8 @@ github.com/xanzy/ssh-agent v0.3.3 h1:+/15pJfg/RsTxqYcX6fHqOXZwwMP+2VyYWJeWM2qQFM github.com/xanzy/ssh-agent v0.3.3/go.mod h1:6dzNDKs0J9rVPHPhaGCukekBHKqfl+L3KghI1Bc68Uw= github.com/xiang90/probing v0.0.0-20190116061207-43a291ad63a2/go.mod h1:UETIi67q53MR2AWcXfiuqkDkRtnGDLqkBTpCHuJHxtU= github.com/xordataexchange/crypt v0.0.3-0.20170626215501-b2862e3d0a77/go.mod h1:aYKd//L2LvnjZzWKhF00oedf4jCCReLcmhLdhm1A27Q= +github.com/xrash/smetrics v0.0.0-20201216005158-039620a65673 h1:bAn7/zixMGCfxrRTfdpNzjtPYqr8smhKouy9mxVdGPU= +github.com/xrash/smetrics v0.0.0-20201216005158-039620a65673/go.mod h1:N3UwUGtsrSj3ccvlPHLoLsHnpR27oXr4ZE984MbSER8= github.com/yuin/goldmark v1.1.25/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74= github.com/yuin/goldmark v1.1.27/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74= github.com/yuin/goldmark v1.1.32/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74= @@ -825,8 +861,8 @@ golang.org/x/crypto v0.0.0-20220824171710-5757bc0c5503/go.mod h1:IxCIyHEi3zRg3s0 golang.org/x/crypto v0.1.0/go.mod h1:RecgLatLF4+eUMCP1PoPZQb+cVrJcOPbHkTkbkB9sbw= golang.org/x/crypto v0.3.1-0.20221117191849-2c476679df9a/go.mod h1:hebNnKkNXi2UzZN1eVRvBB7co0a+JxK6XbPiWVs/3J4= golang.org/x/crypto v0.7.0/go.mod h1:pYwdfH91IfpZVANVyUOhSIPZaFoJGxTFbZhFTx+dXZU= -golang.org/x/crypto v0.17.0 h1:r8bRNjWL3GshPW3gkd+RpvzWrZAwPS49OmTGZ/uhM4k= -golang.org/x/crypto v0.17.0/go.mod h1:gCAAfMLgwOJRpTjQ2zCCt2OcSfYMTeZVSRtQlPC7Nq4= +golang.org/x/crypto v0.21.0 h1:X31++rzVUdKhX5sWmSOFZxx8UW/ldWx55cbf08iNAMA= +golang.org/x/crypto v0.21.0/go.mod h1:0BP7YvVV9gBbVKyeTG0Gyn+gZm94bibOW5BjDEYAOMs= golang.org/x/exp v0.0.0-20190121172915-509febef88a4/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA= golang.org/x/exp v0.0.0-20190306152737-a1d7652674e8/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA= golang.org/x/exp v0.0.0-20190510132918-efd6b22b2522/go.mod h1:ZjyILWgesfNpC6sMxTJOJm9Kp84zZh5NQWvqDGG3Qr8= @@ -925,8 +961,8 @@ golang.org/x/net v0.1.0/go.mod h1:Cx3nUiGt4eDBEyega/BKRp+/AlGL8hYe7U9odMt2Cco= golang.org/x/net v0.2.0/go.mod h1:KqCZLdyyvdV855qA2rE3GC2aiw5xGR5TEjj8smXukLY= golang.org/x/net v0.6.0/go.mod h1:2Tu9+aMcznHK/AK1HMvgo6xiTLG5rD5rZLDS+rp2Bjs= golang.org/x/net v0.8.0/go.mod h1:QVkue5JL9kW//ek3r6jTKnTFis1tRmNAW2P1shuFdJc= -golang.org/x/net v0.19.0 h1:zTwKpTd2XuCqf8huc7Fo2iSy+4RHPd10s4KzeTnVr1c= -golang.org/x/net v0.19.0/go.mod h1:CfAk/cbD4CthTvqiEl8NpboMuiuOYsAr/7NOjZJtv1U= +golang.org/x/net v0.23.0 h1:7EYJ93RZ9vYSZAIb2x3lnuvqO5zneoD6IvWjuhfxjTs= +golang.org/x/net v0.23.0/go.mod h1:JKghWKKOSdJwpW2GEx0Ja7fmaKnMsbu+MWVZTokSYmg= golang.org/x/oauth2 v0.0.0-20180821212333-d2e6202438be/go.mod h1:N/0e6XlmueqKjAGxoOufVs8QHGRruUQn6yWY3a++T0U= golang.org/x/oauth2 v0.0.0-20190226205417-e64efc72b421/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw= golang.org/x/oauth2 v0.0.0-20190604053449-0f29369cfe45/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw= @@ -1040,8 +1076,8 @@ golang.org/x/sys v0.2.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.3.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.5.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.6.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= -golang.org/x/sys v0.15.0 h1:h48lPFYpsTvQJZF4EKyI4aLHaev3CxivZmv7yZig9pc= -golang.org/x/sys v0.15.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= +golang.org/x/sys v0.18.0 h1:DBdB3niSjOA/O0blCZBqDefyWNYveAYMNF1Wum0DYQ4= +golang.org/x/sys v0.18.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo= golang.org/x/term v0.0.0-20210615171337-6886f2dfbf5b/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8= golang.org/x/term v0.0.0-20210927222741-03fcf44c2211/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8= @@ -1049,8 +1085,8 @@ golang.org/x/term v0.1.0/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8= golang.org/x/term v0.2.0/go.mod h1:TVmDHMZPmdnySmBfhjOoOdhjzdE1h4u1VwSiw2l1Nuc= golang.org/x/term v0.5.0/go.mod h1:jMB1sMXY+tzblOD4FWmEbocvup2/aLOaQEp7JmGp78k= golang.org/x/term v0.6.0/go.mod h1:m6U89DPEgQRMq3DNkDClhWw02AUbt2daBVO4cn4Hv9U= -golang.org/x/term v0.15.0 h1:y/Oo/a/q3IXu26lQgl04j/gjuBDOBlx7X6Om1j2CPW4= -golang.org/x/term v0.15.0/go.mod h1:BDl952bC7+uMoWR75FIrCDx79TPU9oHkTZ9yRbYOrX0= +golang.org/x/term v0.18.0 h1:FcHjZXDMxI8mM3nwhX9HlKop4C0YQvCVCdwYl2wOtE8= +golang.org/x/term v0.18.0/go.mod h1:ILwASektA3OnRv7amZ1xhE/KTR+u50pbXfZ03+6Nx58= golang.org/x/text v0.0.0-20170915032832-14c0d48ead0c/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= golang.org/x/text v0.3.1-0.20180807135948-17ff2d5776d2/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= @@ -1257,8 +1293,8 @@ google.golang.org/protobuf v1.25.0/go.mod h1:9JNX74DMeImyA3h4bdi1ymwjUzf21/xIlba google.golang.org/protobuf v1.26.0-rc.1/go.mod h1:jlhhOSvTdKEhbULTjvd4ARK9grFBp09yW+WbY/TyQbw= google.golang.org/protobuf v1.26.0/go.mod h1:9q0QmTI4eRPtz6boOQmLYwt+qCgq0jsYwAQnmE0givc= google.golang.org/protobuf v1.27.1/go.mod h1:9q0QmTI4eRPtz6boOQmLYwt+qCgq0jsYwAQnmE0givc= -google.golang.org/protobuf v1.31.0 h1:g0LDEJHgrBl9N9r17Ru3sqWhkIx2NB67okBHPwC7hs8= -google.golang.org/protobuf v1.31.0/go.mod h1:HV8QOd/L58Z+nl8r43ehVNZIU/HEI6OcFqwMG9pJV4I= +google.golang.org/protobuf v1.33.0 h1:uNO2rsAINq/JlFpSdYEKIZ0uKD/R9cpdv0T+yoGwGmI= +google.golang.org/protobuf v1.33.0/go.mod h1:c6P6GXX6sHbq/GpV6MGZEdwhWPcYBgnhAHhKbcUYpos= gopkg.in/alecthomas/kingpin.v2 v2.2.6/go.mod h1:FMv+mEhP44yOT+4EoQTLFTRgOQ1FBLkstjWtayDeSgw= gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0= gopkg.in/check.v1 v1.0.0-20180628173108-788fd7840127/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0= @@ -1338,6 +1374,7 @@ lukechampine.com/frand v1.4.2 h1:RzFIpOvkMXuPMBb9maa4ND4wjBn71E1Jpf8BzJHMaVw= lukechampine.com/frand v1.4.2/go.mod h1:4S/TM2ZgrKejMcKMbeLjISpJMO+/eZ1zu3vYX9dtj3s= pgregory.net/rapid v0.4.7/go.mod h1:UYpPVyjFHzYBGHIxLFoupi8vwk6rXNzRY9OMvVxFIOU= pgregory.net/rapid v0.5.5 h1:jkgx1TjbQPD/feRoK+S/mXw9e1uj6WilpHrXJowi6oA= +pgregory.net/rapid v0.5.5/go.mod h1:PY5XlDGj0+V1FCq0o192FdRhpKHGTRIWBgqjDBTrq04= rsc.io/binaryregexp v0.2.0/go.mod h1:qTv7/COck+e2FymRvadv62gMdZztPaShugOCi3I+8D8= rsc.io/quote/v3 v3.1.0/go.mod h1:yEA65RcK8LyAZtP9Kv3t0HmxON59tX3rD+tICJqUlj0= rsc.io/sampler v1.3.0/go.mod h1:T1hPZKmBbMNahiBKFy5HrXp6adAjACjK9JXDnKaTXpA= diff --git a/test/private-action-runner/__snapshot__/default.yaml b/test/private-action-runner/__snapshot__/default.yaml new file mode 100644 index 000000000..32ac11b49 --- /dev/null +++ b/test/private-action-runner/__snapshot__/default.yaml @@ -0,0 +1,124 @@ +--- +# Source: private-action-runner/templates/serviceaccount.yaml +apiVersion: v1 +kind: ServiceAccount +metadata: + name: "private-action-runner-default-serviceaccount" + namespace: datadog-agent +--- +# Source: private-action-runner/templates/secrets.yaml +apiVersion: v1 +kind: Secret +metadata: + name: "private-action-runner-default-secrets" + namespace: datadog-agent +stringData: + config.yaml: | + ddBaseURL: https://app.datadoghq.com + urn: CHANGE_ME_URN_FROM_CONFIG + privateKey: CHANGE_ME_PRIVATE_KEY_FROM_CONFIG + modes: + - workflowAutomation + - appBuilder + port: 9016 + actionsAllowlist: + - com.datadoghq.kubernetes.core.getPod + - com.datadoghq.kubernetes.core.listPod +--- +# Source: private-action-runner/templates/role.yaml +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + namespace: datadog-agent + name: "private-action-runner-default-role" +rules: +- apiGroups: + - "" + resources: + - pods + verbs: + - get + - list +--- +# Source: private-action-runner/templates/rolebinding.yaml +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: "private-action-runner-default-rolebinding" + namespace: datadog-agent +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: "private-action-runner-default-role" +subjects: + - kind: ServiceAccount + name: "private-action-runner-default-serviceaccount" + namespace: datadog-agent +--- +# Source: private-action-runner/templates/service.yaml +apiVersion: v1 +kind: Service +metadata: + name: "private-action-runner-default-service" + namespace: datadog-agent +spec: + selector: + service: "private-action-runner-default-service" + ports: + - name: http + port: 9016 + targetPort: 9016 +--- +# Source: private-action-runner/templates/deployment.yaml +apiVersion: apps/v1 +kind: Deployment +metadata: + name: "private-action-runner-default" + namespace: datadog-agent + labels: + service: "private-action-runner-default-service" + app: "private-action-runner-default" +spec: + minReadySeconds: 10 + replicas: 1 + selector: + matchLabels: + app: "private-action-runner-default" + template: + metadata: + labels: + app: "private-action-runner-default" + service: "private-action-runner-default-service" + annotations: + config-hash: 38d507cd658bf8dcb55de19e2b1f8adac892783287bbbc1c74c33303d420f41a + spec: + serviceAccountName: "private-action-runner-default-serviceaccount" + tolerations: + - effect: NoSchedule + key: node + operator: Equal + value: nodeless + containers: + - name: runner + image: "us-east4-docker.pkg.dev/datadog-sandbox/apps-on-prem/onprem-runner:v0.1.1-beta" + imagePullPolicy: IfNotPresent + ports: + - name: http + containerPort: 9016 + resources: + limits: + cpu: 250m + memory: 2Gi + requests: + cpu: 250m + memory: 2Gi + volumeMounts: + - name: secrets + mountPath: /etc/dd-action-runner + env: + - name: MANAGED_BY + value: "helm" + volumes: + - name: secrets + secret: + secretName: "private-action-runner-default-secrets" \ No newline at end of file diff --git a/test/private-action-runner/__snapshot__/enable-kubernetes-actions.yaml b/test/private-action-runner/__snapshot__/enable-kubernetes-actions.yaml new file mode 100644 index 000000000..1b553c9bd --- /dev/null +++ b/test/private-action-runner/__snapshot__/enable-kubernetes-actions.yaml @@ -0,0 +1,168 @@ +--- +# Source: private-action-runner/templates/serviceaccount.yaml +apiVersion: v1 +kind: ServiceAccount +metadata: + name: "private-action-runner-default-serviceaccount" + namespace: datadog-agent +--- +# Source: private-action-runner/templates/secrets.yaml +apiVersion: v1 +kind: Secret +metadata: + name: "private-action-runner-default-secrets" + namespace: datadog-agent +stringData: + config.yaml: | + ddBaseURL: https://app.datadoghq.com + urn: CHANGE_ME_URN_FROM_CONFIG + privateKey: CHANGE_ME_PRIVATE_KEY_FROM_CONFIG + modes: + - workflowAutomation + - appBuilder + port: 9016 + actionsAllowlist: + - com.datadoghq.kubernetes.apps.getControllerRevision + - com.datadoghq.kubernetes.apps.listControllerRevision + - com.datadoghq.kubernetes.apps.createControllerRevision + - com.datadoghq.kubernetes.apps.updateControllerRevision + - com.datadoghq.kubernetes.apps.patchControllerRevision + - com.datadoghq.kubernetes.apps.deleteControllerRevision + - com.datadoghq.kubernetes.apps.deleteMultipleControllerRevisions + - com.datadoghq.kubernetes.apps.restartDeployment + - com.datadoghq.kubernetes.core.patchEndpoints + - com.datadoghq.kubernetes.core.getPod + - com.datadoghq.kubernetes.core.listPod + - com.datadoghq.kubernetes.customresources.deleteMultipleCustomObjects +--- +# Source: private-action-runner/templates/role.yaml +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + namespace: datadog-agent + name: "private-action-runner-default-role" +rules: +- apiGroups: + - example.com + resources: + - tests + verbs: + - list + - get + - create + - patch + - update + - delete +- apiGroups: + - apps + resources: + - controllerrevisions + verbs: + - get + - list + - create + - update + - patch + - delete +- apiGroups: + - apps + resources: + - deployments + verbs: + - patch +- apiGroups: + - "" + resources: + - endpoints + verbs: + - patch +- apiGroups: + - "" + resources: + - pods + verbs: + - get + - list +--- +# Source: private-action-runner/templates/rolebinding.yaml +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: "private-action-runner-default-rolebinding" + namespace: datadog-agent +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: "private-action-runner-default-role" +subjects: + - kind: ServiceAccount + name: "private-action-runner-default-serviceaccount" + namespace: datadog-agent +--- +# Source: private-action-runner/templates/service.yaml +apiVersion: v1 +kind: Service +metadata: + name: "private-action-runner-default-service" + namespace: datadog-agent +spec: + selector: + service: "private-action-runner-default-service" + ports: + - name: http + port: 9016 + targetPort: 9016 +--- +# Source: private-action-runner/templates/deployment.yaml +apiVersion: apps/v1 +kind: Deployment +metadata: + name: "private-action-runner-default" + namespace: datadog-agent + labels: + service: "private-action-runner-default-service" + app: "private-action-runner-default" +spec: + minReadySeconds: 10 + replicas: 1 + selector: + matchLabels: + app: "private-action-runner-default" + template: + metadata: + labels: + app: "private-action-runner-default" + service: "private-action-runner-default-service" + annotations: + config-hash: bda02d4e95c0ab1a984e62d87be14d65768d938dc3ff2e59342961b37acf25fb + spec: + serviceAccountName: "private-action-runner-default-serviceaccount" + tolerations: + - effect: NoSchedule + key: node + operator: Equal + value: nodeless + containers: + - name: runner + image: "us-east4-docker.pkg.dev/datadog-sandbox/apps-on-prem/onprem-runner:v0.1.1-beta" + imagePullPolicy: IfNotPresent + ports: + - name: http + containerPort: 9016 + resources: + limits: + cpu: 250m + memory: 2Gi + requests: + cpu: 250m + memory: 2Gi + volumeMounts: + - name: secrets + mountPath: /etc/dd-action-runner + env: + - name: MANAGED_BY + value: "helm" + volumes: + - name: secrets + secret: + secretName: "private-action-runner-default-secrets" \ No newline at end of file diff --git a/test/private-action-runner/baseline_test.go b/test/private-action-runner/baseline_test.go new file mode 100644 index 000000000..63937c1b0 --- /dev/null +++ b/test/private-action-runner/baseline_test.go @@ -0,0 +1,67 @@ +package private_action_runner + +import ( + "github.com/gruntwork-io/terratest/modules/helm" + "testing" + + "github.com/DataDog/helm-charts/test/common" + "github.com/stretchr/testify/assert" +) + +func Test_baseline_manifests(t *testing.T) { + tests := []struct { + name string + command common.HelmCommand + snapshotName string + assertions func(t *testing.T, manifest, snapshotName string) + }{ + { + name: "Private Action Runner default", + command: common.HelmCommand{ + ReleaseName: "private-action-runner", + ChartPath: "../../charts/private-action-runner", + Values: []string{"../../charts/private-action-runner/values.yaml"}, + Overrides: map[string]string{}, + }, + snapshotName: "default", + assertions: verifyPrivateActionRunner, + }, + { + name: "Enable kubernetes actions", + command: common.HelmCommand{ + ReleaseName: "private-action-runner", + ChartPath: "../../charts/private-action-runner", + Values: []string{"../../charts/private-action-runner/values.yaml"}, + Overrides: map[string]string{ + "runners[0].kubernetesActions.controllerRevisions": "{get,list,create,update,patch,delete,deleteMultiple}", + "runners[0].kubernetesActions.customObjects": "{deleteMultiple}", + "runners[0].kubernetesActions.deployments": "{restart}", + "runners[0].kubernetesActions.endpoints": "{patch}", + "runners[0].kubernetesPermissions[0].apiGroups": "{example.com}", + "runners[0].kubernetesPermissions[0].resources": "{tests}", + "runners[0].kubernetesPermissions[0].verbs": "{list,get,create,patch,update,delete}", + }, + }, + snapshotName: "enable-kubernetes-actions", + assertions: verifyPrivateActionRunner, + }, + } + + for _, tt := range tests { + t.Run(tt.name, func(t *testing.T) { + manifest, err := common.RenderChart(t, tt.command) + assert.Nil(t, err, "couldn't render template") + t.Log("update baselines", common.UpdateBaselines) + if common.UpdateBaselines { + helm.UpdateSnapshot(t, &helm.Options{}, manifest, tt.snapshotName) + } + + tt.assertions(t, manifest, tt.snapshotName) + }) + } +} + +func verifyPrivateActionRunner(t *testing.T, manifest string, snapshotName string) { + diffCount := helm.DiffAgainstSnapshot(t, &helm.Options{}, manifest, snapshotName) + assert.Equal(t, 0, diffCount, "manifests are different") +} diff --git a/test/private-action-runner/testmain_test.go b/test/private-action-runner/testmain_test.go new file mode 100644 index 000000000..b2b5e13c1 --- /dev/null +++ b/test/private-action-runner/testmain_test.go @@ -0,0 +1,13 @@ +package private_action_runner + +import ( + "os" + "testing" + + "github.com/DataDog/helm-charts/test/common" +) + +func TestMain(m *testing.M) { + common.ParseArgs() + os.Exit(m.Run()) +} From 3a7fc083f6251427ea61a3e1c9751c123d340123 Mon Sep 17 00:00:00 2001 From: Sarah Wang Date: Thu, 26 Sep 2024 15:41:47 -0400 Subject: [PATCH 133/209] add livenessProbe to values.yaml (#1526) * add livenessProbe to values.yaml * bump chart version, update changelog * ran helm-docs script .github/helm-docs.sh * add test to check livenessProbe * Update Operator_Deployment_default.yaml * remove unecessary requests * remove hardcoded httpget in values * remove configurability for liveness probe http get * update documentation * fix lint error * update livenessprobe with default k8s values * add defaults to values, override test case --------- Co-authored-by: levan-m <116471169+levan-m@users.noreply.github.com> --- charts/datadog-operator/CHANGELOG.md | 4 ++ charts/datadog-operator/Chart.yaml | 2 +- charts/datadog-operator/README.md | 3 +- .../datadog-operator/templates/_helpers.tpl | 2 +- .../templates/deployment.yaml | 4 +- charts/datadog-operator/values.yaml | 9 ++++ .../baseline/Operator_Deployment_default.yaml | 2 +- .../operator_deployment_test.go | 48 ++++++++++++++++++- 8 files changed, 68 insertions(+), 6 deletions(-) diff --git a/charts/datadog-operator/CHANGELOG.md b/charts/datadog-operator/CHANGELOG.md index be965afab..e631e2761 100644 --- a/charts/datadog-operator/CHANGELOG.md +++ b/charts/datadog-operator/CHANGELOG.md @@ -1,5 +1,9 @@ # Changelog +## 2.0.1 + +* Make Operator `livenessProbe` configurable. + ## 2.0.0 * Update Datadog Operator version to 1.8.0. diff --git a/charts/datadog-operator/Chart.yaml b/charts/datadog-operator/Chart.yaml index a159fd44e..cdf2a498e 100644 --- a/charts/datadog-operator/Chart.yaml +++ b/charts/datadog-operator/Chart.yaml @@ -1,6 +1,6 @@ apiVersion: v2 name: datadog-operator -version: 2.0.0 +version: 2.0.1 appVersion: 1.8.0 description: Datadog Operator keywords: diff --git a/charts/datadog-operator/README.md b/charts/datadog-operator/README.md index e0f076e0e..41bdc7883 100644 --- a/charts/datadog-operator/README.md +++ b/charts/datadog-operator/README.md @@ -1,6 +1,6 @@ # Datadog Operator -![Version: 2.0.0](https://img.shields.io/badge/Version-2.0.0-informational?style=flat-square) ![AppVersion: 1.8.0](https://img.shields.io/badge/AppVersion-1.8.0-informational?style=flat-square) +![Version: 2.0.1](https://img.shields.io/badge/Version-2.0.1-informational?style=flat-square) ![AppVersion: 1.8.0](https://img.shields.io/badge/AppVersion-1.8.0-informational?style=flat-square) ## Values @@ -34,6 +34,7 @@ | imagePullSecrets | list | `[]` | Datadog Operator repository pullSecret (ex: specify docker registry credentials) | | installCRDs | bool | `true` | Set to true to deploy the Datadog's CRDs | | introspection.enabled | bool | `false` | If true, enables introspection feature (beta). Requires v1.4.0+ | +| livenessProbe | object | `{"periodSeconds":10}` | Add default livenessProbe settings. HTTP GET is not configurable as it is hardcoded in the Operator. | | logLevel | string | `"info"` | Set Datadog Operator log level (debug, info, error, panic, fatal) | | maximumGoroutines | string | `nil` | Override default goroutines threshold for the health check failure. | | metricsPort | int | `8383` | Port used for OpenMetrics endpoint | diff --git a/charts/datadog-operator/templates/_helpers.tpl b/charts/datadog-operator/templates/_helpers.tpl index 6625f0cd3..695d66d0a 100644 --- a/charts/datadog-operator/templates/_helpers.tpl +++ b/charts/datadog-operator/templates/_helpers.tpl @@ -87,4 +87,4 @@ Check operator image tag version. {{- else -}} {{ "1.8.0" }} {{- end -}} -{{- end -}} \ No newline at end of file +{{- end -}} diff --git a/charts/datadog-operator/templates/deployment.yaml b/charts/datadog-operator/templates/deployment.yaml index 333370722..28c9da80b 100644 --- a/charts/datadog-operator/templates/deployment.yaml +++ b/charts/datadog-operator/templates/deployment.yaml @@ -140,7 +140,9 @@ spec: httpGet: path: /healthz/ port: 8081 - periodSeconds: 10 + {{- if .Values.livenessProbe }} + {{- toYaml .Values.livenessProbe | nindent 12 }} + {{- end }} resources: {{- toYaml .Values.resources | nindent 12 }} volumeMounts: diff --git a/charts/datadog-operator/values.yaml b/charts/datadog-operator/values.yaml index 318f78227..6e8838726 100644 --- a/charts/datadog-operator/values.yaml +++ b/charts/datadog-operator/values.yaml @@ -176,3 +176,12 @@ volumeMounts: [] # - name: # mountPath: # readOnly: true + +# livenessProbe -- Add default livenessProbe settings. HTTP GET is not configurable as it is hardcoded in the Operator. +livenessProbe: + periodSeconds: 10 + # Example fields of livenessProbe that are also configurable: + # initialDelaySeconds: 15 + # timeoutSeconds: 1 + # successThreshold: 1 + # failureThreshold: 3 diff --git a/test/datadog-operator/baseline/Operator_Deployment_default.yaml b/test/datadog-operator/baseline/Operator_Deployment_default.yaml index c96e6030e..4e2bef0f7 100644 --- a/test/datadog-operator/baseline/Operator_Deployment_default.yaml +++ b/test/datadog-operator/baseline/Operator_Deployment_default.yaml @@ -7,7 +7,7 @@ metadata: namespace: datadog-agent labels: app.kubernetes.io/name: datadog-operator - helm.sh/chart: datadog-operator-2.0.0 + helm.sh/chart: datadog-operator-2.0.1 app.kubernetes.io/instance: datadog-operator app.kubernetes.io/version: "1.8.0" app.kubernetes.io/managed-by: Helm diff --git a/test/datadog-operator/operator_deployment_test.go b/test/datadog-operator/operator_deployment_test.go index e34685157..c59bc2c7a 100644 --- a/test/datadog-operator/operator_deployment_test.go +++ b/test/datadog-operator/operator_deployment_test.go @@ -56,6 +56,34 @@ func Test_operator_chart(t *testing.T) { assertions: verifyAll, skipTest: SkipTest, }, + { + name: "livenessProbe is correctly configured", + command: common.HelmCommand{ + ReleaseName: "datadog-operator", + ChartPath: "../../charts/datadog-operator", + ShowOnly: []string{"templates/deployment.yaml"}, + Values: []string{"../../charts/datadog-operator/values.yaml"}, + Overrides: map[string]string{}, + }, + assertions: verifyLivenessProbe, + skipTest: SkipTest, + }, + { + name: "livenessProbe is correctly overriden", + command: common.HelmCommand{ + ReleaseName: "datadog-operator", + ChartPath: "../../charts/datadog-operator", + ShowOnly: []string{"templates/deployment.yaml"}, + Values: []string{"../../charts/datadog-operator/values.yaml"}, + Overrides: map[string]string{ + "livenessProbe.timeoutSeconds": "20", + "livenessProbe.periodSeconds": "20", + "livenessProbe.failureThreshold": "3", + }, + }, + assertions: verifyLivenessProbeOverride, + skipTest: SkipTest, + }, } for _, tt := range tests { @@ -73,7 +101,6 @@ func Test_operator_chart(t *testing.T) { func verifyDeployment(t *testing.T, manifest string) { var deployment appsv1.Deployment common.Unmarshal(t, manifest, &deployment) - assert.Equal(t, 1, len(deployment.Spec.Template.Spec.Containers)) operatorContainer := deployment.Spec.Template.Spec.Containers[0] assert.Equal(t, v1.PullPolicy("IfNotPresent"), operatorContainer.ImagePullPolicy) @@ -85,3 +112,22 @@ func verifyDeployment(t *testing.T, manifest string) { func verifyAll(t *testing.T, manifest string) { assert.True(t, manifest != "") } + +func verifyLivenessProbe(t *testing.T, manifest string) { + var deployment appsv1.Deployment + common.Unmarshal(t, manifest, &deployment) + assert.Equal(t, 1, len(deployment.Spec.Template.Spec.Containers)) + operatorContainer := deployment.Spec.Template.Spec.Containers[0] + assert.Equal(t, "/healthz/", operatorContainer.LivenessProbe.HTTPGet.Path) +} + +func verifyLivenessProbeOverride(t *testing.T, manifest string) { + var deployment appsv1.Deployment + common.Unmarshal(t, manifest, &deployment) + assert.Equal(t, 1, len(deployment.Spec.Template.Spec.Containers)) + operatorContainer := deployment.Spec.Template.Spec.Containers[0] + assert.Equal(t, "/healthz/", operatorContainer.LivenessProbe.HTTPGet.Path) + assert.Equal(t, int32(20), operatorContainer.LivenessProbe.PeriodSeconds) + assert.Equal(t, int32(20), operatorContainer.LivenessProbe.TimeoutSeconds) + assert.Equal(t, int32(3), operatorContainer.LivenessProbe.FailureThreshold) +} From 637472f105f42e8b444981ea2a38e955161c8e3a Mon Sep 17 00:00:00 2001 From: Andrii Kalinichenko Date: Mon, 30 Sep 2024 10:43:09 +0200 Subject: [PATCH 134/209] [s8s] Release Private Location 1.52 (#1542) --- charts/synthetics-private-location/CHANGELOG.md | 4 ++++ charts/synthetics-private-location/Chart.yaml | 4 ++-- charts/synthetics-private-location/README.md | 4 ++-- charts/synthetics-private-location/values.yaml | 2 +- 4 files changed, 9 insertions(+), 5 deletions(-) diff --git a/charts/synthetics-private-location/CHANGELOG.md b/charts/synthetics-private-location/CHANGELOG.md index a4c72d7f6..f907b10ef 100644 --- a/charts/synthetics-private-location/CHANGELOG.md +++ b/charts/synthetics-private-location/CHANGELOG.md @@ -1,5 +1,9 @@ # Datadog changelog +## 0.17.3 + +* Update private location image version to `1.52.0`. + ## 0.17.2 * Update private location image version to `1.51.0`. diff --git a/charts/synthetics-private-location/Chart.yaml b/charts/synthetics-private-location/Chart.yaml index fdfd13df2..b98ebed0b 100644 --- a/charts/synthetics-private-location/Chart.yaml +++ b/charts/synthetics-private-location/Chart.yaml @@ -1,7 +1,7 @@ apiVersion: v2 name: synthetics-private-location -version: 0.17.2 -appVersion: 1.51.0 +version: 0.17.3 +appVersion: 1.52.0 description: Datadog Synthetics Private Location keywords: - monitoring diff --git a/charts/synthetics-private-location/README.md b/charts/synthetics-private-location/README.md index 03bcd7a24..782849a0a 100644 --- a/charts/synthetics-private-location/README.md +++ b/charts/synthetics-private-location/README.md @@ -1,6 +1,6 @@ # Datadog Synthetics Private Location -![Version: 0.17.2](https://img.shields.io/badge/Version-0.17.2-informational?style=flat-square) ![AppVersion: 1.51.0](https://img.shields.io/badge/AppVersion-1.51.0-informational?style=flat-square) +![Version: 0.17.3](https://img.shields.io/badge/Version-0.17.3-informational?style=flat-square) ![AppVersion: 1.52.0](https://img.shields.io/badge/AppVersion-1.52.0-informational?style=flat-square) [Datadog](https://www.datadoghq.com/) is a hosted infrastructure monitoring platform. This chart adds a Datadog Synthetics Private Location Deployment. For more information about synthetics monitoring with Datadog, please refer to the [Datadog documentation website](https://docs.datadoghq.com/synthetics/private_locations/?tab=helmchart). @@ -41,7 +41,7 @@ helm install datadog/synthetics-private-location --set-file confi | hostAliases | list | `[]` | Add entries to Datadog Synthetics Private Location PODs' /etc/hosts | | image.pullPolicy | string | `"IfNotPresent"` | Define the pullPolicy for Datadog Synthetics Private Location image | | image.repository | string | `"gcr.io/datadoghq/synthetics-private-location-worker"` | Repository to use for Datadog Synthetics Private Location image | -| image.tag | string | `"1.51.0"` | Define the Datadog Synthetics Private Location version to use | +| image.tag | string | `"1.52.0"` | Define the Datadog Synthetics Private Location version to use | | imagePullSecrets | list | `[]` | Datadog Synthetics Private Location repository pullSecret (ex: specify docker registry credentials) | | nameOverride | string | `""` | Override name of app | | nodeSelector | object | `{}` | Allows to schedule Datadog Synthetics Private Location on specific nodes | diff --git a/charts/synthetics-private-location/values.yaml b/charts/synthetics-private-location/values.yaml index b2f912f40..e9f0c0c55 100644 --- a/charts/synthetics-private-location/values.yaml +++ b/charts/synthetics-private-location/values.yaml @@ -15,7 +15,7 @@ image: # image.pullPolicy -- Define the pullPolicy for Datadog Synthetics Private Location image pullPolicy: IfNotPresent # image.tag -- Define the Datadog Synthetics Private Location version to use - tag: 1.51.0 + tag: 1.52.0 # dnsPolicy -- DNS Policy to set to the Datadog Synthetics Private Location PODs dnsPolicy: ClusterFirst From 080279926bbcfa9d387d843e10da26741362811c Mon Sep 17 00:00:00 2001 From: Gabriel Dos Santos <91925154+gabedos@users.noreply.github.com> Date: Fri, 4 Oct 2024 11:06:10 -0400 Subject: [PATCH 135/209] [CONTP-375] Adding RBACs for DCA to read resource annotations and labels for tagging (#1546) * Adding RBACs for DCA to read resource metadata for tagging * Changelog and version bump --- charts/datadog/CHANGELOG.md | 4 ++ charts/datadog/Chart.yaml | 2 +- charts/datadog/README.md | 2 +- .../datadog/templates/cluster-agent-rbac.yaml | 59 ++++++++++++++++++- 4 files changed, 64 insertions(+), 3 deletions(-) diff --git a/charts/datadog/CHANGELOG.md b/charts/datadog/CHANGELOG.md index 2fd54654f..8d7f92f4c 100644 --- a/charts/datadog/CHANGELOG.md +++ b/charts/datadog/CHANGELOG.md @@ -1,5 +1,9 @@ # Datadog changelog +## 3.73.1 + +* Add role-based access control rules to Datadog Cluster Agent to read k8s resources annotations and labels to create tags. + ## 3.73.0 * Add Azure Container Registry, enabled automatically when targeting `us3.datadoghq.com`. diff --git a/charts/datadog/Chart.yaml b/charts/datadog/Chart.yaml index 239449a1a..9fec41038 100644 --- a/charts/datadog/Chart.yaml +++ b/charts/datadog/Chart.yaml @@ -1,6 +1,6 @@ apiVersion: v1 name: datadog -version: 3.73.0 +version: 3.73.1 appVersion: "7" description: Datadog Agent keywords: diff --git a/charts/datadog/README.md b/charts/datadog/README.md index e4af954ef..c52e82237 100644 --- a/charts/datadog/README.md +++ b/charts/datadog/README.md @@ -1,6 +1,6 @@ # Datadog -![Version: 3.73.0](https://img.shields.io/badge/Version-3.73.0-informational?style=flat-square) ![AppVersion: 7](https://img.shields.io/badge/AppVersion-7-informational?style=flat-square) +![Version: 3.73.1](https://img.shields.io/badge/Version-3.73.1-informational?style=flat-square) ![AppVersion: 7](https://img.shields.io/badge/AppVersion-7-informational?style=flat-square) [Datadog](https://www.datadoghq.com/) is a hosted infrastructure monitoring platform. This chart adds the Datadog Agent to all nodes in your cluster via a DaemonSet. It also optionally depends on the [kube-state-metrics chart](https://github.com/prometheus-community/helm-charts/tree/main/charts/kube-state-metrics). For more information about monitoring Kubernetes with Datadog, please refer to the [Datadog documentation website](https://docs.datadoghq.com/agent/basic_agent_usage/kubernetes/). diff --git a/charts/datadog/templates/cluster-agent-rbac.yaml b/charts/datadog/templates/cluster-agent-rbac.yaml index bcdd6e53e..2dfe66697 100644 --- a/charts/datadog/templates/cluster-agent-rbac.yaml +++ b/charts/datadog/templates/cluster-agent-rbac.yaml @@ -486,4 +486,61 @@ subjects: - kind: ServiceAccount name: {{ template "datadog.fullname" . }}-cluster-agent namespace: {{ .Release.Namespace }} -{{- end -}} +{{- end}} + +{{- if or .Values.datadog.kubernetesResourcesAnnotationsAsTags .Values.datadog.kubernetesResourcesLabelsAsTags}} +--- +apiVersion: {{ template "rbac.apiVersion" . }} +kind: ClusterRole +metadata: + labels: +{{ include "datadog.labels" . | indent 4 }} + name: {{ template "datadog.fullname" . }}-cluster-agent-annotations-and-labels-as-tags + namespace: {{ .Release.Namespace }} + +{{- $groupedResources := dict }} +{{- $mergedResources := merge (default dict .Values.datadog.kubernetesResourcesAnnotationsAsTags) (default dict .Values.datadog.kubernetesResourcesLabelsAsTags)}} +{{- range $resource, $labels := $mergedResources }} + {{- $parts := split "." $resource }} + {{- $apiGroup := "" }} + {{- $resourceName := $resource }} + {{- if eq (len $parts) 2 }} + {{- $apiGroup = index $parts "_1" }} + {{- $resourceName = index $parts "_0" }} + {{- end }} + {{- $existing := index $groupedResources $apiGroup | default (list) }} + {{- $groupedResources = set $groupedResources $apiGroup (append $existing $resourceName) }} +{{- end }} + +rules: + +# Iterate through the apiGroups and create rules for each resource +{{- range $apiGroup, $resources := $groupedResources }} +- apiGroups: + - "{{ $apiGroup }}" + resources: + {{- range $resource := $resources }} + - {{ $resource }} + {{- end }} + verbs: + - get + - list + - watch +{{- end }} + +--- +apiVersion: {{ template "rbac.apiVersion" . }} +kind: ClusterRoleBinding +metadata: + labels: +{{ include "datadog.labels" . | indent 4 }} + name: {{ template "datadog.fullname" . }}-cluster-agent-annotations-and-labels-as-tags +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: {{ template "datadog.fullname" . }}-cluster-agent-annotations-and-labels-as-tags +subjects: + - kind: ServiceAccount + name: {{ template "datadog.fullname" . }}-cluster-agent + namespace: {{ .Release.Namespace }} +{{- end -}} \ No newline at end of file From 1049d7eeedfa4013fac74dc207b25bad4010d810 Mon Sep 17 00:00:00 2001 From: Wassim Dhif Date: Mon, 7 Oct 2024 15:46:06 +0200 Subject: [PATCH 136/209] feat(datadog): add ValidatingWebhookConfigurations RBAC (#1508) Signed-off-by: Wassim DHIF --- charts/datadog/CHANGELOG.md | 4 ++++ charts/datadog/Chart.yaml | 2 +- charts/datadog/README.md | 4 ++-- charts/datadog/templates/cluster-agent-rbac.yaml | 2 ++ charts/datadog/values.yaml | 2 +- 5 files changed, 10 insertions(+), 4 deletions(-) diff --git a/charts/datadog/CHANGELOG.md b/charts/datadog/CHANGELOG.md index 8d7f92f4c..5f14b6461 100644 --- a/charts/datadog/CHANGELOG.md +++ b/charts/datadog/CHANGELOG.md @@ -2,6 +2,10 @@ ## 3.73.1 +* Add `admissionregistration.k8s.io/v1/validatingwebhookconfigurations` RBACs to the Cluster Agent. + +## 3.73.1 + * Add role-based access control rules to Datadog Cluster Agent to read k8s resources annotations and labels to create tags. ## 3.73.0 diff --git a/charts/datadog/Chart.yaml b/charts/datadog/Chart.yaml index 9fec41038..b1c9fec8f 100644 --- a/charts/datadog/Chart.yaml +++ b/charts/datadog/Chart.yaml @@ -1,6 +1,6 @@ apiVersion: v1 name: datadog -version: 3.73.1 +version: 3.73.2 appVersion: "7" description: Datadog Agent keywords: diff --git a/charts/datadog/README.md b/charts/datadog/README.md index c52e82237..1799954ea 100644 --- a/charts/datadog/README.md +++ b/charts/datadog/README.md @@ -1,6 +1,6 @@ # Datadog -![Version: 3.73.1](https://img.shields.io/badge/Version-3.73.1-informational?style=flat-square) ![AppVersion: 7](https://img.shields.io/badge/AppVersion-7-informational?style=flat-square) +![Version: 3.73.2](https://img.shields.io/badge/Version-3.73.2-informational?style=flat-square) ![AppVersion: 7](https://img.shields.io/badge/AppVersion-7-informational?style=flat-square) [Datadog](https://www.datadoghq.com/) is a hosted infrastructure monitoring platform. This chart adds the Datadog Agent to all nodes in your cluster via a DaemonSet. It also optionally depends on the [kube-state-metrics chart](https://github.com/prometheus-community/helm-charts/tree/main/charts/kube-state-metrics). For more information about monitoring Kubernetes with Datadog, please refer to the [Datadog documentation website](https://docs.datadoghq.com/agent/basic_agent_usage/kubernetes/). @@ -566,7 +566,7 @@ helm install \ | clusterAgent.admissionController.mutateUnlabelled | bool | `false` | Enable injecting config without having the pod label 'admission.datadoghq.com/enabled="true"' | | clusterAgent.admissionController.port | int | `8000` | Set port of cluster-agent admission controller service | | clusterAgent.admissionController.remoteInstrumentation.enabled | bool | `false` | Enable polling and applying library injection using Remote Config. # This feature is in beta, and enables Remote Config in the Cluster Agent. It also requires Cluster Agent version 7.43+. # Enabling this feature grants the Cluster Agent the permissions to patch Deployment objects in the cluster. | -| clusterAgent.admissionController.webhookName | string | `"datadog-webhook"` | Name of the mutatingwebhookconfigurations created by the cluster-agent | +| clusterAgent.admissionController.webhookName | string | `"datadog-webhook"` | Name of the validatingwebhookconfiguration and mutatingwebhookconfiguration created by the cluster-agent | | clusterAgent.advancedConfd | object | `{}` | Provide additional cluster check configurations. Each key is an integration containing several config files. | | clusterAgent.affinity | object | `{}` | Allow the Cluster Agent Deployment to schedule using affinity rules | | clusterAgent.command | list | `[]` | Command to run in the Cluster Agent container as entrypoint | diff --git a/charts/datadog/templates/cluster-agent-rbac.yaml b/charts/datadog/templates/cluster-agent-rbac.yaml index 2dfe66697..dd6c22cf3 100644 --- a/charts/datadog/templates/cluster-agent-rbac.yaml +++ b/charts/datadog/templates/cluster-agent-rbac.yaml @@ -245,6 +245,7 @@ rules: - apiGroups: - admissionregistration.k8s.io resources: + - validatingwebhookconfigurations - mutatingwebhookconfigurations resourceNames: - {{ .Values.clusterAgent.admissionController.webhookName | quote }} @@ -252,6 +253,7 @@ rules: - apiGroups: - admissionregistration.k8s.io resources: + - validatingwebhookconfigurations - mutatingwebhookconfigurations verbs: ["create"] - apiGroups: ["batch"] diff --git a/charts/datadog/values.yaml b/charts/datadog/values.yaml index f3b04cd53..49e948aee 100644 --- a/charts/datadog/values.yaml +++ b/charts/datadog/values.yaml @@ -1139,7 +1139,7 @@ clusterAgent: # clusterAgent.admissionController.enabled -- Enable the admissionController to be able to inject APM/Dogstatsd config and standard tags (env, service, version) automatically into your pods enabled: true - # clusterAgent.admissionController.webhookName -- Name of the mutatingwebhookconfigurations created by the cluster-agent + # clusterAgent.admissionController.webhookName -- Name of the validatingwebhookconfiguration and mutatingwebhookconfiguration created by the cluster-agent webhookName: datadog-webhook # clusterAgent.admissionController.mutateUnlabelled -- Enable injecting config without having the pod label 'admission.datadoghq.com/enabled="true"' From a17cc4bf2b19c980014a7010edc3a9e2bd0d135c Mon Sep 17 00:00:00 2001 From: Yang Song Date: Tue, 8 Oct 2024 04:03:05 -0400 Subject: [PATCH 137/209] Fix a few typos on otel agent in values.yaml (#1490) Co-authored-by: krlv --- charts/datadog/CHANGELOG.md | 6 +++++- charts/datadog/Chart.yaml | 2 +- charts/datadog/README.md | 12 ++++++------ charts/datadog/values.yaml | 10 +++++----- 4 files changed, 17 insertions(+), 13 deletions(-) diff --git a/charts/datadog/CHANGELOG.md b/charts/datadog/CHANGELOG.md index 5f14b6461..987b77c91 100644 --- a/charts/datadog/CHANGELOG.md +++ b/charts/datadog/CHANGELOG.md @@ -1,6 +1,10 @@ # Datadog changelog -## 3.73.1 +## 3.73.3 + +* Fix a few typos on OTel Agent configs. + +## 3.73.2 * Add `admissionregistration.k8s.io/v1/validatingwebhookconfigurations` RBACs to the Cluster Agent. diff --git a/charts/datadog/Chart.yaml b/charts/datadog/Chart.yaml index b1c9fec8f..c5bb5d951 100644 --- a/charts/datadog/Chart.yaml +++ b/charts/datadog/Chart.yaml @@ -1,6 +1,6 @@ apiVersion: v1 name: datadog -version: 3.73.2 +version: 3.73.3 appVersion: "7" description: Datadog Agent keywords: diff --git a/charts/datadog/README.md b/charts/datadog/README.md index 1799954ea..5c578c07f 100644 --- a/charts/datadog/README.md +++ b/charts/datadog/README.md @@ -1,6 +1,6 @@ # Datadog -![Version: 3.73.2](https://img.shields.io/badge/Version-3.73.2-informational?style=flat-square) ![AppVersion: 7](https://img.shields.io/badge/AppVersion-7-informational?style=flat-square) +![Version: 3.73.3](https://img.shields.io/badge/Version-3.73.3-informational?style=flat-square) ![AppVersion: 7](https://img.shields.io/badge/AppVersion-7-informational?style=flat-square) [Datadog](https://www.datadoghq.com/) is a hosted infrastructure monitoring platform. This chart adds the Datadog Agent to all nodes in your cluster via a DaemonSet. It also optionally depends on the [kube-state-metrics chart](https://github.com/prometheus-community/helm-charts/tree/main/charts/kube-state-metrics). For more information about monitoring Kubernetes with Datadog, please refer to the [Datadog documentation website](https://docs.datadoghq.com/agent/basic_agent_usage/kubernetes/). @@ -471,12 +471,12 @@ helm install \ | agents.containers.initContainers.resources | object | `{}` | Resource requests and limits for the init containers | | agents.containers.initContainers.securityContext | object | `{}` | Allows you to overwrite the default container SecurityContext for the init containers. | | agents.containers.initContainers.volumeMounts | list | `[]` | Specify additional volumes to mount for the init containers | -| agents.containers.otelAgent.env | list | `[]` | Additional environment variables for the trace-agent container | -| agents.containers.otelAgent.envDict | object | `{}` | Set environment variables specific to trace-agent defined in a dict | -| agents.containers.otelAgent.envFrom | list | `[]` | Set environment variables specific to trace-agent from configMaps and/or secrets | +| agents.containers.otelAgent.env | list | `[]` | Additional environment variables for the otel-agent container | +| agents.containers.otelAgent.envDict | object | `{}` | Set environment variables specific to otel-agent defined in a dict | +| agents.containers.otelAgent.envFrom | list | `[]` | Set environment variables specific to otel-agent from configMaps and/or secrets | | agents.containers.otelAgent.ports | list | `[]` | Allows to specify extra ports (hostPorts for instance) for this container | -| agents.containers.otelAgent.resources | object | `{}` | Resource requests and limits for the trace-agent container | -| agents.containers.otelAgent.securityContext | object | `{}` | Allows you to overwrite the default container SecurityContext for the trace-agent container. | +| agents.containers.otelAgent.resources | object | `{}` | Resource requests and limits for the otel-agent container | +| agents.containers.otelAgent.securityContext | object | `{}` | Allows you to overwrite the default container SecurityContext for the otel-agent container. | | agents.containers.processAgent.env | list | `[]` | Additional environment variables for the process-agent container | | agents.containers.processAgent.envDict | object | `{}` | Set environment variables specific to process-agent defined in a dict | | agents.containers.processAgent.envFrom | list | `[]` | Set environment variables specific to process-agent from configMaps and/or secrets | diff --git a/charts/datadog/values.yaml b/charts/datadog/values.yaml index 49e948aee..559dff872 100644 --- a/charts/datadog/values.yaml +++ b/charts/datadog/values.yaml @@ -1709,21 +1709,21 @@ agents: ports: [] otelAgent: - # agents.containers.otelAgent.env -- Additional environment variables for the trace-agent container + # agents.containers.otelAgent.env -- Additional environment variables for the otel-agent container env: [] - # agents.containers.otelAgent.envFrom -- Set environment variables specific to trace-agent from configMaps and/or secrets + # agents.containers.otelAgent.envFrom -- Set environment variables specific to otel-agent from configMaps and/or secrets envFrom: [] # - configMapRef: # name: # - secretRef: # name: - # agents.containers.otelAgent.envDict -- Set environment variables specific to trace-agent defined in a dict + # agents.containers.otelAgent.envDict -- Set environment variables specific to otel-agent defined in a dict envDict: {} # : - # agents.containers.otelAgent.resources -- Resource requests and limits for the trace-agent container + # agents.containers.otelAgent.resources -- Resource requests and limits for the otel-agent container resources: {} # requests: # cpu: 100m @@ -1732,7 +1732,7 @@ agents: # cpu: 100m # memory: 200Mi - # agents.containers.otelAgent.securityContext -- Allows you to overwrite the default container SecurityContext for the trace-agent container. + # agents.containers.otelAgent.securityContext -- Allows you to overwrite the default container SecurityContext for the otel-agent container. securityContext: {} # agents.containers.otelAgent.ports -- Allows to specify extra ports (hostPorts for instance) for this container From ffb4c2fe3fee8b9b18ae8cd8d92a3c7b1e90e63b Mon Sep 17 00:00:00 2001 From: Bruce Guenter Date: Tue, 8 Oct 2024 05:30:54 -0600 Subject: [PATCH 138/209] [observability-pipelines-worker] 2.2.0 release (#1549) --- charts/observability-pipelines-worker/CHANGELOG.md | 4 ++++ charts/observability-pipelines-worker/Chart.yaml | 4 ++-- charts/observability-pipelines-worker/README.md | 4 ++-- charts/observability-pipelines-worker/values.yaml | 2 +- 4 files changed, 9 insertions(+), 5 deletions(-) diff --git a/charts/observability-pipelines-worker/CHANGELOG.md b/charts/observability-pipelines-worker/CHANGELOG.md index ab4fb398f..5b0a92a21 100644 --- a/charts/observability-pipelines-worker/CHANGELOG.md +++ b/charts/observability-pipelines-worker/CHANGELOG.md @@ -1,5 +1,9 @@ # Changelog +## 2.2.0 + +* Official image `2.2.0` + ## 2.1.2 * Official image `2.1.2` diff --git a/charts/observability-pipelines-worker/Chart.yaml b/charts/observability-pipelines-worker/Chart.yaml index 1d399d9d9..0e4de305c 100644 --- a/charts/observability-pipelines-worker/Chart.yaml +++ b/charts/observability-pipelines-worker/Chart.yaml @@ -1,6 +1,6 @@ apiVersion: v2 name: observability-pipelines-worker -version: "2.1.2" +version: "2.2.0" description: Observability Pipelines Worker type: application keywords: @@ -13,7 +13,7 @@ icon: https://datadog-live.imgix.net/img/dd_logo_70x75.png maintainers: - name: Datadog email: support@datadoghq.com -appVersion: "2.1.2" +appVersion: "2.2.0" annotations: artifacthub.io/links: | - name: Chart Source diff --git a/charts/observability-pipelines-worker/README.md b/charts/observability-pipelines-worker/README.md index 5917c6f62..485509309 100644 --- a/charts/observability-pipelines-worker/README.md +++ b/charts/observability-pipelines-worker/README.md @@ -1,6 +1,6 @@ # Observability Pipelines Worker -![Version: 2.1.2](https://img.shields.io/badge/Version-2.1.2-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 2.1.2](https://img.shields.io/badge/AppVersion-2.1.2-informational?style=flat-square) +![Version: 2.2.0](https://img.shields.io/badge/Version-2.2.0-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 2.2.0](https://img.shields.io/badge/AppVersion-2.2.0-informational?style=flat-square) ## How to use Datadog Helm repository @@ -110,7 +110,7 @@ The command removes all the Kubernetes components associated with the chart and | image.pullPolicy | string | `"IfNotPresent"` | Specify the [pullPolicy](https://kubernetes.io/docs/concepts/containers/images/#image-pull-policy). | | image.pullSecrets | list | `[]` | Specify the [imagePullSecrets](https://kubernetes.io/docs/concepts/containers/images/#specifying-imagepullsecrets-on-a-pod). | | image.repository | string | `"gcr.io/datadoghq"` | Specify the image repository to use. | -| image.tag | string | `"2.1.2"` | Specify the image tag to use. | +| image.tag | string | `"2.2.0"` | Specify the image tag to use. | | ingress.annotations | object | `{}` | Specify annotations for the Ingress. | | ingress.className | string | `""` | Specify the [ingressClassName](https://kubernetes.io/blog/2020/04/02/improvements-to-the-ingress-api-in-kubernetes-1.18/#specifying-the-class-of-an-ingress), requires Kubernetes >= 1.18. | | ingress.enabled | bool | `false` | If **true**, create an Ingress resource. | diff --git a/charts/observability-pipelines-worker/values.yaml b/charts/observability-pipelines-worker/values.yaml index a01b2b500..e4f84ec44 100644 --- a/charts/observability-pipelines-worker/values.yaml +++ b/charts/observability-pipelines-worker/values.yaml @@ -42,7 +42,7 @@ image: # image.name -- Specify the image name to use (relative to `image.repository`). name: observability-pipelines-worker # image.tag -- Specify the image tag to use. - tag: 2.1.2 + tag: 2.2.0 # image.digest -- (string) Specify the image digest to use; takes precedence over `image.tag`. digest: ## Currently, we offer images at: From bc3e46edef883d2d0dbca3b12320d8363362bb5d Mon Sep 17 00:00:00 2001 From: eugene kirillov <3404064+krlv@users.noreply.github.com> Date: Tue, 8 Oct 2024 10:03:40 -0700 Subject: [PATCH 139/209] Simplify OTel Agent default pipelines (#1489) --- charts/datadog/CHANGELOG.md | 6 ++++++ charts/datadog/Chart.yaml | 2 +- charts/datadog/README.md | 2 +- charts/datadog/templates/_otel_agent_config.yaml | 6 +----- 4 files changed, 9 insertions(+), 7 deletions(-) diff --git a/charts/datadog/CHANGELOG.md b/charts/datadog/CHANGELOG.md index 987b77c91..59993f726 100644 --- a/charts/datadog/CHANGELOG.md +++ b/charts/datadog/CHANGELOG.md @@ -1,5 +1,11 @@ # Datadog changelog +## 3.74.0 + +* Simplify OTel Agent OOTB pipelines: + * Remove `traces/otlp` pipeline from the default OTel Agent config + * Add `infaattributes` processor and `datadog` exporter to the `traces` pipeline. + ## 3.73.3 * Fix a few typos on OTel Agent configs. diff --git a/charts/datadog/Chart.yaml b/charts/datadog/Chart.yaml index c5bb5d951..e0084ef5d 100644 --- a/charts/datadog/Chart.yaml +++ b/charts/datadog/Chart.yaml @@ -1,6 +1,6 @@ apiVersion: v1 name: datadog -version: 3.73.3 +version: 3.74.0 appVersion: "7" description: Datadog Agent keywords: diff --git a/charts/datadog/README.md b/charts/datadog/README.md index 5c578c07f..7a23224b2 100644 --- a/charts/datadog/README.md +++ b/charts/datadog/README.md @@ -1,6 +1,6 @@ # Datadog -![Version: 3.73.3](https://img.shields.io/badge/Version-3.73.3-informational?style=flat-square) ![AppVersion: 7](https://img.shields.io/badge/AppVersion-7-informational?style=flat-square) +![Version: 3.74.0](https://img.shields.io/badge/Version-3.74.0-informational?style=flat-square) ![AppVersion: 7](https://img.shields.io/badge/AppVersion-7-informational?style=flat-square) [Datadog](https://www.datadoghq.com/) is a hosted infrastructure monitoring platform. This chart adds the Datadog Agent to all nodes in your cluster via a DaemonSet. It also optionally depends on the [kube-state-metrics chart](https://github.com/prometheus-community/helm-charts/tree/main/charts/kube-state-metrics). For more information about monitoring Kubernetes with Datadog, please refer to the [Datadog documentation website](https://docs.datadoghq.com/agent/basic_agent_usage/kubernetes/). diff --git a/charts/datadog/templates/_otel_agent_config.yaml b/charts/datadog/templates/_otel_agent_config.yaml index 6c455b21b..dd18d93c4 100644 --- a/charts/datadog/templates/_otel_agent_config.yaml +++ b/charts/datadog/templates/_otel_agent_config.yaml @@ -35,13 +35,9 @@ otel-config.yaml: {{- if .Values.datadog.otelCollector.config }} {{ toYaml .Valu service: pipelines: traces: - receivers: [otlp] - processors: [batch] - exporters: [datadog/connector] - traces/otlp: receivers: [otlp] processors: [infraattributes, batch] - exporters: [datadog] + exporters: [datadog, datadog/connector] metrics: receivers: [otlp, datadog/connector, prometheus] processors: [infraattributes, batch] From d284fc40ffcd050949518bbb4fc7fb4c497dfc7b Mon Sep 17 00:00:00 2001 From: Adel Haj Hassan <41540817+adel121@users.noreply.github.com> Date: Wed, 9 Oct 2024 15:05:37 +0200 Subject: [PATCH 140/209] [CONTP-431] embed components common env vars in clc runner (#1548) * embed components common env vars in clc runner * PR review - remove duplicate env vars in clc runner deployment --- charts/datadog/CHANGELOG.md | 4 +++ charts/datadog/Chart.yaml | 2 +- charts/datadog/README.md | 2 +- .../templates/_components-common-env.yaml | 6 +--- .../templates/_containers-common-env.yaml | 1 + .../templates/_language_detection_env.yaml | 8 ++++++ .../agent-clusterchecks-deployment.yaml | 28 +------------------ .../templates/cluster-agent-deployment.yaml | 1 + 8 files changed, 18 insertions(+), 34 deletions(-) create mode 100644 charts/datadog/templates/_language_detection_env.yaml diff --git a/charts/datadog/CHANGELOG.md b/charts/datadog/CHANGELOG.md index 59993f726..5841115ad 100644 --- a/charts/datadog/CHANGELOG.md +++ b/charts/datadog/CHANGELOG.md @@ -1,5 +1,9 @@ # Datadog changelog +## 3.74.1 + +* Pass components env variables to the cluster checks runner deployment pod spec. + ## 3.74.0 * Simplify OTel Agent OOTB pipelines: diff --git a/charts/datadog/Chart.yaml b/charts/datadog/Chart.yaml index e0084ef5d..ea5a84191 100644 --- a/charts/datadog/Chart.yaml +++ b/charts/datadog/Chart.yaml @@ -1,6 +1,6 @@ apiVersion: v1 name: datadog -version: 3.74.0 +version: 3.74.1 appVersion: "7" description: Datadog Agent keywords: diff --git a/charts/datadog/README.md b/charts/datadog/README.md index 7a23224b2..4bdf368ea 100644 --- a/charts/datadog/README.md +++ b/charts/datadog/README.md @@ -1,6 +1,6 @@ # Datadog -![Version: 3.74.0](https://img.shields.io/badge/Version-3.74.0-informational?style=flat-square) ![AppVersion: 7](https://img.shields.io/badge/AppVersion-7-informational?style=flat-square) +![Version: 3.74.1](https://img.shields.io/badge/Version-3.74.1-informational?style=flat-square) ![AppVersion: 7](https://img.shields.io/badge/AppVersion-7-informational?style=flat-square) [Datadog](https://www.datadoghq.com/) is a hosted infrastructure monitoring platform. This chart adds the Datadog Agent to all nodes in your cluster via a DaemonSet. It also optionally depends on the [kube-state-metrics chart](https://github.com/prometheus-community/helm-charts/tree/main/charts/kube-state-metrics). For more information about monitoring Kubernetes with Datadog, please refer to the [Datadog documentation website](https://docs.datadoghq.com/agent/basic_agent_usage/kubernetes/). diff --git a/charts/datadog/templates/_components-common-env.yaml b/charts/datadog/templates/_components-common-env.yaml index 95b8016d3..0a58d9114 100644 --- a/charts/datadog/templates/_components-common-env.yaml +++ b/charts/datadog/templates/_components-common-env.yaml @@ -1,10 +1,6 @@ # The purpose of this template is to define a minimal set of environment -# variables shared between components: agent, cluster-agent +# variables shared between components: agent, cluster-agent and cluster checks runner {{- define "components-common-env" -}} -- name: DD_LANGUAGE_DETECTION_ENABLED - value: {{ include "language-detection-enabled" . | quote }} -- name: DD_LANGUAGE_DETECTION_REPORTING_ENABLED - value: {{ include "language-detection-enabled" . | quote }} {{- if .Values.datadog.secretBackend.command }} - name: DD_SECRET_BACKEND_COMMAND value: {{ .Values.datadog.secretBackend.command | quote }} diff --git a/charts/datadog/templates/_containers-common-env.yaml b/charts/datadog/templates/_containers-common-env.yaml index dfb27ea2d..faa496348 100644 --- a/charts/datadog/templates/_containers-common-env.yaml +++ b/charts/datadog/templates/_containers-common-env.yaml @@ -13,6 +13,7 @@ value: {{ template "datadog.confPath" . }}/auth/token {{- end }} {{ include "components-common-env" . }} +{{ include "language-detection-common-env" . }} {{- if .Values.datadog.kubelet.host }} - name: DD_KUBERNETES_KUBELET_HOST {{ toYaml .Values.datadog.kubelet.host | indent 2 }} diff --git a/charts/datadog/templates/_language_detection_env.yaml b/charts/datadog/templates/_language_detection_env.yaml new file mode 100644 index 000000000..5ac676110 --- /dev/null +++ b/charts/datadog/templates/_language_detection_env.yaml @@ -0,0 +1,8 @@ +# The purpose of this template is to define a minimal set of environment +# variables to enable language detection +{{- define "language-detection-common-env" -}} +- name: DD_LANGUAGE_DETECTION_ENABLED + value: {{ include "language-detection-enabled" . | quote }} +- name: DD_LANGUAGE_DETECTION_REPORTING_ENABLED + value: {{ include "language-detection-enabled" . | quote }} +{{- end -}} diff --git a/charts/datadog/templates/agent-clusterchecks-deployment.yaml b/charts/datadog/templates/agent-clusterchecks-deployment.yaml index 1f0442c1b..07696c35b 100644 --- a/charts/datadog/templates/agent-clusterchecks-deployment.yaml +++ b/charts/datadog/templates/agent-clusterchecks-deployment.yaml @@ -125,33 +125,12 @@ spec: {{- end }} {{- end }} env: + {{- include "components-common-env" . | nindent 10 }} - name: DD_API_KEY valueFrom: secretKeyRef: name: {{ template "datadog.apiSecretName" . }} key: api-key - {{- if .Values.datadog.secretBackend.command }} - - name: DD_SECRET_BACKEND_COMMAND - value: {{ .Values.datadog.secretBackend.command | quote }} - {{- end }} - {{- if .Values.datadog.secretBackend.arguments }} - - name: DD_SECRET_BACKEND_ARGUMENTS - value: {{ .Values.datadog.secretBackend.arguments | quote }} - {{- end }} - {{- if .Values.datadog.secretBackend.timeout }} - - name: DD_SECRET_BACKEND_TIMEOUT - value: {{ .Values.datadog.secretBackend.timeout | quote }} - {{- end }} - - name: KUBERNETES - value: "yes" - {{- if .Values.datadog.site }} - - name: DD_SITE - value: {{ .Values.datadog.site | quote }} - {{- end }} - {{- if .Values.datadog.dd_url }} - - name: DD_DD_URL - value: {{ .Values.datadog.dd_url | quote }} - {{- end }} {{- if .Values.datadog.logLevel }} - name: DD_LOG_LEVEL value: {{ .Values.datadog.logLevel | quote }} @@ -192,11 +171,6 @@ spec: valueFrom: fieldRef: fieldPath: spec.nodeName - {{- if .Values.datadog.clusterName }} - {{- template "check-cluster-name" . }} - - name: DD_CLUSTER_NAME - value: {{ tpl .Values.datadog.clusterName . | quote }} - {{- end }} {{- include "provider-env" . | nindent 10 }} {{- include "fips-envvar" . | nindent 10 }} {{- include "additional-env-entries" .Values.clusterChecksRunner.env | indent 10 }} diff --git a/charts/datadog/templates/cluster-agent-deployment.yaml b/charts/datadog/templates/cluster-agent-deployment.yaml index e63d4b57c..ad7a83531 100644 --- a/charts/datadog/templates/cluster-agent-deployment.yaml +++ b/charts/datadog/templates/cluster-agent-deployment.yaml @@ -170,6 +170,7 @@ spec: key: api-key optional: true {{- include "components-common-env" . | nindent 10 }} + {{- include "language-detection-common-env" . | nindent 10 }} {{- if .Values.clusterAgent.metricsProvider.enabled }} - name: DD_APP_KEY valueFrom: From e084c86c17c656f19c23788cf8facae4690e195f Mon Sep 17 00:00:00 2001 From: khewonc <39867936+khewonc@users.noreply.github.com> Date: Wed, 9 Oct 2024 20:55:46 -0400 Subject: [PATCH 141/209] Update crds for operator v1.9.0 (#1554) --- charts/datadog-crds/CHANGELOG.md | 5 + charts/datadog-crds/Chart.yaml | 2 +- charts/datadog-crds/README.md | 3 +- ...datadoghq.com_datadogagentprofiles_v1.yaml | 56 ++++ .../datadoghq.com_datadogdashboards_v1.yaml | 268 ++++++++++++++++++ .../datadoghq.com_datadogmonitors_v1.yaml | 12 +- charts/datadog-crds/update-crds.sh | 1 + charts/datadog-crds/values.yaml | 2 + crds/datadoghq.com_datadogagentprofiles.yaml | 56 ++++ crds/datadoghq.com_datadogdashboards.yaml | 261 +++++++++++++++++ crds/datadoghq.com_datadogmonitors.yaml | 12 +- 11 files changed, 668 insertions(+), 10 deletions(-) create mode 100644 charts/datadog-crds/templates/datadoghq.com_datadogdashboards_v1.yaml create mode 100644 crds/datadoghq.com_datadogdashboards.yaml diff --git a/charts/datadog-crds/CHANGELOG.md b/charts/datadog-crds/CHANGELOG.md index 23e68d1cf..ff96a6ce4 100644 --- a/charts/datadog-crds/CHANGELOG.md +++ b/charts/datadog-crds/CHANGELOG.md @@ -1,5 +1,10 @@ # Changelog +## 2.1.0 + +* Update CRDs from Datadog Operator v1.9.0 tag. +* Add DatadogDashboards CRD. + ## 2.0.0 * Update CRDs from Datadog Operator v1.8.0 tag. diff --git a/charts/datadog-crds/Chart.yaml b/charts/datadog-crds/Chart.yaml index 95a8aefaf..e84be10f4 100644 --- a/charts/datadog-crds/Chart.yaml +++ b/charts/datadog-crds/Chart.yaml @@ -1,7 +1,7 @@ apiVersion: v1 name: datadog-crds description: Datadog Kubernetes CRDs chart -version: 2.0.0 +version: 2.1.0 appVersion: "1" keywords: - monitoring diff --git a/charts/datadog-crds/README.md b/charts/datadog-crds/README.md index 07cd7d0d2..7c6f76e88 100644 --- a/charts/datadog-crds/README.md +++ b/charts/datadog-crds/README.md @@ -1,6 +1,6 @@ # Datadog CRDs -![Version: 2.0.0](https://img.shields.io/badge/Version-2.0.0-informational?style=flat-square) ![AppVersion: 1](https://img.shields.io/badge/AppVersion-1-informational?style=flat-square) +![Version: 2.1.0](https://img.shields.io/badge/Version-2.1.0-informational?style=flat-square) ![AppVersion: 1](https://img.shields.io/badge/AppVersion-1-informational?style=flat-square) This chart was designed to allow other "datadog" charts to share `CustomResourceDefinitions` such as the `DatadogMetric`. @@ -24,6 +24,7 @@ But the recommended Kubernetes versions are `1.16+`. |-----|------|---------|-------------| | crds.datadogAgentProfiles | bool | `false` | Set to true to deploy the DatadogAgentProfiles CRD | | crds.datadogAgents | bool | `false` | Set to true to deploy the DatadogAgents CRD | +| crds.datadogDashboards | bool | `false` | Set to true to deploy the DatadogDashboards CRD | | crds.datadogMetrics | bool | `false` | Set to true to deploy the DatadogMetrics CRD | | crds.datadogMonitors | bool | `false` | Set to true to deploy the DatadogMonitors CRD | | crds.datadogPodAutoscalers | bool | `false` | Set to true to deploy the DatadogPodAutoscalers CRD | diff --git a/charts/datadog-crds/templates/datadoghq.com_datadogagentprofiles_v1.yaml b/charts/datadog-crds/templates/datadoghq.com_datadogagentprofiles_v1.yaml index 09f81c4e2..985391de5 100644 --- a/charts/datadog-crds/templates/datadoghq.com_datadogagentprofiles_v1.yaml +++ b/charts/datadog-crds/templates/datadoghq.com_datadogagentprofiles_v1.yaml @@ -250,7 +250,40 @@ spec: If not specified, the pod priority will be default or zero if there is no default. type: string + updateStrategy: + description: |- + The deployment strategy to use to replace existing pods with new ones. + Valid types are `RollingUpdate` or `OnDelete` for DaemonSets + properties: + rollingUpdate: + description: Configure the rolling update strategy of the Deployment or DaemonSet. + properties: + maxSurge: + anyOf: + - type: integer + - type: string + description: |- + MaxSurge behaves differently based on the Kubernetes resource. Refer to the + Kubernetes API documentation for additional details. + x-kubernetes-int-or-string: true + maxUnavailable: + anyOf: + - type: integer + - type: string + description: |- + The maximum number of pods that can be unavailable during the update. + Value can be an absolute number (ex: 5) or a percentage of desired pods (ex: 10%). + Refer to the Kubernetes API documentation for additional details.. + x-kubernetes-int-or-string: true + type: object + type: + description: |- + Type can be "RollingUpdate" or "OnDelete" for DaemonSets and "RollingUpdate" + or "Recreate" for Deployments + type: string + type: object type: object + description: Override the default configurations of the node agent. type: object type: object profileAffinity: @@ -373,6 +406,29 @@ spec: x-kubernetes-list-map-keys: - type x-kubernetes-list-type: map + createStrategy: + description: CreateStrategy is the state of the create strategy feature. + properties: + lastTransition: + description: LastTransition is the last time the status was updated. + format: date-time + type: string + maxUnavailable: + description: MaxUnavailable shows the number of pods that can be in an unready state. + format: int32 + type: integer + nodesLabeled: + description: NodesLabeled shows the number of nodes currently labeled. + format: int32 + type: integer + podsReady: + description: PodsReady shows the number of pods in the ready state. + format: int32 + type: integer + status: + description: Status shows the current state of the feature. + type: string + type: object currentHash: description: CurrentHash is the stored hash of the DatadogAgentProfile. type: string diff --git a/charts/datadog-crds/templates/datadoghq.com_datadogdashboards_v1.yaml b/charts/datadog-crds/templates/datadoghq.com_datadogdashboards_v1.yaml new file mode 100644 index 000000000..aa593079c --- /dev/null +++ b/charts/datadog-crds/templates/datadoghq.com_datadogdashboards_v1.yaml @@ -0,0 +1,268 @@ +{{- if and .Values.crds.datadogDashboards (semverCompare ">1.21-0" .Capabilities.KubeVersion.GitVersion ) }} +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.14.0 + name: datadogdashboards.datadoghq.com + labels: + helm.sh/chart: '{{ include "datadog-crds.chart" . }}' + app.kubernetes.io/managed-by: '{{ .Release.Service }}' + app.kubernetes.io/name: '{{ include "datadog-crds.name" . }}' + app.kubernetes.io/instance: '{{ .Release.Name }}' +spec: + group: datadoghq.com + names: + kind: DatadogDashboard + listKind: DatadogDashboardList + plural: datadogdashboards + shortNames: + - ddd + singular: datadogdashboard + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .status.id + name: id + type: string + - jsonPath: .status.syncStatus + name: sync status + type: string + - jsonPath: .metadata.creationTimestamp + name: age + type: date + name: v1alpha1 + schema: + openAPIV3Schema: + description: DatadogDashboard is the Schema for the datadogdashboards API + properties: + apiVersion: + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + type: string + kind: + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + metadata: + type: object + spec: + description: DatadogDashboardSpec defines the desired state of DatadogDashboard + properties: + description: + description: Description is the description of the dashboard. + type: string + layoutType: + description: LayoutType is the layout type of the dashboard. + type: string + notifyList: + description: NotifyList is the list of handles of users to notify when changes are made to this dashboard. + items: + type: string + type: array + x-kubernetes-list-type: set + reflowType: + description: |- + Reflowtype is the reflow type for a 'new dashboard layout' dashboard. Set this only when layout type is 'ordered'. + If set to 'fixed', the dashboard expects all widgets to have a layout, and if it's set to 'auto', + widgets should not have layouts. + type: string + tags: + description: Tags is a list of team names representing ownership of a dashboard. + items: + type: string + type: array + x-kubernetes-list-type: set + templateVariablePresets: + description: TemplateVariablePresets is an array of template variables saved views. + items: + description: DashboardTemplateVariablePreset Template variables saved views. + properties: + name: + description: The name of the variable. + type: string + templateVariables: + description: List of variables. + items: + description: DashboardTemplateVariablePresetValue Template variables saved views. + properties: + name: + description: The name of the variable. + type: string + values: + description: One or many template variable values within the saved view, which will be unioned together using `OR` if more than one is specified. Cannot be used in conjunction with `value`. + items: + type: string + type: array + x-kubernetes-list-type: set + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + templateVariables: + description: TemplateVariables is a list of template variables for this dashboard. + items: + description: DashboardTemplateVariable Template variable. + properties: + availableValues: + description: The list of values that the template variable drop-down is limited to. + items: + type: string + type: array + defaults: + description: One or many default values for template variables on load. If more than one default is specified, they will be unioned together with `OR`. Cannot be used in conjunction with `default`. + items: + type: string + type: array + x-kubernetes-list-type: set + name: + description: The name of the variable. + type: string + prefix: + description: The tag prefix associated with the variable. Only tags with this prefix appear in the variable drop-down. + type: string + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + title: + description: Title is the title of the dashboard. + type: string + widgets: + description: Widgets is a JSON string representation of a list of Datadog API Widgets + type: string + type: object + status: + description: DatadogDashboardStatus defines the observed state of DatadogDashboard + properties: + conditions: + description: Conditions represents the latest available observations of the state of a DatadogDashboard. + items: + description: |- + Condition contains details for one aspect of the current state of this API Resource. + --- + This struct is intended for direct use as an array at the field path .status.conditions. For example, + + + type FooStatus struct{ + // Represents the observations of a foo's current state. + // Known .status.conditions.type are: "Available", "Progressing", and "Degraded" + // +patchMergeKey=type + // +patchStrategy=merge + // +listType=map + // +listMapKey=type + Conditions []metav1.Condition `json:"conditions,omitempty" patchStrategy:"merge" patchMergeKey:"type" protobuf:"bytes,1,rep,name=conditions"` + + + // other fields + } + properties: + lastTransitionTime: + description: |- + lastTransitionTime is the last time the condition transitioned from one status to another. + This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable. + format: date-time + type: string + message: + description: |- + message is a human readable message indicating details about the transition. + This may be an empty string. + maxLength: 32768 + type: string + observedGeneration: + description: |- + observedGeneration represents the .metadata.generation that the condition was set based upon. + For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date + with respect to the current state of the instance. + format: int64 + minimum: 0 + type: integer + reason: + description: |- + reason contains a programmatic identifier indicating the reason for the condition's last transition. + Producers of specific condition types may define expected values and meanings for this field, + and whether the values are considered a guaranteed API. + The value should be a CamelCase string. + This field may not be empty. + maxLength: 1024 + minLength: 1 + pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$ + type: string + status: + description: status of the condition, one of True, False, Unknown. + enum: + - "True" + - "False" + - Unknown + type: string + type: + description: |- + type of condition in CamelCase or in foo.example.com/CamelCase. + --- + Many .condition.type values are consistent across resources like Available, but because arbitrary conditions can be + useful (see .node.status.conditions), the ability to deconflict is important. + The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt) + maxLength: 316 + pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ + type: string + required: + - lastTransitionTime + - message + - reason + - status + - type + type: object + type: array + x-kubernetes-list-map-keys: + - type + x-kubernetes-list-type: map + created: + description: Created is the time the dashboard was created. + format: date-time + type: string + creator: + description: Creator is the identity of the dashboard creator. + type: string + currentHash: + description: |- + CurrentHash tracks the hash of the current DatadogDashboardSpec to know + if the Spec has changed and needs an update. + type: string + id: + description: ID is the dashboard ID generated in Datadog. + type: string + lastForceSyncTime: + description: LastForceSyncTime is the last time the API dashboard was last force synced with the DatadogDashboard resource + format: date-time + type: string + syncStatus: + description: SyncStatus shows the health of syncing the dashboard state to Datadog. + type: string + type: object + type: object + served: true + storage: true + subresources: + status: {} +{{- end }} diff --git a/charts/datadog-crds/templates/datadoghq.com_datadogmonitors_v1.yaml b/charts/datadog-crds/templates/datadoghq.com_datadogmonitors_v1.yaml index 10e050b87..dd9811dd8 100644 --- a/charts/datadog-crds/templates/datadoghq.com_datadogmonitors_v1.yaml +++ b/charts/datadog-crds/templates/datadoghq.com_datadogmonitors_v1.yaml @@ -132,6 +132,7 @@ spec: items: type: string type: array + x-kubernetes-list-type: set notifyNoData: description: A Boolean indicating whether this monitor notifies when data stops reporting. type: boolean @@ -159,6 +160,7 @@ spec: description: MonitorRenotifyStatusType The different statuses for which renotification is supported. type: string type: array + x-kubernetes-list-type: set requireFullWindow: description: |- A Boolean indicating whether this monitor needs a full window of data before it’s evaluated. We highly @@ -278,9 +280,11 @@ spec: downtimeStatus: description: DowntimeStatus defines whether the monitor is downtimed properties: - downtimeId: + downtimeID: + description: DowntimeID is the downtime ID. type: integer isDowntimed: + description: IsDowntimed shows the downtime status of the monitor. type: boolean type: object id: @@ -301,14 +305,14 @@ spec: description: MonitorStateLastUpdateTime is the last time the monitor state updated format: date-time type: string + monitorStateSyncStatus: + description: MonitorStateSyncStatus shows the health of syncing the monitor state to Datadog + type: string primary: description: |- Primary defines whether the monitor is managed by the Kubernetes custom resource (true) or outside Kubernetes (false) type: boolean - syncStatus: - description: MonitorStateSyncStatus shows the health of syncing the monitor state to Datadog - type: string triggeredState: description: TriggeredState only includes details for monitor groups that are triggering items: diff --git a/charts/datadog-crds/update-crds.sh b/charts/datadog-crds/update-crds.sh index d6c88cc67..457b77afd 100755 --- a/charts/datadog-crds/update-crds.sh +++ b/charts/datadog-crds/update-crds.sh @@ -59,3 +59,4 @@ download_crd "$DATADOG_OPERATOR_REPO" "$DATADOG_OPERATOR_TAG" datadogmonitors da download_crd "$DATADOG_OPERATOR_REPO" "$DATADOG_OPERATOR_TAG" datadogslos datadogSLOs v1 download_crd "$DATADOG_OPERATOR_REPO" "$DATADOG_OPERATOR_TAG" datadogagentprofiles datadogAgentProfiles v1 download_crd "$DATADOG_OPERATOR_REPO" "$DATADOG_OPERATOR_TAG" datadogpodautoscalers datadogPodAutoscalers v1 +download_crd "$DATADOG_OPERATOR_REPO" "$DATADOG_OPERATOR_TAG" datadogdashboards datadogDashboards v1 diff --git a/charts/datadog-crds/values.yaml b/charts/datadog-crds/values.yaml index 5f9ea8e3d..2b89e21f0 100644 --- a/charts/datadog-crds/values.yaml +++ b/charts/datadog-crds/values.yaml @@ -15,6 +15,8 @@ crds: datadogAgentProfiles: false # crds.datadogPodAutoscalers -- Set to true to deploy the DatadogPodAutoscalers CRD datadogPodAutoscalers: false + # crds.datadogDashboards -- Set to true to deploy the DatadogDashboards CRD + datadogDashboards: false # nameOverride -- Override name of app nameOverride: "" diff --git a/crds/datadoghq.com_datadogagentprofiles.yaml b/crds/datadoghq.com_datadogagentprofiles.yaml index 9aab15bdd..c080a083f 100644 --- a/crds/datadoghq.com_datadogagentprofiles.yaml +++ b/crds/datadoghq.com_datadogagentprofiles.yaml @@ -244,7 +244,40 @@ spec: If not specified, the pod priority will be default or zero if there is no default. type: string + updateStrategy: + description: |- + The deployment strategy to use to replace existing pods with new ones. + Valid types are `RollingUpdate` or `OnDelete` for DaemonSets + properties: + rollingUpdate: + description: Configure the rolling update strategy of the Deployment or DaemonSet. + properties: + maxSurge: + anyOf: + - type: integer + - type: string + description: |- + MaxSurge behaves differently based on the Kubernetes resource. Refer to the + Kubernetes API documentation for additional details. + x-kubernetes-int-or-string: true + maxUnavailable: + anyOf: + - type: integer + - type: string + description: |- + The maximum number of pods that can be unavailable during the update. + Value can be an absolute number (ex: 5) or a percentage of desired pods (ex: 10%). + Refer to the Kubernetes API documentation for additional details.. + x-kubernetes-int-or-string: true + type: object + type: + description: |- + Type can be "RollingUpdate" or "OnDelete" for DaemonSets and "RollingUpdate" + or "Recreate" for Deployments + type: string + type: object type: object + description: Override the default configurations of the node agent. type: object type: object profileAffinity: @@ -367,6 +400,29 @@ spec: x-kubernetes-list-map-keys: - type x-kubernetes-list-type: map + createStrategy: + description: CreateStrategy is the state of the create strategy feature. + properties: + lastTransition: + description: LastTransition is the last time the status was updated. + format: date-time + type: string + maxUnavailable: + description: MaxUnavailable shows the number of pods that can be in an unready state. + format: int32 + type: integer + nodesLabeled: + description: NodesLabeled shows the number of nodes currently labeled. + format: int32 + type: integer + podsReady: + description: PodsReady shows the number of pods in the ready state. + format: int32 + type: integer + status: + description: Status shows the current state of the feature. + type: string + type: object currentHash: description: CurrentHash is the stored hash of the DatadogAgentProfile. type: string diff --git a/crds/datadoghq.com_datadogdashboards.yaml b/crds/datadoghq.com_datadogdashboards.yaml new file mode 100644 index 000000000..608dccf89 --- /dev/null +++ b/crds/datadoghq.com_datadogdashboards.yaml @@ -0,0 +1,261 @@ +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.14.0 + name: datadogdashboards.datadoghq.com +spec: + group: datadoghq.com + names: + kind: DatadogDashboard + listKind: DatadogDashboardList + plural: datadogdashboards + shortNames: + - ddd + singular: datadogdashboard + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .status.id + name: id + type: string + - jsonPath: .status.syncStatus + name: sync status + type: string + - jsonPath: .metadata.creationTimestamp + name: age + type: date + name: v1alpha1 + schema: + openAPIV3Schema: + description: DatadogDashboard is the Schema for the datadogdashboards API + properties: + apiVersion: + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + type: string + kind: + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + metadata: + type: object + spec: + description: DatadogDashboardSpec defines the desired state of DatadogDashboard + properties: + description: + description: Description is the description of the dashboard. + type: string + layoutType: + description: LayoutType is the layout type of the dashboard. + type: string + notifyList: + description: NotifyList is the list of handles of users to notify when changes are made to this dashboard. + items: + type: string + type: array + x-kubernetes-list-type: set + reflowType: + description: |- + Reflowtype is the reflow type for a 'new dashboard layout' dashboard. Set this only when layout type is 'ordered'. + If set to 'fixed', the dashboard expects all widgets to have a layout, and if it's set to 'auto', + widgets should not have layouts. + type: string + tags: + description: Tags is a list of team names representing ownership of a dashboard. + items: + type: string + type: array + x-kubernetes-list-type: set + templateVariablePresets: + description: TemplateVariablePresets is an array of template variables saved views. + items: + description: DashboardTemplateVariablePreset Template variables saved views. + properties: + name: + description: The name of the variable. + type: string + templateVariables: + description: List of variables. + items: + description: DashboardTemplateVariablePresetValue Template variables saved views. + properties: + name: + description: The name of the variable. + type: string + values: + description: One or many template variable values within the saved view, which will be unioned together using `OR` if more than one is specified. Cannot be used in conjunction with `value`. + items: + type: string + type: array + x-kubernetes-list-type: set + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + templateVariables: + description: TemplateVariables is a list of template variables for this dashboard. + items: + description: DashboardTemplateVariable Template variable. + properties: + availableValues: + description: The list of values that the template variable drop-down is limited to. + items: + type: string + type: array + defaults: + description: One or many default values for template variables on load. If more than one default is specified, they will be unioned together with `OR`. Cannot be used in conjunction with `default`. + items: + type: string + type: array + x-kubernetes-list-type: set + name: + description: The name of the variable. + type: string + prefix: + description: The tag prefix associated with the variable. Only tags with this prefix appear in the variable drop-down. + type: string + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + title: + description: Title is the title of the dashboard. + type: string + widgets: + description: Widgets is a JSON string representation of a list of Datadog API Widgets + type: string + type: object + status: + description: DatadogDashboardStatus defines the observed state of DatadogDashboard + properties: + conditions: + description: Conditions represents the latest available observations of the state of a DatadogDashboard. + items: + description: |- + Condition contains details for one aspect of the current state of this API Resource. + --- + This struct is intended for direct use as an array at the field path .status.conditions. For example, + + + type FooStatus struct{ + // Represents the observations of a foo's current state. + // Known .status.conditions.type are: "Available", "Progressing", and "Degraded" + // +patchMergeKey=type + // +patchStrategy=merge + // +listType=map + // +listMapKey=type + Conditions []metav1.Condition `json:"conditions,omitempty" patchStrategy:"merge" patchMergeKey:"type" protobuf:"bytes,1,rep,name=conditions"` + + + // other fields + } + properties: + lastTransitionTime: + description: |- + lastTransitionTime is the last time the condition transitioned from one status to another. + This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable. + format: date-time + type: string + message: + description: |- + message is a human readable message indicating details about the transition. + This may be an empty string. + maxLength: 32768 + type: string + observedGeneration: + description: |- + observedGeneration represents the .metadata.generation that the condition was set based upon. + For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date + with respect to the current state of the instance. + format: int64 + minimum: 0 + type: integer + reason: + description: |- + reason contains a programmatic identifier indicating the reason for the condition's last transition. + Producers of specific condition types may define expected values and meanings for this field, + and whether the values are considered a guaranteed API. + The value should be a CamelCase string. + This field may not be empty. + maxLength: 1024 + minLength: 1 + pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$ + type: string + status: + description: status of the condition, one of True, False, Unknown. + enum: + - "True" + - "False" + - Unknown + type: string + type: + description: |- + type of condition in CamelCase or in foo.example.com/CamelCase. + --- + Many .condition.type values are consistent across resources like Available, but because arbitrary conditions can be + useful (see .node.status.conditions), the ability to deconflict is important. + The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt) + maxLength: 316 + pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ + type: string + required: + - lastTransitionTime + - message + - reason + - status + - type + type: object + type: array + x-kubernetes-list-map-keys: + - type + x-kubernetes-list-type: map + created: + description: Created is the time the dashboard was created. + format: date-time + type: string + creator: + description: Creator is the identity of the dashboard creator. + type: string + currentHash: + description: |- + CurrentHash tracks the hash of the current DatadogDashboardSpec to know + if the Spec has changed and needs an update. + type: string + id: + description: ID is the dashboard ID generated in Datadog. + type: string + lastForceSyncTime: + description: LastForceSyncTime is the last time the API dashboard was last force synced with the DatadogDashboard resource + format: date-time + type: string + syncStatus: + description: SyncStatus shows the health of syncing the dashboard state to Datadog. + type: string + type: object + type: object + served: true + storage: true + subresources: + status: {} diff --git a/crds/datadoghq.com_datadogmonitors.yaml b/crds/datadoghq.com_datadogmonitors.yaml index 9245116e6..11c854954 100644 --- a/crds/datadoghq.com_datadogmonitors.yaml +++ b/crds/datadoghq.com_datadogmonitors.yaml @@ -126,6 +126,7 @@ spec: items: type: string type: array + x-kubernetes-list-type: set notifyNoData: description: A Boolean indicating whether this monitor notifies when data stops reporting. type: boolean @@ -153,6 +154,7 @@ spec: description: MonitorRenotifyStatusType The different statuses for which renotification is supported. type: string type: array + x-kubernetes-list-type: set requireFullWindow: description: |- A Boolean indicating whether this monitor needs a full window of data before it’s evaluated. We highly @@ -272,9 +274,11 @@ spec: downtimeStatus: description: DowntimeStatus defines whether the monitor is downtimed properties: - downtimeId: + downtimeID: + description: DowntimeID is the downtime ID. type: integer isDowntimed: + description: IsDowntimed shows the downtime status of the monitor. type: boolean type: object id: @@ -295,14 +299,14 @@ spec: description: MonitorStateLastUpdateTime is the last time the monitor state updated format: date-time type: string + monitorStateSyncStatus: + description: MonitorStateSyncStatus shows the health of syncing the monitor state to Datadog + type: string primary: description: |- Primary defines whether the monitor is managed by the Kubernetes custom resource (true) or outside Kubernetes (false) type: boolean - syncStatus: - description: MonitorStateSyncStatus shows the health of syncing the monitor state to Datadog - type: string triggeredState: description: TriggeredState only includes details for monitor groups that are triggering items: From efa4d6629c240b545035bc80e05fbafaf83316c1 Mon Sep 17 00:00:00 2001 From: khewonc <39867936+khewonc@users.noreply.github.com> Date: Thu, 10 Oct 2024 14:43:22 -0400 Subject: [PATCH 142/209] Update chart for operator v1.9.0 release (#1555) --- charts/datadog-operator/CHANGELOG.md | 5 +++ charts/datadog-operator/Chart.lock | 6 ++-- charts/datadog-operator/Chart.yaml | 6 ++-- charts/datadog-operator/README.md | 6 ++-- .../datadog-operator/templates/_helpers.tpl | 2 +- .../templates/clusterrole.yaml | 36 +++++++++++++++---- .../templates/deployment.yaml | 3 ++ charts/datadog-operator/values.yaml | 7 +++- .../baseline/DatadogAgent_CRD_default.yaml | 2 +- .../baseline/Operator_Deployment_default.yaml | 7 ++-- .../operator_deployment_test.go | 2 +- 11 files changed, 60 insertions(+), 22 deletions(-) diff --git a/charts/datadog-operator/CHANGELOG.md b/charts/datadog-operator/CHANGELOG.md index e631e2761..2f6ee332c 100644 --- a/charts/datadog-operator/CHANGELOG.md +++ b/charts/datadog-operator/CHANGELOG.md @@ -1,5 +1,10 @@ # Changelog +## 2.1.0 + +* Update Datadog Operator version to 1.9.0. +* Add DatadogDashboard configuration. + ## 2.0.1 * Make Operator `livenessProbe` configurable. diff --git a/charts/datadog-operator/Chart.lock b/charts/datadog-operator/Chart.lock index 6fd0a13b2..b5c089010 100644 --- a/charts/datadog-operator/Chart.lock +++ b/charts/datadog-operator/Chart.lock @@ -1,6 +1,6 @@ dependencies: - name: datadog-crds repository: https://helm.datadoghq.com - version: 2.0.0 -digest: sha256:39f4d700e87701398d61344f3f816586017a20396c07a4953a60da9c46edc74b -generated: "2024-08-16T15:47:01.022149-04:00" + version: 2.1.0 +digest: sha256:8f24ab33303f20421688b071b9fb028c0662795952298300ed4b9a060a4332ac +generated: "2024-10-10T12:48:27.526346-04:00" diff --git a/charts/datadog-operator/Chart.yaml b/charts/datadog-operator/Chart.yaml index cdf2a498e..6577418a7 100644 --- a/charts/datadog-operator/Chart.yaml +++ b/charts/datadog-operator/Chart.yaml @@ -1,7 +1,7 @@ apiVersion: v2 name: datadog-operator -version: 2.0.1 -appVersion: 1.8.0 +version: 2.1.0 +appVersion: 1.9.0 description: Datadog Operator keywords: - monitoring @@ -17,7 +17,7 @@ maintainers: email: support@datadoghq.com dependencies: - name: datadog-crds - version: "=2.0.0" + version: "=2.1.0" alias: datadogCRDs repository: https://helm.datadoghq.com condition: installCRDs diff --git a/charts/datadog-operator/README.md b/charts/datadog-operator/README.md index 41bdc7883..0bf92862f 100644 --- a/charts/datadog-operator/README.md +++ b/charts/datadog-operator/README.md @@ -1,6 +1,6 @@ # Datadog Operator -![Version: 2.0.1](https://img.shields.io/badge/Version-2.0.1-informational?style=flat-square) ![AppVersion: 1.8.0](https://img.shields.io/badge/AppVersion-1.8.0-informational?style=flat-square) +![Version: 2.1.0](https://img.shields.io/badge/Version-2.1.0-informational?style=flat-square) ![AppVersion: 1.9.0](https://img.shields.io/badge/AppVersion-1.9.0-informational?style=flat-square) ## Values @@ -17,10 +17,12 @@ | datadogAgent.enabled | bool | `true` | Enables Datadog Agent controller | | datadogAgentProfile.enabled | bool | `false` | If true, enables DatadogAgentProfile controller (beta). Requires v1.5.0+ | | datadogCRDs.crds.datadogAgents | bool | `true` | Set to true to deploy the DatadogAgents CRD | +| datadogCRDs.crds.datadogDashboards | bool | `false` | Set to true to deploy the DatadogDashboard CRD | | datadogCRDs.crds.datadogMetrics | bool | `true` | Set to true to deploy the DatadogMetrics CRD | | datadogCRDs.crds.datadogMonitors | bool | `true` | Set to true to deploy the DatadogMonitors CRD | | datadogCRDs.crds.datadogPodAutoscalers | bool | `true` | Set to true to deploy the DatadogPodAutoscalers CRD | | datadogCRDs.crds.datadogSLOs | bool | `false` | Set to true to deploy the DatadogSLO CRD | +| datadogDashboard.enabled | bool | `false` | Enables the Datadog Dashboard controller | | datadogMonitor.enabled | bool | `false` | Enables the Datadog Monitor controller | | datadogSLO.enabled | bool | `false` | Enables the Datadog SLO controller | | dd_url | string | `nil` | The host of the Datadog intake server to send Agent data to, only set this option if you need the Agent to send data to a custom URL | @@ -30,7 +32,7 @@ | image.doNotCheckTag | bool | `false` | Permit skipping operator image tag compatibility with the chart. | | image.pullPolicy | string | `"IfNotPresent"` | Define the pullPolicy for Datadog Operator image | | image.repository | string | `"gcr.io/datadoghq/operator"` | Repository to use for Datadog Operator image | -| image.tag | string | `"1.8.0"` | Define the Datadog Operator version to use | +| image.tag | string | `"1.9.0"` | Define the Datadog Operator version to use | | imagePullSecrets | list | `[]` | Datadog Operator repository pullSecret (ex: specify docker registry credentials) | | installCRDs | bool | `true` | Set to true to deploy the Datadog's CRDs | | introspection.enabled | bool | `false` | If true, enables introspection feature (beta). Requires v1.4.0+ | diff --git a/charts/datadog-operator/templates/_helpers.tpl b/charts/datadog-operator/templates/_helpers.tpl index 695d66d0a..2ec94580f 100644 --- a/charts/datadog-operator/templates/_helpers.tpl +++ b/charts/datadog-operator/templates/_helpers.tpl @@ -85,6 +85,6 @@ Check operator image tag version. {{- if not .Values.image.doNotCheckTag -}} {{- .Values.image.tag -}} {{- else -}} -{{ "1.8.0" }} +{{ "1.9.0" }} {{- end -}} {{- end -}} diff --git a/charts/datadog-operator/templates/clusterrole.yaml b/charts/datadog-operator/templates/clusterrole.yaml index 7dc6b54bb..1b90e330a 100644 --- a/charts/datadog-operator/templates/clusterrole.yaml +++ b/charts/datadog-operator/templates/clusterrole.yaml @@ -200,15 +200,9 @@ rules: - admissionregistration.k8s.io resources: - mutatingwebhookconfigurations - verbs: - - '*' -- apiGroups: - - admissionregistration.k8s.io - resources: - validatingwebhookconfigurations verbs: - - list - - watch + - '*' - apiGroups: - apiextensions.k8s.io resources: @@ -772,5 +766,33 @@ rules: - patch - update {{- end }} +{{- if .Values.datadogDashboard.enabled }} +- apiGroups: + - datadoghq.com + resources: + - datadogdashboards + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - datadoghq.com + resources: + - datadogdashboards/finalizers + verbs: + - update +- apiGroups: + - datadoghq.com + resources: + - datadogdashboards/status + verbs: + - get + - patch + - update +{{- end }} {{- end }} diff --git a/charts/datadog-operator/templates/deployment.yaml b/charts/datadog-operator/templates/deployment.yaml index 28c9da80b..1bb1b1322 100644 --- a/charts/datadog-operator/templates/deployment.yaml +++ b/charts/datadog-operator/templates/deployment.yaml @@ -129,6 +129,9 @@ spec: {{- if (semverCompare ">=1.3.0" $version) }} - "-datadogSLOEnabled={{ .Values.datadogSLO.enabled }}" {{- end }} + {{- if (semverCompare ">=1.9.0-0" $version) }} + - "-datadogDashboardEnabled={{ .Values.datadogDashboard.enabled }}" + {{- end }} {{- if (semverCompare ">=1.7.0" $version) }} - "-remoteConfigEnabled={{ .Values.remoteConfiguration.enabled }}" {{- end }} diff --git a/charts/datadog-operator/values.yaml b/charts/datadog-operator/values.yaml index 6e8838726..fbd4339e9 100644 --- a/charts/datadog-operator/values.yaml +++ b/charts/datadog-operator/values.yaml @@ -47,7 +47,7 @@ image: # image.repository -- Repository to use for Datadog Operator image repository: gcr.io/datadoghq/operator # image.tag -- Define the Datadog Operator version to use - tag: 1.8.0 + tag: 1.9.0 # image.pullPolicy -- Define the pullPolicy for Datadog Operator image pullPolicy: IfNotPresent # image.doNotCheckTag -- Permit skipping operator image tag compatibility with the chart. @@ -84,6 +84,9 @@ secretBackend: datadogAgent: # datadogAgent.enabled -- Enables Datadog Agent controller enabled: true +datadogDashboard: + # datadogDashboard.enabled -- Enables the Datadog Dashboard controller + enabled: false datadogMonitor: # datadogMonitor.enabled -- Enables the Datadog Monitor controller enabled: false @@ -142,6 +145,8 @@ datadogCRDs: datadogMonitors: true # datadogCRDs.crds.datadogSLOs -- Set to true to deploy the DatadogSLO CRD datadogSLOs: false + # datadogCRDs.crds.datadogDashboards -- Set to true to deploy the DatadogDashboard CRD + datadogDashboards: false # podAnnotations -- Allows setting additional annotations for Datadog Operator PODs podAnnotations: {} diff --git a/test/datadog-operator/baseline/DatadogAgent_CRD_default.yaml b/test/datadog-operator/baseline/DatadogAgent_CRD_default.yaml index d241a6bc6..22931c5af 100644 --- a/test/datadog-operator/baseline/DatadogAgent_CRD_default.yaml +++ b/test/datadog-operator/baseline/DatadogAgent_CRD_default.yaml @@ -7,7 +7,7 @@ metadata: controller-gen.kubebuilder.io/version: v0.14.0 name: datadogagents.datadoghq.com labels: - helm.sh/chart: 'datadogCRDs-2.0.0' + helm.sh/chart: 'datadogCRDs-2.1.0' app.kubernetes.io/managed-by: 'Helm' app.kubernetes.io/name: 'datadogCRDs' app.kubernetes.io/instance: 'datadog-operator' diff --git a/test/datadog-operator/baseline/Operator_Deployment_default.yaml b/test/datadog-operator/baseline/Operator_Deployment_default.yaml index 4e2bef0f7..48ea073c0 100644 --- a/test/datadog-operator/baseline/Operator_Deployment_default.yaml +++ b/test/datadog-operator/baseline/Operator_Deployment_default.yaml @@ -7,9 +7,9 @@ metadata: namespace: datadog-agent labels: app.kubernetes.io/name: datadog-operator - helm.sh/chart: datadog-operator-2.0.1 + helm.sh/chart: datadog-operator-2.1.0 app.kubernetes.io/instance: datadog-operator - app.kubernetes.io/version: "1.8.0" + app.kubernetes.io/version: "1.9.0" app.kubernetes.io/managed-by: Helm spec: replicas: 1 @@ -35,7 +35,7 @@ spec: serviceAccountName: datadog-operator containers: - name: datadog-operator - image: "gcr.io/datadoghq/operator:1.8.0" + image: "gcr.io/datadoghq/operator:1.9.0" imagePullPolicy: IfNotPresent env: - name: WATCH_NAMESPACE @@ -59,6 +59,7 @@ spec: - "-datadogMonitorEnabled=false" - "-datadogAgentEnabled=true" - "-datadogSLOEnabled=false" + - "-datadogDashboardEnabled=false" - "-remoteConfigEnabled=false" ports: - name: metrics diff --git a/test/datadog-operator/operator_deployment_test.go b/test/datadog-operator/operator_deployment_test.go index c59bc2c7a..1bfa22777 100644 --- a/test/datadog-operator/operator_deployment_test.go +++ b/test/datadog-operator/operator_deployment_test.go @@ -104,7 +104,7 @@ func verifyDeployment(t *testing.T, manifest string) { assert.Equal(t, 1, len(deployment.Spec.Template.Spec.Containers)) operatorContainer := deployment.Spec.Template.Spec.Containers[0] assert.Equal(t, v1.PullPolicy("IfNotPresent"), operatorContainer.ImagePullPolicy) - assert.Equal(t, "gcr.io/datadoghq/operator:1.8.0", operatorContainer.Image) + assert.Equal(t, "gcr.io/datadoghq/operator:1.9.0", operatorContainer.Image) assert.NotContains(t, operatorContainer.Args, "-webhookEnabled=false") assert.NotContains(t, operatorContainer.Args, "-webhookEnabled=true") } From bd3847a6f6e30b5be34373bab47e4e4ffc957e82 Mon Sep 17 00:00:00 2001 From: Ilya Rubnich Date: Fri, 11 Oct 2024 15:10:50 -0400 Subject: [PATCH 143/209] Bump PAR chart to 0.14.1 (#1556) * bump to 0.14.1 * bump actual version * readme update * fix manifest test --- charts/private-action-runner/CHANGELOG.md | 4 ++++ charts/private-action-runner/Chart.yaml | 2 +- charts/private-action-runner/README.md | 4 ++-- charts/private-action-runner/README.md.gotmpl | 2 +- charts/private-action-runner/values.yaml | 2 +- test/private-action-runner/__snapshot__/default.yaml | 2 +- .../__snapshot__/enable-kubernetes-actions.yaml | 2 +- 7 files changed, 11 insertions(+), 7 deletions(-) diff --git a/charts/private-action-runner/CHANGELOG.md b/charts/private-action-runner/CHANGELOG.md index 42983f45d..3549c9050 100644 --- a/charts/private-action-runner/CHANGELOG.md +++ b/charts/private-action-runner/CHANGELOG.md @@ -1,5 +1,9 @@ # Datadog changelog +## 0.14.1 + +* Update private action image version to `v0.1.2-beta` + ## 0.14.0 * Add support for `kubernetesActions`. diff --git a/charts/private-action-runner/Chart.yaml b/charts/private-action-runner/Chart.yaml index f8fbc7e77..1e0232c5e 100644 --- a/charts/private-action-runner/Chart.yaml +++ b/charts/private-action-runner/Chart.yaml @@ -3,7 +3,7 @@ name: private-action-runner description: A Helm chart to deploy the private action runner type: application -version: 0.14.0 +version: 0.14.1 appVersion: "1.22.0" keywords: - app builder diff --git a/charts/private-action-runner/README.md b/charts/private-action-runner/README.md index 29b1e83fa..ee6671058 100644 --- a/charts/private-action-runner/README.md +++ b/charts/private-action-runner/README.md @@ -1,6 +1,6 @@ # Datadog Private Action Runner -![Version: 0.14.0](https://img.shields.io/badge/Version-0.14.0-informational?style=flat-square) ![AppVersion: v0.1.1-beta](https://img.shields.io/badge/AppVersion-v0.1.1--beta-informational?style=flat-square) +![Version: 0.14.1](https://img.shields.io/badge/Version-0.14.1-informational?style=flat-square) ![AppVersion: v0.1.2-beta](https://img.shields.io/badge/AppVersion-v0.1.2--beta-informational?style=flat-square) This Helm Chart deploys the Datadog Private Action runner inside a Kubernetes cluster. It allows you to use private actions from the Datadog Workflow and Datadog App Builder products. When deploying this chart, you can give permissions to the runner in order to be able to run Kubernetes actions. @@ -42,7 +42,7 @@ helm repo update | Key | Type | Default | Description | |-----|------|---------|-------------| -| common.image | object | `{"repository":"us-east4-docker.pkg.dev/datadog-sandbox/apps-on-prem/onprem-runner","tag":"v0.1.1-beta"}` | Current Datadog Private Action Runner image | +| common.image | object | `{"repository":"us-east4-docker.pkg.dev/datadog-sandbox/apps-on-prem/onprem-runner","tag":"v0.1.2-beta"}` | Current Datadog Private Action Runner image | | credentialFiles | list | `[]` | List of credential files to be used by the Datadog Private Action Runner | | runners[0].config | object | `{"actionsAllowlist":[],"ddBaseURL":"https://app.datadoghq.com","modes":["workflowAutomation","appBuilder"],"port":9016,"privateKey":"CHANGE_ME_PRIVATE_KEY_FROM_CONFIG","urn":"CHANGE_ME_URN_FROM_CONFIG"}` | Configuration for the Datadog Private Action Runner | | runners[0].config.actionsAllowlist | list | `[]` | List of actions that the Datadog Private Action Runner is allowed to execute | diff --git a/charts/private-action-runner/README.md.gotmpl b/charts/private-action-runner/README.md.gotmpl index dbf98b61e..6fa83d3f3 100644 --- a/charts/private-action-runner/README.md.gotmpl +++ b/charts/private-action-runner/README.md.gotmpl @@ -1,6 +1,6 @@ # Datadog Private Action Runner -![Version: 0.14.0](https://img.shields.io/badge/Version-0.14.0-informational?style=flat-square) ![AppVersion: v0.1.1-beta](https://img.shields.io/badge/AppVersion-v0.1.1--beta-informational?style=flat-square) +![Version: 0.14.1](https://img.shields.io/badge/Version-0.14.1-informational?style=flat-square) ![AppVersion: v0.1.2-beta](https://img.shields.io/badge/AppVersion-v0.1.2--beta-informational?style=flat-square) This Helm Chart deploys the Datadog Private Action runner inside a Kubernetes cluster. It allows you to use private actions from the Datadog Workflow and Datadog App Builder products. When deploying this chart, you can give permissions to the runner in order to be able to run Kubernetes actions. diff --git a/charts/private-action-runner/values.yaml b/charts/private-action-runner/values.yaml index 4a767c14d..231e783fd 100644 --- a/charts/private-action-runner/values.yaml +++ b/charts/private-action-runner/values.yaml @@ -6,7 +6,7 @@ common: # -- Current Datadog Private Action Runner image image: repository: us-east4-docker.pkg.dev/datadog-sandbox/apps-on-prem/onprem-runner - tag: v0.1.1-beta + tag: v0.1.2-beta runners: # runners[0].name -- Name of the Datadog Private Action Runner diff --git a/test/private-action-runner/__snapshot__/default.yaml b/test/private-action-runner/__snapshot__/default.yaml index 32ac11b49..bae87b7e3 100644 --- a/test/private-action-runner/__snapshot__/default.yaml +++ b/test/private-action-runner/__snapshot__/default.yaml @@ -100,7 +100,7 @@ spec: value: nodeless containers: - name: runner - image: "us-east4-docker.pkg.dev/datadog-sandbox/apps-on-prem/onprem-runner:v0.1.1-beta" + image: "us-east4-docker.pkg.dev/datadog-sandbox/apps-on-prem/onprem-runner:v0.1.2-beta" imagePullPolicy: IfNotPresent ports: - name: http diff --git a/test/private-action-runner/__snapshot__/enable-kubernetes-actions.yaml b/test/private-action-runner/__snapshot__/enable-kubernetes-actions.yaml index 1b553c9bd..08a3b48c9 100644 --- a/test/private-action-runner/__snapshot__/enable-kubernetes-actions.yaml +++ b/test/private-action-runner/__snapshot__/enable-kubernetes-actions.yaml @@ -144,7 +144,7 @@ spec: value: nodeless containers: - name: runner - image: "us-east4-docker.pkg.dev/datadog-sandbox/apps-on-prem/onprem-runner:v0.1.1-beta" + image: "us-east4-docker.pkg.dev/datadog-sandbox/apps-on-prem/onprem-runner:v0.1.2-beta" imagePullPolicy: IfNotPresent ports: - name: http From d0bb674eaae43354c6377d64da3264d232628c03 Mon Sep 17 00:00:00 2001 From: Sylvain Baubeau Date: Mon, 14 Oct 2024 17:08:00 +0200 Subject: [PATCH 144/209] Mount /usr/lib/sysimage/rpm when using host SBOM feature (#1541) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit * Mount /usr/lib/sysimage/rpm when using host SBOM feature * Update charts/datadog/CHANGELOG.md Co-authored-by: Timothée Bavelier <97530782+tbavelier@users.noreply.github.com> --------- Co-authored-by: Timothée Bavelier <97530782+tbavelier@users.noreply.github.com> --- charts/datadog/CHANGELOG.md | 4 ++++ charts/datadog/Chart.yaml | 2 +- charts/datadog/README.md | 2 +- charts/datadog/templates/_container-agent.yaml | 3 +++ charts/datadog/templates/_daemonset-volumes-linux.yaml | 3 +++ 5 files changed, 12 insertions(+), 2 deletions(-) diff --git a/charts/datadog/CHANGELOG.md b/charts/datadog/CHANGELOG.md index 5841115ad..ebfa2746b 100644 --- a/charts/datadog/CHANGELOG.md +++ b/charts/datadog/CHANGELOG.md @@ -1,5 +1,9 @@ # Datadog changelog +## 3.74.2 + +* Mount `/usr/lib/sysimage/rpm` in the Agent DaemonSet when using host SBOM feature (required on hosts running Amazon Linux distributions). + ## 3.74.1 * Pass components env variables to the cluster checks runner deployment pod spec. diff --git a/charts/datadog/Chart.yaml b/charts/datadog/Chart.yaml index ea5a84191..6e737e242 100644 --- a/charts/datadog/Chart.yaml +++ b/charts/datadog/Chart.yaml @@ -1,6 +1,6 @@ apiVersion: v1 name: datadog -version: 3.74.1 +version: 3.74.2 appVersion: "7" description: Datadog Agent keywords: diff --git a/charts/datadog/README.md b/charts/datadog/README.md index 4bdf368ea..872ce5ad2 100644 --- a/charts/datadog/README.md +++ b/charts/datadog/README.md @@ -1,6 +1,6 @@ # Datadog -![Version: 3.74.1](https://img.shields.io/badge/Version-3.74.1-informational?style=flat-square) ![AppVersion: 7](https://img.shields.io/badge/AppVersion-7-informational?style=flat-square) +![Version: 3.74.2](https://img.shields.io/badge/Version-3.74.2-informational?style=flat-square) ![AppVersion: 7](https://img.shields.io/badge/AppVersion-7-informational?style=flat-square) [Datadog](https://www.datadoghq.com/) is a hosted infrastructure monitoring platform. This chart adds the Datadog Agent to all nodes in your cluster via a DaemonSet. It also optionally depends on the [kube-state-metrics chart](https://github.com/prometheus-community/helm-charts/tree/main/charts/kube-state-metrics). For more information about monitoring Kubernetes with Datadog, please refer to the [Datadog documentation website](https://docs.datadoghq.com/agent/basic_agent_usage/kubernetes/). diff --git a/charts/datadog/templates/_container-agent.yaml b/charts/datadog/templates/_container-agent.yaml index 90200d49e..6e735be61 100644 --- a/charts/datadog/templates/_container-agent.yaml +++ b/charts/datadog/templates/_container-agent.yaml @@ -291,6 +291,9 @@ - name: host-rpm-dir mountPath: /host/var/lib/rpm readOnly: true + - name: host-sysimage-rpm + mountPath: /host/usr/lib/sysimage/rpm + readOnly: true {{- if ne .Values.datadog.osReleasePath "/etc/redhat-release" }} - name: etc-redhat-release mountPath: /host/etc/redhat-release diff --git a/charts/datadog/templates/_daemonset-volumes-linux.yaml b/charts/datadog/templates/_daemonset-volumes-linux.yaml index 39ce80f63..fdcc72f70 100644 --- a/charts/datadog/templates/_daemonset-volumes-linux.yaml +++ b/charts/datadog/templates/_daemonset-volumes-linux.yaml @@ -162,6 +162,9 @@ - hostPath: path: /var/lib/rpm name: host-rpm-dir +- hostPath: + path: /usr/lib/sysimage/rpm + name: host-sysimage-rpm {{- end }} {{- if eq (include "should-enable-security-agent" .) "true" }} {{- if .Values.datadog.securityAgent.compliance.enabled }} From a4e8dd21b2b5eaf650312de2e718028e8d44c8c8 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Timoth=C3=A9e=20Bavelier?= <97530782+tbavelier@users.noreply.github.com> Date: Tue, 15 Oct 2024 14:43:17 +0200 Subject: [PATCH 145/209] revert 1541 (#1559) --- charts/datadog/CHANGELOG.md | 4 ++++ charts/datadog/Chart.yaml | 2 +- charts/datadog/README.md | 2 +- charts/datadog/templates/_container-agent.yaml | 3 --- charts/datadog/templates/_daemonset-volumes-linux.yaml | 3 --- 5 files changed, 6 insertions(+), 8 deletions(-) diff --git a/charts/datadog/CHANGELOG.md b/charts/datadog/CHANGELOG.md index ebfa2746b..67ccd515b 100644 --- a/charts/datadog/CHANGELOG.md +++ b/charts/datadog/CHANGELOG.md @@ -1,5 +1,9 @@ # Datadog changelog +## 3.74.3 + +* Do not mount `/usr/lib/sysimage/rpm` (reverts https://github.com/DataDog/helm-charts/pull/1541): in some operating systems such as Bottlerocket, `/usr` is `read-only`, preventing the Agent from being deployed when `datadog.sbom.host.enabled` is set to `true` as kubelet cannot create the directory at this location if it does not exist. + ## 3.74.2 * Mount `/usr/lib/sysimage/rpm` in the Agent DaemonSet when using host SBOM feature (required on hosts running Amazon Linux distributions). diff --git a/charts/datadog/Chart.yaml b/charts/datadog/Chart.yaml index 6e737e242..0a7d77860 100644 --- a/charts/datadog/Chart.yaml +++ b/charts/datadog/Chart.yaml @@ -1,6 +1,6 @@ apiVersion: v1 name: datadog -version: 3.74.2 +version: 3.74.3 appVersion: "7" description: Datadog Agent keywords: diff --git a/charts/datadog/README.md b/charts/datadog/README.md index 872ce5ad2..6a4406e63 100644 --- a/charts/datadog/README.md +++ b/charts/datadog/README.md @@ -1,6 +1,6 @@ # Datadog -![Version: 3.74.2](https://img.shields.io/badge/Version-3.74.2-informational?style=flat-square) ![AppVersion: 7](https://img.shields.io/badge/AppVersion-7-informational?style=flat-square) +![Version: 3.74.3](https://img.shields.io/badge/Version-3.74.3-informational?style=flat-square) ![AppVersion: 7](https://img.shields.io/badge/AppVersion-7-informational?style=flat-square) [Datadog](https://www.datadoghq.com/) is a hosted infrastructure monitoring platform. This chart adds the Datadog Agent to all nodes in your cluster via a DaemonSet. It also optionally depends on the [kube-state-metrics chart](https://github.com/prometheus-community/helm-charts/tree/main/charts/kube-state-metrics). For more information about monitoring Kubernetes with Datadog, please refer to the [Datadog documentation website](https://docs.datadoghq.com/agent/basic_agent_usage/kubernetes/). diff --git a/charts/datadog/templates/_container-agent.yaml b/charts/datadog/templates/_container-agent.yaml index 6e735be61..90200d49e 100644 --- a/charts/datadog/templates/_container-agent.yaml +++ b/charts/datadog/templates/_container-agent.yaml @@ -291,9 +291,6 @@ - name: host-rpm-dir mountPath: /host/var/lib/rpm readOnly: true - - name: host-sysimage-rpm - mountPath: /host/usr/lib/sysimage/rpm - readOnly: true {{- if ne .Values.datadog.osReleasePath "/etc/redhat-release" }} - name: etc-redhat-release mountPath: /host/etc/redhat-release diff --git a/charts/datadog/templates/_daemonset-volumes-linux.yaml b/charts/datadog/templates/_daemonset-volumes-linux.yaml index fdcc72f70..39ce80f63 100644 --- a/charts/datadog/templates/_daemonset-volumes-linux.yaml +++ b/charts/datadog/templates/_daemonset-volumes-linux.yaml @@ -162,9 +162,6 @@ - hostPath: path: /var/lib/rpm name: host-rpm-dir -- hostPath: - path: /usr/lib/sysimage/rpm - name: host-sysimage-rpm {{- end }} {{- if eq (include "should-enable-security-agent" .) "true" }} {{- if .Values.datadog.securityAgent.compliance.enabled }} From 14a4a9cfbedc6ea74ff01a5a4aa0257edaa9292d Mon Sep 17 00:00:00 2001 From: Mikhail Zholobov Date: Thu, 17 Oct 2024 09:51:04 +0200 Subject: [PATCH 146/209] fix: Move DD_ADMISSION_CONTROLLER_CONTAINER_REGISTRY outside of sidecar condition (#1515) Move DD_ADMISSION_CONTROLLER_CONTAINER_REGISTRY outside of sidecar condition --- charts/datadog/CHANGELOG.md | 3 +++ charts/datadog/Chart.yaml | 2 +- charts/datadog/README.md | 2 +- charts/datadog/templates/_ac-agent-sidecar-env.yaml | 8 -------- charts/datadog/templates/cluster-agent-deployment.yaml | 6 ++++++ 5 files changed, 11 insertions(+), 10 deletions(-) diff --git a/charts/datadog/CHANGELOG.md b/charts/datadog/CHANGELOG.md index 67ccd515b..781a83ac2 100644 --- a/charts/datadog/CHANGELOG.md +++ b/charts/datadog/CHANGELOG.md @@ -1,4 +1,7 @@ # Datadog changelog +## 3.73.4 + +* Define `admission_controller.container_registry` regardless of `clusterAgent.admissionController.agentSidecarInjection` feature status. ## 3.74.3 diff --git a/charts/datadog/Chart.yaml b/charts/datadog/Chart.yaml index 0a7d77860..0d3efaf09 100644 --- a/charts/datadog/Chart.yaml +++ b/charts/datadog/Chart.yaml @@ -1,6 +1,6 @@ apiVersion: v1 name: datadog -version: 3.74.3 +version: 3.74.4 appVersion: "7" description: Datadog Agent keywords: diff --git a/charts/datadog/README.md b/charts/datadog/README.md index 6a4406e63..8219b5a9d 100644 --- a/charts/datadog/README.md +++ b/charts/datadog/README.md @@ -1,6 +1,6 @@ # Datadog -![Version: 3.74.3](https://img.shields.io/badge/Version-3.74.3-informational?style=flat-square) ![AppVersion: 7](https://img.shields.io/badge/AppVersion-7-informational?style=flat-square) +![Version: 3.74.4](https://img.shields.io/badge/Version-3.74.4-informational?style=flat-square) ![AppVersion: 7](https://img.shields.io/badge/AppVersion-7-informational?style=flat-square) [Datadog](https://www.datadoghq.com/) is a hosted infrastructure monitoring platform. This chart adds the Datadog Agent to all nodes in your cluster via a DaemonSet. It also optionally depends on the [kube-state-metrics chart](https://github.com/prometheus-community/helm-charts/tree/main/charts/kube-state-metrics). For more information about monitoring Kubernetes with Datadog, please refer to the [Datadog documentation website](https://docs.datadoghq.com/agent/basic_agent_usage/kubernetes/). diff --git a/charts/datadog/templates/_ac-agent-sidecar-env.yaml b/charts/datadog/templates/_ac-agent-sidecar-env.yaml index c25e783d7..0e9799d38 100644 --- a/charts/datadog/templates/_ac-agent-sidecar-env.yaml +++ b/charts/datadog/templates/_ac-agent-sidecar-env.yaml @@ -14,14 +14,6 @@ value: {{ .Values.clusterAgent.admissionController.agentSidecarInjection.provider }} {{- end }} -{{- if .Values.clusterAgent.admissionController.containerRegistry }} -- name: DD_ADMISSION_CONTROLLER_CONTAINER_REGISTRY - value: {{ .Values.clusterAgent.admissionController.containerRegistry }} -{{- else if .Values.registry }} -- name: DD_ADMISSION_CONTROLLER_CONTAINER_REGISTRY - value: {{ .Values.registry }} -{{- end }} - {{- if .Values.clusterAgent.admissionController.agentSidecarInjection.containerRegistry }} - name: DD_ADMISSION_CONTROLLER_AGENT_SIDECAR_CONTAINER_REGISTRY value: {{ .Values.clusterAgent.admissionController.agentSidecarInjection.containerRegistry }} diff --git a/charts/datadog/templates/cluster-agent-deployment.yaml b/charts/datadog/templates/cluster-agent-deployment.yaml index ad7a83531..6cf97d671 100644 --- a/charts/datadog/templates/cluster-agent-deployment.yaml +++ b/charts/datadog/templates/cluster-agent-deployment.yaml @@ -236,6 +236,12 @@ spec: - name: DD_ADMISSION_CONTROLLER_AUTO_INSTRUMENTATION_PATCHER_ENABLED value: "true" {{- end }} + - name: DD_ADMISSION_CONTROLLER_CONTAINER_REGISTRY + {{- if .Values.clusterAgent.admissionController.containerRegistry }} + value: {{ .Values.clusterAgent.admissionController.containerRegistry | quote }} + {{- else }} + value: {{ include "registry" .Values | quote }} + {{- end }} {{ include "ac-agent-sidecar-env" . | nindent 10 }} - name: DD_REMOTE_CONFIGURATION_ENABLED value: {{ include "clusterAgent-remoteConfiguration-enabled" . | quote }} From 4120c62ca4092aa55402d27c7978ad559acca3b9 Mon Sep 17 00:00:00 2001 From: Ethan Wood-Thomas Date: Thu, 17 Oct 2024 13:54:15 -0400 Subject: [PATCH 147/209] Added helm chart option to enable event source mapping (#1560) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit * Added helm chart option to enable event source mapping * Remove "if" statement Co-authored-by: Lénaïc Huard * updated chart versions --------- Co-authored-by: Lénaïc Huard --- charts/datadog/CHANGELOG.md | 7 ++++++- charts/datadog/Chart.yaml | 2 +- charts/datadog/README.md | 3 ++- charts/datadog/templates/cluster-agent-deployment.yaml | 2 ++ charts/datadog/values.yaml | 2 ++ 5 files changed, 13 insertions(+), 3 deletions(-) diff --git a/charts/datadog/CHANGELOG.md b/charts/datadog/CHANGELOG.md index 781a83ac2..c04e8897c 100644 --- a/charts/datadog/CHANGELOG.md +++ b/charts/datadog/CHANGELOG.md @@ -1,5 +1,10 @@ # Datadog changelog -## 3.73.4 + +## 3.74.5 + +* Add configuration option for `datadog.KubernetesEvents.sourceDetectionEnabled` to map Kubernetes events to integration sources based on controller names. Disabled by default. + +## 3.74.4 * Define `admission_controller.container_registry` regardless of `clusterAgent.admissionController.agentSidecarInjection` feature status. diff --git a/charts/datadog/Chart.yaml b/charts/datadog/Chart.yaml index 0d3efaf09..f75eded9b 100644 --- a/charts/datadog/Chart.yaml +++ b/charts/datadog/Chart.yaml @@ -1,6 +1,6 @@ apiVersion: v1 name: datadog -version: 3.74.4 +version: 3.74.5 appVersion: "7" description: Datadog Agent keywords: diff --git a/charts/datadog/README.md b/charts/datadog/README.md index 8219b5a9d..1f3b3d35c 100644 --- a/charts/datadog/README.md +++ b/charts/datadog/README.md @@ -1,6 +1,6 @@ # Datadog -![Version: 3.74.4](https://img.shields.io/badge/Version-3.74.4-informational?style=flat-square) ![AppVersion: 7](https://img.shields.io/badge/AppVersion-7-informational?style=flat-square) +![Version: 3.74.5](https://img.shields.io/badge/Version-3.74.5-informational?style=flat-square) ![AppVersion: 7](https://img.shields.io/badge/AppVersion-7-informational?style=flat-square) [Datadog](https://www.datadoghq.com/) is a hosted infrastructure monitoring platform. This chart adds the Datadog Agent to all nodes in your cluster via a DaemonSet. It also optionally depends on the [kube-state-metrics chart](https://github.com/prometheus-community/helm-charts/tree/main/charts/kube-state-metrics). For more information about monitoring Kubernetes with Datadog, please refer to the [Datadog documentation website](https://docs.datadoghq.com/agent/basic_agent_usage/kubernetes/). @@ -750,6 +750,7 @@ helm install \ | datadog.kubelet.tlsVerify | string | true | Toggle kubelet TLS verification | | datadog.kubernetesEvents.collectedEventTypes | list | `[{"kind":"Pod","reasons":["Failed","BackOff","Unhealthy","FailedScheduling","FailedMount","FailedAttachVolume"]},{"kind":"Node","reasons":["TerminatingEvictedPod","NodeNotReady","Rebooted","HostPortConflict"]},{"kind":"CronJob","reasons":["SawCompletedJob"]}]` | Event types to be collected. This requires datadog.kubernetesEvents.unbundleEvents to be set to true. | | datadog.kubernetesEvents.filteringEnabled | bool | `false` | Enable this to only include events that match the pre-defined allowed events. (Requires Cluster Agent 7.57.0+). | +| datadog.kubernetesEvents.sourceDetectionEnabled | bool | `false` | Enable this to map Kubernetes events to integration sources based on controller names. (Requires Cluster Agent 7.56.0+). | | datadog.kubernetesEvents.unbundleEvents | bool | `false` | Allow unbundling kubernetes events, 1:1 mapping between Kubernetes and Datadog events. (Requires Cluster Agent 7.42.0+). | | datadog.kubernetesResourcesAnnotationsAsTags | object | `{}` | Provide a mapping of Kubernetes Resources Annotations to Datadog Tags | | datadog.kubernetesResourcesLabelsAsTags | object | `{}` | Provide a mapping of Kubernetes Resources Labels to Datadog Tags | diff --git a/charts/datadog/templates/cluster-agent-deployment.yaml b/charts/datadog/templates/cluster-agent-deployment.yaml index 6cf97d671..b82fbcc6a 100644 --- a/charts/datadog/templates/cluster-agent-deployment.yaml +++ b/charts/datadog/templates/cluster-agent-deployment.yaml @@ -308,6 +308,8 @@ spec: - name: DD_COLLECT_KUBERNETES_EVENTS value: {{ .Values.datadog.collectEvents | quote }} {{- end }} + - name: DD_KUBERNETES_EVENTS_SOURCE_DETECTION_ENABLED + value: {{ .Values.datadog.kubernetesEvents.sourceDetectionEnabled | quote }} - name: DD_CLUSTER_AGENT_KUBERNETES_SERVICE_NAME value: {{ template "datadog.fullname" . }}-cluster-agent - name: DD_CLUSTER_AGENT_AUTH_TOKEN diff --git a/charts/datadog/values.yaml b/charts/datadog/values.yaml index 559dff872..bdea2d368 100644 --- a/charts/datadog/values.yaml +++ b/charts/datadog/values.yaml @@ -392,6 +392,8 @@ datadog: # Configure Kubernetes events collection kubernetesEvents: + # datadog.kubernetesEvents.sourceDetectionEnabled -- Enable this to map Kubernetes events to integration sources based on controller names. (Requires Cluster Agent 7.56.0+). + sourceDetectionEnabled: false # datadog.kubernetesEvents.filteringEnabled -- Enable this to only include events that match the pre-defined allowed events. (Requires Cluster Agent 7.57.0+). filteringEnabled: false # datadog.kubernetesEvents.unbundleEvents -- Allow unbundling kubernetes events, 1:1 mapping between Kubernetes and Datadog events. (Requires Cluster Agent 7.42.0+). From 7e7919933652eae6a1d4beaddab704b905eba39e Mon Sep 17 00:00:00 2001 From: Rafael Melo de Oliveira Date: Fri, 18 Oct 2024 11:53:12 +0200 Subject: [PATCH 148/209] Updates latest Synthetics Private Location version (#1563) --- charts/synthetics-private-location/CHANGELOG.md | 4 ++++ charts/synthetics-private-location/Chart.yaml | 4 ++-- charts/synthetics-private-location/README.md | 4 ++-- charts/synthetics-private-location/values.yaml | 2 +- 4 files changed, 9 insertions(+), 5 deletions(-) diff --git a/charts/synthetics-private-location/CHANGELOG.md b/charts/synthetics-private-location/CHANGELOG.md index f907b10ef..a8bc6cf18 100644 --- a/charts/synthetics-private-location/CHANGELOG.md +++ b/charts/synthetics-private-location/CHANGELOG.md @@ -1,5 +1,9 @@ # Datadog changelog +## 0.17.4 + +* Update private location image version to `1.53.0`. + ## 0.17.3 * Update private location image version to `1.52.0`. diff --git a/charts/synthetics-private-location/Chart.yaml b/charts/synthetics-private-location/Chart.yaml index b98ebed0b..1effbb319 100644 --- a/charts/synthetics-private-location/Chart.yaml +++ b/charts/synthetics-private-location/Chart.yaml @@ -1,7 +1,7 @@ apiVersion: v2 name: synthetics-private-location -version: 0.17.3 -appVersion: 1.52.0 +version: 0.17.4 +appVersion: 1.53.0 description: Datadog Synthetics Private Location keywords: - monitoring diff --git a/charts/synthetics-private-location/README.md b/charts/synthetics-private-location/README.md index 782849a0a..7ea53f254 100644 --- a/charts/synthetics-private-location/README.md +++ b/charts/synthetics-private-location/README.md @@ -1,6 +1,6 @@ # Datadog Synthetics Private Location -![Version: 0.17.3](https://img.shields.io/badge/Version-0.17.3-informational?style=flat-square) ![AppVersion: 1.52.0](https://img.shields.io/badge/AppVersion-1.52.0-informational?style=flat-square) +![Version: 0.17.4](https://img.shields.io/badge/Version-0.17.4-informational?style=flat-square) ![AppVersion: 1.53.0](https://img.shields.io/badge/AppVersion-1.53.0-informational?style=flat-square) [Datadog](https://www.datadoghq.com/) is a hosted infrastructure monitoring platform. This chart adds a Datadog Synthetics Private Location Deployment. For more information about synthetics monitoring with Datadog, please refer to the [Datadog documentation website](https://docs.datadoghq.com/synthetics/private_locations/?tab=helmchart). @@ -41,7 +41,7 @@ helm install datadog/synthetics-private-location --set-file confi | hostAliases | list | `[]` | Add entries to Datadog Synthetics Private Location PODs' /etc/hosts | | image.pullPolicy | string | `"IfNotPresent"` | Define the pullPolicy for Datadog Synthetics Private Location image | | image.repository | string | `"gcr.io/datadoghq/synthetics-private-location-worker"` | Repository to use for Datadog Synthetics Private Location image | -| image.tag | string | `"1.52.0"` | Define the Datadog Synthetics Private Location version to use | +| image.tag | string | `"1.53.0"` | Define the Datadog Synthetics Private Location version to use | | imagePullSecrets | list | `[]` | Datadog Synthetics Private Location repository pullSecret (ex: specify docker registry credentials) | | nameOverride | string | `""` | Override name of app | | nodeSelector | object | `{}` | Allows to schedule Datadog Synthetics Private Location on specific nodes | diff --git a/charts/synthetics-private-location/values.yaml b/charts/synthetics-private-location/values.yaml index e9f0c0c55..e1bb1e48c 100644 --- a/charts/synthetics-private-location/values.yaml +++ b/charts/synthetics-private-location/values.yaml @@ -15,7 +15,7 @@ image: # image.pullPolicy -- Define the pullPolicy for Datadog Synthetics Private Location image pullPolicy: IfNotPresent # image.tag -- Define the Datadog Synthetics Private Location version to use - tag: 1.52.0 + tag: 1.53.0 # dnsPolicy -- DNS Policy to set to the Datadog Synthetics Private Location PODs dnsPolicy: ClusterFirst From 20dc50f43824701b50fcd0142952b85e1fcc024f Mon Sep 17 00:00:00 2001 From: aquiladayc <56868556+aquiladayc@users.noreply.github.com> Date: Mon, 21 Oct 2024 16:26:19 +0900 Subject: [PATCH 149/209] Fix system probe error message (#1562) --- charts/datadog/CHANGELOG.md | 4 ++++ charts/datadog/Chart.yaml | 2 +- charts/datadog/README.md | 2 +- charts/datadog/templates/NOTES.txt | 2 +- 4 files changed, 7 insertions(+), 3 deletions(-) diff --git a/charts/datadog/CHANGELOG.md b/charts/datadog/CHANGELOG.md index c04e8897c..9cae1529d 100644 --- a/charts/datadog/CHANGELOG.md +++ b/charts/datadog/CHANGELOG.md @@ -1,5 +1,9 @@ # Datadog changelog +## 3.74.6 + +* Fix error message for when System Probe is enabled on GKE Autopilot + ## 3.74.5 * Add configuration option for `datadog.KubernetesEvents.sourceDetectionEnabled` to map Kubernetes events to integration sources based on controller names. Disabled by default. diff --git a/charts/datadog/Chart.yaml b/charts/datadog/Chart.yaml index f75eded9b..5a096396a 100644 --- a/charts/datadog/Chart.yaml +++ b/charts/datadog/Chart.yaml @@ -1,6 +1,6 @@ apiVersion: v1 name: datadog -version: 3.74.5 +version: 3.74.6 appVersion: "7" description: Datadog Agent keywords: diff --git a/charts/datadog/README.md b/charts/datadog/README.md index 1f3b3d35c..a0967d257 100644 --- a/charts/datadog/README.md +++ b/charts/datadog/README.md @@ -1,6 +1,6 @@ # Datadog -![Version: 3.74.5](https://img.shields.io/badge/Version-3.74.5-informational?style=flat-square) ![AppVersion: 7](https://img.shields.io/badge/AppVersion-7-informational?style=flat-square) +![Version: 3.74.6](https://img.shields.io/badge/Version-3.74.6-informational?style=flat-square) ![AppVersion: 7](https://img.shields.io/badge/AppVersion-7-informational?style=flat-square) [Datadog](https://www.datadoghq.com/) is a hosted infrastructure monitoring platform. This chart adds the Datadog Agent to all nodes in your cluster via a DaemonSet. It also optionally depends on the [kube-state-metrics chart](https://github.com/prometheus-community/helm-charts/tree/main/charts/kube-state-metrics). For more information about monitoring Kubernetes with Datadog, please refer to the [Datadog documentation website](https://docs.datadoghq.com/agent/basic_agent_usage/kubernetes/). diff --git a/charts/datadog/templates/NOTES.txt b/charts/datadog/templates/NOTES.txt index 9201c6a04..0633779d3 100644 --- a/charts/datadog/templates/NOTES.txt +++ b/charts/datadog/templates/NOTES.txt @@ -338,7 +338,7 @@ On GKE Autopilot, only one "datadog" Helm chart release is allowed by Kubernetes ##################################################################### #### WARNING: System Probe is not supported on GKE Autopilot #### ##################################################################### -{{- fail "On GKE Autopilot environments, System Probe is not supported. The option 'datadog.securityAgent.runtime.enabled' must be set 'false'" }} +{{- fail "On GKE Autopilot environments, System Probe is not supported. The option 'datadog.securityAgent.runtime.enabled', 'datadog.securityAgent.runtime.fimEnabled', 'datadog.networkMonitoring.enabled', 'datadog.systemProbe.enableTCPQueueLength', 'datadog.systemProbe.enableOOMKill' and 'datadog.serviceMonitoring.enabled' must be set 'false'" }} {{- end }} From 3f3ea752bc6ae4155854f9a20c39a257a8658881 Mon Sep 17 00:00:00 2001 From: Ethan Wood-Thomas Date: Mon, 21 Oct 2024 17:31:31 -0400 Subject: [PATCH 150/209] Update versions in helm chart (#1568) --- charts/datadog/CHANGELOG.md | 4 + charts/datadog/Chart.yaml | 2 +- charts/datadog/README.md | 8 +- charts/datadog/values.yaml | 6 +- ...gent-clusterchecks-deployment_default.yaml | 17 ++- .../cluster-agent-deployment_default.yaml | 23 +-- ...loyment_default_advanced_AC_injection.yaml | 23 +-- ...ployment_default_minimal_AC_injection.yaml | 25 ++-- test/datadog/baseline/daemonset_default.yaml | 36 +++-- test/datadog/baseline/other_default.yaml | 140 ++++++++++-------- 10 files changed, 160 insertions(+), 124 deletions(-) diff --git a/charts/datadog/CHANGELOG.md b/charts/datadog/CHANGELOG.md index 9cae1529d..cb8c9f4de 100644 --- a/charts/datadog/CHANGELOG.md +++ b/charts/datadog/CHANGELOG.md @@ -1,5 +1,9 @@ # Datadog changelog +## 3.75.0 + +* Set default `Agent` and `Cluster-Agent` version to `7.58.0`. + ## 3.74.6 * Fix error message for when System Probe is enabled on GKE Autopilot diff --git a/charts/datadog/Chart.yaml b/charts/datadog/Chart.yaml index 5a096396a..0c77605bd 100644 --- a/charts/datadog/Chart.yaml +++ b/charts/datadog/Chart.yaml @@ -1,6 +1,6 @@ apiVersion: v1 name: datadog -version: 3.74.6 +version: 3.75.0 appVersion: "7" description: Datadog Agent keywords: diff --git a/charts/datadog/README.md b/charts/datadog/README.md index a0967d257..723ec5103 100644 --- a/charts/datadog/README.md +++ b/charts/datadog/README.md @@ -1,6 +1,6 @@ # Datadog -![Version: 3.74.6](https://img.shields.io/badge/Version-3.74.6-informational?style=flat-square) ![AppVersion: 7](https://img.shields.io/badge/AppVersion-7-informational?style=flat-square) +![Version: 3.75.0](https://img.shields.io/badge/Version-3.75.0-informational?style=flat-square) ![AppVersion: 7](https://img.shields.io/badge/AppVersion-7-informational?style=flat-square) [Datadog](https://www.datadoghq.com/) is a hosted infrastructure monitoring platform. This chart adds the Datadog Agent to all nodes in your cluster via a DaemonSet. It also optionally depends on the [kube-state-metrics chart](https://github.com/prometheus-community/helm-charts/tree/main/charts/kube-state-metrics). For more information about monitoring Kubernetes with Datadog, please refer to the [Datadog documentation website](https://docs.datadoghq.com/agent/basic_agent_usage/kubernetes/). @@ -515,7 +515,7 @@ helm install \ | agents.image.pullPolicy | string | `"IfNotPresent"` | Datadog Agent image pull policy | | agents.image.pullSecrets | list | `[]` | Datadog Agent repository pullSecret (ex: specify docker registry credentials) | | agents.image.repository | string | `nil` | Override default registry + image.name for Agent | -| agents.image.tag | string | `"7.57.2"` | Define the Agent version to use | +| agents.image.tag | string | `"7.58.0"` | Define the Agent version to use | | agents.image.tagSuffix | string | `""` | Suffix to append to Agent tag | | agents.localService.forceLocalServiceEnabled | bool | `false` | Force the creation of the internal traffic policy service to target the agent running on the local node. By default, the internal traffic service is created only on Kubernetes 1.22+ where the feature became beta and enabled by default. This option allows to force the creation of the internal traffic service on kubernetes 1.21 where the feature was alpha and required a feature gate to be explicitly enabled. | | agents.localService.overrideName | string | `""` | Name of the internal traffic service to target the agent running on the local node | @@ -590,7 +590,7 @@ helm install \ | clusterAgent.image.pullPolicy | string | `"IfNotPresent"` | Cluster Agent image pullPolicy | | clusterAgent.image.pullSecrets | list | `[]` | Cluster Agent repository pullSecret (ex: specify docker registry credentials) | | clusterAgent.image.repository | string | `nil` | Override default registry + image.name for Cluster Agent | -| clusterAgent.image.tag | string | `"7.57.2"` | Cluster Agent image tag to use | +| clusterAgent.image.tag | string | `"7.58.0"` | Cluster Agent image tag to use | | clusterAgent.livenessProbe | object | Every 15s / 6 KO / 1 OK | Override default Cluster Agent liveness probe settings | | clusterAgent.metricsProvider.aggregator | string | `"avg"` | Define the aggregator the cluster agent will use to process the metrics. The options are (avg, min, max, sum) | | clusterAgent.metricsProvider.createReaderRbac | bool | `true` | Create `external-metrics-reader` RBAC automatically (to allow HPA to read data from Cluster Agent) | @@ -642,7 +642,7 @@ helm install \ | clusterChecksRunner.image.pullPolicy | string | `"IfNotPresent"` | Datadog Agent image pull policy | | clusterChecksRunner.image.pullSecrets | list | `[]` | Datadog Agent repository pullSecret (ex: specify docker registry credentials) | | clusterChecksRunner.image.repository | string | `nil` | Override default registry + image.name for Cluster Check Runners | -| clusterChecksRunner.image.tag | string | `"7.57.2"` | Define the Agent version to use | +| clusterChecksRunner.image.tag | string | `"7.58.0"` | Define the Agent version to use | | clusterChecksRunner.image.tagSuffix | string | `""` | Suffix to append to Agent tag | | clusterChecksRunner.livenessProbe | object | Every 15s / 6 KO / 1 OK | Override default agent liveness probe settings | | clusterChecksRunner.networkPolicy.create | bool | `false` | If true, create a NetworkPolicy for the cluster checks runners. DEPRECATED. Use datadog.networkPolicy.create instead | diff --git a/charts/datadog/values.yaml b/charts/datadog/values.yaml index bdea2d368..02f321c97 100644 --- a/charts/datadog/values.yaml +++ b/charts/datadog/values.yaml @@ -1002,7 +1002,7 @@ clusterAgent: name: cluster-agent # clusterAgent.image.tag -- Cluster Agent image tag to use - tag: 7.57.2 + tag: 7.58.0 # clusterAgent.image.digest -- Cluster Agent image digest to use, takes precedence over tag if specified digest: "" @@ -1495,7 +1495,7 @@ agents: name: agent # agents.image.tag -- Define the Agent version to use - tag: 7.57.2 + tag: 7.58.0 # agents.image.digest -- Define Agent image digest to use, takes precedence over tag if specified digest: "" @@ -2001,7 +2001,7 @@ clusterChecksRunner: name: agent # clusterChecksRunner.image.tag -- Define the Agent version to use - tag: 7.57.2 + tag: 7.58.0 # clusterChecksRunner.image.digest -- Define Agent image digest to use, takes precedence over tag if specified digest: "" diff --git a/test/datadog/baseline/agent-clusterchecks-deployment_default.yaml b/test/datadog/baseline/agent-clusterchecks-deployment_default.yaml index a629e6ffe..b19661ebf 100644 --- a/test/datadog/baseline/agent-clusterchecks-deployment_default.yaml +++ b/test/datadog/baseline/agent-clusterchecks-deployment_default.yaml @@ -6,7 +6,7 @@ metadata: name: datadog-clusterchecks namespace: datadog-agent labels: - helm.sh/chart: 'datadog-3.73.0' + helm.sh/chart: 'datadog-3.75.0' app.kubernetes.io/name: "datadog" app.kubernetes.io/instance: "datadog" app.kubernetes.io/managed-by: Helm @@ -36,8 +36,8 @@ spec: name: datadog-clusterchecks annotations: - checksum/clusteragent_token: e95c3aa09253f021e31a1ac5c7ee014e6454d2d5fee0482b0f253e12dab68afd - checksum/install_info: 4431ead135ce20065fbe40abb5a6e6324fb9e43978cfd3ef1857d9fcaa613aa8 + checksum/clusteragent_token: e662bb8d6708ee7d2bd21ce95572b12e19152da58e6c1640fbd706d505af5199 + checksum/install_info: 0f26ba698ed19cfca67b345f53ad633320db3f86502c811b4c44738df3ee25a4 spec: serviceAccountName: datadog-cluster-checks automountServiceAccountToken: true @@ -45,7 +45,7 @@ spec: [] initContainers: - name: init-volume - image: "gcr.io/datadoghq/agent:7.57.2" + image: "gcr.io/datadoghq/agent:7.58.0" imagePullPolicy: IfNotPresent command: ["bash", "-c"] args: @@ -57,7 +57,7 @@ spec: resources: {} - name: init-config - image: "gcr.io/datadoghq/agent:7.57.2" + image: "gcr.io/datadoghq/agent:7.58.0" imagePullPolicy: IfNotPresent command: ["bash", "-c"] args: @@ -70,19 +70,20 @@ spec: {} containers: - name: agent - image: "gcr.io/datadoghq/agent:7.57.2" + image: "gcr.io/datadoghq/agent:7.58.0" command: ["bash", "-c"] args: - rm -rf /etc/datadog-agent/conf.d && touch /etc/datadog-agent/datadog.yaml && exec agent run imagePullPolicy: IfNotPresent env: + + - name: KUBERNETES + value: "yes" - name: DD_API_KEY valueFrom: secretKeyRef: name: "datadog-secret" key: api-key - - name: KUBERNETES - value: "yes" - name: DD_LOG_LEVEL value: "INFO" - name: DD_EXTRA_CONFIG_PROVIDERS diff --git a/test/datadog/baseline/cluster-agent-deployment_default.yaml b/test/datadog/baseline/cluster-agent-deployment_default.yaml index 57a30d06a..a65285c16 100644 --- a/test/datadog/baseline/cluster-agent-deployment_default.yaml +++ b/test/datadog/baseline/cluster-agent-deployment_default.yaml @@ -6,7 +6,7 @@ metadata: name: datadog-cluster-agent namespace: datadog-agent labels: - helm.sh/chart: 'datadog-3.73.0' + helm.sh/chart: 'datadog-3.75.0' app.kubernetes.io/name: "datadog" app.kubernetes.io/instance: "datadog" app.kubernetes.io/managed-by: Helm @@ -36,17 +36,17 @@ spec: name: datadog-cluster-agent annotations: - checksum/clusteragent_token: d786ae722980a2b7f91d4be2bf9eebfb9997a1fd85c3a0368c360cb060ed54fc - checksum/clusteragent-configmap: a4b18a57220d8a10e808c1d1fb842d71eb6b72c99041c603784aecdd4d8003cc - checksum/api_key: fee83544b853e02ebb8f3fc57ab8c3a39bec4379bd187f18a27a58bbaca57208 + checksum/clusteragent_token: 5d58162fbaf3dc86cb8e4ed4166bcc1442b62c8592072a72f4a041568bd5d921 + checksum/clusteragent-configmap: 0c1966cffe42a8ccb4671c256aa7db39c81c3dae6879d43317408155ad03110b + checksum/api_key: a65b0e9878ce3895aac0a8a39067aaceac970036603a52f6b4d3b8841fe562b9 checksum/application_key: 01ba4719c80b6fe911b091a7c05124b64eeece964e09c058ef8f9805daca546b - checksum/install_info: 4431ead135ce20065fbe40abb5a6e6324fb9e43978cfd3ef1857d9fcaa613aa8 + checksum/install_info: 0f26ba698ed19cfca67b345f53ad633320db3f86502c811b4c44738df3ee25a4 spec: serviceAccountName: datadog-cluster-agent automountServiceAccountToken: true initContainers: - name: init-volume - image: "gcr.io/datadoghq/cluster-agent:7.57.2" + image: "gcr.io/datadoghq/cluster-agent:7.58.0" imagePullPolicy: IfNotPresent command: - cp @@ -59,7 +59,7 @@ spec: mountPath: /opt/datadog-agent containers: - name: cluster-agent - image: "gcr.io/datadoghq/cluster-agent:7.57.2" + image: "gcr.io/datadoghq/cluster-agent:7.58.0" imagePullPolicy: IfNotPresent resources: {} @@ -86,12 +86,13 @@ spec: name: "datadog" key: api-key optional: true + + - name: KUBERNETES + value: "yes" - name: DD_LANGUAGE_DETECTION_ENABLED value: "false" - name: DD_LANGUAGE_DETECTION_REPORTING_ENABLED value: "false" - - name: KUBERNETES - value: "yes" - name: DD_ADMISSION_CONTROLLER_ENABLED value: "true" - name: DD_ADMISSION_CONTROLLER_WEBHOOK_NAME @@ -108,6 +109,8 @@ spec: value: "Ignore" - name: DD_ADMISSION_CONTROLLER_PORT value: "8000" + - name: DD_ADMISSION_CONTROLLER_CONTAINER_REGISTRY + value: "gcr.io/datadoghq" - name: DD_REMOTE_CONFIGURATION_ENABLED @@ -130,6 +133,8 @@ spec: value: datadogtoken - name: DD_COLLECT_KUBERNETES_EVENTS value: "true" + - name: DD_KUBERNETES_EVENTS_SOURCE_DETECTION_ENABLED + value: "false" - name: DD_CLUSTER_AGENT_KUBERNETES_SERVICE_NAME value: datadog-cluster-agent - name: DD_CLUSTER_AGENT_AUTH_TOKEN diff --git a/test/datadog/baseline/cluster-agent-deployment_default_advanced_AC_injection.yaml b/test/datadog/baseline/cluster-agent-deployment_default_advanced_AC_injection.yaml index d6572693a..624ab7979 100644 --- a/test/datadog/baseline/cluster-agent-deployment_default_advanced_AC_injection.yaml +++ b/test/datadog/baseline/cluster-agent-deployment_default_advanced_AC_injection.yaml @@ -6,7 +6,7 @@ metadata: name: datadog-cluster-agent namespace: datadog-agent labels: - helm.sh/chart: 'datadog-3.73.0' + helm.sh/chart: 'datadog-3.75.0' app.kubernetes.io/name: "datadog" app.kubernetes.io/instance: "datadog" app.kubernetes.io/managed-by: Helm @@ -36,17 +36,17 @@ spec: name: datadog-cluster-agent annotations: - checksum/clusteragent_token: 146a7a7f2e304ae7637352cb1ecd1fd9b92739626753086c8a562b3a848904fa - checksum/clusteragent-configmap: a4b18a57220d8a10e808c1d1fb842d71eb6b72c99041c603784aecdd4d8003cc - checksum/api_key: fee83544b853e02ebb8f3fc57ab8c3a39bec4379bd187f18a27a58bbaca57208 + checksum/clusteragent_token: 4faaaae681309cfb4836e070a4b35e8a718a1b3c012ffb338d2ec7a3cf4036b1 + checksum/clusteragent-configmap: 0c1966cffe42a8ccb4671c256aa7db39c81c3dae6879d43317408155ad03110b + checksum/api_key: a65b0e9878ce3895aac0a8a39067aaceac970036603a52f6b4d3b8841fe562b9 checksum/application_key: 01ba4719c80b6fe911b091a7c05124b64eeece964e09c058ef8f9805daca546b - checksum/install_info: 4431ead135ce20065fbe40abb5a6e6324fb9e43978cfd3ef1857d9fcaa613aa8 + checksum/install_info: 0f26ba698ed19cfca67b345f53ad633320db3f86502c811b4c44738df3ee25a4 spec: serviceAccountName: datadog-cluster-agent automountServiceAccountToken: true initContainers: - name: init-volume - image: "gcr.io/datadoghq/cluster-agent:7.57.2" + image: "gcr.io/datadoghq/cluster-agent:7.58.0" imagePullPolicy: IfNotPresent command: - cp @@ -59,7 +59,7 @@ spec: mountPath: /opt/datadog-agent containers: - name: cluster-agent - image: "gcr.io/datadoghq/cluster-agent:7.57.2" + image: "gcr.io/datadoghq/cluster-agent:7.58.0" imagePullPolicy: IfNotPresent resources: {} @@ -86,12 +86,13 @@ spec: name: "datadog" key: api-key optional: true + + - name: KUBERNETES + value: "yes" - name: DD_LANGUAGE_DETECTION_ENABLED value: "false" - name: DD_LANGUAGE_DETECTION_REPORTING_ENABLED value: "false" - - name: KUBERNETES - value: "yes" - name: DD_ADMISSION_CONTROLLER_ENABLED value: "true" - name: DD_ADMISSION_CONTROLLER_WEBHOOK_NAME @@ -108,6 +109,8 @@ spec: value: "Ignore" - name: DD_ADMISSION_CONTROLLER_PORT value: "8000" + - name: DD_ADMISSION_CONTROLLER_CONTAINER_REGISTRY + value: "gcr.io/datadoghq" - name: DD_ADMISSION_CONTROLLER_AGENT_SIDECAR_ENABLED @@ -144,6 +147,8 @@ spec: value: datadogtoken - name: DD_COLLECT_KUBERNETES_EVENTS value: "true" + - name: DD_KUBERNETES_EVENTS_SOURCE_DETECTION_ENABLED + value: "false" - name: DD_CLUSTER_AGENT_KUBERNETES_SERVICE_NAME value: datadog-cluster-agent - name: DD_CLUSTER_AGENT_AUTH_TOKEN diff --git a/test/datadog/baseline/cluster-agent-deployment_default_minimal_AC_injection.yaml b/test/datadog/baseline/cluster-agent-deployment_default_minimal_AC_injection.yaml index a461cb056..386531be8 100644 --- a/test/datadog/baseline/cluster-agent-deployment_default_minimal_AC_injection.yaml +++ b/test/datadog/baseline/cluster-agent-deployment_default_minimal_AC_injection.yaml @@ -6,7 +6,7 @@ metadata: name: datadog-cluster-agent namespace: datadog-agent labels: - helm.sh/chart: 'datadog-3.73.0' + helm.sh/chart: 'datadog-3.75.0' app.kubernetes.io/name: "datadog" app.kubernetes.io/instance: "datadog" app.kubernetes.io/managed-by: Helm @@ -36,17 +36,17 @@ spec: name: datadog-cluster-agent annotations: - checksum/clusteragent_token: 5df33a65f728b7353527940691335906c2e2a4837cf2545fc465c3ccbdecb7cd - checksum/clusteragent-configmap: a4b18a57220d8a10e808c1d1fb842d71eb6b72c99041c603784aecdd4d8003cc - checksum/api_key: fee83544b853e02ebb8f3fc57ab8c3a39bec4379bd187f18a27a58bbaca57208 + checksum/clusteragent_token: 7f6c7c85263dcfa577b2dd96600808784265f650c52ee13f4814274fdae02eb4 + checksum/clusteragent-configmap: 0c1966cffe42a8ccb4671c256aa7db39c81c3dae6879d43317408155ad03110b + checksum/api_key: a65b0e9878ce3895aac0a8a39067aaceac970036603a52f6b4d3b8841fe562b9 checksum/application_key: 01ba4719c80b6fe911b091a7c05124b64eeece964e09c058ef8f9805daca546b - checksum/install_info: 4431ead135ce20065fbe40abb5a6e6324fb9e43978cfd3ef1857d9fcaa613aa8 + checksum/install_info: 0f26ba698ed19cfca67b345f53ad633320db3f86502c811b4c44738df3ee25a4 spec: serviceAccountName: datadog-cluster-agent automountServiceAccountToken: true initContainers: - name: init-volume - image: "gcr.io/datadoghq/cluster-agent:7.57.2" + image: "gcr.io/datadoghq/cluster-agent:7.58.0" imagePullPolicy: IfNotPresent command: - cp @@ -59,7 +59,7 @@ spec: mountPath: /opt/datadog-agent containers: - name: cluster-agent - image: "gcr.io/datadoghq/cluster-agent:7.57.2" + image: "gcr.io/datadoghq/cluster-agent:7.58.0" imagePullPolicy: IfNotPresent resources: {} @@ -86,12 +86,13 @@ spec: name: "datadog" key: api-key optional: true + + - name: KUBERNETES + value: "yes" - name: DD_LANGUAGE_DETECTION_ENABLED value: "false" - name: DD_LANGUAGE_DETECTION_REPORTING_ENABLED value: "false" - - name: KUBERNETES - value: "yes" - name: DD_ADMISSION_CONTROLLER_ENABLED value: "true" - name: DD_ADMISSION_CONTROLLER_WEBHOOK_NAME @@ -108,6 +109,8 @@ spec: value: "Ignore" - name: DD_ADMISSION_CONTROLLER_PORT value: "8000" + - name: DD_ADMISSION_CONTROLLER_CONTAINER_REGISTRY + value: "gcr.io/datadoghq" - name: DD_ADMISSION_CONTROLLER_AGENT_SIDECAR_ENABLED @@ -119,7 +122,7 @@ spec: - name: DD_ADMISSION_CONTROLLER_AGENT_SIDECAR_IMAGE_NAME value: agent - name: DD_ADMISSION_CONTROLLER_AGENT_SIDECAR_IMAGE_TAG - value: 7.57.2 + value: 7.58.0 - name: DD_REMOTE_CONFIGURATION_ENABLED value: "false" - name: DD_CLUSTER_CHECKS_ENABLED @@ -140,6 +143,8 @@ spec: value: datadogtoken - name: DD_COLLECT_KUBERNETES_EVENTS value: "true" + - name: DD_KUBERNETES_EVENTS_SOURCE_DETECTION_ENABLED + value: "false" - name: DD_CLUSTER_AGENT_KUBERNETES_SERVICE_NAME value: datadog-cluster-agent - name: DD_CLUSTER_AGENT_AUTH_TOKEN diff --git a/test/datadog/baseline/daemonset_default.yaml b/test/datadog/baseline/daemonset_default.yaml index 0661feb0b..998659536 100644 --- a/test/datadog/baseline/daemonset_default.yaml +++ b/test/datadog/baseline/daemonset_default.yaml @@ -6,7 +6,7 @@ metadata: name: datadog namespace: datadog-agent labels: - helm.sh/chart: 'datadog-3.73.0' + helm.sh/chart: 'datadog-3.75.0' app.kubernetes.io/name: "datadog" app.kubernetes.io/instance: "datadog" app.kubernetes.io/managed-by: Helm @@ -30,8 +30,8 @@ spec: name: datadog annotations: - checksum/clusteragent_token: 6b801cdee7b458f8dc8cf101150135babecf647416c222dcf109ae6517afefc4 - checksum/install_info: 4431ead135ce20065fbe40abb5a6e6324fb9e43978cfd3ef1857d9fcaa613aa8 + checksum/clusteragent_token: 83b5b1602b5e1169578e69dded647f78c781486cc5e8203a93bcd477148b6938 + checksum/install_info: 0f26ba698ed19cfca67b345f53ad633320db3f86502c811b4c44738df3ee25a4 checksum/autoconf-config: 74234e98afe7498fb5daf1f36ac2d78acc339464f950703b8c019892f982b90b checksum/confd-config: 44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a checksum/checksd-config: 44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a @@ -42,7 +42,7 @@ spec: hostPID: true containers: - name: agent - image: "gcr.io/datadoghq/agent:7.57.2" + image: "gcr.io/datadoghq/agent:7.58.0" imagePullPolicy: IfNotPresent command: ["agent", "run"] @@ -62,12 +62,13 @@ spec: value: "true" - name: DD_AUTH_TOKEN_FILE_PATH value: /etc/datadog-agent/auth/token + + - name: KUBERNETES + value: "yes" - name: DD_LANGUAGE_DETECTION_ENABLED value: "false" - name: DD_LANGUAGE_DETECTION_REPORTING_ENABLED value: "false" - - name: KUBERNETES - value: "yes" - name: DD_KUBERNETES_KUBELET_HOST valueFrom: fieldRef: @@ -202,7 +203,7 @@ spec: successThreshold: 1 timeoutSeconds: 5 - name: trace-agent - image: "gcr.io/datadoghq/agent:7.57.2" + image: "gcr.io/datadoghq/agent:7.58.0" imagePullPolicy: IfNotPresent command: ["trace-agent", "-config=/etc/datadog-agent/datadog.yaml"] resources: @@ -221,12 +222,13 @@ spec: value: "true" - name: DD_AUTH_TOKEN_FILE_PATH value: /etc/datadog-agent/auth/token + + - name: KUBERNETES + value: "yes" - name: DD_LANGUAGE_DETECTION_ENABLED value: "false" - name: DD_LANGUAGE_DETECTION_REPORTING_ENABLED value: "false" - - name: KUBERNETES - value: "yes" - name: DD_KUBERNETES_KUBELET_HOST valueFrom: fieldRef: @@ -308,7 +310,7 @@ spec: port: 8126 timeoutSeconds: 5 - name: process-agent - image: "gcr.io/datadoghq/agent:7.57.2" + image: "gcr.io/datadoghq/agent:7.58.0" imagePullPolicy: IfNotPresent command: ["process-agent", "--cfgpath=/etc/datadog-agent/datadog.yaml"] resources: @@ -323,12 +325,13 @@ spec: value: "true" - name: DD_AUTH_TOKEN_FILE_PATH value: /etc/datadog-agent/auth/token + + - name: KUBERNETES + value: "yes" - name: DD_LANGUAGE_DETECTION_ENABLED value: "false" - name: DD_LANGUAGE_DETECTION_REPORTING_ENABLED value: "false" - - name: KUBERNETES - value: "yes" - name: DD_KUBERNETES_KUBELET_HOST valueFrom: fieldRef: @@ -405,7 +408,7 @@ spec: - name: init-volume - image: "gcr.io/datadoghq/agent:7.57.2" + image: "gcr.io/datadoghq/agent:7.58.0" imagePullPolicy: IfNotPresent command: ["bash", "-c"] args: @@ -418,7 +421,7 @@ spec: {} - name: init-config - image: "gcr.io/datadoghq/agent:7.57.2" + image: "gcr.io/datadoghq/agent:7.58.0" imagePullPolicy: IfNotPresent command: - bash @@ -451,12 +454,13 @@ spec: value: "true" - name: DD_AUTH_TOKEN_FILE_PATH value: /etc/datadog-agent/auth/token + + - name: KUBERNETES + value: "yes" - name: DD_LANGUAGE_DETECTION_ENABLED value: "false" - name: DD_LANGUAGE_DETECTION_REPORTING_ENABLED value: "false" - - name: KUBERNETES - value: "yes" - name: DD_KUBERNETES_KUBELET_HOST valueFrom: fieldRef: diff --git a/test/datadog/baseline/other_default.yaml b/test/datadog/baseline/other_default.yaml index 202d88d15..07298dcf4 100644 --- a/test/datadog/baseline/other_default.yaml +++ b/test/datadog/baseline/other_default.yaml @@ -6,7 +6,7 @@ metadata: name: datadog-clusterchecks namespace: datadog-agent labels: - helm.sh/chart: 'datadog-3.73.0' + helm.sh/chart: 'datadog-3.75.0' app.kubernetes.io/name: "datadog" app.kubernetes.io/instance: "datadog" app.kubernetes.io/managed-by: Helm @@ -24,7 +24,7 @@ metadata: name: datadog-cluster-agent namespace: datadog-agent labels: - helm.sh/chart: 'datadog-3.73.0' + helm.sh/chart: 'datadog-3.75.0' app.kubernetes.io/name: "datadog" app.kubernetes.io/instance: "datadog" app.kubernetes.io/managed-by: Helm @@ -41,13 +41,13 @@ kind: ServiceAccount automountServiceAccountToken: true metadata: labels: - helm.sh/chart: 'datadog-3.73.0' + helm.sh/chart: 'datadog-3.75.0' app.kubernetes.io/name: "datadog" app.kubernetes.io/instance: "datadog" app.kubernetes.io/managed-by: Helm app.kubernetes.io/version: "7" app: "datadog" - chart: "datadog-3.73.0" + chart: "datadog-3.75.0" heritage: "Helm" release: "datadog" name: datadog-cluster-checks @@ -60,10 +60,10 @@ automountServiceAccountToken: true metadata: labels: app: "datadog" - chart: "datadog-3.73.0" + chart: "datadog-3.75.0" heritage: "Helm" release: "datadog" - helm.sh/chart: 'datadog-3.73.0' + helm.sh/chart: 'datadog-3.75.0' app.kubernetes.io/name: "datadog" app.kubernetes.io/instance: "datadog" app.kubernetes.io/managed-by: Helm @@ -79,7 +79,7 @@ metadata: name: datadog namespace: datadog-agent labels: - helm.sh/chart: 'datadog-3.73.0' + helm.sh/chart: 'datadog-3.75.0' app.kubernetes.io/name: "datadog" app.kubernetes.io/instance: "datadog" app.kubernetes.io/managed-by: Helm @@ -92,14 +92,14 @@ metadata: name: datadog-cluster-agent namespace: datadog-agent labels: - helm.sh/chart: 'datadog-3.73.0' + helm.sh/chart: 'datadog-3.75.0' app.kubernetes.io/name: "datadog" app.kubernetes.io/instance: "datadog" app.kubernetes.io/managed-by: Helm app.kubernetes.io/version: "7" type: Opaque data: - token: "RmllNXRpbDNzWGNCeXpsVFpPOUU4ZXUzSVZncU1NeFA=" + token: "YjlvWkxFclduWHdiQVZJZzBSaGlXYnNVb084Y1BSdGY=" --- # Source: datadog/templates/cluster-agent-confd-configmap.yaml apiVersion: v1 @@ -108,7 +108,7 @@ metadata: name: datadog-cluster-agent-confd namespace: datadog-agent labels: - helm.sh/chart: 'datadog-3.73.0' + helm.sh/chart: 'datadog-3.75.0' app.kubernetes.io/name: "datadog" app.kubernetes.io/instance: "datadog" app.kubernetes.io/managed-by: Helm @@ -162,20 +162,20 @@ metadata: name: datadog-installinfo namespace: datadog-agent labels: - helm.sh/chart: 'datadog-3.73.0' + helm.sh/chart: 'datadog-3.75.0' app.kubernetes.io/name: "datadog" app.kubernetes.io/instance: "datadog" app.kubernetes.io/managed-by: Helm app.kubernetes.io/version: "7" annotations: - checksum/install_info: 4431ead135ce20065fbe40abb5a6e6324fb9e43978cfd3ef1857d9fcaa613aa8 + checksum/install_info: 0f26ba698ed19cfca67b345f53ad633320db3f86502c811b4c44738df3ee25a4 data: install_info: | --- install_method: tool: helm tool_version: Helm - installer_version: datadog-3.73.0 + installer_version: datadog-3.75.0 --- # Source: datadog/templates/kpi-telemetry-configmap.yaml apiVersion: v1 @@ -184,22 +184,22 @@ metadata: name: datadog-kpi-telemetry-configmap namespace: datadog-agent labels: - helm.sh/chart: 'datadog-3.73.0' + helm.sh/chart: 'datadog-3.75.0' app.kubernetes.io/name: "datadog" app.kubernetes.io/instance: "datadog" app.kubernetes.io/managed-by: Helm app.kubernetes.io/version: "7" data: install_type: k8s_manual - install_id: "eadedf6d-d365-4d8d-860f-93fcf8617956" - install_time: "1727279193" + install_id: "bad5d0c4-f169-4c57-9bf3-2fbf5aa4c599" + install_time: "1729541004" --- # Source: datadog/templates/cluster-agent-rbac.yaml apiVersion: "rbac.authorization.k8s.io/v1" kind: ClusterRole metadata: labels: - helm.sh/chart: 'datadog-3.73.0' + helm.sh/chart: 'datadog-3.75.0' app.kubernetes.io/name: "datadog" app.kubernetes.io/instance: "datadog" app.kubernetes.io/managed-by: Helm @@ -384,6 +384,7 @@ rules: - apiGroups: - admissionregistration.k8s.io resources: + - validatingwebhookconfigurations - mutatingwebhookconfigurations resourceNames: - "datadog-webhook" @@ -391,6 +392,7 @@ rules: - apiGroups: - admissionregistration.k8s.io resources: + - validatingwebhookconfigurations - mutatingwebhookconfigurations verbs: ["create"] - apiGroups: ["batch"] @@ -414,7 +416,7 @@ apiVersion: "rbac.authorization.k8s.io/v1" kind: ClusterRole metadata: labels: - helm.sh/chart: 'datadog-3.73.0' + helm.sh/chart: 'datadog-3.75.0' app.kubernetes.io/name: "datadog" app.kubernetes.io/instance: "datadog" app.kubernetes.io/managed-by: Helm @@ -510,7 +512,7 @@ kind: ClusterRole metadata: name: datadog labels: - helm.sh/chart: 'datadog-3.73.0' + helm.sh/chart: 'datadog-3.75.0' app.kubernetes.io/name: "datadog" app.kubernetes.io/instance: "datadog" app.kubernetes.io/managed-by: Helm @@ -558,7 +560,7 @@ apiVersion: "rbac.authorization.k8s.io/v1" kind: ClusterRoleBinding metadata: labels: - helm.sh/chart: 'datadog-3.73.0' + helm.sh/chart: 'datadog-3.75.0' app.kubernetes.io/name: "datadog" app.kubernetes.io/instance: "datadog" app.kubernetes.io/managed-by: Helm @@ -578,7 +580,7 @@ apiVersion: "rbac.authorization.k8s.io/v1" kind: ClusterRoleBinding metadata: labels: - helm.sh/chart: 'datadog-3.73.0' + helm.sh/chart: 'datadog-3.75.0' app.kubernetes.io/name: "datadog" app.kubernetes.io/instance: "datadog" app.kubernetes.io/managed-by: Helm @@ -598,7 +600,7 @@ apiVersion: "rbac.authorization.k8s.io/v1" kind: ClusterRoleBinding metadata: labels: - helm.sh/chart: 'datadog-3.73.0' + helm.sh/chart: 'datadog-3.75.0' app.kubernetes.io/name: "datadog" app.kubernetes.io/instance: "datadog" app.kubernetes.io/managed-by: Helm @@ -619,7 +621,7 @@ kind: ClusterRoleBinding metadata: name: datadog labels: - helm.sh/chart: 'datadog-3.73.0' + helm.sh/chart: 'datadog-3.75.0' app.kubernetes.io/name: "datadog" app.kubernetes.io/instance: "datadog" app.kubernetes.io/managed-by: Helm @@ -638,7 +640,7 @@ apiVersion: "rbac.authorization.k8s.io/v1" kind: Role metadata: labels: - helm.sh/chart: 'datadog-3.73.0' + helm.sh/chart: 'datadog-3.75.0' app.kubernetes.io/name: "datadog" app.kubernetes.io/instance: "datadog" app.kubernetes.io/managed-by: Helm @@ -655,7 +657,7 @@ apiVersion: "rbac.authorization.k8s.io/v1" kind: Role metadata: labels: - helm.sh/chart: 'datadog-3.73.0' + helm.sh/chart: 'datadog-3.75.0' app.kubernetes.io/name: "datadog" app.kubernetes.io/instance: "datadog" app.kubernetes.io/managed-by: Helm @@ -677,7 +679,7 @@ apiVersion: "rbac.authorization.k8s.io/v1" kind: RoleBinding metadata: labels: - helm.sh/chart: 'datadog-3.73.0' + helm.sh/chart: 'datadog-3.75.0' app.kubernetes.io/name: "datadog" app.kubernetes.io/instance: "datadog" app.kubernetes.io/managed-by: Helm @@ -698,7 +700,7 @@ apiVersion: "rbac.authorization.k8s.io/v1" kind: RoleBinding metadata: labels: - helm.sh/chart: 'datadog-3.73.0' + helm.sh/chart: 'datadog-3.75.0' app.kubernetes.io/name: "datadog" app.kubernetes.io/instance: "datadog" app.kubernetes.io/managed-by: Helm @@ -721,7 +723,7 @@ metadata: name: datadog-cluster-agent namespace: datadog-agent labels: - helm.sh/chart: 'datadog-3.73.0' + helm.sh/chart: 'datadog-3.75.0' app.kubernetes.io/name: "datadog" app.kubernetes.io/instance: "datadog" app.kubernetes.io/managed-by: Helm @@ -743,10 +745,10 @@ metadata: namespace: datadog-agent labels: app: "datadog" - chart: "datadog-3.73.0" + chart: "datadog-3.75.0" release: "datadog" heritage: "Helm" - helm.sh/chart: 'datadog-3.73.0' + helm.sh/chart: 'datadog-3.75.0' app.kubernetes.io/name: "datadog" app.kubernetes.io/instance: "datadog" app.kubernetes.io/managed-by: Helm @@ -769,10 +771,10 @@ metadata: namespace: datadog-agent labels: app: "datadog" - chart: "datadog-3.73.0" + chart: "datadog-3.75.0" release: "datadog" heritage: "Helm" - helm.sh/chart: 'datadog-3.73.0' + helm.sh/chart: 'datadog-3.75.0' app.kubernetes.io/name: "datadog" app.kubernetes.io/instance: "datadog" app.kubernetes.io/managed-by: Helm @@ -798,7 +800,7 @@ metadata: name: datadog namespace: datadog-agent labels: - helm.sh/chart: 'datadog-3.73.0' + helm.sh/chart: 'datadog-3.75.0' app.kubernetes.io/name: "datadog" app.kubernetes.io/instance: "datadog" app.kubernetes.io/managed-by: Helm @@ -822,8 +824,8 @@ spec: name: datadog annotations: - checksum/clusteragent_token: a73a414b38d45377a23c51d2dc231cae02e9fcc4eb937bfe7d692f0f989e1391 - checksum/install_info: 4431ead135ce20065fbe40abb5a6e6324fb9e43978cfd3ef1857d9fcaa613aa8 + checksum/clusteragent_token: ee1bf541a249cd52955bc91b1fae0050212fe2bfd3894a84f616781f81362f03 + checksum/install_info: 0f26ba698ed19cfca67b345f53ad633320db3f86502c811b4c44738df3ee25a4 checksum/autoconf-config: 74234e98afe7498fb5daf1f36ac2d78acc339464f950703b8c019892f982b90b checksum/confd-config: 44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a checksum/checksd-config: 44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a @@ -834,7 +836,7 @@ spec: hostPID: true containers: - name: agent - image: "gcr.io/datadoghq/agent:7.57.2" + image: "gcr.io/datadoghq/agent:7.58.0" imagePullPolicy: IfNotPresent command: ["agent", "run"] @@ -854,12 +856,13 @@ spec: value: "true" - name: DD_AUTH_TOKEN_FILE_PATH value: /etc/datadog-agent/auth/token + + - name: KUBERNETES + value: "yes" - name: DD_LANGUAGE_DETECTION_ENABLED value: "false" - name: DD_LANGUAGE_DETECTION_REPORTING_ENABLED value: "false" - - name: KUBERNETES - value: "yes" - name: DD_KUBERNETES_KUBELET_HOST valueFrom: fieldRef: @@ -995,7 +998,7 @@ spec: successThreshold: 1 timeoutSeconds: 5 - name: trace-agent - image: "gcr.io/datadoghq/agent:7.57.2" + image: "gcr.io/datadoghq/agent:7.58.0" imagePullPolicy: IfNotPresent command: ["trace-agent", "-config=/etc/datadog-agent/datadog.yaml"] resources: @@ -1014,12 +1017,13 @@ spec: value: "true" - name: DD_AUTH_TOKEN_FILE_PATH value: /etc/datadog-agent/auth/token + + - name: KUBERNETES + value: "yes" - name: DD_LANGUAGE_DETECTION_ENABLED value: "false" - name: DD_LANGUAGE_DETECTION_REPORTING_ENABLED value: "false" - - name: KUBERNETES - value: "yes" - name: DD_KUBERNETES_KUBELET_HOST valueFrom: fieldRef: @@ -1101,7 +1105,7 @@ spec: port: 8126 timeoutSeconds: 5 - name: process-agent - image: "gcr.io/datadoghq/agent:7.57.2" + image: "gcr.io/datadoghq/agent:7.58.0" imagePullPolicy: IfNotPresent command: ["process-agent", "--cfgpath=/etc/datadog-agent/datadog.yaml"] resources: @@ -1116,12 +1120,13 @@ spec: value: "true" - name: DD_AUTH_TOKEN_FILE_PATH value: /etc/datadog-agent/auth/token + + - name: KUBERNETES + value: "yes" - name: DD_LANGUAGE_DETECTION_ENABLED value: "false" - name: DD_LANGUAGE_DETECTION_REPORTING_ENABLED value: "false" - - name: KUBERNETES - value: "yes" - name: DD_KUBERNETES_KUBELET_HOST valueFrom: fieldRef: @@ -1198,7 +1203,7 @@ spec: - name: init-volume - image: "gcr.io/datadoghq/agent:7.57.2" + image: "gcr.io/datadoghq/agent:7.58.0" imagePullPolicy: IfNotPresent command: ["bash", "-c"] args: @@ -1211,7 +1216,7 @@ spec: {} - name: init-config - image: "gcr.io/datadoghq/agent:7.57.2" + image: "gcr.io/datadoghq/agent:7.58.0" imagePullPolicy: IfNotPresent command: - bash @@ -1244,12 +1249,13 @@ spec: value: "true" - name: DD_AUTH_TOKEN_FILE_PATH value: /etc/datadog-agent/auth/token + + - name: KUBERNETES + value: "yes" - name: DD_LANGUAGE_DETECTION_ENABLED value: "false" - name: DD_LANGUAGE_DETECTION_REPORTING_ENABLED value: "false" - - name: KUBERNETES - value: "yes" - name: DD_KUBERNETES_KUBELET_HOST valueFrom: fieldRef: @@ -1316,7 +1322,7 @@ metadata: name: datadog-clusterchecks namespace: datadog-agent labels: - helm.sh/chart: 'datadog-3.73.0' + helm.sh/chart: 'datadog-3.75.0' app.kubernetes.io/name: "datadog" app.kubernetes.io/instance: "datadog" app.kubernetes.io/managed-by: Helm @@ -1346,8 +1352,8 @@ spec: name: datadog-clusterchecks annotations: - checksum/clusteragent_token: 76253444996a0411d5a94059333082990230f8818371b4c7b8493c5147e20108 - checksum/install_info: 4431ead135ce20065fbe40abb5a6e6324fb9e43978cfd3ef1857d9fcaa613aa8 + checksum/clusteragent_token: d72fa1bb77003ed410a9aa8ac706024226cff72df58b070689341cad09172740 + checksum/install_info: 0f26ba698ed19cfca67b345f53ad633320db3f86502c811b4c44738df3ee25a4 spec: serviceAccountName: datadog-cluster-checks automountServiceAccountToken: true @@ -1355,7 +1361,7 @@ spec: [] initContainers: - name: init-volume - image: "gcr.io/datadoghq/agent:7.57.2" + image: "gcr.io/datadoghq/agent:7.58.0" imagePullPolicy: IfNotPresent command: ["bash", "-c"] args: @@ -1367,7 +1373,7 @@ spec: resources: {} - name: init-config - image: "gcr.io/datadoghq/agent:7.57.2" + image: "gcr.io/datadoghq/agent:7.58.0" imagePullPolicy: IfNotPresent command: ["bash", "-c"] args: @@ -1380,19 +1386,20 @@ spec: {} containers: - name: agent - image: "gcr.io/datadoghq/agent:7.57.2" + image: "gcr.io/datadoghq/agent:7.58.0" command: ["bash", "-c"] args: - rm -rf /etc/datadog-agent/conf.d && touch /etc/datadog-agent/datadog.yaml && exec agent run imagePullPolicy: IfNotPresent env: + + - name: KUBERNETES + value: "yes" - name: DD_API_KEY valueFrom: secretKeyRef: name: "datadog-secret" key: api-key - - name: KUBERNETES - value: "yes" - name: DD_LOG_LEVEL value: "INFO" - name: DD_EXTRA_CONFIG_PROVIDERS @@ -1507,7 +1514,7 @@ metadata: name: datadog-cluster-agent namespace: datadog-agent labels: - helm.sh/chart: 'datadog-3.73.0' + helm.sh/chart: 'datadog-3.75.0' app.kubernetes.io/name: "datadog" app.kubernetes.io/instance: "datadog" app.kubernetes.io/managed-by: Helm @@ -1537,15 +1544,15 @@ spec: name: datadog-cluster-agent annotations: - checksum/clusteragent_token: 8d93968cf1fcd7528edb7c1d0667c1e200602d1dbcc33fbf7c7274cabc757ee1 - checksum/clusteragent-configmap: 65496f49f667006695458d448536cabbf214be02a08201234f491c7a3b50e1bd - checksum/install_info: 4431ead135ce20065fbe40abb5a6e6324fb9e43978cfd3ef1857d9fcaa613aa8 + checksum/clusteragent_token: 14f9bef25f860ee586f3e986281b05b2a38d96ec8e9a42efbce111d7e2d168ec + checksum/clusteragent-configmap: 81e504b930c13adb4bd74da0422bfa0306dba563ef9161b91f84bfe15da77266 + checksum/install_info: 0f26ba698ed19cfca67b345f53ad633320db3f86502c811b4c44738df3ee25a4 spec: serviceAccountName: datadog-cluster-agent automountServiceAccountToken: true initContainers: - name: init-volume - image: "gcr.io/datadoghq/cluster-agent:7.57.2" + image: "gcr.io/datadoghq/cluster-agent:7.58.0" imagePullPolicy: IfNotPresent command: - cp @@ -1558,7 +1565,7 @@ spec: mountPath: /opt/datadog-agent containers: - name: cluster-agent - image: "gcr.io/datadoghq/cluster-agent:7.57.2" + image: "gcr.io/datadoghq/cluster-agent:7.58.0" imagePullPolicy: IfNotPresent resources: {} @@ -1585,12 +1592,13 @@ spec: name: "datadog-secret" key: api-key optional: true + + - name: KUBERNETES + value: "yes" - name: DD_LANGUAGE_DETECTION_ENABLED value: "false" - name: DD_LANGUAGE_DETECTION_REPORTING_ENABLED value: "false" - - name: KUBERNETES - value: "yes" - name: DD_ADMISSION_CONTROLLER_ENABLED value: "true" - name: DD_ADMISSION_CONTROLLER_WEBHOOK_NAME @@ -1607,6 +1615,8 @@ spec: value: "Ignore" - name: DD_ADMISSION_CONTROLLER_PORT value: "8000" + - name: DD_ADMISSION_CONTROLLER_CONTAINER_REGISTRY + value: "gcr.io/datadoghq" - name: DD_REMOTE_CONFIGURATION_ENABLED @@ -1631,6 +1641,8 @@ spec: value: datadogtoken - name: DD_COLLECT_KUBERNETES_EVENTS value: "true" + - name: DD_KUBERNETES_EVENTS_SOURCE_DETECTION_ENABLED + value: "false" - name: DD_CLUSTER_AGENT_KUBERNETES_SERVICE_NAME value: datadog-cluster-agent - name: DD_CLUSTER_AGENT_AUTH_TOKEN From 3dc5c377cd05744a512b147d72a0b25e8631fca1 Mon Sep 17 00:00:00 2001 From: Will Yardley Date: Tue, 22 Oct 2024 02:04:02 -0700 Subject: [PATCH 151/209] ci: update Kube and test workflows (#1486) - Update Kubernetes versions and standardize across test matrices - Update helm-docs to v1.14.2 - Update actions/checkout to v4 in two workflows - Update helm/chart-testing-action to v2.6.1 - Update setup-helm action to 4.x (4.x is just for node version update) - Update helm/kind-action to v1.10.0 - Update kubeconform to v0.6.7 Co-authored-by: Cedric Lamoriniere --- .github/helm-docs.sh | 2 +- .github/kubeconform.sh | 2 +- .github/workflows/ci.yaml | 36 ++++++++++++++++++++++------------ .github/workflows/go-test.yaml | 25 +++++++++++------------ 4 files changed, 38 insertions(+), 27 deletions(-) diff --git a/.github/helm-docs.sh b/.github/helm-docs.sh index 04ad473d7..03d901387 100755 --- a/.github/helm-docs.sh +++ b/.github/helm-docs.sh @@ -1,7 +1,7 @@ #!/bin/bash set -euo pipefail -HELM_DOCS_VERSION="1.10.0" +HELM_DOCS_VERSION="1.14.2" OS=$(uname) ARCH=$(uname -m) diff --git a/.github/kubeconform.sh b/.github/kubeconform.sh index 872c011d3..749da9719 100755 --- a/.github/kubeconform.sh +++ b/.github/kubeconform.sh @@ -1,7 +1,7 @@ #!/bin/bash set -euo pipefail -KUBECONFORM_VERSION="v0.6.4" +KUBECONFORM_VERSION="v0.6.7" # https://github.com/yannh/kubeconform/issues/51 CRD_SPEC_URL="https://raw.githubusercontent.com/kubernetes/kubernetes/master/api/openapi-spec/v3/apis__apiextensions.k8s.io__v1_openapi.json" # Remove after v1.16 support / testing is dropped diff --git a/.github/workflows/ci.yaml b/.github/workflows/ci.yaml index d6a4f786a..ed86783d7 100644 --- a/.github/workflows/ci.yaml +++ b/.github/workflows/ci.yaml @@ -12,7 +12,7 @@ jobs: charts: ${{ steps.list-changed.outputs.changed }} steps: - name: Checkout - uses: actions/checkout@v3 + uses: actions/checkout@v4 with: fetch-depth: 0 - name: Set up Helm @@ -23,7 +23,7 @@ jobs: with: python-version: 3.7 - name: Set up chart-testing - uses: helm/chart-testing-action@v2.3.1 + uses: helm/chart-testing-action@v2.6.1 - name: Run chart-testing (list-changed) id: list-changed env: @@ -47,14 +47,14 @@ jobs: - changed steps: - name: Checkout - uses: actions/checkout@v3 + uses: actions/checkout@v4 with: fetch-depth: 0 - uses: actions/setup-python@v4 with: python-version: 3.7 - name: Set up chart-testing - uses: helm/chart-testing-action@v2.3.1 + uses: helm/chart-testing-action@v2.6.1 - name: Run chart-testing (lint) run: ct lint --config .github/ct.yaml @@ -64,7 +64,7 @@ jobs: - changed steps: - name: Checkout - uses: actions/checkout@v3 + uses: actions/checkout@v4 with: fetch-depth: 0 - name: Run helm-docs @@ -87,10 +87,15 @@ jobs: - v1.22.17 - v1.24.17 - v1.25.16 - - v1.26.13 + - v1.26.15 + - v1.27.16 + - v1.28.13 + - v1.29.8 + - v1.30.4 + - v1.31.1 steps: - name: Checkout - uses: actions/checkout@v3 + uses: actions/checkout@v4 with: fetch-depth: 0 - name: Add datadog helm repo @@ -114,17 +119,22 @@ jobs: matrix: k8s: - v1.18.20 - - v1.22.9 - - v1.24.2 + - v1.22.17 + - v1.24.17 - v1.25.16 - - v1.26.13 + - v1.26.15 + - v1.27.16 + - v1.28.13 + - v1.29.8 + - v1.30.4 + - v1.31.1 steps: - name: Checkout - uses: actions/checkout@v3 + uses: actions/checkout@v4 with: fetch-depth: 0 - name: Create kind ${{ matrix.k8s }} cluster - uses: helm/kind-action@v1.5.0 + uses: helm/kind-action@v1.10.0 with: node_image: kindest/node:${{ matrix.k8s }} config: .github/kind_config.yaml @@ -132,7 +142,7 @@ jobs: with: python-version: 3.7 - name: Set up chart-testing - uses: helm/chart-testing-action@v2.3.1 + uses: helm/chart-testing-action@v2.6.1 - name: Run chart-testing (install) run: ct install --config .github/ct.yaml diff --git a/.github/workflows/go-test.yaml b/.github/workflows/go-test.yaml index 8b83c292b..d4792b6c8 100644 --- a/.github/workflows/go-test.yaml +++ b/.github/workflows/go-test.yaml @@ -21,9 +21,9 @@ jobs: go-version: 1.21 id: go - name: Set up Helm - uses: azure/setup-helm@v3.5 + uses: azure/setup-helm@v4.2.0 with: - version: v3.10.1 + version: v3.14.0 - name: Add Datadog Helm repo run: helm repo add datadog https://helm.datadoghq.com && helm repo update - name: Check out code into the Go module directory @@ -42,21 +42,22 @@ jobs: k8s: - v1.16.15 - v1.18.20 - - v1.22.9 - - v1.24.2 - - v1.25.2 - - v1.26.6 - - v1.27.3 - - v1.28.7 - - v1.29.2 - - v1.30.0 + - v1.22.17 + - v1.24.17 + - v1.25.16 + - v1.26.15 + - v1.27.16 + - v1.28.13 + - v1.29.9 + - v1.30.4 + - v1.31.1 steps: - name: Checkout - uses: actions/checkout@v3 + uses: actions/checkout@v4 with: fetch-depth: 0 - name: Create kind ${{ matrix.k8s }} cluster - uses: helm/kind-action@v1.5.0 + uses: helm/kind-action@v1.10.0 with: node_image: kindest/node:${{ matrix.k8s }} cluster_name: operator-ci-${{ matrix.k8s }} From 0d8e6f64380a4692c488fbcca6ca51ccafcc95f5 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Timoth=C3=A9e=20Bavelier?= <97530782+tbavelier@users.noreply.github.com> Date: Wed, 23 Oct 2024 13:32:44 +0200 Subject: [PATCH 152/209] Remove k8s 1.18.20 from testing matrix to fix CI (#1576) --- .github/workflows/ci.yaml | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/.github/workflows/ci.yaml b/.github/workflows/ci.yaml index ed86783d7..04ed541b9 100644 --- a/.github/workflows/ci.yaml +++ b/.github/workflows/ci.yaml @@ -118,7 +118,8 @@ jobs: strategy: matrix: k8s: - - v1.18.20 + # TODO: `kind create cluster --config .github/kind_config.yaml --name chart-testing --wait 60s --image kindest/node:v1.18.20` fails + # - v1.18.20 - v1.22.17 - v1.24.17 - v1.25.16 From 4b12bb177fb17cffc863c97f568a25204ff5c05c Mon Sep 17 00:00:00 2001 From: Sylvain Baubeau Date: Wed, 23 Oct 2024 14:49:00 +0200 Subject: [PATCH 153/209] Enable support for uncompressed layers by default (#1573) Co-authored-by: tbavelier <97530782+tbavelier@users.noreply.github.com> --- charts/datadog/CHANGELOG.md | 4 ++++ charts/datadog/Chart.yaml | 2 +- charts/datadog/README.md | 4 ++-- charts/datadog/values.yaml | 4 +++- 4 files changed, 10 insertions(+), 4 deletions(-) diff --git a/charts/datadog/CHANGELOG.md b/charts/datadog/CHANGELOG.md index cb8c9f4de..aea696be7 100644 --- a/charts/datadog/CHANGELOG.md +++ b/charts/datadog/CHANGELOG.md @@ -1,5 +1,9 @@ # Datadog changelog +## 3.76.0 + +* Set `datadog.sbom.containerImage.uncompressedLayersSupport` to `true` by default. + ## 3.75.0 * Set default `Agent` and `Cluster-Agent` version to `7.58.0`. diff --git a/charts/datadog/Chart.yaml b/charts/datadog/Chart.yaml index 0c77605bd..fd6a51a19 100644 --- a/charts/datadog/Chart.yaml +++ b/charts/datadog/Chart.yaml @@ -1,6 +1,6 @@ apiVersion: v1 name: datadog -version: 3.75.0 +version: 3.76.0 appVersion: "7" description: Datadog Agent keywords: diff --git a/charts/datadog/README.md b/charts/datadog/README.md index 723ec5103..c8ad584a2 100644 --- a/charts/datadog/README.md +++ b/charts/datadog/README.md @@ -1,6 +1,6 @@ # Datadog -![Version: 3.75.0](https://img.shields.io/badge/Version-3.75.0-informational?style=flat-square) ![AppVersion: 7](https://img.shields.io/badge/AppVersion-7-informational?style=flat-square) +![Version: 3.76.0](https://img.shields.io/badge/Version-3.76.0-informational?style=flat-square) ![AppVersion: 7](https://img.shields.io/badge/AppVersion-7-informational?style=flat-square) [Datadog](https://www.datadoghq.com/) is a hosted infrastructure monitoring platform. This chart adds the Datadog Agent to all nodes in your cluster via a DaemonSet. It also optionally depends on the [kube-state-metrics chart](https://github.com/prometheus-community/helm-charts/tree/main/charts/kube-state-metrics). For more information about monitoring Kubernetes with Datadog, please refer to the [Datadog documentation website](https://docs.datadoghq.com/agent/basic_agent_usage/kubernetes/). @@ -799,7 +799,7 @@ helm install \ | datadog.prometheusScrape.version | int | `2` | Version of the openmetrics check to schedule by default. | | datadog.remoteConfiguration.enabled | bool | `true` | Set to true to enable remote configuration. DEPRECATED: Consider using remoteConfiguration.enabled instead | | datadog.sbom.containerImage.enabled | bool | `false` | Enable SBOM collection for container images | -| datadog.sbom.containerImage.uncompressedLayersSupport | bool | `false` | Use container runtime snapshotter This should be set to true when using EKS, GKE or if containerd is configured to discard uncompressed layers. This feature will cause the SYS_ADMIN capability to be added to the Agent container. | +| datadog.sbom.containerImage.uncompressedLayersSupport | bool | `true` | Use container runtime snapshotter This should be set to true when using EKS, GKE or if containerd is configured to discard uncompressed layers. This feature will cause the SYS_ADMIN capability to be added to the Agent container. Setting this to false could cause a high error rate when generating SBOMs due to missing uncompressed layer. See https://docs.datadoghq.com/security/cloud_security_management/troubleshooting/vulnerabilities/#uncompressed-container-image-layers | | datadog.sbom.host.enabled | bool | `false` | Enable SBOM collection for host filesystems | | datadog.secretAnnotations | object | `{}` | | | datadog.secretBackend.arguments | string | `nil` | Configure the secret backend command arguments (space-separated strings). | diff --git a/charts/datadog/values.yaml b/charts/datadog/values.yaml index 02f321c97..236d2eac4 100644 --- a/charts/datadog/values.yaml +++ b/charts/datadog/values.yaml @@ -821,7 +821,9 @@ datadog: # This should be set to true when using EKS, GKE or if containerd is configured to # discard uncompressed layers. # This feature will cause the SYS_ADMIN capability to be added to the Agent container. - uncompressedLayersSupport: false + # Setting this to false could cause a high error rate when generating SBOMs due to missing uncompressed layer. + # See https://docs.datadoghq.com/security/cloud_security_management/troubleshooting/vulnerabilities/#uncompressed-container-image-layers + uncompressedLayersSupport: true host: # datadog.sbom.host.enabled -- Enable SBOM collection for host filesystems From 799c9cd368e02293ca824d1d357414526c455fa2 Mon Sep 17 00:00:00 2001 From: Cedric Lamoriniere Date: Wed, 23 Oct 2024 23:44:17 +0200 Subject: [PATCH 154/209] fix: re-introduce k8s 1.18 CI testing (#1579) * fix: re-introduce k8s 1.18 CI testing * fix also go-test.yaml github workflow --- .github/workflows/ci.yaml | 38 +++++++++++++++++----------- .github/workflows/go-test.yaml | 46 +++++++++++++++++++++------------- 2 files changed, 53 insertions(+), 31 deletions(-) diff --git a/.github/workflows/ci.yaml b/.github/workflows/ci.yaml index 04ed541b9..1c2cd57d0 100644 --- a/.github/workflows/ci.yaml +++ b/.github/workflows/ci.yaml @@ -117,27 +117,37 @@ jobs: - kubeconform-chart strategy: matrix: - k8s: - # TODO: `kind create cluster --config .github/kind_config.yaml --name chart-testing --wait 60s --image kindest/node:v1.18.20` fails - # - v1.18.20 - - v1.22.17 - - v1.24.17 - - v1.25.16 - - v1.26.15 - - v1.27.16 - - v1.28.13 - - v1.29.8 - - v1.30.4 - - v1.31.1 + versions: + - k8s: v1.18.20 + kind: v0.17.0 + - k8s: v1.22.17 + kind: v0.22.0 + - k8s: v1.24.17 + kind: v0.22.0 + - k8s: v1.25.16 + kind: v0.22.0 + - k8s: v1.26.15 + kind: v0.22.0 + - k8s: v1.27.16 + kind: v0.22.0 + - k8s: v1.28.13 + kind: v0.22.0 + - k8s: v1.29.8 + kind: v0.22.0 + - k8s: v1.30.4 + kind: v0.22.0 + - k8s: v1.31.1 + kind: v0.22.0 steps: - name: Checkout uses: actions/checkout@v4 with: fetch-depth: 0 - - name: Create kind ${{ matrix.k8s }} cluster + - name: Create kind ${{ matrix.versions.k8s }} cluster with kind version ${{ matrix.versions.kind }} uses: helm/kind-action@v1.10.0 with: - node_image: kindest/node:${{ matrix.k8s }} + version: ${{ matrix.versions.kind }} + node_image: kindest/node:${{ matrix.versions.k8s}} config: .github/kind_config.yaml - uses: actions/setup-python@v4 with: diff --git a/.github/workflows/go-test.yaml b/.github/workflows/go-test.yaml index d4792b6c8..3e8e2b1c5 100644 --- a/.github/workflows/go-test.yaml +++ b/.github/workflows/go-test.yaml @@ -39,28 +39,40 @@ jobs: runs-on: ubuntu-20.04 strategy: matrix: - k8s: - - v1.16.15 - - v1.18.20 - - v1.22.17 - - v1.24.17 - - v1.25.16 - - v1.26.15 - - v1.27.16 - - v1.28.13 - - v1.29.9 - - v1.30.4 - - v1.31.1 + versions: + - k8s: v1.16.15 + kind: v0.15.0 + - k8s: v1.18.20 + kind: v0.17.0 + - k8s: v1.22.17 + kind: v0.22.0 + - k8s: v1.24.17 + kind: v0.22.0 + - k8s: v1.25.16 + kind: v0.22.0 + - k8s: v1.26.15 + kind: v0.22.0 + - k8s: v1.27.16 + kind: v0.22.0 + - k8s: v1.28.13 + kind: v0.22.0 + - k8s: v1.29.8 + kind: v0.22.0 + - k8s: v1.30.4 + kind: v0.22.0 + - k8s: v1.31.1 + kind: v0.22.0 steps: - name: Checkout uses: actions/checkout@v4 with: fetch-depth: 0 - - name: Create kind ${{ matrix.k8s }} cluster + - name: Create K8s ${{ matrix.versions.k8s }} cluster with kind version ${{ matrix.versions.kind }} uses: helm/kind-action@v1.10.0 with: - node_image: kindest/node:${{ matrix.k8s }} - cluster_name: operator-ci-${{ matrix.k8s }} + version: ${{ matrix.versions.kind }} + node_image: kindest/node:${{ matrix.versions.k8s }} + cluster_name: operator-ci-${{ matrix.versions.k8s }} config: .github/kind_config.yaml - name: Add Cert Manager Helm repo run: helm repo add jetstack https://charts.jetstack.io && helm repo update @@ -70,8 +82,8 @@ jobs: env: API_KEY: ${{ secrets.GO_INTEG_TEST_API_KEY }} APP_KEY: ${{ secrets.GO_INTEG_TEST_APP_KEY }} - CLUSTER_NAME: operator-ci-${{ matrix.k8s }} - K8S_VERSION: ${{ matrix.k8s }} + CLUSTER_NAME: operator-ci-${{ matrix.versions.k8s }} + K8S_VERSION: ${{ matrix.versions.k8s }} run: | kubectl cluster-info kubectl get nodes From 9a8a37675cd4b8f2d2e4f320f7b8aa092b73d060 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Timoth=C3=A9e=20Bavelier?= <97530782+tbavelier@users.noreply.github.com> Date: Thu, 24 Oct 2024 16:14:12 +0200 Subject: [PATCH 155/209] Use uncompressedlayerssupport only if containerImage is enabled (#1585) * Use uncompressedlayerssupport only if containerImage is enabled * Simplify Co-authored-by: Celene --------- Co-authored-by: Celene --- charts/datadog/CHANGELOG.md | 4 ++++ charts/datadog/Chart.yaml | 2 +- charts/datadog/README.md | 2 +- charts/datadog/templates/_container-agent.yaml | 6 +++--- charts/datadog/templates/_daemonset-volumes-linux.yaml | 2 +- charts/datadog/templates/daemonset.yaml | 2 +- 6 files changed, 11 insertions(+), 7 deletions(-) diff --git a/charts/datadog/CHANGELOG.md b/charts/datadog/CHANGELOG.md index aea696be7..024d83657 100644 --- a/charts/datadog/CHANGELOG.md +++ b/charts/datadog/CHANGELOG.md @@ -1,5 +1,9 @@ # Datadog changelog +## 3.76.1 + +* Gate `datadog.sbom.containerImage.uncompressedLayersSupport` feature behind `datadog.sbom.containerImage.enabled`: if the latter is not enabled (default), do not modify template based on `datadog.sbom.containerImage.uncompressedLayersSupport`. + ## 3.76.0 * Set `datadog.sbom.containerImage.uncompressedLayersSupport` to `true` by default. diff --git a/charts/datadog/Chart.yaml b/charts/datadog/Chart.yaml index fd6a51a19..92fc85c75 100644 --- a/charts/datadog/Chart.yaml +++ b/charts/datadog/Chart.yaml @@ -1,6 +1,6 @@ apiVersion: v1 name: datadog -version: 3.76.0 +version: 3.76.1 appVersion: "7" description: Datadog Agent keywords: diff --git a/charts/datadog/README.md b/charts/datadog/README.md index c8ad584a2..cc38a32e0 100644 --- a/charts/datadog/README.md +++ b/charts/datadog/README.md @@ -1,6 +1,6 @@ # Datadog -![Version: 3.76.0](https://img.shields.io/badge/Version-3.76.0-informational?style=flat-square) ![AppVersion: 7](https://img.shields.io/badge/AppVersion-7-informational?style=flat-square) +![Version: 3.76.1](https://img.shields.io/badge/Version-3.76.1-informational?style=flat-square) ![AppVersion: 7](https://img.shields.io/badge/AppVersion-7-informational?style=flat-square) [Datadog](https://www.datadoghq.com/) is a hosted infrastructure monitoring platform. This chart adds the Datadog Agent to all nodes in your cluster via a DaemonSet. It also optionally depends on the [kube-state-metrics chart](https://github.com/prometheus-community/helm-charts/tree/main/charts/kube-state-metrics). For more information about monitoring Kubernetes with Datadog, please refer to the [Datadog documentation website](https://docs.datadoghq.com/agent/basic_agent_usage/kubernetes/). diff --git a/charts/datadog/templates/_container-agent.yaml b/charts/datadog/templates/_container-agent.yaml index 90200d49e..e3e6f136b 100644 --- a/charts/datadog/templates/_container-agent.yaml +++ b/charts/datadog/templates/_container-agent.yaml @@ -3,7 +3,7 @@ image: "{{ include "image-path" (dict "root" .Values "image" .Values.agents.image) }}" imagePullPolicy: {{ .Values.agents.image.pullPolicy }} command: ["agent", "run"] -{{ include "generate-security-context" (dict "securityContext" .Values.agents.containers.agent.securityContext "targetSystem" .Values.targetSystem "seccomp" "" "kubeversion" .Capabilities.KubeVersion.Version "sysAdmin" .Values.datadog.sbom.containerImage.uncompressedLayersSupport) | indent 2 }} +{{ include "generate-security-context" (dict "securityContext" .Values.agents.containers.agent.securityContext "targetSystem" .Values.targetSystem "seccomp" "" "kubeversion" .Capabilities.KubeVersion.Version "sysAdmin" (and (eq (include "should-enable-sbom-container-image-collection" .) "true") .Values.datadog.sbom.containerImage.uncompressedLayersSupport)) | indent 2 }} resources: {{ toYaml .Values.agents.containers.agent.resources | indent 4 }} ports: @@ -177,7 +177,7 @@ - name: DD_SBOM_CONTAINER_IMAGE_ENABLED value: "true" {{- end }} - {{- if .Values.datadog.sbom.containerImage.uncompressedLayersSupport }} + {{- if and (eq (include "should-enable-sbom-container-image-collection" .) "true") .Values.datadog.sbom.containerImage.uncompressedLayersSupport }} - name: DD_SBOM_CONTAINER_IMAGE_USE_MOUNT value: "true" {{- end }} @@ -276,7 +276,7 @@ readOnly: true {{- end }} {{- end }} - {{- if .Values.datadog.sbom.containerImage.uncompressedLayersSupport }} + {{- if and (eq (include "should-enable-sbom-container-image-collection" .) "true") .Values.datadog.sbom.containerImage.uncompressedLayersSupport }} - name: host-containerd-dir mountPath: /host/var/lib/containerd readOnly: true diff --git a/charts/datadog/templates/_daemonset-volumes-linux.yaml b/charts/datadog/templates/_daemonset-volumes-linux.yaml index 39ce80f63..0a114c0d5 100644 --- a/charts/datadog/templates/_daemonset-volumes-linux.yaml +++ b/charts/datadog/templates/_daemonset-volumes-linux.yaml @@ -147,7 +147,7 @@ path: / name: hostroot {{- end }} -{{- if .Values.datadog.sbom.containerImage.uncompressedLayersSupport }} +{{- if and (eq (include "should-enable-sbom-container-image-collection" .) "true") .Values.datadog.sbom.containerImage.uncompressedLayersSupport }} - hostPath: path: /var/lib/containerd name: host-containerd-dir diff --git a/charts/datadog/templates/daemonset.yaml b/charts/datadog/templates/daemonset.yaml index ba95268cf..36015b688 100644 --- a/charts/datadog/templates/daemonset.yaml +++ b/charts/datadog/templates/daemonset.yaml @@ -62,7 +62,7 @@ spec: container.seccomp.security.alpha.kubernetes.io/system-probe: {{ .Values.datadog.systemProbe.seccomp }} {{- end }} {{- end }} - {{- if and .Values.agents.podSecurity.apparmor.enabled .Values.datadog.sbom.containerImage.uncompressedLayersSupport }} + {{- if and .Values.agents.podSecurity.apparmor.enabled (eq (include "should-enable-sbom-container-image-collection" .) "true") .Values.datadog.sbom.containerImage.uncompressedLayersSupport }} container.apparmor.security.beta.kubernetes.io/agent: unconfined {{- end }} {{- if .Values.agents.podAnnotations }} From dcee9e6a25a47795c9a44fc342cc0c284560c8ac Mon Sep 17 00:00:00 2001 From: Dinesh Gurumurthy Date: Thu, 24 Oct 2024 11:12:32 -0400 Subject: [PATCH 156/209] Fix helm installation warnings (#1551) * Fix helm installation warnings * update Readme * Update Readme * Update Readme --- charts/datadog/CHANGELOG.md | 5 +++++ charts/datadog/Chart.yaml | 2 +- charts/datadog/README.md | 4 ++-- charts/datadog/templates/NOTES.txt | 2 +- charts/datadog/values.yaml | 33 +++++++++++++++--------------- 5 files changed, 26 insertions(+), 20 deletions(-) diff --git a/charts/datadog/CHANGELOG.md b/charts/datadog/CHANGELOG.md index 024d83657..0dc803fe6 100644 --- a/charts/datadog/CHANGELOG.md +++ b/charts/datadog/CHANGELOG.md @@ -1,5 +1,10 @@ # Datadog changelog +## 3.76.2 + +* Fix warning message displayed when installing/upgrading the Agent with OTel collector. +* Add preview message in values.yaml file. + ## 3.76.1 * Gate `datadog.sbom.containerImage.uncompressedLayersSupport` feature behind `datadog.sbom.containerImage.enabled`: if the latter is not enabled (default), do not modify template based on `datadog.sbom.containerImage.uncompressedLayersSupport`. diff --git a/charts/datadog/Chart.yaml b/charts/datadog/Chart.yaml index 92fc85c75..e2c60f4ef 100644 --- a/charts/datadog/Chart.yaml +++ b/charts/datadog/Chart.yaml @@ -1,6 +1,6 @@ apiVersion: v1 name: datadog -version: 3.76.1 +version: 3.76.2 appVersion: "7" description: Datadog Agent keywords: diff --git a/charts/datadog/README.md b/charts/datadog/README.md index cc38a32e0..177aba494 100644 --- a/charts/datadog/README.md +++ b/charts/datadog/README.md @@ -1,6 +1,6 @@ # Datadog -![Version: 3.76.1](https://img.shields.io/badge/Version-3.76.1-informational?style=flat-square) ![AppVersion: 7](https://img.shields.io/badge/AppVersion-7-informational?style=flat-square) +![Version: 3.76.2](https://img.shields.io/badge/Version-3.76.2-informational?style=flat-square) ![AppVersion: 7](https://img.shields.io/badge/AppVersion-7-informational?style=flat-square) [Datadog](https://www.datadoghq.com/) is a hosted infrastructure monitoring platform. This chart adds the Datadog Agent to all nodes in your cluster via a DaemonSet. It also optionally depends on the [kube-state-metrics chart](https://github.com/prometheus-community/helm-charts/tree/main/charts/kube-state-metrics). For more information about monitoring Kubernetes with Datadog, please refer to the [Datadog documentation website](https://docs.datadoghq.com/agent/basic_agent_usage/kubernetes/). @@ -774,7 +774,7 @@ helm install \ | datadog.orchestratorExplorer.enabled | bool | `true` | Set this to false to disable the orchestrator explorer | | datadog.originDetectionUnified.enabled | bool | `false` | Enabled enables unified mechanism for origin detection. Default: false. (Requires Agent 7.54.0+). | | datadog.osReleasePath | string | `"/etc/os-release"` | Specify the path to your os-release file | -| datadog.otelCollector.config | object | `{}` | OTel collector configuration | +| datadog.otelCollector.config | string | `nil` | OTel collector configuration | | datadog.otelCollector.enabled | bool | `false` | Enable the OTel Collector | | datadog.otelCollector.ports | list | `[{"containerPort":"4317","name":"otel-grpc"},{"containerPort":"4318","name":"otel-http"}]` | Ports that OTel Collector is listening | | datadog.otlp.logs.enabled | bool | `false` | Enable logs support in the OTLP ingest endpoint | diff --git a/charts/datadog/templates/NOTES.txt b/charts/datadog/templates/NOTES.txt index 0633779d3..e6002afba 100644 --- a/charts/datadog/templates/NOTES.txt +++ b/charts/datadog/templates/NOTES.txt @@ -605,5 +605,5 @@ OTel collector is not supported on GKE Autopilot. ################################################################# #### WARNING: Private Beta notice #### ################################################################# -OTel collector is in private beta. Please reach out to your Datadog representative for more information. +OTel collector is in preview. Please reach out to your Datadog representative for more information. {{- end }} diff --git a/charts/datadog/values.yaml b/charts/datadog/values.yaml index 236d2eac4..8457d2e94 100644 --- a/charts/datadog/values.yaml +++ b/charts/datadog/values.yaml @@ -546,22 +546,6 @@ datadog: iast: # datadog.asm.iast.enabled -- Enable Application Security Management Interactive Application Security Testing by injecting `DD_IAST_ENABLED=true` environment variable to all pods in the cluster enabled: false - - ## OTel collector related configuration - otelCollector: - # datadog.otelCollector.enabled -- Enable the OTel Collector - enabled: false - # datadog.otelCollector.ports -- Ports that OTel Collector is listening - ports: - - # Default GRPC port of OTLP receiver - - containerPort: "4317" - name: otel-grpc - # Default HTTP port of OTLP receiver - - containerPort: "4318" - name: otel-http - # datadog.otelCollector.config -- OTel collector configuration - config: {} ## OTLP ingest related configuration otlp: receiver: @@ -586,6 +570,23 @@ datadog: logs: # datadog.otlp.logs.enabled -- Enable logs support in the OTLP ingest endpoint enabled: false + ## OTel collector is currently in preview. Please reach out to your Datadog representative for more information. + ## OTLP Ingest is the GA feature for sending OTLP data to Datadog Agent. + ## OTel collector related configuration + otelCollector: + # datadog.otelCollector.enabled -- Enable the OTel Collector + enabled: false + # datadog.otelCollector.ports -- Ports that OTel Collector is listening + ports: + + # Default GRPC port of OTLP receiver + - containerPort: "4317" + name: otel-grpc + # Default HTTP port of OTLP receiver + - containerPort: "4318" + name: otel-http + # datadog.otelCollector.config -- OTel collector configuration + config: null ## Continuous Profiler configuration ## From c3482252398b724673dfa6262a4ec63a1ed91fec Mon Sep 17 00:00:00 2001 From: Oliver Li Date: Fri, 25 Oct 2024 16:41:21 -0400 Subject: [PATCH 157/209] Bump runner version to v0.1.3-beta (#1587) * Bump runner version to v0.1.3-beta * retry with baseline update --- charts/private-action-runner/CHANGELOG.md | 4 ++++ charts/private-action-runner/Chart.yaml | 2 +- charts/private-action-runner/README.md | 4 ++-- charts/private-action-runner/README.md.gotmpl | 2 +- charts/private-action-runner/values.yaml | 2 +- test/private-action-runner/__snapshot__/default.yaml | 2 +- .../__snapshot__/enable-kubernetes-actions.yaml | 2 +- 7 files changed, 11 insertions(+), 7 deletions(-) diff --git a/charts/private-action-runner/CHANGELOG.md b/charts/private-action-runner/CHANGELOG.md index 3549c9050..c6c097505 100644 --- a/charts/private-action-runner/CHANGELOG.md +++ b/charts/private-action-runner/CHANGELOG.md @@ -1,5 +1,9 @@ # Datadog changelog +## 0.14.2 + +* Update private action image version to `v0.1.3-beta` + ## 0.14.1 * Update private action image version to `v0.1.2-beta` diff --git a/charts/private-action-runner/Chart.yaml b/charts/private-action-runner/Chart.yaml index 1e0232c5e..dc6d62015 100644 --- a/charts/private-action-runner/Chart.yaml +++ b/charts/private-action-runner/Chart.yaml @@ -3,7 +3,7 @@ name: private-action-runner description: A Helm chart to deploy the private action runner type: application -version: 0.14.1 +version: 0.14.2 appVersion: "1.22.0" keywords: - app builder diff --git a/charts/private-action-runner/README.md b/charts/private-action-runner/README.md index ee6671058..a83db5d6b 100644 --- a/charts/private-action-runner/README.md +++ b/charts/private-action-runner/README.md @@ -1,6 +1,6 @@ # Datadog Private Action Runner -![Version: 0.14.1](https://img.shields.io/badge/Version-0.14.1-informational?style=flat-square) ![AppVersion: v0.1.2-beta](https://img.shields.io/badge/AppVersion-v0.1.2--beta-informational?style=flat-square) +![Version: 0.14.2](https://img.shields.io/badge/Version-0.14.2-informational?style=flat-square) ![AppVersion: v0.1.3-beta](https://img.shields.io/badge/AppVersion-v0.1.3--beta-informational?style=flat-square) This Helm Chart deploys the Datadog Private Action runner inside a Kubernetes cluster. It allows you to use private actions from the Datadog Workflow and Datadog App Builder products. When deploying this chart, you can give permissions to the runner in order to be able to run Kubernetes actions. @@ -42,7 +42,7 @@ helm repo update | Key | Type | Default | Description | |-----|------|---------|-------------| -| common.image | object | `{"repository":"us-east4-docker.pkg.dev/datadog-sandbox/apps-on-prem/onprem-runner","tag":"v0.1.2-beta"}` | Current Datadog Private Action Runner image | +| common.image | object | `{"repository":"us-east4-docker.pkg.dev/datadog-sandbox/apps-on-prem/onprem-runner","tag":"v0.1.3-beta"}` | Current Datadog Private Action Runner image | | credentialFiles | list | `[]` | List of credential files to be used by the Datadog Private Action Runner | | runners[0].config | object | `{"actionsAllowlist":[],"ddBaseURL":"https://app.datadoghq.com","modes":["workflowAutomation","appBuilder"],"port":9016,"privateKey":"CHANGE_ME_PRIVATE_KEY_FROM_CONFIG","urn":"CHANGE_ME_URN_FROM_CONFIG"}` | Configuration for the Datadog Private Action Runner | | runners[0].config.actionsAllowlist | list | `[]` | List of actions that the Datadog Private Action Runner is allowed to execute | diff --git a/charts/private-action-runner/README.md.gotmpl b/charts/private-action-runner/README.md.gotmpl index 6fa83d3f3..afd53a117 100644 --- a/charts/private-action-runner/README.md.gotmpl +++ b/charts/private-action-runner/README.md.gotmpl @@ -1,6 +1,6 @@ # Datadog Private Action Runner -![Version: 0.14.1](https://img.shields.io/badge/Version-0.14.1-informational?style=flat-square) ![AppVersion: v0.1.2-beta](https://img.shields.io/badge/AppVersion-v0.1.2--beta-informational?style=flat-square) +![Version: 0.14.2](https://img.shields.io/badge/Version-0.14.2-informational?style=flat-square) ![AppVersion: v0.1.3-beta](https://img.shields.io/badge/AppVersion-v0.1.3--beta-informational?style=flat-square) This Helm Chart deploys the Datadog Private Action runner inside a Kubernetes cluster. It allows you to use private actions from the Datadog Workflow and Datadog App Builder products. When deploying this chart, you can give permissions to the runner in order to be able to run Kubernetes actions. diff --git a/charts/private-action-runner/values.yaml b/charts/private-action-runner/values.yaml index 231e783fd..aae01fe22 100644 --- a/charts/private-action-runner/values.yaml +++ b/charts/private-action-runner/values.yaml @@ -6,7 +6,7 @@ common: # -- Current Datadog Private Action Runner image image: repository: us-east4-docker.pkg.dev/datadog-sandbox/apps-on-prem/onprem-runner - tag: v0.1.2-beta + tag: v0.1.3-beta runners: # runners[0].name -- Name of the Datadog Private Action Runner diff --git a/test/private-action-runner/__snapshot__/default.yaml b/test/private-action-runner/__snapshot__/default.yaml index bae87b7e3..ad3f808ed 100644 --- a/test/private-action-runner/__snapshot__/default.yaml +++ b/test/private-action-runner/__snapshot__/default.yaml @@ -100,7 +100,7 @@ spec: value: nodeless containers: - name: runner - image: "us-east4-docker.pkg.dev/datadog-sandbox/apps-on-prem/onprem-runner:v0.1.2-beta" + image: "us-east4-docker.pkg.dev/datadog-sandbox/apps-on-prem/onprem-runner:v0.1.3-beta" imagePullPolicy: IfNotPresent ports: - name: http diff --git a/test/private-action-runner/__snapshot__/enable-kubernetes-actions.yaml b/test/private-action-runner/__snapshot__/enable-kubernetes-actions.yaml index 08a3b48c9..1ac8e21bf 100644 --- a/test/private-action-runner/__snapshot__/enable-kubernetes-actions.yaml +++ b/test/private-action-runner/__snapshot__/enable-kubernetes-actions.yaml @@ -144,7 +144,7 @@ spec: value: nodeless containers: - name: runner - image: "us-east4-docker.pkg.dev/datadog-sandbox/apps-on-prem/onprem-runner:v0.1.2-beta" + image: "us-east4-docker.pkg.dev/datadog-sandbox/apps-on-prem/onprem-runner:v0.1.3-beta" imagePullPolicy: IfNotPresent ports: - name: http From e8333d514fc2f16d6c1beca73accf1a9ed1f9a11 Mon Sep 17 00:00:00 2001 From: Joachim Date: Tue, 29 Oct 2024 14:14:52 +0000 Subject: [PATCH 158/209] [dca] [rbac] Add RBAC rules allowing PDB collection (#1577) --- charts/datadog/CHANGELOG.md | 4 + charts/datadog/Chart.yaml | 2 +- charts/datadog/README.md | 2 +- .../datadog/templates/cluster-agent-rbac.yaml | 5 +- ...gent-clusterchecks-deployment_default.yaml | 6 +- .../cluster-agent-deployment_default.yaml | 10 +-- ...loyment_default_advanced_AC_injection.yaml | 10 +-- ...ployment_default_minimal_AC_injection.yaml | 10 +-- test/datadog/baseline/daemonset_default.yaml | 6 +- test/datadog/baseline/other_default.yaml | 84 +++++++++---------- 10 files changed, 72 insertions(+), 67 deletions(-) diff --git a/charts/datadog/CHANGELOG.md b/charts/datadog/CHANGELOG.md index 0dc803fe6..33027597f 100644 --- a/charts/datadog/CHANGELOG.md +++ b/charts/datadog/CHANGELOG.md @@ -1,5 +1,9 @@ # Datadog changelog +## 3.76.3 + +* Add `podisruptionbudgets` RBAC to the Cluster Agent. + ## 3.76.2 * Fix warning message displayed when installing/upgrading the Agent with OTel collector. diff --git a/charts/datadog/Chart.yaml b/charts/datadog/Chart.yaml index e2c60f4ef..326d8f105 100644 --- a/charts/datadog/Chart.yaml +++ b/charts/datadog/Chart.yaml @@ -1,6 +1,6 @@ apiVersion: v1 name: datadog -version: 3.76.2 +version: 3.76.3 appVersion: "7" description: Datadog Agent keywords: diff --git a/charts/datadog/README.md b/charts/datadog/README.md index 177aba494..2de81418b 100644 --- a/charts/datadog/README.md +++ b/charts/datadog/README.md @@ -1,6 +1,6 @@ # Datadog -![Version: 3.76.2](https://img.shields.io/badge/Version-3.76.2-informational?style=flat-square) ![AppVersion: 7](https://img.shields.io/badge/AppVersion-7-informational?style=flat-square) +![Version: 3.76.3](https://img.shields.io/badge/Version-3.76.3-informational?style=flat-square) ![AppVersion: 7](https://img.shields.io/badge/AppVersion-7-informational?style=flat-square) [Datadog](https://www.datadoghq.com/) is a hosted infrastructure monitoring platform. This chart adds the Datadog Agent to all nodes in your cluster via a DaemonSet. It also optionally depends on the [kube-state-metrics chart](https://github.com/prometheus-community/helm-charts/tree/main/charts/kube-state-metrics). For more information about monitoring Kubernetes with Datadog, please refer to the [Datadog documentation website](https://docs.datadoghq.com/agent/basic_agent_usage/kubernetes/). diff --git a/charts/datadog/templates/cluster-agent-rbac.yaml b/charts/datadog/templates/cluster-agent-rbac.yaml index dd6c22cf3..e02be2434 100644 --- a/charts/datadog/templates/cluster-agent-rbac.yaml +++ b/charts/datadog/templates/cluster-agent-rbac.yaml @@ -272,16 +272,17 @@ rules: - namespaces verbs: - list -{{- if and .Values.clusterAgent.podSecurity.podSecurityPolicy.create (.Capabilities.APIVersions.Has "policy/v1beta1/PodSecurityPolicy") }} - apiGroups: - "policy" resources: + - poddisruptionbudgets + {{- if and .Values.clusterAgent.podSecurity.podSecurityPolicy.create (.Capabilities.APIVersions.Has "policy/v1beta1/PodSecurityPolicy") }} - podsecuritypolicies + {{- end }} verbs: - get - list - watch -{{- end }} - apiGroups: - rbac.authorization.k8s.io resources: diff --git a/test/datadog/baseline/agent-clusterchecks-deployment_default.yaml b/test/datadog/baseline/agent-clusterchecks-deployment_default.yaml index b19661ebf..70f8ad537 100644 --- a/test/datadog/baseline/agent-clusterchecks-deployment_default.yaml +++ b/test/datadog/baseline/agent-clusterchecks-deployment_default.yaml @@ -6,7 +6,7 @@ metadata: name: datadog-clusterchecks namespace: datadog-agent labels: - helm.sh/chart: 'datadog-3.75.0' + helm.sh/chart: 'datadog-3.75.1' app.kubernetes.io/name: "datadog" app.kubernetes.io/instance: "datadog" app.kubernetes.io/managed-by: Helm @@ -36,8 +36,8 @@ spec: name: datadog-clusterchecks annotations: - checksum/clusteragent_token: e662bb8d6708ee7d2bd21ce95572b12e19152da58e6c1640fbd706d505af5199 - checksum/install_info: 0f26ba698ed19cfca67b345f53ad633320db3f86502c811b4c44738df3ee25a4 + checksum/clusteragent_token: 46b1bd3e5501a2cfdd3d34f9f346042c26b3fcee8e32d95327c20a5101c1db66 + checksum/install_info: 87589acc73e699de4d2ee4e2f2f47d1d08905e9467bb0e4fe318f79aa3947f3b spec: serviceAccountName: datadog-cluster-checks automountServiceAccountToken: true diff --git a/test/datadog/baseline/cluster-agent-deployment_default.yaml b/test/datadog/baseline/cluster-agent-deployment_default.yaml index a65285c16..adfcdf968 100644 --- a/test/datadog/baseline/cluster-agent-deployment_default.yaml +++ b/test/datadog/baseline/cluster-agent-deployment_default.yaml @@ -6,7 +6,7 @@ metadata: name: datadog-cluster-agent namespace: datadog-agent labels: - helm.sh/chart: 'datadog-3.75.0' + helm.sh/chart: 'datadog-3.75.1' app.kubernetes.io/name: "datadog" app.kubernetes.io/instance: "datadog" app.kubernetes.io/managed-by: Helm @@ -36,11 +36,11 @@ spec: name: datadog-cluster-agent annotations: - checksum/clusteragent_token: 5d58162fbaf3dc86cb8e4ed4166bcc1442b62c8592072a72f4a041568bd5d921 - checksum/clusteragent-configmap: 0c1966cffe42a8ccb4671c256aa7db39c81c3dae6879d43317408155ad03110b - checksum/api_key: a65b0e9878ce3895aac0a8a39067aaceac970036603a52f6b4d3b8841fe562b9 + checksum/clusteragent_token: cca640a4dc199e529b846e953a6d37e8080ab2aeb4791125777661712c161032 + checksum/clusteragent-configmap: dc9ca8f8ed971495c8f225fcc46f1d0df999b38747fe4731c5bdc627cff6438f + checksum/api_key: 9ad68ca2a67a78240053d1d2c1a94d9276a5a93d72973717bb69dcd353960099 checksum/application_key: 01ba4719c80b6fe911b091a7c05124b64eeece964e09c058ef8f9805daca546b - checksum/install_info: 0f26ba698ed19cfca67b345f53ad633320db3f86502c811b4c44738df3ee25a4 + checksum/install_info: 87589acc73e699de4d2ee4e2f2f47d1d08905e9467bb0e4fe318f79aa3947f3b spec: serviceAccountName: datadog-cluster-agent automountServiceAccountToken: true diff --git a/test/datadog/baseline/cluster-agent-deployment_default_advanced_AC_injection.yaml b/test/datadog/baseline/cluster-agent-deployment_default_advanced_AC_injection.yaml index 624ab7979..7974728c2 100644 --- a/test/datadog/baseline/cluster-agent-deployment_default_advanced_AC_injection.yaml +++ b/test/datadog/baseline/cluster-agent-deployment_default_advanced_AC_injection.yaml @@ -6,7 +6,7 @@ metadata: name: datadog-cluster-agent namespace: datadog-agent labels: - helm.sh/chart: 'datadog-3.75.0' + helm.sh/chart: 'datadog-3.75.1' app.kubernetes.io/name: "datadog" app.kubernetes.io/instance: "datadog" app.kubernetes.io/managed-by: Helm @@ -36,11 +36,11 @@ spec: name: datadog-cluster-agent annotations: - checksum/clusteragent_token: 4faaaae681309cfb4836e070a4b35e8a718a1b3c012ffb338d2ec7a3cf4036b1 - checksum/clusteragent-configmap: 0c1966cffe42a8ccb4671c256aa7db39c81c3dae6879d43317408155ad03110b - checksum/api_key: a65b0e9878ce3895aac0a8a39067aaceac970036603a52f6b4d3b8841fe562b9 + checksum/clusteragent_token: 7761a2e69537a90814c4a56ca749333ab0c0a9c23ca77b27bd22d8c58ac75da2 + checksum/clusteragent-configmap: dc9ca8f8ed971495c8f225fcc46f1d0df999b38747fe4731c5bdc627cff6438f + checksum/api_key: 9ad68ca2a67a78240053d1d2c1a94d9276a5a93d72973717bb69dcd353960099 checksum/application_key: 01ba4719c80b6fe911b091a7c05124b64eeece964e09c058ef8f9805daca546b - checksum/install_info: 0f26ba698ed19cfca67b345f53ad633320db3f86502c811b4c44738df3ee25a4 + checksum/install_info: 87589acc73e699de4d2ee4e2f2f47d1d08905e9467bb0e4fe318f79aa3947f3b spec: serviceAccountName: datadog-cluster-agent automountServiceAccountToken: true diff --git a/test/datadog/baseline/cluster-agent-deployment_default_minimal_AC_injection.yaml b/test/datadog/baseline/cluster-agent-deployment_default_minimal_AC_injection.yaml index 386531be8..94bb3e583 100644 --- a/test/datadog/baseline/cluster-agent-deployment_default_minimal_AC_injection.yaml +++ b/test/datadog/baseline/cluster-agent-deployment_default_minimal_AC_injection.yaml @@ -6,7 +6,7 @@ metadata: name: datadog-cluster-agent namespace: datadog-agent labels: - helm.sh/chart: 'datadog-3.75.0' + helm.sh/chart: 'datadog-3.75.1' app.kubernetes.io/name: "datadog" app.kubernetes.io/instance: "datadog" app.kubernetes.io/managed-by: Helm @@ -36,11 +36,11 @@ spec: name: datadog-cluster-agent annotations: - checksum/clusteragent_token: 7f6c7c85263dcfa577b2dd96600808784265f650c52ee13f4814274fdae02eb4 - checksum/clusteragent-configmap: 0c1966cffe42a8ccb4671c256aa7db39c81c3dae6879d43317408155ad03110b - checksum/api_key: a65b0e9878ce3895aac0a8a39067aaceac970036603a52f6b4d3b8841fe562b9 + checksum/clusteragent_token: 33dc54d9eba52c54cc95d41ac63222d92496535dd9905c88cadef49b1c994273 + checksum/clusteragent-configmap: dc9ca8f8ed971495c8f225fcc46f1d0df999b38747fe4731c5bdc627cff6438f + checksum/api_key: 9ad68ca2a67a78240053d1d2c1a94d9276a5a93d72973717bb69dcd353960099 checksum/application_key: 01ba4719c80b6fe911b091a7c05124b64eeece964e09c058ef8f9805daca546b - checksum/install_info: 0f26ba698ed19cfca67b345f53ad633320db3f86502c811b4c44738df3ee25a4 + checksum/install_info: 87589acc73e699de4d2ee4e2f2f47d1d08905e9467bb0e4fe318f79aa3947f3b spec: serviceAccountName: datadog-cluster-agent automountServiceAccountToken: true diff --git a/test/datadog/baseline/daemonset_default.yaml b/test/datadog/baseline/daemonset_default.yaml index 998659536..6f081c160 100644 --- a/test/datadog/baseline/daemonset_default.yaml +++ b/test/datadog/baseline/daemonset_default.yaml @@ -6,7 +6,7 @@ metadata: name: datadog namespace: datadog-agent labels: - helm.sh/chart: 'datadog-3.75.0' + helm.sh/chart: 'datadog-3.75.1' app.kubernetes.io/name: "datadog" app.kubernetes.io/instance: "datadog" app.kubernetes.io/managed-by: Helm @@ -30,8 +30,8 @@ spec: name: datadog annotations: - checksum/clusteragent_token: 83b5b1602b5e1169578e69dded647f78c781486cc5e8203a93bcd477148b6938 - checksum/install_info: 0f26ba698ed19cfca67b345f53ad633320db3f86502c811b4c44738df3ee25a4 + checksum/clusteragent_token: 961ab185a6d0f5b70b0e18b9c259c1ba532a15755b92a76561d20d95aac3787c + checksum/install_info: 87589acc73e699de4d2ee4e2f2f47d1d08905e9467bb0e4fe318f79aa3947f3b checksum/autoconf-config: 74234e98afe7498fb5daf1f36ac2d78acc339464f950703b8c019892f982b90b checksum/confd-config: 44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a checksum/checksd-config: 44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a diff --git a/test/datadog/baseline/other_default.yaml b/test/datadog/baseline/other_default.yaml index 07298dcf4..50fcce917 100644 --- a/test/datadog/baseline/other_default.yaml +++ b/test/datadog/baseline/other_default.yaml @@ -6,7 +6,7 @@ metadata: name: datadog-clusterchecks namespace: datadog-agent labels: - helm.sh/chart: 'datadog-3.75.0' + helm.sh/chart: 'datadog-3.75.1' app.kubernetes.io/name: "datadog" app.kubernetes.io/instance: "datadog" app.kubernetes.io/managed-by: Helm @@ -24,7 +24,7 @@ metadata: name: datadog-cluster-agent namespace: datadog-agent labels: - helm.sh/chart: 'datadog-3.75.0' + helm.sh/chart: 'datadog-3.75.1' app.kubernetes.io/name: "datadog" app.kubernetes.io/instance: "datadog" app.kubernetes.io/managed-by: Helm @@ -41,13 +41,13 @@ kind: ServiceAccount automountServiceAccountToken: true metadata: labels: - helm.sh/chart: 'datadog-3.75.0' + helm.sh/chart: 'datadog-3.75.1' app.kubernetes.io/name: "datadog" app.kubernetes.io/instance: "datadog" app.kubernetes.io/managed-by: Helm app.kubernetes.io/version: "7" app: "datadog" - chart: "datadog-3.75.0" + chart: "datadog-3.75.1" heritage: "Helm" release: "datadog" name: datadog-cluster-checks @@ -60,10 +60,10 @@ automountServiceAccountToken: true metadata: labels: app: "datadog" - chart: "datadog-3.75.0" + chart: "datadog-3.75.1" heritage: "Helm" release: "datadog" - helm.sh/chart: 'datadog-3.75.0' + helm.sh/chart: 'datadog-3.75.1' app.kubernetes.io/name: "datadog" app.kubernetes.io/instance: "datadog" app.kubernetes.io/managed-by: Helm @@ -79,7 +79,7 @@ metadata: name: datadog namespace: datadog-agent labels: - helm.sh/chart: 'datadog-3.75.0' + helm.sh/chart: 'datadog-3.75.1' app.kubernetes.io/name: "datadog" app.kubernetes.io/instance: "datadog" app.kubernetes.io/managed-by: Helm @@ -92,14 +92,14 @@ metadata: name: datadog-cluster-agent namespace: datadog-agent labels: - helm.sh/chart: 'datadog-3.75.0' + helm.sh/chart: 'datadog-3.75.1' app.kubernetes.io/name: "datadog" app.kubernetes.io/instance: "datadog" app.kubernetes.io/managed-by: Helm app.kubernetes.io/version: "7" type: Opaque data: - token: "YjlvWkxFclduWHdiQVZJZzBSaGlXYnNVb084Y1BSdGY=" + token: "ZDFCOWlKUnBzU0pDdTBWd3Azd05jb0MyRmdFVmhLazc=" --- # Source: datadog/templates/cluster-agent-confd-configmap.yaml apiVersion: v1 @@ -108,7 +108,7 @@ metadata: name: datadog-cluster-agent-confd namespace: datadog-agent labels: - helm.sh/chart: 'datadog-3.75.0' + helm.sh/chart: 'datadog-3.75.1' app.kubernetes.io/name: "datadog" app.kubernetes.io/instance: "datadog" app.kubernetes.io/managed-by: Helm @@ -162,20 +162,20 @@ metadata: name: datadog-installinfo namespace: datadog-agent labels: - helm.sh/chart: 'datadog-3.75.0' + helm.sh/chart: 'datadog-3.75.1' app.kubernetes.io/name: "datadog" app.kubernetes.io/instance: "datadog" app.kubernetes.io/managed-by: Helm app.kubernetes.io/version: "7" annotations: - checksum/install_info: 0f26ba698ed19cfca67b345f53ad633320db3f86502c811b4c44738df3ee25a4 + checksum/install_info: 87589acc73e699de4d2ee4e2f2f47d1d08905e9467bb0e4fe318f79aa3947f3b data: install_info: | --- install_method: tool: helm tool_version: Helm - installer_version: datadog-3.75.0 + installer_version: datadog-3.75.1 --- # Source: datadog/templates/kpi-telemetry-configmap.yaml apiVersion: v1 @@ -184,22 +184,22 @@ metadata: name: datadog-kpi-telemetry-configmap namespace: datadog-agent labels: - helm.sh/chart: 'datadog-3.75.0' + helm.sh/chart: 'datadog-3.75.1' app.kubernetes.io/name: "datadog" app.kubernetes.io/instance: "datadog" app.kubernetes.io/managed-by: Helm app.kubernetes.io/version: "7" data: install_type: k8s_manual - install_id: "bad5d0c4-f169-4c57-9bf3-2fbf5aa4c599" - install_time: "1729541004" + install_id: "cf6e5120-49d5-4b2f-be9d-c98048e12dd5" + install_time: "1729688107" --- # Source: datadog/templates/cluster-agent-rbac.yaml apiVersion: "rbac.authorization.k8s.io/v1" kind: ClusterRole metadata: labels: - helm.sh/chart: 'datadog-3.75.0' + helm.sh/chart: 'datadog-3.75.1' app.kubernetes.io/name: "datadog" app.kubernetes.io/instance: "datadog" app.kubernetes.io/managed-by: Helm @@ -416,7 +416,7 @@ apiVersion: "rbac.authorization.k8s.io/v1" kind: ClusterRole metadata: labels: - helm.sh/chart: 'datadog-3.75.0' + helm.sh/chart: 'datadog-3.75.1' app.kubernetes.io/name: "datadog" app.kubernetes.io/instance: "datadog" app.kubernetes.io/managed-by: Helm @@ -512,7 +512,7 @@ kind: ClusterRole metadata: name: datadog labels: - helm.sh/chart: 'datadog-3.75.0' + helm.sh/chart: 'datadog-3.75.1' app.kubernetes.io/name: "datadog" app.kubernetes.io/instance: "datadog" app.kubernetes.io/managed-by: Helm @@ -560,7 +560,7 @@ apiVersion: "rbac.authorization.k8s.io/v1" kind: ClusterRoleBinding metadata: labels: - helm.sh/chart: 'datadog-3.75.0' + helm.sh/chart: 'datadog-3.75.1' app.kubernetes.io/name: "datadog" app.kubernetes.io/instance: "datadog" app.kubernetes.io/managed-by: Helm @@ -580,7 +580,7 @@ apiVersion: "rbac.authorization.k8s.io/v1" kind: ClusterRoleBinding metadata: labels: - helm.sh/chart: 'datadog-3.75.0' + helm.sh/chart: 'datadog-3.75.1' app.kubernetes.io/name: "datadog" app.kubernetes.io/instance: "datadog" app.kubernetes.io/managed-by: Helm @@ -600,7 +600,7 @@ apiVersion: "rbac.authorization.k8s.io/v1" kind: ClusterRoleBinding metadata: labels: - helm.sh/chart: 'datadog-3.75.0' + helm.sh/chart: 'datadog-3.75.1' app.kubernetes.io/name: "datadog" app.kubernetes.io/instance: "datadog" app.kubernetes.io/managed-by: Helm @@ -621,7 +621,7 @@ kind: ClusterRoleBinding metadata: name: datadog labels: - helm.sh/chart: 'datadog-3.75.0' + helm.sh/chart: 'datadog-3.75.1' app.kubernetes.io/name: "datadog" app.kubernetes.io/instance: "datadog" app.kubernetes.io/managed-by: Helm @@ -640,7 +640,7 @@ apiVersion: "rbac.authorization.k8s.io/v1" kind: Role metadata: labels: - helm.sh/chart: 'datadog-3.75.0' + helm.sh/chart: 'datadog-3.75.1' app.kubernetes.io/name: "datadog" app.kubernetes.io/instance: "datadog" app.kubernetes.io/managed-by: Helm @@ -657,7 +657,7 @@ apiVersion: "rbac.authorization.k8s.io/v1" kind: Role metadata: labels: - helm.sh/chart: 'datadog-3.75.0' + helm.sh/chart: 'datadog-3.75.1' app.kubernetes.io/name: "datadog" app.kubernetes.io/instance: "datadog" app.kubernetes.io/managed-by: Helm @@ -679,7 +679,7 @@ apiVersion: "rbac.authorization.k8s.io/v1" kind: RoleBinding metadata: labels: - helm.sh/chart: 'datadog-3.75.0' + helm.sh/chart: 'datadog-3.75.1' app.kubernetes.io/name: "datadog" app.kubernetes.io/instance: "datadog" app.kubernetes.io/managed-by: Helm @@ -700,7 +700,7 @@ apiVersion: "rbac.authorization.k8s.io/v1" kind: RoleBinding metadata: labels: - helm.sh/chart: 'datadog-3.75.0' + helm.sh/chart: 'datadog-3.75.1' app.kubernetes.io/name: "datadog" app.kubernetes.io/instance: "datadog" app.kubernetes.io/managed-by: Helm @@ -723,7 +723,7 @@ metadata: name: datadog-cluster-agent namespace: datadog-agent labels: - helm.sh/chart: 'datadog-3.75.0' + helm.sh/chart: 'datadog-3.75.1' app.kubernetes.io/name: "datadog" app.kubernetes.io/instance: "datadog" app.kubernetes.io/managed-by: Helm @@ -745,10 +745,10 @@ metadata: namespace: datadog-agent labels: app: "datadog" - chart: "datadog-3.75.0" + chart: "datadog-3.75.1" release: "datadog" heritage: "Helm" - helm.sh/chart: 'datadog-3.75.0' + helm.sh/chart: 'datadog-3.75.1' app.kubernetes.io/name: "datadog" app.kubernetes.io/instance: "datadog" app.kubernetes.io/managed-by: Helm @@ -771,10 +771,10 @@ metadata: namespace: datadog-agent labels: app: "datadog" - chart: "datadog-3.75.0" + chart: "datadog-3.75.1" release: "datadog" heritage: "Helm" - helm.sh/chart: 'datadog-3.75.0' + helm.sh/chart: 'datadog-3.75.1' app.kubernetes.io/name: "datadog" app.kubernetes.io/instance: "datadog" app.kubernetes.io/managed-by: Helm @@ -800,7 +800,7 @@ metadata: name: datadog namespace: datadog-agent labels: - helm.sh/chart: 'datadog-3.75.0' + helm.sh/chart: 'datadog-3.75.1' app.kubernetes.io/name: "datadog" app.kubernetes.io/instance: "datadog" app.kubernetes.io/managed-by: Helm @@ -824,8 +824,8 @@ spec: name: datadog annotations: - checksum/clusteragent_token: ee1bf541a249cd52955bc91b1fae0050212fe2bfd3894a84f616781f81362f03 - checksum/install_info: 0f26ba698ed19cfca67b345f53ad633320db3f86502c811b4c44738df3ee25a4 + checksum/clusteragent_token: 16f78b0857551ecbe0b56ecfeff09fd304028ca6bc7d85c76cd570c1e358a1e1 + checksum/install_info: 87589acc73e699de4d2ee4e2f2f47d1d08905e9467bb0e4fe318f79aa3947f3b checksum/autoconf-config: 74234e98afe7498fb5daf1f36ac2d78acc339464f950703b8c019892f982b90b checksum/confd-config: 44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a checksum/checksd-config: 44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a @@ -1322,7 +1322,7 @@ metadata: name: datadog-clusterchecks namespace: datadog-agent labels: - helm.sh/chart: 'datadog-3.75.0' + helm.sh/chart: 'datadog-3.75.1' app.kubernetes.io/name: "datadog" app.kubernetes.io/instance: "datadog" app.kubernetes.io/managed-by: Helm @@ -1352,8 +1352,8 @@ spec: name: datadog-clusterchecks annotations: - checksum/clusteragent_token: d72fa1bb77003ed410a9aa8ac706024226cff72df58b070689341cad09172740 - checksum/install_info: 0f26ba698ed19cfca67b345f53ad633320db3f86502c811b4c44738df3ee25a4 + checksum/clusteragent_token: 0813165fbc88838d7f439a67c19f9763b02261cca6c1198511e016fb493693ef + checksum/install_info: 87589acc73e699de4d2ee4e2f2f47d1d08905e9467bb0e4fe318f79aa3947f3b spec: serviceAccountName: datadog-cluster-checks automountServiceAccountToken: true @@ -1514,7 +1514,7 @@ metadata: name: datadog-cluster-agent namespace: datadog-agent labels: - helm.sh/chart: 'datadog-3.75.0' + helm.sh/chart: 'datadog-3.75.1' app.kubernetes.io/name: "datadog" app.kubernetes.io/instance: "datadog" app.kubernetes.io/managed-by: Helm @@ -1544,9 +1544,9 @@ spec: name: datadog-cluster-agent annotations: - checksum/clusteragent_token: 14f9bef25f860ee586f3e986281b05b2a38d96ec8e9a42efbce111d7e2d168ec - checksum/clusteragent-configmap: 81e504b930c13adb4bd74da0422bfa0306dba563ef9161b91f84bfe15da77266 - checksum/install_info: 0f26ba698ed19cfca67b345f53ad633320db3f86502c811b4c44738df3ee25a4 + checksum/clusteragent_token: 052652147b1153e4103954253b1024b9dd07c6f3ab5701c830f23fbf9522642f + checksum/clusteragent-configmap: 44f5f79f4dc291597183d81712b6beb73c2975ab3607e49f6e31c3290e5bef82 + checksum/install_info: 87589acc73e699de4d2ee4e2f2f47d1d08905e9467bb0e4fe318f79aa3947f3b spec: serviceAccountName: datadog-cluster-agent automountServiceAccountToken: true From 6b2cbbcd144297048120f1fb295feb794cdf89c1 Mon Sep 17 00:00:00 2001 From: Sylvain Baubeau Date: Tue, 29 Oct 2024 21:02:03 +0100 Subject: [PATCH 159/209] Add support for overlayfs direct scan for SBOMs (#1540) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit * Use uncompressedlayerssupport only if containerImage is enabled * Add support for overlayfs direct scan for SBOMs * Mount docker directory to access container image mounts --------- Co-authored-by: Timothée Bavelier --- charts/datadog/CHANGELOG.md | 4 ++++ charts/datadog/Chart.yaml | 2 +- charts/datadog/README.md | 3 ++- charts/datadog/templates/_container-agent.yaml | 17 +++++++++++++---- .../templates/_daemonset-volumes-linux.yaml | 3 +++ charts/datadog/templates/daemonset.yaml | 2 +- charts/datadog/values.yaml | 3 +++ 7 files changed, 27 insertions(+), 7 deletions(-) diff --git a/charts/datadog/CHANGELOG.md b/charts/datadog/CHANGELOG.md index 33027597f..beda40817 100644 --- a/charts/datadog/CHANGELOG.md +++ b/charts/datadog/CHANGELOG.md @@ -1,5 +1,9 @@ # Datadog changelog +## 3.77.0 + +* Add experimental support for overlayfs direct scan for SBOMs + ## 3.76.3 * Add `podisruptionbudgets` RBAC to the Cluster Agent. diff --git a/charts/datadog/Chart.yaml b/charts/datadog/Chart.yaml index 326d8f105..86efc78eb 100644 --- a/charts/datadog/Chart.yaml +++ b/charts/datadog/Chart.yaml @@ -1,6 +1,6 @@ apiVersion: v1 name: datadog -version: 3.76.3 +version: 3.77.0 appVersion: "7" description: Datadog Agent keywords: diff --git a/charts/datadog/README.md b/charts/datadog/README.md index 2de81418b..b0d033ad9 100644 --- a/charts/datadog/README.md +++ b/charts/datadog/README.md @@ -1,6 +1,6 @@ # Datadog -![Version: 3.76.3](https://img.shields.io/badge/Version-3.76.3-informational?style=flat-square) ![AppVersion: 7](https://img.shields.io/badge/AppVersion-7-informational?style=flat-square) +![Version: 3.77.0](https://img.shields.io/badge/Version-3.77.0-informational?style=flat-square) ![AppVersion: 7](https://img.shields.io/badge/AppVersion-7-informational?style=flat-square) [Datadog](https://www.datadoghq.com/) is a hosted infrastructure monitoring platform. This chart adds the Datadog Agent to all nodes in your cluster via a DaemonSet. It also optionally depends on the [kube-state-metrics chart](https://github.com/prometheus-community/helm-charts/tree/main/charts/kube-state-metrics). For more information about monitoring Kubernetes with Datadog, please refer to the [Datadog documentation website](https://docs.datadoghq.com/agent/basic_agent_usage/kubernetes/). @@ -799,6 +799,7 @@ helm install \ | datadog.prometheusScrape.version | int | `2` | Version of the openmetrics check to schedule by default. | | datadog.remoteConfiguration.enabled | bool | `true` | Set to true to enable remote configuration. DEPRECATED: Consider using remoteConfiguration.enabled instead | | datadog.sbom.containerImage.enabled | bool | `false` | Enable SBOM collection for container images | +| datadog.sbom.containerImage.overlayFSDirectScan | bool | `false` | Use experimental overlayFS direct scan | | datadog.sbom.containerImage.uncompressedLayersSupport | bool | `true` | Use container runtime snapshotter This should be set to true when using EKS, GKE or if containerd is configured to discard uncompressed layers. This feature will cause the SYS_ADMIN capability to be added to the Agent container. Setting this to false could cause a high error rate when generating SBOMs due to missing uncompressed layer. See https://docs.datadoghq.com/security/cloud_security_management/troubleshooting/vulnerabilities/#uncompressed-container-image-layers | | datadog.sbom.host.enabled | bool | `false` | Enable SBOM collection for host filesystems | | datadog.secretAnnotations | object | `{}` | | diff --git a/charts/datadog/templates/_container-agent.yaml b/charts/datadog/templates/_container-agent.yaml index e3e6f136b..5288da809 100644 --- a/charts/datadog/templates/_container-agent.yaml +++ b/charts/datadog/templates/_container-agent.yaml @@ -3,7 +3,7 @@ image: "{{ include "image-path" (dict "root" .Values "image" .Values.agents.image) }}" imagePullPolicy: {{ .Values.agents.image.pullPolicy }} command: ["agent", "run"] -{{ include "generate-security-context" (dict "securityContext" .Values.agents.containers.agent.securityContext "targetSystem" .Values.targetSystem "seccomp" "" "kubeversion" .Capabilities.KubeVersion.Version "sysAdmin" (and (eq (include "should-enable-sbom-container-image-collection" .) "true") .Values.datadog.sbom.containerImage.uncompressedLayersSupport)) | indent 2 }} +{{ include "generate-security-context" (dict "securityContext" .Values.agents.containers.agent.securityContext "targetSystem" .Values.targetSystem "seccomp" "" "kubeversion" .Capabilities.KubeVersion.Version "sysAdmin" (and (eq (include "should-enable-sbom-container-image-collection" .) "true") (and .Values.datadog.sbom.containerImage.uncompressedLayersSupport (not .Values.datadog.sbom.containerImage.overlayFSDirectScan)))) | indent 2 }} resources: {{ toYaml .Values.agents.containers.agent.resources | indent 4 }} ports: @@ -177,11 +177,17 @@ - name: DD_SBOM_CONTAINER_IMAGE_ENABLED value: "true" {{- end }} - {{- if and (eq (include "should-enable-sbom-container-image-collection" .) "true") .Values.datadog.sbom.containerImage.uncompressedLayersSupport }} + {{- if (eq (include "should-enable-sbom-container-image-collection" .) "true") }} + {{- if .Values.datadog.sbom.containerImage.uncompressedLayersSupport }} + {{- if .Values.datadog.sbom.containerImage.overlayFSDirectScan }} + - name: DD_SBOM_CONTAINER_IMAGE_OVERLAYFS_DIRECT_SCAN + value: "true" + {{- else }} - name: DD_SBOM_CONTAINER_IMAGE_USE_MOUNT value: "true" {{- end }} - + {{- end }} + {{- end }} {{- if .Values.datadog.sbom.host.enabled }} - name: DD_SBOM_HOST_ENABLED value: "true" @@ -276,10 +282,13 @@ readOnly: true {{- end }} {{- end }} - {{- if and (eq (include "should-enable-sbom-container-image-collection" .) "true") .Values.datadog.sbom.containerImage.uncompressedLayersSupport }} + {{- if and (eq (include "should-enable-sbom-container-image-collection" .) "true") (or .Values.datadog.sbom.containerImage.uncompressedLayersSupport .Values.datadog.sbom.containerImage.overlayFSDirectScan)}} - name: host-containerd-dir mountPath: /host/var/lib/containerd readOnly: true + - name: host-docker-dir + mountPath: /host/var/lib/docker + readOnly: true {{- end }} {{- if .Values.datadog.sbom.host.enabled }} - name: host-apk-dir diff --git a/charts/datadog/templates/_daemonset-volumes-linux.yaml b/charts/datadog/templates/_daemonset-volumes-linux.yaml index 0a114c0d5..fe07cdc45 100644 --- a/charts/datadog/templates/_daemonset-volumes-linux.yaml +++ b/charts/datadog/templates/_daemonset-volumes-linux.yaml @@ -151,6 +151,9 @@ - hostPath: path: /var/lib/containerd name: host-containerd-dir +- hostPath: + path: /var/lib/docker + name: host-docker-dir {{- end }} {{- if .Values.datadog.sbom.host.enabled }} - hostPath: diff --git a/charts/datadog/templates/daemonset.yaml b/charts/datadog/templates/daemonset.yaml index 36015b688..ad4b959a2 100644 --- a/charts/datadog/templates/daemonset.yaml +++ b/charts/datadog/templates/daemonset.yaml @@ -73,7 +73,7 @@ spec: shareProcessNamespace: {{ .Values.agents.shareProcessNamespace }} {{- end }} {{- if .Values.datadog.securityContext -}} - {{ include "generate-security-context" (dict "securityContext" .Values.datadog.securityContext "targetSystem" .Values.targetSystem "seccomp" "" "kubeversion" .Capabilities.KubeVersion.Version ) | nindent 6 }} + {{ include "generate-security-context" (dict "securityContext" .Values.datadog.securityContext "targetSystem" .Values.targetSystem "seccomp" "" "kubeversion" .Capabilities.KubeVersion.Version) | nindent 6 }} {{- else if or .Values.agents.podSecurity.podSecurityPolicy.create .Values.agents.podSecurity.securityContextConstraints.create -}} {{- if .Values.agents.podSecurity.securityContext }} {{- if .Values.agents.podSecurity.securityContext.seLinuxOptions }} diff --git a/charts/datadog/values.yaml b/charts/datadog/values.yaml index 8457d2e94..34e158060 100644 --- a/charts/datadog/values.yaml +++ b/charts/datadog/values.yaml @@ -826,6 +826,9 @@ datadog: # See https://docs.datadoghq.com/security/cloud_security_management/troubleshooting/vulnerabilities/#uncompressed-container-image-layers uncompressedLayersSupport: true + # datadog.sbom.containerImage.overlayFSDirectScan -- Use experimental overlayFS direct scan + overlayFSDirectScan: false + host: # datadog.sbom.host.enabled -- Enable SBOM collection for host filesystems enabled: false From 5b33ead6854309dae457819927f2034909da54f4 Mon Sep 17 00:00:00 2001 From: Celene Date: Thu, 31 Oct 2024 13:13:30 -0400 Subject: [PATCH 160/209] Delete default configuration files from cluster checks runner (#1594) * add shell cmds to persist specified check conf.d directories on ccr pods * alternate solution to delete only default yaml files * bump chart --- charts/datadog/CHANGELOG.md | 4 ++++ charts/datadog/Chart.yaml | 2 +- charts/datadog/README.md | 2 +- charts/datadog/templates/agent-clusterchecks-deployment.yaml | 2 +- 4 files changed, 7 insertions(+), 3 deletions(-) diff --git a/charts/datadog/CHANGELOG.md b/charts/datadog/CHANGELOG.md index beda40817..556e46746 100644 --- a/charts/datadog/CHANGELOG.md +++ b/charts/datadog/CHANGELOG.md @@ -1,5 +1,9 @@ # Datadog changelog +## 3.77.1 + +* Modify command that removes the default conf.d directory from the Cluster Checks Runners and only removes the default YAML files. + ## 3.77.0 * Add experimental support for overlayfs direct scan for SBOMs diff --git a/charts/datadog/Chart.yaml b/charts/datadog/Chart.yaml index 86efc78eb..d304475d8 100644 --- a/charts/datadog/Chart.yaml +++ b/charts/datadog/Chart.yaml @@ -1,6 +1,6 @@ apiVersion: v1 name: datadog -version: 3.77.0 +version: 3.77.1 appVersion: "7" description: Datadog Agent keywords: diff --git a/charts/datadog/README.md b/charts/datadog/README.md index b0d033ad9..c7db99b0e 100644 --- a/charts/datadog/README.md +++ b/charts/datadog/README.md @@ -1,6 +1,6 @@ # Datadog -![Version: 3.77.0](https://img.shields.io/badge/Version-3.77.0-informational?style=flat-square) ![AppVersion: 7](https://img.shields.io/badge/AppVersion-7-informational?style=flat-square) +![Version: 3.77.1](https://img.shields.io/badge/Version-3.77.1-informational?style=flat-square) ![AppVersion: 7](https://img.shields.io/badge/AppVersion-7-informational?style=flat-square) [Datadog](https://www.datadoghq.com/) is a hosted infrastructure monitoring platform. This chart adds the Datadog Agent to all nodes in your cluster via a DaemonSet. It also optionally depends on the [kube-state-metrics chart](https://github.com/prometheus-community/helm-charts/tree/main/charts/kube-state-metrics). For more information about monitoring Kubernetes with Datadog, please refer to the [Datadog documentation website](https://docs.datadoghq.com/agent/basic_agent_usage/kubernetes/). diff --git a/charts/datadog/templates/agent-clusterchecks-deployment.yaml b/charts/datadog/templates/agent-clusterchecks-deployment.yaml index 07696c35b..d61c3237a 100644 --- a/charts/datadog/templates/agent-clusterchecks-deployment.yaml +++ b/charts/datadog/templates/agent-clusterchecks-deployment.yaml @@ -109,7 +109,7 @@ spec: image: "{{ include "image-path" (dict "root" .Values "image" .Values.clusterChecksRunner.image) }}" command: ["bash", "-c"] args: - - rm -rf /etc/datadog-agent/conf.d && touch /etc/datadog-agent/datadog.yaml && exec agent run + - find /etc/datadog-agent/conf.d/ -name "*.yaml.default" -type f -delete && touch /etc/datadog-agent/datadog.yaml && exec agent run imagePullPolicy: {{ .Values.clusterChecksRunner.image.pullPolicy }} {{- if .Values.clusterChecksRunner.ports }} ports: From 9ffdecadff2bcb4ccd84d405a16b32b65f8e4389 Mon Sep 17 00:00:00 2001 From: ArunPiduguDD Date: Fri, 1 Nov 2024 10:20:53 -0400 Subject: [PATCH 161/209] Fix format of teams listed in github_team_restrictions (#1595) --- repository.datadog.yml | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/repository.datadog.yml b/repository.datadog.yml index b49e10d17..814d38c3e 100644 --- a/repository.datadog.yml +++ b/repository.datadog.yml @@ -10,11 +10,11 @@ github_teams_restrictions: - container-helm-chart-maintainers - container-integrations - container-t2 - - Synthetics - - Documentation - - Observability Pipelines - - Telemetry and Analytics - - Vector + - synthetics + - documentation + - observability-pipelines + - telemetry-and-analytics + - vector github_users_restrictions: - cahillsf - clamoriniere From 66a31bc1edb51c9ed0c7c9fa7bd81fd3b1bb5bbf Mon Sep 17 00:00:00 2001 From: ArunPiduguDD Date: Fri, 1 Nov 2024 12:49:35 -0400 Subject: [PATCH 162/209] [observability-pipelines-worker] 2.2.1 release (#1593) --- charts/observability-pipelines-worker/CHANGELOG.md | 4 ++++ charts/observability-pipelines-worker/Chart.yaml | 4 ++-- charts/observability-pipelines-worker/README.md | 4 ++-- charts/observability-pipelines-worker/values.yaml | 2 +- 4 files changed, 9 insertions(+), 5 deletions(-) diff --git a/charts/observability-pipelines-worker/CHANGELOG.md b/charts/observability-pipelines-worker/CHANGELOG.md index 5b0a92a21..aac9b3464 100644 --- a/charts/observability-pipelines-worker/CHANGELOG.md +++ b/charts/observability-pipelines-worker/CHANGELOG.md @@ -1,5 +1,9 @@ # Changelog +## 2.2.1 + +* Official image `2.2.1` + ## 2.2.0 * Official image `2.2.0` diff --git a/charts/observability-pipelines-worker/Chart.yaml b/charts/observability-pipelines-worker/Chart.yaml index 0e4de305c..757f49855 100644 --- a/charts/observability-pipelines-worker/Chart.yaml +++ b/charts/observability-pipelines-worker/Chart.yaml @@ -1,6 +1,6 @@ apiVersion: v2 name: observability-pipelines-worker -version: "2.2.0" +version: "2.2.1" description: Observability Pipelines Worker type: application keywords: @@ -13,7 +13,7 @@ icon: https://datadog-live.imgix.net/img/dd_logo_70x75.png maintainers: - name: Datadog email: support@datadoghq.com -appVersion: "2.2.0" +appVersion: "2.2.1" annotations: artifacthub.io/links: | - name: Chart Source diff --git a/charts/observability-pipelines-worker/README.md b/charts/observability-pipelines-worker/README.md index 485509309..a9e50e99e 100644 --- a/charts/observability-pipelines-worker/README.md +++ b/charts/observability-pipelines-worker/README.md @@ -1,6 +1,6 @@ # Observability Pipelines Worker -![Version: 2.2.0](https://img.shields.io/badge/Version-2.2.0-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 2.2.0](https://img.shields.io/badge/AppVersion-2.2.0-informational?style=flat-square) +![Version: 2.2.1](https://img.shields.io/badge/Version-2.2.1-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 2.2.1](https://img.shields.io/badge/AppVersion-2.2.1-informational?style=flat-square) ## How to use Datadog Helm repository @@ -110,7 +110,7 @@ The command removes all the Kubernetes components associated with the chart and | image.pullPolicy | string | `"IfNotPresent"` | Specify the [pullPolicy](https://kubernetes.io/docs/concepts/containers/images/#image-pull-policy). | | image.pullSecrets | list | `[]` | Specify the [imagePullSecrets](https://kubernetes.io/docs/concepts/containers/images/#specifying-imagepullsecrets-on-a-pod). | | image.repository | string | `"gcr.io/datadoghq"` | Specify the image repository to use. | -| image.tag | string | `"2.2.0"` | Specify the image tag to use. | +| image.tag | string | `"2.2.1"` | Specify the image tag to use. | | ingress.annotations | object | `{}` | Specify annotations for the Ingress. | | ingress.className | string | `""` | Specify the [ingressClassName](https://kubernetes.io/blog/2020/04/02/improvements-to-the-ingress-api-in-kubernetes-1.18/#specifying-the-class-of-an-ingress), requires Kubernetes >= 1.18. | | ingress.enabled | bool | `false` | If **true**, create an Ingress resource. | diff --git a/charts/observability-pipelines-worker/values.yaml b/charts/observability-pipelines-worker/values.yaml index e4f84ec44..566c7333e 100644 --- a/charts/observability-pipelines-worker/values.yaml +++ b/charts/observability-pipelines-worker/values.yaml @@ -42,7 +42,7 @@ image: # image.name -- Specify the image name to use (relative to `image.repository`). name: observability-pipelines-worker # image.tag -- Specify the image tag to use. - tag: 2.2.0 + tag: 2.2.1 # image.digest -- (string) Specify the image digest to use; takes precedence over `image.tag`. digest: ## Currently, we offer images at: From fd50dbe9a6359690d5231792bb5a929bdfe0a7b7 Mon Sep 17 00:00:00 2001 From: Joshua Lineaweaver Date: Fri, 1 Nov 2024 14:07:24 -0600 Subject: [PATCH 163/209] [Orch] Add additional permissions for operator to view CRDs (#1583) Co-authored-by: levan-m <116471169+levan-m@users.noreply.github.com> --- charts/datadog-operator/CHANGELOG.md | 4 ++++ charts/datadog-operator/Chart.yaml | 2 +- charts/datadog-operator/README.md | 3 ++- charts/datadog-operator/templates/clusterrole.yaml | 10 +++++++++- charts/datadog-operator/values.yaml | 6 ++++++ 5 files changed, 22 insertions(+), 3 deletions(-) diff --git a/charts/datadog-operator/CHANGELOG.md b/charts/datadog-operator/CHANGELOG.md index 2f6ee332c..c2e35c443 100644 --- a/charts/datadog-operator/CHANGELOG.md +++ b/charts/datadog-operator/CHANGELOG.md @@ -1,5 +1,9 @@ # Changelog +## 2.2.0 + +* Add clusterRole.allowReadAllResources to allow viewing all resources. This is required for collecting custom resources in the Kubernetes Explorer + ## 2.1.0 * Update Datadog Operator version to 1.9.0. diff --git a/charts/datadog-operator/Chart.yaml b/charts/datadog-operator/Chart.yaml index 6577418a7..307497bbd 100644 --- a/charts/datadog-operator/Chart.yaml +++ b/charts/datadog-operator/Chart.yaml @@ -1,6 +1,6 @@ apiVersion: v2 name: datadog-operator -version: 2.1.0 +version: 2.2.0 appVersion: 1.9.0 description: Datadog Operator keywords: diff --git a/charts/datadog-operator/README.md b/charts/datadog-operator/README.md index 0bf92862f..fe2b687ab 100644 --- a/charts/datadog-operator/README.md +++ b/charts/datadog-operator/README.md @@ -1,6 +1,6 @@ # Datadog Operator -![Version: 2.1.0](https://img.shields.io/badge/Version-2.1.0-informational?style=flat-square) ![AppVersion: 1.9.0](https://img.shields.io/badge/AppVersion-1.9.0-informational?style=flat-square) +![Version: 2.2.0](https://img.shields.io/badge/Version-2.2.0-informational?style=flat-square) ![AppVersion: 1.9.0](https://img.shields.io/badge/AppVersion-1.9.0-informational?style=flat-square) ## Values @@ -12,6 +12,7 @@ | appKey | string | `nil` | Your Datadog APP key | | appKeyExistingSecret | string | `nil` | Use existing Secret which stores APP key instead of creating a new one | | clusterName | string | `nil` | Set a unique cluster name reporting from the Datadog Operator. | +| clusterRole | object | `{"allowReadAllResources":false}` | Set specific configuration for the cluster role | | collectOperatorMetrics | bool | `true` | Configures an openmetrics check to collect operator metrics | | containerSecurityContext | object | `{}` | A security context defines privileges and access control settings for a container. | | datadogAgent.enabled | bool | `true` | Enables Datadog Agent controller | diff --git a/charts/datadog-operator/templates/clusterrole.yaml b/charts/datadog-operator/templates/clusterrole.yaml index 1b90e330a..1032e2aba 100644 --- a/charts/datadog-operator/templates/clusterrole.yaml +++ b/charts/datadog-operator/templates/clusterrole.yaml @@ -794,5 +794,13 @@ rules: - patch - update {{- end }} +{{- if .Values.clusterRole.allowReadAllResources }} +- apiGroups: + - '*' + resources: + - '*' + verbs: + - list + - watch +{{- end }} {{- end }} - diff --git a/charts/datadog-operator/values.yaml b/charts/datadog-operator/values.yaml index fbd4339e9..d445f9f8c 100644 --- a/charts/datadog-operator/values.yaml +++ b/charts/datadog-operator/values.yaml @@ -190,3 +190,9 @@ livenessProbe: # timeoutSeconds: 1 # successThreshold: 1 # failureThreshold: 3 + +# clusterRole -- Set specific configuration for the cluster role +clusterRole: + # allowReadAllResources is required to allow the operator to view all custom resources. + # If collecting CRDs in the Kubernetes Explorer this is required + allowReadAllResources: false From d6f1eb63c5f83a2876d33bb44db60cbfc1ed5083 Mon Sep 17 00:00:00 2001 From: mrmcpat <109171317+mrdoggopat@users.noreply.github.com> Date: Tue, 5 Nov 2024 14:25:45 -0500 Subject: [PATCH 164/209] Add the ability to include security contexts in container level for cluster checks runners (#1598) * add security context in container level for cluster checks runners * small edit in changelog * move cluster check runner container security context to be adjactent to clusterChecksRunner.securityContext * Update charts/datadog/CHANGELOG.md Co-authored-by: Celene --------- Co-authored-by: Celene --- charts/datadog/CHANGELOG.md | 4 ++++ charts/datadog/Chart.yaml | 2 +- charts/datadog/README.md | 4 +++- .../templates/agent-clusterchecks-deployment.yaml | 12 ++++++++++++ charts/datadog/values.yaml | 8 ++++++++ 5 files changed, 28 insertions(+), 2 deletions(-) diff --git a/charts/datadog/CHANGELOG.md b/charts/datadog/CHANGELOG.md index 556e46746..8ddfa63ab 100644 --- a/charts/datadog/CHANGELOG.md +++ b/charts/datadog/CHANGELOG.md @@ -1,5 +1,9 @@ # Datadog changelog +## 3.77.2 + +* Add the ability to include Security Contexts at the container level for Cluster Checks Runners. + ## 3.77.1 * Modify command that removes the default conf.d directory from the Cluster Checks Runners and only removes the default YAML files. diff --git a/charts/datadog/Chart.yaml b/charts/datadog/Chart.yaml index d304475d8..79d9343fd 100644 --- a/charts/datadog/Chart.yaml +++ b/charts/datadog/Chart.yaml @@ -1,6 +1,6 @@ apiVersion: v1 name: datadog -version: 3.77.1 +version: 3.77.2 appVersion: "7" description: Datadog Agent keywords: diff --git a/charts/datadog/README.md b/charts/datadog/README.md index c7db99b0e..be23a59a7 100644 --- a/charts/datadog/README.md +++ b/charts/datadog/README.md @@ -1,6 +1,6 @@ # Datadog -![Version: 3.77.1](https://img.shields.io/badge/Version-3.77.1-informational?style=flat-square) ![AppVersion: 7](https://img.shields.io/badge/AppVersion-7-informational?style=flat-square) +![Version: 3.77.2](https://img.shields.io/badge/Version-3.77.2-informational?style=flat-square) ![AppVersion: 7](https://img.shields.io/badge/AppVersion-7-informational?style=flat-square) [Datadog](https://www.datadoghq.com/) is a hosted infrastructure monitoring platform. This chart adds the Datadog Agent to all nodes in your cluster via a DaemonSet. It also optionally depends on the [kube-state-metrics chart](https://github.com/prometheus-community/helm-charts/tree/main/charts/kube-state-metrics). For more information about monitoring Kubernetes with Datadog, please refer to the [Datadog documentation website](https://docs.datadoghq.com/agent/basic_agent_usage/kubernetes/). @@ -629,6 +629,8 @@ helm install \ | clusterAgent.volumes | list | `[]` | Specify additional volumes to mount in the cluster-agent container | | clusterChecksRunner.additionalLabels | object | `{}` | Adds labels to the cluster checks runner deployment and pods | | clusterChecksRunner.affinity | object | `{}` | Allow the ClusterChecks Deployment to schedule using affinity rules. | +| clusterChecksRunner.containers.agent.securityContext | object | `{}` | Specify securityContext on the agent container | +| clusterChecksRunner.containers.initContainers.securityContext | object | `{}` | Specify securityContext on the init containers | | clusterChecksRunner.createPodDisruptionBudget | bool | `false` | Create the pod disruption budget to apply to the cluster checks agents | | clusterChecksRunner.deploymentAnnotations | object | `{}` | Annotations to add to the cluster-checks-runner's Deployment | | clusterChecksRunner.dnsConfig | object | `{}` | specify dns configuration options for datadog cluster agent containers e.g ndots | diff --git a/charts/datadog/templates/agent-clusterchecks-deployment.yaml b/charts/datadog/templates/agent-clusterchecks-deployment.yaml index d61c3237a..6ae0de1c5 100644 --- a/charts/datadog/templates/agent-clusterchecks-deployment.yaml +++ b/charts/datadog/templates/agent-clusterchecks-deployment.yaml @@ -78,6 +78,10 @@ spec: command: ["bash", "-c"] args: - cp -r /etc/datadog-agent /opt +{{- if .Values.clusterChecksRunner.containers.initContainers.securityContext }} + securityContext: +{{ toYaml .Values.clusterChecksRunner.containers.initContainers.securityContext | indent 10 }} +{{- end }} volumeMounts: - name: config mountPath: /opt/datadog-agent @@ -90,6 +94,10 @@ spec: command: ["bash", "-c"] args: - for script in $(find /etc/cont-init.d/ -type f -name '*.sh' | sort) ; do bash $script ; done +{{- if .Values.clusterChecksRunner.containers.initContainers.securityContext }} + securityContext: +{{ toYaml .Values.clusterChecksRunner.containers.initContainers.securityContext | indent 10 }} +{{- end }} volumeMounts: - name: config mountPath: /etc/datadog-agent @@ -177,6 +185,10 @@ spec: {{- include "additional-env-dict-entries" .Values.clusterChecksRunner.envDict | indent 10 }} resources: {{ toYaml .Values.clusterChecksRunner.resources | indent 10 }} +{{- if .Values.clusterChecksRunner.containers.agent.securityContext }} + securityContext: +{{ toYaml .Values.clusterChecksRunner.containers.agent.securityContext | indent 10 }} +{{- end }} volumeMounts: - name: installinfo subPath: install_info diff --git a/charts/datadog/values.yaml b/charts/datadog/values.yaml index 34e158060..d90c27fe1 100644 --- a/charts/datadog/values.yaml +++ b/charts/datadog/values.yaml @@ -2218,6 +2218,14 @@ clusterChecksRunner: # clusterChecksRunner.securityContext -- Allows you to overwrite the default PodSecurityContext on the clusterchecks pods. securityContext: {} + containers: + agent: + # clusterChecksRunner.containers.agent.securityContext -- Specify securityContext on the agent container + securityContext: {} + initContainers: + # clusterChecksRunner.containers.initContainers.securityContext -- Specify securityContext on the init containers + securityContext: {} + # clusterChecksRunner.ports -- Allows to specify extra ports (hostPorts for instance) for this container ports: [] From 3ffc983dce224f77874c2c30d6099451cdd152f1 Mon Sep 17 00:00:00 2001 From: Merchrist <99204620+merchristK@users.noreply.github.com> Date: Thu, 7 Nov 2024 14:37:21 +0100 Subject: [PATCH 165/209] Bump runner version to v0.1.4-beta (#1597) * Bump runner version to v0.1.3-beta update changelog try with gcr lint test signed commit * update change log --- charts/private-action-runner/CHANGELOG.md | 4 ++++ charts/private-action-runner/Chart.yaml | 2 +- charts/private-action-runner/README.md | 4 ++-- charts/private-action-runner/README.md.gotmpl | 2 +- charts/private-action-runner/values.yaml | 4 ++-- test/private-action-runner/__snapshot__/default.yaml | 2 +- .../__snapshot__/enable-kubernetes-actions.yaml | 2 +- 7 files changed, 12 insertions(+), 8 deletions(-) diff --git a/charts/private-action-runner/CHANGELOG.md b/charts/private-action-runner/CHANGELOG.md index c6c097505..89adc7088 100644 --- a/charts/private-action-runner/CHANGELOG.md +++ b/charts/private-action-runner/CHANGELOG.md @@ -1,5 +1,9 @@ # Datadog changelog +## 0.14.3 + +* Add GitLab private actions and fix image repository link. + ## 0.14.2 * Update private action image version to `v0.1.3-beta` diff --git a/charts/private-action-runner/Chart.yaml b/charts/private-action-runner/Chart.yaml index dc6d62015..269eac221 100644 --- a/charts/private-action-runner/Chart.yaml +++ b/charts/private-action-runner/Chart.yaml @@ -3,7 +3,7 @@ name: private-action-runner description: A Helm chart to deploy the private action runner type: application -version: 0.14.2 +version: 0.14.3 appVersion: "1.22.0" keywords: - app builder diff --git a/charts/private-action-runner/README.md b/charts/private-action-runner/README.md index a83db5d6b..af2b7bad5 100644 --- a/charts/private-action-runner/README.md +++ b/charts/private-action-runner/README.md @@ -1,6 +1,6 @@ # Datadog Private Action Runner -![Version: 0.14.2](https://img.shields.io/badge/Version-0.14.2-informational?style=flat-square) ![AppVersion: v0.1.3-beta](https://img.shields.io/badge/AppVersion-v0.1.3--beta-informational?style=flat-square) +![Version: 0.14.3](https://img.shields.io/badge/Version-0.14.3-informational?style=flat-square) ![AppVersion: v0.1.4-beta](https://img.shields.io/badge/AppVersion-v0.1.4--beta-informational?style=flat-square) This Helm Chart deploys the Datadog Private Action runner inside a Kubernetes cluster. It allows you to use private actions from the Datadog Workflow and Datadog App Builder products. When deploying this chart, you can give permissions to the runner in order to be able to run Kubernetes actions. @@ -42,7 +42,7 @@ helm repo update | Key | Type | Default | Description | |-----|------|---------|-------------| -| common.image | object | `{"repository":"us-east4-docker.pkg.dev/datadog-sandbox/apps-on-prem/onprem-runner","tag":"v0.1.3-beta"}` | Current Datadog Private Action Runner image | +| common.image | object | `{"repository":"gcr.io/datadoghq/private-action-runner","tag":"v0.1.4-beta"}` | Current Datadog Private Action Runner image | | credentialFiles | list | `[]` | List of credential files to be used by the Datadog Private Action Runner | | runners[0].config | object | `{"actionsAllowlist":[],"ddBaseURL":"https://app.datadoghq.com","modes":["workflowAutomation","appBuilder"],"port":9016,"privateKey":"CHANGE_ME_PRIVATE_KEY_FROM_CONFIG","urn":"CHANGE_ME_URN_FROM_CONFIG"}` | Configuration for the Datadog Private Action Runner | | runners[0].config.actionsAllowlist | list | `[]` | List of actions that the Datadog Private Action Runner is allowed to execute | diff --git a/charts/private-action-runner/README.md.gotmpl b/charts/private-action-runner/README.md.gotmpl index afd53a117..061bb5ec3 100644 --- a/charts/private-action-runner/README.md.gotmpl +++ b/charts/private-action-runner/README.md.gotmpl @@ -1,6 +1,6 @@ # Datadog Private Action Runner -![Version: 0.14.2](https://img.shields.io/badge/Version-0.14.2-informational?style=flat-square) ![AppVersion: v0.1.3-beta](https://img.shields.io/badge/AppVersion-v0.1.3--beta-informational?style=flat-square) +![Version: 0.14.3](https://img.shields.io/badge/Version-0.14.3-informational?style=flat-square) ![AppVersion: v0.1.4-beta](https://img.shields.io/badge/AppVersion-v0.1.4--beta-informational?style=flat-square) This Helm Chart deploys the Datadog Private Action runner inside a Kubernetes cluster. It allows you to use private actions from the Datadog Workflow and Datadog App Builder products. When deploying this chart, you can give permissions to the runner in order to be able to run Kubernetes actions. diff --git a/charts/private-action-runner/values.yaml b/charts/private-action-runner/values.yaml index aae01fe22..b72ae56df 100644 --- a/charts/private-action-runner/values.yaml +++ b/charts/private-action-runner/values.yaml @@ -5,8 +5,8 @@ common: # -- Current Datadog Private Action Runner image image: - repository: us-east4-docker.pkg.dev/datadog-sandbox/apps-on-prem/onprem-runner - tag: v0.1.3-beta + repository: gcr.io/datadoghq/private-action-runner + tag: v0.1.4-beta runners: # runners[0].name -- Name of the Datadog Private Action Runner diff --git a/test/private-action-runner/__snapshot__/default.yaml b/test/private-action-runner/__snapshot__/default.yaml index ad3f808ed..0ff7ed363 100644 --- a/test/private-action-runner/__snapshot__/default.yaml +++ b/test/private-action-runner/__snapshot__/default.yaml @@ -100,7 +100,7 @@ spec: value: nodeless containers: - name: runner - image: "us-east4-docker.pkg.dev/datadog-sandbox/apps-on-prem/onprem-runner:v0.1.3-beta" + image: "gcr.io/datadoghq/private-action-runner:v0.1.4-beta" imagePullPolicy: IfNotPresent ports: - name: http diff --git a/test/private-action-runner/__snapshot__/enable-kubernetes-actions.yaml b/test/private-action-runner/__snapshot__/enable-kubernetes-actions.yaml index 1ac8e21bf..c4d5a2779 100644 --- a/test/private-action-runner/__snapshot__/enable-kubernetes-actions.yaml +++ b/test/private-action-runner/__snapshot__/enable-kubernetes-actions.yaml @@ -144,7 +144,7 @@ spec: value: nodeless containers: - name: runner - image: "us-east4-docker.pkg.dev/datadog-sandbox/apps-on-prem/onprem-runner:v0.1.3-beta" + image: "gcr.io/datadoghq/private-action-runner:v0.1.4-beta" imagePullPolicy: IfNotPresent ports: - name: http From 32f4d85016f60248f6d7f9933f14b8ae8785d040 Mon Sep 17 00:00:00 2001 From: Daniel Tafoya <63120739+daniel-taf@users.noreply.github.com> Date: Thu, 7 Nov 2024 21:06:09 -0500 Subject: [PATCH 166/209] Update version for datadog.processAgent.runInCoreAgent (#1591) --- charts/datadog/CHANGELOG.md | 4 ++ charts/datadog/Chart.yaml | 2 +- charts/datadog/README.md | 4 +- charts/datadog/templates/_helpers.tpl | 4 +- charts/datadog/values.yaml | 2 +- test/datadog/process_agent_test.go | 80 ++++++++++++++++++++++++++- 6 files changed, 89 insertions(+), 7 deletions(-) diff --git a/charts/datadog/CHANGELOG.md b/charts/datadog/CHANGELOG.md index 8ddfa63ab..acaa9ee8e 100644 --- a/charts/datadog/CHANGELOG.md +++ b/charts/datadog/CHANGELOG.md @@ -1,5 +1,9 @@ # Datadog changelog +## 3.77.3 + +* Update version required for datadog.processAgent.runInCoreAgent and remove experimental status. + ## 3.77.2 * Add the ability to include Security Contexts at the container level for Cluster Checks Runners. diff --git a/charts/datadog/Chart.yaml b/charts/datadog/Chart.yaml index 79d9343fd..132c9a61a 100644 --- a/charts/datadog/Chart.yaml +++ b/charts/datadog/Chart.yaml @@ -1,6 +1,6 @@ apiVersion: v1 name: datadog -version: 3.77.2 +version: 3.77.3 appVersion: "7" description: Datadog Agent keywords: diff --git a/charts/datadog/README.md b/charts/datadog/README.md index be23a59a7..9c8483d80 100644 --- a/charts/datadog/README.md +++ b/charts/datadog/README.md @@ -1,6 +1,6 @@ # Datadog -![Version: 3.77.2](https://img.shields.io/badge/Version-3.77.2-informational?style=flat-square) ![AppVersion: 7](https://img.shields.io/badge/AppVersion-7-informational?style=flat-square) +![Version: 3.77.3](https://img.shields.io/badge/Version-3.77.3-informational?style=flat-square) ![AppVersion: 7](https://img.shields.io/badge/AppVersion-7-informational?style=flat-square) [Datadog](https://www.datadoghq.com/) is a hosted infrastructure monitoring platform. This chart adds the Datadog Agent to all nodes in your cluster via a DaemonSet. It also optionally depends on the [kube-state-metrics chart](https://github.com/prometheus-community/helm-charts/tree/main/charts/kube-state-metrics). For more information about monitoring Kubernetes with Datadog, please refer to the [Datadog documentation website](https://docs.datadoghq.com/agent/basic_agent_usage/kubernetes/). @@ -792,7 +792,7 @@ helm install \ | datadog.processAgent.enabled | bool | `true` | Set this to true to enable live process monitoring agent DEPRECATED. Set `datadog.processAgent.processCollection` or `datadog.processAgent.containerCollection` instead. # Note: /etc/passwd is automatically mounted when `processCollection`, `processDiscovery`, or `containerCollection` is enabled. # ref: https://docs.datadoghq.com/graphing/infrastructure/process/#kubernetes-daemonset | | datadog.processAgent.processCollection | bool | `false` | Set this to true to enable process collection | | datadog.processAgent.processDiscovery | bool | `true` | Enables or disables autodiscovery of integrations | -| datadog.processAgent.runInCoreAgent | bool | `false` | Set this to true to run the following features in the core agent: Live Processes, Live Containers, Process Discovery. # This is an experimental feature requiring Agent 7.53.0+ and Linux. Currently not compatible with APM Single Step Instrumentation. | +| datadog.processAgent.runInCoreAgent | bool | `false` | Set this to true to run the following features in the core agent: Live Processes, Live Containers, Process Discovery. # This requires Agent 7.57.0+ and Linux. | | datadog.processAgent.stripProcessArguments | bool | `false` | Set this to scrub all arguments from collected processes # Requires datadog.processAgent.processCollection to be set to true to have any effect # ref: https://docs.datadoghq.com/infrastructure/process/?tab=linuxwindows#process-arguments-scrubbing | | datadog.profiling.enabled | string | `nil` | Enable Continuous Profiler by injecting `DD_PROFILING_ENABLED` environment variable with the same value to all pods in the cluster Valid values are: - false: Profiler is turned off and can not be turned on by other means. - null: Profiler is turned off, but can be turned on by other means. - auto: Profiler is turned off, but the library will turn it on if the application is a good candidate for profiling. - true: Profiler is turned on. | | datadog.prometheusScrape.additionalConfigs | list | `[]` | Allows adding advanced openmetrics check configurations with custom discovery rules. (Requires Agent version 7.27+) | diff --git a/charts/datadog/templates/_helpers.tpl b/charts/datadog/templates/_helpers.tpl index 2060ada51..3b7b455a5 100644 --- a/charts/datadog/templates/_helpers.tpl +++ b/charts/datadog/templates/_helpers.tpl @@ -10,7 +10,7 @@ {{- $version = "6.55.1" -}} {{- end -}} {{- if and (eq $length 1) (or (eq $version "7") (eq $version "latest")) -}} -{{- $version = "7.55.1" -}} +{{- $version = "7.58.1" -}} {{- end -}} {{- $version -}} {{- end -}} @@ -971,7 +971,7 @@ Create RBACs for custom resources false {{- else if (ne (include "get-process-checks-in-core-agent-envvar" .) "") -}} {{- include "get-process-checks-in-core-agent-envvar" . -}} - {{- else if and (not .Values.agents.image.doNotCheckTag) .Values.datadog.processAgent.runInCoreAgent (semverCompare ">=7.53.0-0" (include "get-agent-version" .)) -}} + {{- else if and (not .Values.agents.image.doNotCheckTag) .Values.datadog.processAgent.runInCoreAgent (semverCompare ">=7.57.0-0" (include "get-agent-version" .)) -}} true {{- else -}} false diff --git a/charts/datadog/values.yaml b/charts/datadog/values.yaml index d90c27fe1..69a15bb47 100644 --- a/charts/datadog/values.yaml +++ b/charts/datadog/values.yaml @@ -685,7 +685,7 @@ datadog: processDiscovery: true # datadog.processAgent.runInCoreAgent -- Set this to true to run the following features in the core agent: Live Processes, Live Containers, Process Discovery. - ## This is an experimental feature requiring Agent 7.53.0+ and Linux. Currently not compatible with APM Single Step Instrumentation. + ## This requires Agent 7.57.0+ and Linux. runInCoreAgent: false # datadog.processAgent.containerCollection -- Set this to true to enable container collection diff --git a/test/datadog/process_agent_test.go b/test/datadog/process_agent_test.go index a9f16bc4d..09c042e2b 100644 --- a/test/datadog/process_agent_test.go +++ b/test/datadog/process_agent_test.go @@ -19,6 +19,7 @@ const ( DDSystemProbeEnabled = "DD_SYSTEM_PROBE_ENABLED" DDNetworkMonitoringEnabled = "DD_SYSTEM_PROBE_NETWORK_ENABLED" DDOrchestratorEnabled = "DD_ORCHESTRATOR_EXPLORER_ENABLED" + DDLanguageDetectionEnabled = "DD_LANGUAGE_DETECTION_ENABLED" ) func Test_processAgentConfigs(t *testing.T) { @@ -247,6 +248,44 @@ func Test_processAgentConfigs(t *testing.T) { }, assertions: verifyLinuxRunInCoreAgent, }, + { + name: "language detection on process agent", + command: common.HelmCommand{ + ReleaseName: "datadog", + ChartPath: "../../charts/datadog", + ShowOnly: []string{"templates/daemonset.yaml"}, + Values: []string{"../../charts/datadog/values.yaml"}, + Overrides: map[string]string{ + "datadog.apiKeyExistingSecret": "datadog-secret", + "datadog.appKeyExistingSecret": "datadog-secret", + "datadog.processAgent.runInCoreAgent": "false", + "datadog.processAgent.processCollection": "true", + "agents.image.tag": "7.56", + "datadog.apm.instrumentation.language_detection.enabled": "true", + "datadog.apm.instrumentation.enabled": "true", + }, + }, + assertions: verifyLanguageDetectionInProcessAgent, + }, + { + name: "language detection on core agent", + command: common.HelmCommand{ + ReleaseName: "datadog", + ChartPath: "../../charts/datadog", + ShowOnly: []string{"templates/daemonset.yaml"}, + Values: []string{"../../charts/datadog/values.yaml"}, + Overrides: map[string]string{ + "datadog.apiKeyExistingSecret": "datadog-secret", + "datadog.appKeyExistingSecret": "datadog-secret", + "datadog.processAgent.runInCoreAgent": "true", + "datadog.processAgent.processCollection": "true", + "agents.image.tag": "7.57", + "datadog.apm.instrumentation.language_detection.enabled": "true", + "datadog.apm.instrumentation.enabled": "true", + }, + }, + assertions: verifyLanguageDetectionInCoreAgent, + }, } for _, tt := range tests { @@ -272,7 +311,7 @@ func verifyDaemonsetMinimal(t *testing.T, manifest string) { assert.True(t, ok) processEnvs := getEnvVarMap(processAgentContainer.Env) assertDefaultCommonProcessEnvs(t, processEnvs) - assert.Equal(t, "false", coreEnvs[DDProcessRunInCoreAgentEnabled]) + assert.Equal(t, "false", processEnvs[DDProcessRunInCoreAgentEnabled]) assert.True(t, getPasswdMount(t, processAgentContainer.VolumeMounts)) } @@ -309,6 +348,45 @@ func verifyLinuxRunInCoreAgent(t *testing.T, manifest string) { assert.False(t, ok) } +func verifyLanguageDetectionInCoreAgent(t *testing.T, manifest string) { + var deployment appsv1.DaemonSet + common.Unmarshal(t, manifest, &deployment) + coreAgentContainer, ok := getContainer(t, deployment.Spec.Template.Spec.Containers, "agent") + assert.True(t, ok) + coreEnvs := getEnvVarMap(coreAgentContainer.Env) + assert.Equal(t, "true", coreEnvs[DDContainerCollectionEnabled]) + assert.Equal(t, "true", coreEnvs[DDProcessCollectionEnabled]) + assert.Equal(t, "true", coreEnvs[DDProcessDiscoveryEnabled]) + assert.Equal(t, "false", coreEnvs[DDStripProcessArgs]) + assert.Equal(t, "true", coreEnvs[DDProcessRunInCoreAgentEnabled]) + assert.Equal(t, "true", coreEnvs[DDLanguageDetectionEnabled]) + assert.True(t, getPasswdMount(t, coreAgentContainer.VolumeMounts)) + + _, ok = getContainer(t, deployment.Spec.Template.Spec.Containers, "process-agent") + assert.False(t, ok) +} + +func verifyLanguageDetectionInProcessAgent(t *testing.T, manifest string) { + var deployment appsv1.DaemonSet + common.Unmarshal(t, manifest, &deployment) + coreAgentContainer, ok := getContainer(t, deployment.Spec.Template.Spec.Containers, "agent") + assert.True(t, ok) + coreEnvs := getEnvVarMap(coreAgentContainer.Env) + assert.Equal(t, "false", coreEnvs[DDProcessRunInCoreAgentEnabled]) + assert.False(t, getPasswdMount(t, coreAgentContainer.VolumeMounts)) + + processAgentContainer, ok := getContainer(t, deployment.Spec.Template.Spec.Containers, "process-agent") + assert.True(t, ok) + processEnvs := getEnvVarMap(processAgentContainer.Env) + assert.Equal(t, "true", processEnvs[DDContainerCollectionEnabled]) + assert.Equal(t, "true", processEnvs[DDProcessCollectionEnabled]) + assert.Equal(t, "true", processEnvs[DDProcessDiscoveryEnabled]) + assert.Equal(t, "false", processEnvs[DDStripProcessArgs]) + assert.Equal(t, "false", processEnvs[DDProcessRunInCoreAgentEnabled]) + assert.Equal(t, "true", processEnvs[DDLanguageDetectionEnabled]) + assert.True(t, getPasswdMount(t, processAgentContainer.VolumeMounts)) +} + func verifyChecksOff(t *testing.T, manifest string) { var deployment appsv1.DaemonSet common.Unmarshal(t, manifest, &deployment) From af0e75fad9327b30064a244061550f64ad2b986d Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?L=C3=A9na=C3=AFc=20Huard?= Date: Fri, 8 Nov 2024 07:57:58 +0100 Subject: [PATCH 167/209] [datadog] Update agents to 7.59.0 (#1600) --- charts/datadog/CHANGELOG.md | 4 + charts/datadog/Chart.yaml | 2 +- charts/datadog/README.md | 8 +- charts/datadog/values.yaml | 6 +- .../baseline/Operator_Deployment_default.yaml | 2 +- ...gent-clusterchecks-deployment_default.yaml | 14 +-- .../cluster-agent-deployment_default.yaml | 14 +-- ...loyment_default_advanced_AC_injection.yaml | 14 +-- ...ployment_default_minimal_AC_injection.yaml | 16 +-- test/datadog/baseline/daemonset_default.yaml | 16 +-- test/datadog/baseline/other_default.yaml | 106 +++++++++--------- 11 files changed, 103 insertions(+), 99 deletions(-) diff --git a/charts/datadog/CHANGELOG.md b/charts/datadog/CHANGELOG.md index acaa9ee8e..9f81f85de 100644 --- a/charts/datadog/CHANGELOG.md +++ b/charts/datadog/CHANGELOG.md @@ -1,5 +1,9 @@ # Datadog changelog +## 3.78.0 + +* Set default `Agent` and `Cluster-Agent` version to `7.59.0`. + ## 3.77.3 * Update version required for datadog.processAgent.runInCoreAgent and remove experimental status. diff --git a/charts/datadog/Chart.yaml b/charts/datadog/Chart.yaml index 132c9a61a..a35ac09d1 100644 --- a/charts/datadog/Chart.yaml +++ b/charts/datadog/Chart.yaml @@ -1,6 +1,6 @@ apiVersion: v1 name: datadog -version: 3.77.3 +version: 3.78.0 appVersion: "7" description: Datadog Agent keywords: diff --git a/charts/datadog/README.md b/charts/datadog/README.md index 9c8483d80..0e927ad0f 100644 --- a/charts/datadog/README.md +++ b/charts/datadog/README.md @@ -1,6 +1,6 @@ # Datadog -![Version: 3.77.3](https://img.shields.io/badge/Version-3.77.3-informational?style=flat-square) ![AppVersion: 7](https://img.shields.io/badge/AppVersion-7-informational?style=flat-square) +![Version: 3.78.0](https://img.shields.io/badge/Version-3.78.0-informational?style=flat-square) ![AppVersion: 7](https://img.shields.io/badge/AppVersion-7-informational?style=flat-square) [Datadog](https://www.datadoghq.com/) is a hosted infrastructure monitoring platform. This chart adds the Datadog Agent to all nodes in your cluster via a DaemonSet. It also optionally depends on the [kube-state-metrics chart](https://github.com/prometheus-community/helm-charts/tree/main/charts/kube-state-metrics). For more information about monitoring Kubernetes with Datadog, please refer to the [Datadog documentation website](https://docs.datadoghq.com/agent/basic_agent_usage/kubernetes/). @@ -515,7 +515,7 @@ helm install \ | agents.image.pullPolicy | string | `"IfNotPresent"` | Datadog Agent image pull policy | | agents.image.pullSecrets | list | `[]` | Datadog Agent repository pullSecret (ex: specify docker registry credentials) | | agents.image.repository | string | `nil` | Override default registry + image.name for Agent | -| agents.image.tag | string | `"7.58.0"` | Define the Agent version to use | +| agents.image.tag | string | `"7.59.0"` | Define the Agent version to use | | agents.image.tagSuffix | string | `""` | Suffix to append to Agent tag | | agents.localService.forceLocalServiceEnabled | bool | `false` | Force the creation of the internal traffic policy service to target the agent running on the local node. By default, the internal traffic service is created only on Kubernetes 1.22+ where the feature became beta and enabled by default. This option allows to force the creation of the internal traffic service on kubernetes 1.21 where the feature was alpha and required a feature gate to be explicitly enabled. | | agents.localService.overrideName | string | `""` | Name of the internal traffic service to target the agent running on the local node | @@ -590,7 +590,7 @@ helm install \ | clusterAgent.image.pullPolicy | string | `"IfNotPresent"` | Cluster Agent image pullPolicy | | clusterAgent.image.pullSecrets | list | `[]` | Cluster Agent repository pullSecret (ex: specify docker registry credentials) | | clusterAgent.image.repository | string | `nil` | Override default registry + image.name for Cluster Agent | -| clusterAgent.image.tag | string | `"7.58.0"` | Cluster Agent image tag to use | +| clusterAgent.image.tag | string | `"7.59.0"` | Cluster Agent image tag to use | | clusterAgent.livenessProbe | object | Every 15s / 6 KO / 1 OK | Override default Cluster Agent liveness probe settings | | clusterAgent.metricsProvider.aggregator | string | `"avg"` | Define the aggregator the cluster agent will use to process the metrics. The options are (avg, min, max, sum) | | clusterAgent.metricsProvider.createReaderRbac | bool | `true` | Create `external-metrics-reader` RBAC automatically (to allow HPA to read data from Cluster Agent) | @@ -644,7 +644,7 @@ helm install \ | clusterChecksRunner.image.pullPolicy | string | `"IfNotPresent"` | Datadog Agent image pull policy | | clusterChecksRunner.image.pullSecrets | list | `[]` | Datadog Agent repository pullSecret (ex: specify docker registry credentials) | | clusterChecksRunner.image.repository | string | `nil` | Override default registry + image.name for Cluster Check Runners | -| clusterChecksRunner.image.tag | string | `"7.58.0"` | Define the Agent version to use | +| clusterChecksRunner.image.tag | string | `"7.59.0"` | Define the Agent version to use | | clusterChecksRunner.image.tagSuffix | string | `""` | Suffix to append to Agent tag | | clusterChecksRunner.livenessProbe | object | Every 15s / 6 KO / 1 OK | Override default agent liveness probe settings | | clusterChecksRunner.networkPolicy.create | bool | `false` | If true, create a NetworkPolicy for the cluster checks runners. DEPRECATED. Use datadog.networkPolicy.create instead | diff --git a/charts/datadog/values.yaml b/charts/datadog/values.yaml index 69a15bb47..1c1c9baf8 100644 --- a/charts/datadog/values.yaml +++ b/charts/datadog/values.yaml @@ -1008,7 +1008,7 @@ clusterAgent: name: cluster-agent # clusterAgent.image.tag -- Cluster Agent image tag to use - tag: 7.58.0 + tag: 7.59.0 # clusterAgent.image.digest -- Cluster Agent image digest to use, takes precedence over tag if specified digest: "" @@ -1501,7 +1501,7 @@ agents: name: agent # agents.image.tag -- Define the Agent version to use - tag: 7.58.0 + tag: 7.59.0 # agents.image.digest -- Define Agent image digest to use, takes precedence over tag if specified digest: "" @@ -2007,7 +2007,7 @@ clusterChecksRunner: name: agent # clusterChecksRunner.image.tag -- Define the Agent version to use - tag: 7.58.0 + tag: 7.59.0 # clusterChecksRunner.image.digest -- Define Agent image digest to use, takes precedence over tag if specified digest: "" diff --git a/test/datadog-operator/baseline/Operator_Deployment_default.yaml b/test/datadog-operator/baseline/Operator_Deployment_default.yaml index 48ea073c0..1c051983d 100644 --- a/test/datadog-operator/baseline/Operator_Deployment_default.yaml +++ b/test/datadog-operator/baseline/Operator_Deployment_default.yaml @@ -7,7 +7,7 @@ metadata: namespace: datadog-agent labels: app.kubernetes.io/name: datadog-operator - helm.sh/chart: datadog-operator-2.1.0 + helm.sh/chart: datadog-operator-2.2.0 app.kubernetes.io/instance: datadog-operator app.kubernetes.io/version: "1.9.0" app.kubernetes.io/managed-by: Helm diff --git a/test/datadog/baseline/agent-clusterchecks-deployment_default.yaml b/test/datadog/baseline/agent-clusterchecks-deployment_default.yaml index 70f8ad537..f9bb6d560 100644 --- a/test/datadog/baseline/agent-clusterchecks-deployment_default.yaml +++ b/test/datadog/baseline/agent-clusterchecks-deployment_default.yaml @@ -6,7 +6,7 @@ metadata: name: datadog-clusterchecks namespace: datadog-agent labels: - helm.sh/chart: 'datadog-3.75.1' + helm.sh/chart: 'datadog-3.78.0' app.kubernetes.io/name: "datadog" app.kubernetes.io/instance: "datadog" app.kubernetes.io/managed-by: Helm @@ -36,8 +36,8 @@ spec: name: datadog-clusterchecks annotations: - checksum/clusteragent_token: 46b1bd3e5501a2cfdd3d34f9f346042c26b3fcee8e32d95327c20a5101c1db66 - checksum/install_info: 87589acc73e699de4d2ee4e2f2f47d1d08905e9467bb0e4fe318f79aa3947f3b + checksum/clusteragent_token: 12bf793564e44ccbda0cb741eff765654dd1f980807df8c9e1c48fa5843f977f + checksum/install_info: 8e66003a020dd0b648cc0ee91a46e96257f348938a3e1a58fd54ea6f86adbd5e spec: serviceAccountName: datadog-cluster-checks automountServiceAccountToken: true @@ -45,7 +45,7 @@ spec: [] initContainers: - name: init-volume - image: "gcr.io/datadoghq/agent:7.58.0" + image: "gcr.io/datadoghq/agent:7.59.0" imagePullPolicy: IfNotPresent command: ["bash", "-c"] args: @@ -57,7 +57,7 @@ spec: resources: {} - name: init-config - image: "gcr.io/datadoghq/agent:7.58.0" + image: "gcr.io/datadoghq/agent:7.59.0" imagePullPolicy: IfNotPresent command: ["bash", "-c"] args: @@ -70,10 +70,10 @@ spec: {} containers: - name: agent - image: "gcr.io/datadoghq/agent:7.58.0" + image: "gcr.io/datadoghq/agent:7.59.0" command: ["bash", "-c"] args: - - rm -rf /etc/datadog-agent/conf.d && touch /etc/datadog-agent/datadog.yaml && exec agent run + - find /etc/datadog-agent/conf.d/ -name "*.yaml.default" -type f -delete && touch /etc/datadog-agent/datadog.yaml && exec agent run imagePullPolicy: IfNotPresent env: diff --git a/test/datadog/baseline/cluster-agent-deployment_default.yaml b/test/datadog/baseline/cluster-agent-deployment_default.yaml index adfcdf968..f7b464038 100644 --- a/test/datadog/baseline/cluster-agent-deployment_default.yaml +++ b/test/datadog/baseline/cluster-agent-deployment_default.yaml @@ -6,7 +6,7 @@ metadata: name: datadog-cluster-agent namespace: datadog-agent labels: - helm.sh/chart: 'datadog-3.75.1' + helm.sh/chart: 'datadog-3.78.0' app.kubernetes.io/name: "datadog" app.kubernetes.io/instance: "datadog" app.kubernetes.io/managed-by: Helm @@ -36,17 +36,17 @@ spec: name: datadog-cluster-agent annotations: - checksum/clusteragent_token: cca640a4dc199e529b846e953a6d37e8080ab2aeb4791125777661712c161032 - checksum/clusteragent-configmap: dc9ca8f8ed971495c8f225fcc46f1d0df999b38747fe4731c5bdc627cff6438f - checksum/api_key: 9ad68ca2a67a78240053d1d2c1a94d9276a5a93d72973717bb69dcd353960099 + checksum/clusteragent_token: 0bdd826ca5a082af0fb3b706904748841535d6e49e5c19fa1c1927e46e2be582 + checksum/clusteragent-configmap: 6fea41ac9179f9a526bbb2b5c3f168fd232111ff2c4bdf1cd922c31e45038c31 + checksum/api_key: 5aa9dfe916543cbcf1014dfa812cc46d36156564f56704b12c5f9e9c77afd266 checksum/application_key: 01ba4719c80b6fe911b091a7c05124b64eeece964e09c058ef8f9805daca546b - checksum/install_info: 87589acc73e699de4d2ee4e2f2f47d1d08905e9467bb0e4fe318f79aa3947f3b + checksum/install_info: 8e66003a020dd0b648cc0ee91a46e96257f348938a3e1a58fd54ea6f86adbd5e spec: serviceAccountName: datadog-cluster-agent automountServiceAccountToken: true initContainers: - name: init-volume - image: "gcr.io/datadoghq/cluster-agent:7.58.0" + image: "gcr.io/datadoghq/cluster-agent:7.59.0" imagePullPolicy: IfNotPresent command: - cp @@ -59,7 +59,7 @@ spec: mountPath: /opt/datadog-agent containers: - name: cluster-agent - image: "gcr.io/datadoghq/cluster-agent:7.58.0" + image: "gcr.io/datadoghq/cluster-agent:7.59.0" imagePullPolicy: IfNotPresent resources: {} diff --git a/test/datadog/baseline/cluster-agent-deployment_default_advanced_AC_injection.yaml b/test/datadog/baseline/cluster-agent-deployment_default_advanced_AC_injection.yaml index 7974728c2..f0b7b256b 100644 --- a/test/datadog/baseline/cluster-agent-deployment_default_advanced_AC_injection.yaml +++ b/test/datadog/baseline/cluster-agent-deployment_default_advanced_AC_injection.yaml @@ -6,7 +6,7 @@ metadata: name: datadog-cluster-agent namespace: datadog-agent labels: - helm.sh/chart: 'datadog-3.75.1' + helm.sh/chart: 'datadog-3.78.0' app.kubernetes.io/name: "datadog" app.kubernetes.io/instance: "datadog" app.kubernetes.io/managed-by: Helm @@ -36,17 +36,17 @@ spec: name: datadog-cluster-agent annotations: - checksum/clusteragent_token: 7761a2e69537a90814c4a56ca749333ab0c0a9c23ca77b27bd22d8c58ac75da2 - checksum/clusteragent-configmap: dc9ca8f8ed971495c8f225fcc46f1d0df999b38747fe4731c5bdc627cff6438f - checksum/api_key: 9ad68ca2a67a78240053d1d2c1a94d9276a5a93d72973717bb69dcd353960099 + checksum/clusteragent_token: d767ed339a25dd96716bdb33b78df8bea9dea12ab0e51a9421565ffd7c52d4c0 + checksum/clusteragent-configmap: 6fea41ac9179f9a526bbb2b5c3f168fd232111ff2c4bdf1cd922c31e45038c31 + checksum/api_key: 5aa9dfe916543cbcf1014dfa812cc46d36156564f56704b12c5f9e9c77afd266 checksum/application_key: 01ba4719c80b6fe911b091a7c05124b64eeece964e09c058ef8f9805daca546b - checksum/install_info: 87589acc73e699de4d2ee4e2f2f47d1d08905e9467bb0e4fe318f79aa3947f3b + checksum/install_info: 8e66003a020dd0b648cc0ee91a46e96257f348938a3e1a58fd54ea6f86adbd5e spec: serviceAccountName: datadog-cluster-agent automountServiceAccountToken: true initContainers: - name: init-volume - image: "gcr.io/datadoghq/cluster-agent:7.58.0" + image: "gcr.io/datadoghq/cluster-agent:7.59.0" imagePullPolicy: IfNotPresent command: - cp @@ -59,7 +59,7 @@ spec: mountPath: /opt/datadog-agent containers: - name: cluster-agent - image: "gcr.io/datadoghq/cluster-agent:7.58.0" + image: "gcr.io/datadoghq/cluster-agent:7.59.0" imagePullPolicy: IfNotPresent resources: {} diff --git a/test/datadog/baseline/cluster-agent-deployment_default_minimal_AC_injection.yaml b/test/datadog/baseline/cluster-agent-deployment_default_minimal_AC_injection.yaml index 94bb3e583..08252684e 100644 --- a/test/datadog/baseline/cluster-agent-deployment_default_minimal_AC_injection.yaml +++ b/test/datadog/baseline/cluster-agent-deployment_default_minimal_AC_injection.yaml @@ -6,7 +6,7 @@ metadata: name: datadog-cluster-agent namespace: datadog-agent labels: - helm.sh/chart: 'datadog-3.75.1' + helm.sh/chart: 'datadog-3.78.0' app.kubernetes.io/name: "datadog" app.kubernetes.io/instance: "datadog" app.kubernetes.io/managed-by: Helm @@ -36,17 +36,17 @@ spec: name: datadog-cluster-agent annotations: - checksum/clusteragent_token: 33dc54d9eba52c54cc95d41ac63222d92496535dd9905c88cadef49b1c994273 - checksum/clusteragent-configmap: dc9ca8f8ed971495c8f225fcc46f1d0df999b38747fe4731c5bdc627cff6438f - checksum/api_key: 9ad68ca2a67a78240053d1d2c1a94d9276a5a93d72973717bb69dcd353960099 + checksum/clusteragent_token: 4682112f5ddc3bb51df45fdecab40e75d8b78b7b0833a7ebddf16ab19ebd6c79 + checksum/clusteragent-configmap: 6fea41ac9179f9a526bbb2b5c3f168fd232111ff2c4bdf1cd922c31e45038c31 + checksum/api_key: 5aa9dfe916543cbcf1014dfa812cc46d36156564f56704b12c5f9e9c77afd266 checksum/application_key: 01ba4719c80b6fe911b091a7c05124b64eeece964e09c058ef8f9805daca546b - checksum/install_info: 87589acc73e699de4d2ee4e2f2f47d1d08905e9467bb0e4fe318f79aa3947f3b + checksum/install_info: 8e66003a020dd0b648cc0ee91a46e96257f348938a3e1a58fd54ea6f86adbd5e spec: serviceAccountName: datadog-cluster-agent automountServiceAccountToken: true initContainers: - name: init-volume - image: "gcr.io/datadoghq/cluster-agent:7.58.0" + image: "gcr.io/datadoghq/cluster-agent:7.59.0" imagePullPolicy: IfNotPresent command: - cp @@ -59,7 +59,7 @@ spec: mountPath: /opt/datadog-agent containers: - name: cluster-agent - image: "gcr.io/datadoghq/cluster-agent:7.58.0" + image: "gcr.io/datadoghq/cluster-agent:7.59.0" imagePullPolicy: IfNotPresent resources: {} @@ -122,7 +122,7 @@ spec: - name: DD_ADMISSION_CONTROLLER_AGENT_SIDECAR_IMAGE_NAME value: agent - name: DD_ADMISSION_CONTROLLER_AGENT_SIDECAR_IMAGE_TAG - value: 7.58.0 + value: 7.59.0 - name: DD_REMOTE_CONFIGURATION_ENABLED value: "false" - name: DD_CLUSTER_CHECKS_ENABLED diff --git a/test/datadog/baseline/daemonset_default.yaml b/test/datadog/baseline/daemonset_default.yaml index 6f081c160..38eef8f95 100644 --- a/test/datadog/baseline/daemonset_default.yaml +++ b/test/datadog/baseline/daemonset_default.yaml @@ -6,7 +6,7 @@ metadata: name: datadog namespace: datadog-agent labels: - helm.sh/chart: 'datadog-3.75.1' + helm.sh/chart: 'datadog-3.78.0' app.kubernetes.io/name: "datadog" app.kubernetes.io/instance: "datadog" app.kubernetes.io/managed-by: Helm @@ -30,8 +30,8 @@ spec: name: datadog annotations: - checksum/clusteragent_token: 961ab185a6d0f5b70b0e18b9c259c1ba532a15755b92a76561d20d95aac3787c - checksum/install_info: 87589acc73e699de4d2ee4e2f2f47d1d08905e9467bb0e4fe318f79aa3947f3b + checksum/clusteragent_token: 762520458d6f8835baa01ed6151bb362d62ec396986f8d899953f5e024eee49f + checksum/install_info: 8e66003a020dd0b648cc0ee91a46e96257f348938a3e1a58fd54ea6f86adbd5e checksum/autoconf-config: 74234e98afe7498fb5daf1f36ac2d78acc339464f950703b8c019892f982b90b checksum/confd-config: 44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a checksum/checksd-config: 44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a @@ -42,7 +42,7 @@ spec: hostPID: true containers: - name: agent - image: "gcr.io/datadoghq/agent:7.58.0" + image: "gcr.io/datadoghq/agent:7.59.0" imagePullPolicy: IfNotPresent command: ["agent", "run"] @@ -203,7 +203,7 @@ spec: successThreshold: 1 timeoutSeconds: 5 - name: trace-agent - image: "gcr.io/datadoghq/agent:7.58.0" + image: "gcr.io/datadoghq/agent:7.59.0" imagePullPolicy: IfNotPresent command: ["trace-agent", "-config=/etc/datadog-agent/datadog.yaml"] resources: @@ -310,7 +310,7 @@ spec: port: 8126 timeoutSeconds: 5 - name: process-agent - image: "gcr.io/datadoghq/agent:7.58.0" + image: "gcr.io/datadoghq/agent:7.59.0" imagePullPolicy: IfNotPresent command: ["process-agent", "--cfgpath=/etc/datadog-agent/datadog.yaml"] resources: @@ -408,7 +408,7 @@ spec: - name: init-volume - image: "gcr.io/datadoghq/agent:7.58.0" + image: "gcr.io/datadoghq/agent:7.59.0" imagePullPolicy: IfNotPresent command: ["bash", "-c"] args: @@ -421,7 +421,7 @@ spec: {} - name: init-config - image: "gcr.io/datadoghq/agent:7.58.0" + image: "gcr.io/datadoghq/agent:7.59.0" imagePullPolicy: IfNotPresent command: - bash diff --git a/test/datadog/baseline/other_default.yaml b/test/datadog/baseline/other_default.yaml index 50fcce917..2f9e7ad72 100644 --- a/test/datadog/baseline/other_default.yaml +++ b/test/datadog/baseline/other_default.yaml @@ -6,7 +6,7 @@ metadata: name: datadog-clusterchecks namespace: datadog-agent labels: - helm.sh/chart: 'datadog-3.75.1' + helm.sh/chart: 'datadog-3.78.0' app.kubernetes.io/name: "datadog" app.kubernetes.io/instance: "datadog" app.kubernetes.io/managed-by: Helm @@ -24,7 +24,7 @@ metadata: name: datadog-cluster-agent namespace: datadog-agent labels: - helm.sh/chart: 'datadog-3.75.1' + helm.sh/chart: 'datadog-3.78.0' app.kubernetes.io/name: "datadog" app.kubernetes.io/instance: "datadog" app.kubernetes.io/managed-by: Helm @@ -41,13 +41,13 @@ kind: ServiceAccount automountServiceAccountToken: true metadata: labels: - helm.sh/chart: 'datadog-3.75.1' + helm.sh/chart: 'datadog-3.78.0' app.kubernetes.io/name: "datadog" app.kubernetes.io/instance: "datadog" app.kubernetes.io/managed-by: Helm app.kubernetes.io/version: "7" app: "datadog" - chart: "datadog-3.75.1" + chart: "datadog-3.78.0" heritage: "Helm" release: "datadog" name: datadog-cluster-checks @@ -60,10 +60,10 @@ automountServiceAccountToken: true metadata: labels: app: "datadog" - chart: "datadog-3.75.1" + chart: "datadog-3.78.0" heritage: "Helm" release: "datadog" - helm.sh/chart: 'datadog-3.75.1' + helm.sh/chart: 'datadog-3.78.0' app.kubernetes.io/name: "datadog" app.kubernetes.io/instance: "datadog" app.kubernetes.io/managed-by: Helm @@ -79,7 +79,7 @@ metadata: name: datadog namespace: datadog-agent labels: - helm.sh/chart: 'datadog-3.75.1' + helm.sh/chart: 'datadog-3.78.0' app.kubernetes.io/name: "datadog" app.kubernetes.io/instance: "datadog" app.kubernetes.io/managed-by: Helm @@ -92,14 +92,14 @@ metadata: name: datadog-cluster-agent namespace: datadog-agent labels: - helm.sh/chart: 'datadog-3.75.1' + helm.sh/chart: 'datadog-3.78.0' app.kubernetes.io/name: "datadog" app.kubernetes.io/instance: "datadog" app.kubernetes.io/managed-by: Helm app.kubernetes.io/version: "7" type: Opaque data: - token: "ZDFCOWlKUnBzU0pDdTBWd3Azd05jb0MyRmdFVmhLazc=" + token: "RzQyblZwc0FvQktmQWZ1Tjd0U2JOTXY2bjJLc2t3bDY=" --- # Source: datadog/templates/cluster-agent-confd-configmap.yaml apiVersion: v1 @@ -108,7 +108,7 @@ metadata: name: datadog-cluster-agent-confd namespace: datadog-agent labels: - helm.sh/chart: 'datadog-3.75.1' + helm.sh/chart: 'datadog-3.78.0' app.kubernetes.io/name: "datadog" app.kubernetes.io/instance: "datadog" app.kubernetes.io/managed-by: Helm @@ -162,20 +162,20 @@ metadata: name: datadog-installinfo namespace: datadog-agent labels: - helm.sh/chart: 'datadog-3.75.1' + helm.sh/chart: 'datadog-3.78.0' app.kubernetes.io/name: "datadog" app.kubernetes.io/instance: "datadog" app.kubernetes.io/managed-by: Helm app.kubernetes.io/version: "7" annotations: - checksum/install_info: 87589acc73e699de4d2ee4e2f2f47d1d08905e9467bb0e4fe318f79aa3947f3b + checksum/install_info: 8e66003a020dd0b648cc0ee91a46e96257f348938a3e1a58fd54ea6f86adbd5e data: install_info: | --- install_method: tool: helm tool_version: Helm - installer_version: datadog-3.75.1 + installer_version: datadog-3.78.0 --- # Source: datadog/templates/kpi-telemetry-configmap.yaml apiVersion: v1 @@ -184,22 +184,22 @@ metadata: name: datadog-kpi-telemetry-configmap namespace: datadog-agent labels: - helm.sh/chart: 'datadog-3.75.1' + helm.sh/chart: 'datadog-3.78.0' app.kubernetes.io/name: "datadog" app.kubernetes.io/instance: "datadog" app.kubernetes.io/managed-by: Helm app.kubernetes.io/version: "7" data: install_type: k8s_manual - install_id: "cf6e5120-49d5-4b2f-be9d-c98048e12dd5" - install_time: "1729688107" + install_id: "d92824a1-17ef-4aee-96a4-bf062385f9f0" + install_time: "1731003623" --- # Source: datadog/templates/cluster-agent-rbac.yaml apiVersion: "rbac.authorization.k8s.io/v1" kind: ClusterRole metadata: labels: - helm.sh/chart: 'datadog-3.75.1' + helm.sh/chart: 'datadog-3.78.0' app.kubernetes.io/name: "datadog" app.kubernetes.io/instance: "datadog" app.kubernetes.io/managed-by: Helm @@ -416,7 +416,7 @@ apiVersion: "rbac.authorization.k8s.io/v1" kind: ClusterRole metadata: labels: - helm.sh/chart: 'datadog-3.75.1' + helm.sh/chart: 'datadog-3.78.0' app.kubernetes.io/name: "datadog" app.kubernetes.io/instance: "datadog" app.kubernetes.io/managed-by: Helm @@ -512,7 +512,7 @@ kind: ClusterRole metadata: name: datadog labels: - helm.sh/chart: 'datadog-3.75.1' + helm.sh/chart: 'datadog-3.78.0' app.kubernetes.io/name: "datadog" app.kubernetes.io/instance: "datadog" app.kubernetes.io/managed-by: Helm @@ -560,7 +560,7 @@ apiVersion: "rbac.authorization.k8s.io/v1" kind: ClusterRoleBinding metadata: labels: - helm.sh/chart: 'datadog-3.75.1' + helm.sh/chart: 'datadog-3.78.0' app.kubernetes.io/name: "datadog" app.kubernetes.io/instance: "datadog" app.kubernetes.io/managed-by: Helm @@ -580,7 +580,7 @@ apiVersion: "rbac.authorization.k8s.io/v1" kind: ClusterRoleBinding metadata: labels: - helm.sh/chart: 'datadog-3.75.1' + helm.sh/chart: 'datadog-3.78.0' app.kubernetes.io/name: "datadog" app.kubernetes.io/instance: "datadog" app.kubernetes.io/managed-by: Helm @@ -600,7 +600,7 @@ apiVersion: "rbac.authorization.k8s.io/v1" kind: ClusterRoleBinding metadata: labels: - helm.sh/chart: 'datadog-3.75.1' + helm.sh/chart: 'datadog-3.78.0' app.kubernetes.io/name: "datadog" app.kubernetes.io/instance: "datadog" app.kubernetes.io/managed-by: Helm @@ -621,7 +621,7 @@ kind: ClusterRoleBinding metadata: name: datadog labels: - helm.sh/chart: 'datadog-3.75.1' + helm.sh/chart: 'datadog-3.78.0' app.kubernetes.io/name: "datadog" app.kubernetes.io/instance: "datadog" app.kubernetes.io/managed-by: Helm @@ -640,7 +640,7 @@ apiVersion: "rbac.authorization.k8s.io/v1" kind: Role metadata: labels: - helm.sh/chart: 'datadog-3.75.1' + helm.sh/chart: 'datadog-3.78.0' app.kubernetes.io/name: "datadog" app.kubernetes.io/instance: "datadog" app.kubernetes.io/managed-by: Helm @@ -657,7 +657,7 @@ apiVersion: "rbac.authorization.k8s.io/v1" kind: Role metadata: labels: - helm.sh/chart: 'datadog-3.75.1' + helm.sh/chart: 'datadog-3.78.0' app.kubernetes.io/name: "datadog" app.kubernetes.io/instance: "datadog" app.kubernetes.io/managed-by: Helm @@ -679,7 +679,7 @@ apiVersion: "rbac.authorization.k8s.io/v1" kind: RoleBinding metadata: labels: - helm.sh/chart: 'datadog-3.75.1' + helm.sh/chart: 'datadog-3.78.0' app.kubernetes.io/name: "datadog" app.kubernetes.io/instance: "datadog" app.kubernetes.io/managed-by: Helm @@ -700,7 +700,7 @@ apiVersion: "rbac.authorization.k8s.io/v1" kind: RoleBinding metadata: labels: - helm.sh/chart: 'datadog-3.75.1' + helm.sh/chart: 'datadog-3.78.0' app.kubernetes.io/name: "datadog" app.kubernetes.io/instance: "datadog" app.kubernetes.io/managed-by: Helm @@ -723,7 +723,7 @@ metadata: name: datadog-cluster-agent namespace: datadog-agent labels: - helm.sh/chart: 'datadog-3.75.1' + helm.sh/chart: 'datadog-3.78.0' app.kubernetes.io/name: "datadog" app.kubernetes.io/instance: "datadog" app.kubernetes.io/managed-by: Helm @@ -745,10 +745,10 @@ metadata: namespace: datadog-agent labels: app: "datadog" - chart: "datadog-3.75.1" + chart: "datadog-3.78.0" release: "datadog" heritage: "Helm" - helm.sh/chart: 'datadog-3.75.1' + helm.sh/chart: 'datadog-3.78.0' app.kubernetes.io/name: "datadog" app.kubernetes.io/instance: "datadog" app.kubernetes.io/managed-by: Helm @@ -771,10 +771,10 @@ metadata: namespace: datadog-agent labels: app: "datadog" - chart: "datadog-3.75.1" + chart: "datadog-3.78.0" release: "datadog" heritage: "Helm" - helm.sh/chart: 'datadog-3.75.1' + helm.sh/chart: 'datadog-3.78.0' app.kubernetes.io/name: "datadog" app.kubernetes.io/instance: "datadog" app.kubernetes.io/managed-by: Helm @@ -800,7 +800,7 @@ metadata: name: datadog namespace: datadog-agent labels: - helm.sh/chart: 'datadog-3.75.1' + helm.sh/chart: 'datadog-3.78.0' app.kubernetes.io/name: "datadog" app.kubernetes.io/instance: "datadog" app.kubernetes.io/managed-by: Helm @@ -824,8 +824,8 @@ spec: name: datadog annotations: - checksum/clusteragent_token: 16f78b0857551ecbe0b56ecfeff09fd304028ca6bc7d85c76cd570c1e358a1e1 - checksum/install_info: 87589acc73e699de4d2ee4e2f2f47d1d08905e9467bb0e4fe318f79aa3947f3b + checksum/clusteragent_token: 281e9c642e38fdc87dbb9adff6e16d22ee1f00ce74199251d8238b75887d1b5e + checksum/install_info: 8e66003a020dd0b648cc0ee91a46e96257f348938a3e1a58fd54ea6f86adbd5e checksum/autoconf-config: 74234e98afe7498fb5daf1f36ac2d78acc339464f950703b8c019892f982b90b checksum/confd-config: 44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a checksum/checksd-config: 44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a @@ -836,7 +836,7 @@ spec: hostPID: true containers: - name: agent - image: "gcr.io/datadoghq/agent:7.58.0" + image: "gcr.io/datadoghq/agent:7.59.0" imagePullPolicy: IfNotPresent command: ["agent", "run"] @@ -998,7 +998,7 @@ spec: successThreshold: 1 timeoutSeconds: 5 - name: trace-agent - image: "gcr.io/datadoghq/agent:7.58.0" + image: "gcr.io/datadoghq/agent:7.59.0" imagePullPolicy: IfNotPresent command: ["trace-agent", "-config=/etc/datadog-agent/datadog.yaml"] resources: @@ -1105,7 +1105,7 @@ spec: port: 8126 timeoutSeconds: 5 - name: process-agent - image: "gcr.io/datadoghq/agent:7.58.0" + image: "gcr.io/datadoghq/agent:7.59.0" imagePullPolicy: IfNotPresent command: ["process-agent", "--cfgpath=/etc/datadog-agent/datadog.yaml"] resources: @@ -1203,7 +1203,7 @@ spec: - name: init-volume - image: "gcr.io/datadoghq/agent:7.58.0" + image: "gcr.io/datadoghq/agent:7.59.0" imagePullPolicy: IfNotPresent command: ["bash", "-c"] args: @@ -1216,7 +1216,7 @@ spec: {} - name: init-config - image: "gcr.io/datadoghq/agent:7.58.0" + image: "gcr.io/datadoghq/agent:7.59.0" imagePullPolicy: IfNotPresent command: - bash @@ -1322,7 +1322,7 @@ metadata: name: datadog-clusterchecks namespace: datadog-agent labels: - helm.sh/chart: 'datadog-3.75.1' + helm.sh/chart: 'datadog-3.78.0' app.kubernetes.io/name: "datadog" app.kubernetes.io/instance: "datadog" app.kubernetes.io/managed-by: Helm @@ -1352,8 +1352,8 @@ spec: name: datadog-clusterchecks annotations: - checksum/clusteragent_token: 0813165fbc88838d7f439a67c19f9763b02261cca6c1198511e016fb493693ef - checksum/install_info: 87589acc73e699de4d2ee4e2f2f47d1d08905e9467bb0e4fe318f79aa3947f3b + checksum/clusteragent_token: 9dc1bb1f1d2debb518a000d9d7c0ffd146eb8c0253808aba90baa2dc19ba4bd7 + checksum/install_info: 8e66003a020dd0b648cc0ee91a46e96257f348938a3e1a58fd54ea6f86adbd5e spec: serviceAccountName: datadog-cluster-checks automountServiceAccountToken: true @@ -1361,7 +1361,7 @@ spec: [] initContainers: - name: init-volume - image: "gcr.io/datadoghq/agent:7.58.0" + image: "gcr.io/datadoghq/agent:7.59.0" imagePullPolicy: IfNotPresent command: ["bash", "-c"] args: @@ -1373,7 +1373,7 @@ spec: resources: {} - name: init-config - image: "gcr.io/datadoghq/agent:7.58.0" + image: "gcr.io/datadoghq/agent:7.59.0" imagePullPolicy: IfNotPresent command: ["bash", "-c"] args: @@ -1386,10 +1386,10 @@ spec: {} containers: - name: agent - image: "gcr.io/datadoghq/agent:7.58.0" + image: "gcr.io/datadoghq/agent:7.59.0" command: ["bash", "-c"] args: - - rm -rf /etc/datadog-agent/conf.d && touch /etc/datadog-agent/datadog.yaml && exec agent run + - find /etc/datadog-agent/conf.d/ -name "*.yaml.default" -type f -delete && touch /etc/datadog-agent/datadog.yaml && exec agent run imagePullPolicy: IfNotPresent env: @@ -1514,7 +1514,7 @@ metadata: name: datadog-cluster-agent namespace: datadog-agent labels: - helm.sh/chart: 'datadog-3.75.1' + helm.sh/chart: 'datadog-3.78.0' app.kubernetes.io/name: "datadog" app.kubernetes.io/instance: "datadog" app.kubernetes.io/managed-by: Helm @@ -1544,15 +1544,15 @@ spec: name: datadog-cluster-agent annotations: - checksum/clusteragent_token: 052652147b1153e4103954253b1024b9dd07c6f3ab5701c830f23fbf9522642f - checksum/clusteragent-configmap: 44f5f79f4dc291597183d81712b6beb73c2975ab3607e49f6e31c3290e5bef82 - checksum/install_info: 87589acc73e699de4d2ee4e2f2f47d1d08905e9467bb0e4fe318f79aa3947f3b + checksum/clusteragent_token: 471db296e9108084aa91ff95cf06232bd3ee8b371310b338d8ba217d4e50ff15 + checksum/clusteragent-configmap: 18b94379f076d60b9b9aaa9bd8ebbc2fdc70563de1beae32de2018cacf2a237e + checksum/install_info: 8e66003a020dd0b648cc0ee91a46e96257f348938a3e1a58fd54ea6f86adbd5e spec: serviceAccountName: datadog-cluster-agent automountServiceAccountToken: true initContainers: - name: init-volume - image: "gcr.io/datadoghq/cluster-agent:7.58.0" + image: "gcr.io/datadoghq/cluster-agent:7.59.0" imagePullPolicy: IfNotPresent command: - cp @@ -1565,7 +1565,7 @@ spec: mountPath: /opt/datadog-agent containers: - name: cluster-agent - image: "gcr.io/datadoghq/cluster-agent:7.58.0" + image: "gcr.io/datadoghq/cluster-agent:7.59.0" imagePullPolicy: IfNotPresent resources: {} From b6f5372ea830365d5024503ec640b7c6f7ed7425 Mon Sep 17 00:00:00 2001 From: Fanny Jiang Date: Fri, 8 Nov 2024 12:14:28 -0500 Subject: [PATCH 168/209] [datadog-crds] Update CRDs from Datadog Operator v1.10.0 tag (#1601) --- charts/datadog-crds/CHANGELOG.md | 4 + charts/datadog-crds/Chart.yaml | 2 +- charts/datadog-crds/README.md | 2 +- .../datadoghq.com_datadogagents_v1.yaml | 163 ++++++++++++++++++ crds/datadoghq.com_datadogagents.yaml | 163 ++++++++++++++++++ 5 files changed, 332 insertions(+), 2 deletions(-) diff --git a/charts/datadog-crds/CHANGELOG.md b/charts/datadog-crds/CHANGELOG.md index ff96a6ce4..39f9e8402 100644 --- a/charts/datadog-crds/CHANGELOG.md +++ b/charts/datadog-crds/CHANGELOG.md @@ -1,5 +1,9 @@ # Changelog +# 2.2.0 + +* Update CRDs from Datadog Operator v1.10.0 tag. + ## 2.1.0 * Update CRDs from Datadog Operator v1.9.0 tag. diff --git a/charts/datadog-crds/Chart.yaml b/charts/datadog-crds/Chart.yaml index e84be10f4..f4e6c9763 100644 --- a/charts/datadog-crds/Chart.yaml +++ b/charts/datadog-crds/Chart.yaml @@ -1,7 +1,7 @@ apiVersion: v1 name: datadog-crds description: Datadog Kubernetes CRDs chart -version: 2.1.0 +version: 2.2.0 appVersion: "1" keywords: - monitoring diff --git a/charts/datadog-crds/README.md b/charts/datadog-crds/README.md index 7c6f76e88..851d16f49 100644 --- a/charts/datadog-crds/README.md +++ b/charts/datadog-crds/README.md @@ -1,6 +1,6 @@ # Datadog CRDs -![Version: 2.1.0](https://img.shields.io/badge/Version-2.1.0-informational?style=flat-square) ![AppVersion: 1](https://img.shields.io/badge/AppVersion-1-informational?style=flat-square) +![Version: 2.2.0](https://img.shields.io/badge/Version-2.2.0-informational?style=flat-square) ![AppVersion: 1](https://img.shields.io/badge/AppVersion-1-informational?style=flat-square) This chart was designed to allow other "datadog" charts to share `CustomResourceDefinitions` such as the `DatadogMetric`. diff --git a/charts/datadog-crds/templates/datadoghq.com_datadogagents_v1.yaml b/charts/datadog-crds/templates/datadoghq.com_datadogagents_v1.yaml index a0c10a59a..5359f9b03 100644 --- a/charts/datadog-crds/templates/datadoghq.com_datadogagents_v1.yaml +++ b/charts/datadog-crds/templates/datadoghq.com_datadogagents_v1.yaml @@ -701,6 +701,14 @@ spec: type: boolean endpoint: type: string + hostPortConfig: + properties: + enabled: + type: boolean + hostPort: + format: int32 + type: integer + type: object type: object http: properties: @@ -708,6 +716,14 @@ spec: type: boolean endpoint: type: string + hostPortConfig: + properties: + enabled: + type: boolean + hostPort: + format: int32 + type: integer + type: object type: object type: object type: object @@ -851,6 +867,73 @@ spec: url: type: string type: object + env: + items: + properties: + name: + type: string + value: + type: string + valueFrom: + properties: + configMapKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + fieldRef: + properties: + apiVersion: + type: string + fieldPath: + type: string + required: + - fieldPath + type: object + x-kubernetes-map-type: atomic + resourceFieldRef: + properties: + containerName: + type: string + divisor: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + type: string + required: + - resource + type: object + x-kubernetes-map-type: atomic + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map fips: properties: customFIPSConfig: @@ -1006,6 +1089,18 @@ spec: tlsVerify: type: boolean type: object + kubernetesResourcesAnnotationsAsTags: + additionalProperties: + additionalProperties: + type: string + type: object + type: object + kubernetesResourcesLabelsAsTags: + additionalProperties: + additionalProperties: + type: string + type: object + type: object localService: properties: forceEnableLocalService: @@ -1076,6 +1171,31 @@ spec: type: object registry: type: string + secretBackend: + properties: + args: + type: string + command: + type: string + enableGlobalPermissions: + type: boolean + roles: + items: + properties: + namespace: + type: string + secrets: + items: + type: string + type: array + x-kubernetes-list-type: set + type: object + type: array + x-kubernetes-list-type: atomic + timeout: + format: int32 + type: integer + type: object site: type: string tags: @@ -1975,6 +2095,29 @@ spec: x-kubernetes-list-map-keys: - name x-kubernetes-list-type: map + envFrom: + items: + properties: + configMapRef: + properties: + name: + type: string + optional: + type: boolean + type: object + x-kubernetes-map-type: atomic + prefix: + type: string + secretRef: + properties: + name: + type: string + optional: + type: boolean + type: object + x-kubernetes-map-type: atomic + type: object + type: array extraChecksd: properties: configDataMap: @@ -2137,6 +2280,10 @@ spec: type: string type: object type: object + serviceAccountAnnotations: + additionalProperties: + type: string + type: object serviceAccountName: type: string tolerations: @@ -3723,6 +3870,14 @@ spec: type: boolean endpoint: type: string + hostPortConfig: + properties: + enabled: + type: boolean + hostPort: + format: int32 + type: integer + type: object type: object http: properties: @@ -3730,6 +3885,14 @@ spec: type: boolean endpoint: type: string + hostPortConfig: + properties: + enabled: + type: boolean + hostPort: + format: int32 + type: integer + type: object type: object type: object type: object diff --git a/crds/datadoghq.com_datadogagents.yaml b/crds/datadoghq.com_datadogagents.yaml index d3c0cf280..b8a5b538c 100644 --- a/crds/datadoghq.com_datadogagents.yaml +++ b/crds/datadoghq.com_datadogagents.yaml @@ -695,6 +695,14 @@ spec: type: boolean endpoint: type: string + hostPortConfig: + properties: + enabled: + type: boolean + hostPort: + format: int32 + type: integer + type: object type: object http: properties: @@ -702,6 +710,14 @@ spec: type: boolean endpoint: type: string + hostPortConfig: + properties: + enabled: + type: boolean + hostPort: + format: int32 + type: integer + type: object type: object type: object type: object @@ -845,6 +861,73 @@ spec: url: type: string type: object + env: + items: + properties: + name: + type: string + value: + type: string + valueFrom: + properties: + configMapKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + fieldRef: + properties: + apiVersion: + type: string + fieldPath: + type: string + required: + - fieldPath + type: object + x-kubernetes-map-type: atomic + resourceFieldRef: + properties: + containerName: + type: string + divisor: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + type: string + required: + - resource + type: object + x-kubernetes-map-type: atomic + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map fips: properties: customFIPSConfig: @@ -1000,6 +1083,18 @@ spec: tlsVerify: type: boolean type: object + kubernetesResourcesAnnotationsAsTags: + additionalProperties: + additionalProperties: + type: string + type: object + type: object + kubernetesResourcesLabelsAsTags: + additionalProperties: + additionalProperties: + type: string + type: object + type: object localService: properties: forceEnableLocalService: @@ -1070,6 +1165,31 @@ spec: type: object registry: type: string + secretBackend: + properties: + args: + type: string + command: + type: string + enableGlobalPermissions: + type: boolean + roles: + items: + properties: + namespace: + type: string + secrets: + items: + type: string + type: array + x-kubernetes-list-type: set + type: object + type: array + x-kubernetes-list-type: atomic + timeout: + format: int32 + type: integer + type: object site: type: string tags: @@ -1969,6 +2089,29 @@ spec: x-kubernetes-list-map-keys: - name x-kubernetes-list-type: map + envFrom: + items: + properties: + configMapRef: + properties: + name: + type: string + optional: + type: boolean + type: object + x-kubernetes-map-type: atomic + prefix: + type: string + secretRef: + properties: + name: + type: string + optional: + type: boolean + type: object + x-kubernetes-map-type: atomic + type: object + type: array extraChecksd: properties: configDataMap: @@ -2131,6 +2274,10 @@ spec: type: string type: object type: object + serviceAccountAnnotations: + additionalProperties: + type: string + type: object serviceAccountName: type: string tolerations: @@ -3717,6 +3864,14 @@ spec: type: boolean endpoint: type: string + hostPortConfig: + properties: + enabled: + type: boolean + hostPort: + format: int32 + type: integer + type: object type: object http: properties: @@ -3724,6 +3879,14 @@ spec: type: boolean endpoint: type: string + hostPortConfig: + properties: + enabled: + type: boolean + hostPort: + format: int32 + type: integer + type: object type: object type: object type: object From 4e19b9111f4672fc1cb0c90d4b131cf876156948 Mon Sep 17 00:00:00 2001 From: levan-m <116471169+levan-m@users.noreply.github.com> Date: Fri, 8 Nov 2024 12:28:13 -0500 Subject: [PATCH 169/209] Configure Github workflow and job level permissions (#1602) * Configure Github workflow and job level permissions * force CI run * Revert "force CI run" This reverts commit ab704769402a4f95d671b659a2e9a5a55c9861dc. --- .github/workflows/ci.yaml | 5 +++++ .github/workflows/go-test-private-action-runner.yaml | 6 ++++++ .github/workflows/go-test.yaml | 6 ++++++ .github/workflows/pr-labeler.yaml | 7 +++++++ .github/workflows/release.yaml | 5 +++++ 5 files changed, 29 insertions(+) diff --git a/.github/workflows/ci.yaml b/.github/workflows/ci.yaml index 1c2cd57d0..bbce00ed9 100644 --- a/.github/workflows/ci.yaml +++ b/.github/workflows/ci.yaml @@ -5,6 +5,11 @@ on: paths: - "charts/**" +# Permission forced by repo-level setting; only elevate on job-level +permissions: + contents: read + # packages: read + jobs: changed: runs-on: ubuntu-latest diff --git a/.github/workflows/go-test-private-action-runner.yaml b/.github/workflows/go-test-private-action-runner.yaml index a42811bde..dc26fd575 100644 --- a/.github/workflows/go-test-private-action-runner.yaml +++ b/.github/workflows/go-test-private-action-runner.yaml @@ -8,6 +8,12 @@ on: paths: - 'test/private-action-runner/**' - 'charts/private-action-runner/**' + +# Permission forced by repo-level setting; only elevate on job-level +permissions: + contents: read + # packages: read + env: GO111MODULE: "on" PROJECTNAME: "helm-charts" diff --git a/.github/workflows/go-test.yaml b/.github/workflows/go-test.yaml index 3e8e2b1c5..739a20b1b 100644 --- a/.github/workflows/go-test.yaml +++ b/.github/workflows/go-test.yaml @@ -8,6 +8,12 @@ on: paths: - 'test/datadog-operator/**' - 'charts/datadog-operator/**' + +# Permission forced by repo-level setting; only elevate on job-level +permissions: + contents: read + # packages: read + env: GO111MODULE: "on" PROJECTNAME: "helm-charts" diff --git a/.github/workflows/pr-labeler.yaml b/.github/workflows/pr-labeler.yaml index f1d36ed3d..ff711a73d 100644 --- a/.github/workflows/pr-labeler.yaml +++ b/.github/workflows/pr-labeler.yaml @@ -4,10 +4,17 @@ on: branches: - main +# Permission forced by repo-level setting; only elevate on job-level +permissions: + contents: read + # packages: read + jobs: label: name: Add label for PRs runs-on: ubuntu-latest + permissions: + pull-requests: write timeout-minutes: 5 steps: - uses: actions/labeler@v5 diff --git a/.github/workflows/release.yaml b/.github/workflows/release.yaml index bb531756f..e33b3d11f 100644 --- a/.github/workflows/release.yaml +++ b/.github/workflows/release.yaml @@ -7,9 +7,14 @@ on: paths: - 'charts/**' +permissions: {} + jobs: release: runs-on: ubuntu-latest + permissions: + # https://github.com/helm/chart-releaser-action + contents: write steps: - name: Checkout uses: actions/checkout@v3 From db5854c7ae065a6caf451709f914e8a2a7fce09a Mon Sep 17 00:00:00 2001 From: Fanny Jiang Date: Fri, 8 Nov 2024 14:58:28 -0500 Subject: [PATCH 170/209] update operator version to 1.10.0 (#1603) --- charts/datadog-operator/CHANGELOG.md | 4 + charts/datadog-operator/Chart.lock | 6 +- charts/datadog-operator/Chart.yaml | 6 +- charts/datadog-operator/README.md | 4 +- .../datadog-operator/templates/_helpers.tpl | 2 +- charts/datadog-operator/values.yaml | 2 +- .../baseline/DatadogAgent_CRD_default.yaml | 165 +++++++++++++++++- .../baseline/Operator_Deployment_default.yaml | 6 +- .../operator_deployment_test.go | 2 +- ...gent-clusterchecks-deployment_default.yaml | 2 +- .../cluster-agent-deployment_default.yaml | 2 +- ...loyment_default_advanced_AC_injection.yaml | 2 +- ...ployment_default_minimal_AC_injection.yaml | 2 +- test/datadog/baseline/daemonset_default.yaml | 2 +- test/datadog/baseline/other_default.yaml | 12 +- 15 files changed, 193 insertions(+), 26 deletions(-) diff --git a/charts/datadog-operator/CHANGELOG.md b/charts/datadog-operator/CHANGELOG.md index c2e35c443..773a75e11 100644 --- a/charts/datadog-operator/CHANGELOG.md +++ b/charts/datadog-operator/CHANGELOG.md @@ -1,5 +1,9 @@ # Changelog +## 2.3.0 + +* Update Datadog Operator version to 1.10.0. + ## 2.2.0 * Add clusterRole.allowReadAllResources to allow viewing all resources. This is required for collecting custom resources in the Kubernetes Explorer diff --git a/charts/datadog-operator/Chart.lock b/charts/datadog-operator/Chart.lock index b5c089010..41fd2ccbd 100644 --- a/charts/datadog-operator/Chart.lock +++ b/charts/datadog-operator/Chart.lock @@ -1,6 +1,6 @@ dependencies: - name: datadog-crds repository: https://helm.datadoghq.com - version: 2.1.0 -digest: sha256:8f24ab33303f20421688b071b9fb028c0662795952298300ed4b9a060a4332ac -generated: "2024-10-10T12:48:27.526346-04:00" + version: 2.2.0 +digest: sha256:42b9b7296f565f17f11adea26fa8cb003c0f01551a84793873a3ae6c73efedc2 +generated: "2024-11-08T14:03:54.721912-05:00" diff --git a/charts/datadog-operator/Chart.yaml b/charts/datadog-operator/Chart.yaml index 307497bbd..c9e85b586 100644 --- a/charts/datadog-operator/Chart.yaml +++ b/charts/datadog-operator/Chart.yaml @@ -1,7 +1,7 @@ apiVersion: v2 name: datadog-operator -version: 2.2.0 -appVersion: 1.9.0 +version: 2.3.0 +appVersion: 1.10.0 description: Datadog Operator keywords: - monitoring @@ -17,7 +17,7 @@ maintainers: email: support@datadoghq.com dependencies: - name: datadog-crds - version: "=2.1.0" + version: "=2.2.0" alias: datadogCRDs repository: https://helm.datadoghq.com condition: installCRDs diff --git a/charts/datadog-operator/README.md b/charts/datadog-operator/README.md index fe2b687ab..532eb73ce 100644 --- a/charts/datadog-operator/README.md +++ b/charts/datadog-operator/README.md @@ -1,6 +1,6 @@ # Datadog Operator -![Version: 2.2.0](https://img.shields.io/badge/Version-2.2.0-informational?style=flat-square) ![AppVersion: 1.9.0](https://img.shields.io/badge/AppVersion-1.9.0-informational?style=flat-square) +![Version: 2.3.0](https://img.shields.io/badge/Version-2.3.0-informational?style=flat-square) ![AppVersion: 1.10.0](https://img.shields.io/badge/AppVersion-1.10.0-informational?style=flat-square) ## Values @@ -33,7 +33,7 @@ | image.doNotCheckTag | bool | `false` | Permit skipping operator image tag compatibility with the chart. | | image.pullPolicy | string | `"IfNotPresent"` | Define the pullPolicy for Datadog Operator image | | image.repository | string | `"gcr.io/datadoghq/operator"` | Repository to use for Datadog Operator image | -| image.tag | string | `"1.9.0"` | Define the Datadog Operator version to use | +| image.tag | string | `"1.10.0"` | Define the Datadog Operator version to use | | imagePullSecrets | list | `[]` | Datadog Operator repository pullSecret (ex: specify docker registry credentials) | | installCRDs | bool | `true` | Set to true to deploy the Datadog's CRDs | | introspection.enabled | bool | `false` | If true, enables introspection feature (beta). Requires v1.4.0+ | diff --git a/charts/datadog-operator/templates/_helpers.tpl b/charts/datadog-operator/templates/_helpers.tpl index 2ec94580f..afc48dc57 100644 --- a/charts/datadog-operator/templates/_helpers.tpl +++ b/charts/datadog-operator/templates/_helpers.tpl @@ -85,6 +85,6 @@ Check operator image tag version. {{- if not .Values.image.doNotCheckTag -}} {{- .Values.image.tag -}} {{- else -}} -{{ "1.9.0" }} +{{ "1.10.0" }} {{- end -}} {{- end -}} diff --git a/charts/datadog-operator/values.yaml b/charts/datadog-operator/values.yaml index d445f9f8c..3558679f4 100644 --- a/charts/datadog-operator/values.yaml +++ b/charts/datadog-operator/values.yaml @@ -47,7 +47,7 @@ image: # image.repository -- Repository to use for Datadog Operator image repository: gcr.io/datadoghq/operator # image.tag -- Define the Datadog Operator version to use - tag: 1.9.0 + tag: 1.10.0 # image.pullPolicy -- Define the pullPolicy for Datadog Operator image pullPolicy: IfNotPresent # image.doNotCheckTag -- Permit skipping operator image tag compatibility with the chart. diff --git a/test/datadog-operator/baseline/DatadogAgent_CRD_default.yaml b/test/datadog-operator/baseline/DatadogAgent_CRD_default.yaml index 22931c5af..2b46bb5d6 100644 --- a/test/datadog-operator/baseline/DatadogAgent_CRD_default.yaml +++ b/test/datadog-operator/baseline/DatadogAgent_CRD_default.yaml @@ -7,7 +7,7 @@ metadata: controller-gen.kubebuilder.io/version: v0.14.0 name: datadogagents.datadoghq.com labels: - helm.sh/chart: 'datadogCRDs-2.1.0' + helm.sh/chart: 'datadogCRDs-2.2.0' app.kubernetes.io/managed-by: 'Helm' app.kubernetes.io/name: 'datadogCRDs' app.kubernetes.io/instance: 'datadog-operator' @@ -701,6 +701,14 @@ spec: type: boolean endpoint: type: string + hostPortConfig: + properties: + enabled: + type: boolean + hostPort: + format: int32 + type: integer + type: object type: object http: properties: @@ -708,6 +716,14 @@ spec: type: boolean endpoint: type: string + hostPortConfig: + properties: + enabled: + type: boolean + hostPort: + format: int32 + type: integer + type: object type: object type: object type: object @@ -851,6 +867,73 @@ spec: url: type: string type: object + env: + items: + properties: + name: + type: string + value: + type: string + valueFrom: + properties: + configMapKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + fieldRef: + properties: + apiVersion: + type: string + fieldPath: + type: string + required: + - fieldPath + type: object + x-kubernetes-map-type: atomic + resourceFieldRef: + properties: + containerName: + type: string + divisor: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + type: string + required: + - resource + type: object + x-kubernetes-map-type: atomic + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map fips: properties: customFIPSConfig: @@ -1006,6 +1089,18 @@ spec: tlsVerify: type: boolean type: object + kubernetesResourcesAnnotationsAsTags: + additionalProperties: + additionalProperties: + type: string + type: object + type: object + kubernetesResourcesLabelsAsTags: + additionalProperties: + additionalProperties: + type: string + type: object + type: object localService: properties: forceEnableLocalService: @@ -1076,6 +1171,31 @@ spec: type: object registry: type: string + secretBackend: + properties: + args: + type: string + command: + type: string + enableGlobalPermissions: + type: boolean + roles: + items: + properties: + namespace: + type: string + secrets: + items: + type: string + type: array + x-kubernetes-list-type: set + type: object + type: array + x-kubernetes-list-type: atomic + timeout: + format: int32 + type: integer + type: object site: type: string tags: @@ -1975,6 +2095,29 @@ spec: x-kubernetes-list-map-keys: - name x-kubernetes-list-type: map + envFrom: + items: + properties: + configMapRef: + properties: + name: + type: string + optional: + type: boolean + type: object + x-kubernetes-map-type: atomic + prefix: + type: string + secretRef: + properties: + name: + type: string + optional: + type: boolean + type: object + x-kubernetes-map-type: atomic + type: object + type: array extraChecksd: properties: configDataMap: @@ -2137,6 +2280,10 @@ spec: type: string type: object type: object + serviceAccountAnnotations: + additionalProperties: + type: string + type: object serviceAccountName: type: string tolerations: @@ -3723,6 +3870,14 @@ spec: type: boolean endpoint: type: string + hostPortConfig: + properties: + enabled: + type: boolean + hostPort: + format: int32 + type: integer + type: object type: object http: properties: @@ -3730,6 +3885,14 @@ spec: type: boolean endpoint: type: string + hostPortConfig: + properties: + enabled: + type: boolean + hostPort: + format: int32 + type: integer + type: object type: object type: object type: object diff --git a/test/datadog-operator/baseline/Operator_Deployment_default.yaml b/test/datadog-operator/baseline/Operator_Deployment_default.yaml index 1c051983d..cd52a9683 100644 --- a/test/datadog-operator/baseline/Operator_Deployment_default.yaml +++ b/test/datadog-operator/baseline/Operator_Deployment_default.yaml @@ -7,9 +7,9 @@ metadata: namespace: datadog-agent labels: app.kubernetes.io/name: datadog-operator - helm.sh/chart: datadog-operator-2.2.0 + helm.sh/chart: datadog-operator-2.3.0 app.kubernetes.io/instance: datadog-operator - app.kubernetes.io/version: "1.9.0" + app.kubernetes.io/version: "1.10.0" app.kubernetes.io/managed-by: Helm spec: replicas: 1 @@ -35,7 +35,7 @@ spec: serviceAccountName: datadog-operator containers: - name: datadog-operator - image: "gcr.io/datadoghq/operator:1.9.0" + image: "gcr.io/datadoghq/operator:1.10.0" imagePullPolicy: IfNotPresent env: - name: WATCH_NAMESPACE diff --git a/test/datadog-operator/operator_deployment_test.go b/test/datadog-operator/operator_deployment_test.go index 1bfa22777..d97cad2a5 100644 --- a/test/datadog-operator/operator_deployment_test.go +++ b/test/datadog-operator/operator_deployment_test.go @@ -104,7 +104,7 @@ func verifyDeployment(t *testing.T, manifest string) { assert.Equal(t, 1, len(deployment.Spec.Template.Spec.Containers)) operatorContainer := deployment.Spec.Template.Spec.Containers[0] assert.Equal(t, v1.PullPolicy("IfNotPresent"), operatorContainer.ImagePullPolicy) - assert.Equal(t, "gcr.io/datadoghq/operator:1.9.0", operatorContainer.Image) + assert.Equal(t, "gcr.io/datadoghq/operator:1.10.0", operatorContainer.Image) assert.NotContains(t, operatorContainer.Args, "-webhookEnabled=false") assert.NotContains(t, operatorContainer.Args, "-webhookEnabled=true") } diff --git a/test/datadog/baseline/agent-clusterchecks-deployment_default.yaml b/test/datadog/baseline/agent-clusterchecks-deployment_default.yaml index f9bb6d560..d920f7a94 100644 --- a/test/datadog/baseline/agent-clusterchecks-deployment_default.yaml +++ b/test/datadog/baseline/agent-clusterchecks-deployment_default.yaml @@ -36,7 +36,7 @@ spec: name: datadog-clusterchecks annotations: - checksum/clusteragent_token: 12bf793564e44ccbda0cb741eff765654dd1f980807df8c9e1c48fa5843f977f + checksum/clusteragent_token: 469c53bc0541e25237e65b1972c755bf51ba2a3faff0db4200a5e616c1a85ae6 checksum/install_info: 8e66003a020dd0b648cc0ee91a46e96257f348938a3e1a58fd54ea6f86adbd5e spec: serviceAccountName: datadog-cluster-checks diff --git a/test/datadog/baseline/cluster-agent-deployment_default.yaml b/test/datadog/baseline/cluster-agent-deployment_default.yaml index f7b464038..6319408cb 100644 --- a/test/datadog/baseline/cluster-agent-deployment_default.yaml +++ b/test/datadog/baseline/cluster-agent-deployment_default.yaml @@ -36,7 +36,7 @@ spec: name: datadog-cluster-agent annotations: - checksum/clusteragent_token: 0bdd826ca5a082af0fb3b706904748841535d6e49e5c19fa1c1927e46e2be582 + checksum/clusteragent_token: 050ab49a451e1238668b8df86b20941fe655e87b3a55aa57497dea39ac9163c5 checksum/clusteragent-configmap: 6fea41ac9179f9a526bbb2b5c3f168fd232111ff2c4bdf1cd922c31e45038c31 checksum/api_key: 5aa9dfe916543cbcf1014dfa812cc46d36156564f56704b12c5f9e9c77afd266 checksum/application_key: 01ba4719c80b6fe911b091a7c05124b64eeece964e09c058ef8f9805daca546b diff --git a/test/datadog/baseline/cluster-agent-deployment_default_advanced_AC_injection.yaml b/test/datadog/baseline/cluster-agent-deployment_default_advanced_AC_injection.yaml index f0b7b256b..772799b96 100644 --- a/test/datadog/baseline/cluster-agent-deployment_default_advanced_AC_injection.yaml +++ b/test/datadog/baseline/cluster-agent-deployment_default_advanced_AC_injection.yaml @@ -36,7 +36,7 @@ spec: name: datadog-cluster-agent annotations: - checksum/clusteragent_token: d767ed339a25dd96716bdb33b78df8bea9dea12ab0e51a9421565ffd7c52d4c0 + checksum/clusteragent_token: 6723707eea64584b2ca85a11cd177a99c2fe52117542bffbdf61a38592a0b2a5 checksum/clusteragent-configmap: 6fea41ac9179f9a526bbb2b5c3f168fd232111ff2c4bdf1cd922c31e45038c31 checksum/api_key: 5aa9dfe916543cbcf1014dfa812cc46d36156564f56704b12c5f9e9c77afd266 checksum/application_key: 01ba4719c80b6fe911b091a7c05124b64eeece964e09c058ef8f9805daca546b diff --git a/test/datadog/baseline/cluster-agent-deployment_default_minimal_AC_injection.yaml b/test/datadog/baseline/cluster-agent-deployment_default_minimal_AC_injection.yaml index 08252684e..5edd494e5 100644 --- a/test/datadog/baseline/cluster-agent-deployment_default_minimal_AC_injection.yaml +++ b/test/datadog/baseline/cluster-agent-deployment_default_minimal_AC_injection.yaml @@ -36,7 +36,7 @@ spec: name: datadog-cluster-agent annotations: - checksum/clusteragent_token: 4682112f5ddc3bb51df45fdecab40e75d8b78b7b0833a7ebddf16ab19ebd6c79 + checksum/clusteragent_token: 7d36a45b80acd6890bafa74cae91697ea7b85a2561cc27f38148d00607a734b4 checksum/clusteragent-configmap: 6fea41ac9179f9a526bbb2b5c3f168fd232111ff2c4bdf1cd922c31e45038c31 checksum/api_key: 5aa9dfe916543cbcf1014dfa812cc46d36156564f56704b12c5f9e9c77afd266 checksum/application_key: 01ba4719c80b6fe911b091a7c05124b64eeece964e09c058ef8f9805daca546b diff --git a/test/datadog/baseline/daemonset_default.yaml b/test/datadog/baseline/daemonset_default.yaml index 38eef8f95..fcc8a00b5 100644 --- a/test/datadog/baseline/daemonset_default.yaml +++ b/test/datadog/baseline/daemonset_default.yaml @@ -30,7 +30,7 @@ spec: name: datadog annotations: - checksum/clusteragent_token: 762520458d6f8835baa01ed6151bb362d62ec396986f8d899953f5e024eee49f + checksum/clusteragent_token: 36783249a1a56e6ad7e24b5b38037b6fa09535bcbf5d09bfa9ae9d87be97990e checksum/install_info: 8e66003a020dd0b648cc0ee91a46e96257f348938a3e1a58fd54ea6f86adbd5e checksum/autoconf-config: 74234e98afe7498fb5daf1f36ac2d78acc339464f950703b8c019892f982b90b checksum/confd-config: 44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a diff --git a/test/datadog/baseline/other_default.yaml b/test/datadog/baseline/other_default.yaml index 2f9e7ad72..151d23cce 100644 --- a/test/datadog/baseline/other_default.yaml +++ b/test/datadog/baseline/other_default.yaml @@ -99,7 +99,7 @@ metadata: app.kubernetes.io/version: "7" type: Opaque data: - token: "RzQyblZwc0FvQktmQWZ1Tjd0U2JOTXY2bjJLc2t3bDY=" + token: "b0pkcDdBWU9DZENhcDU1T2ZEbnRXMkxjbW9LT3phdEE=" --- # Source: datadog/templates/cluster-agent-confd-configmap.yaml apiVersion: v1 @@ -191,8 +191,8 @@ metadata: app.kubernetes.io/version: "7" data: install_type: k8s_manual - install_id: "d92824a1-17ef-4aee-96a4-bf062385f9f0" - install_time: "1731003623" + install_id: "417924d1-f1c7-4c44-b681-a4b82f54d07d" + install_time: "1731094912" --- # Source: datadog/templates/cluster-agent-rbac.yaml apiVersion: "rbac.authorization.k8s.io/v1" @@ -824,7 +824,7 @@ spec: name: datadog annotations: - checksum/clusteragent_token: 281e9c642e38fdc87dbb9adff6e16d22ee1f00ce74199251d8238b75887d1b5e + checksum/clusteragent_token: dbcee8ba14e360a887c9426f7a91014cf4c59f37e317f7084bb28729aedcfb38 checksum/install_info: 8e66003a020dd0b648cc0ee91a46e96257f348938a3e1a58fd54ea6f86adbd5e checksum/autoconf-config: 74234e98afe7498fb5daf1f36ac2d78acc339464f950703b8c019892f982b90b checksum/confd-config: 44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a @@ -1352,7 +1352,7 @@ spec: name: datadog-clusterchecks annotations: - checksum/clusteragent_token: 9dc1bb1f1d2debb518a000d9d7c0ffd146eb8c0253808aba90baa2dc19ba4bd7 + checksum/clusteragent_token: cc7c556be49df89c9540b1769bcc9af7f787d18b2770ccf885920cd3c3867fd2 checksum/install_info: 8e66003a020dd0b648cc0ee91a46e96257f348938a3e1a58fd54ea6f86adbd5e spec: serviceAccountName: datadog-cluster-checks @@ -1544,7 +1544,7 @@ spec: name: datadog-cluster-agent annotations: - checksum/clusteragent_token: 471db296e9108084aa91ff95cf06232bd3ee8b371310b338d8ba217d4e50ff15 + checksum/clusteragent_token: 982bf49be535679f1005e6648f369a19b8525b1f802f5874952fcf32b5b56bfe checksum/clusteragent-configmap: 18b94379f076d60b9b9aaa9bd8ebbc2fdc70563de1beae32de2018cacf2a237e checksum/install_info: 8e66003a020dd0b648cc0ee91a46e96257f348938a3e1a58fd54ea6f86adbd5e spec: From 6db36e96d98cc04096dfbcb30b4982155997c0c6 Mon Sep 17 00:00:00 2001 From: Fanny Jiang Date: Mon, 11 Nov 2024 17:53:26 -0500 Subject: [PATCH 171/209] Add providers.gke.gdc option to datadog chart (#1521) * wip * add providers.gke.gdc option to datadog chart * update test baselines * syntax fix * add back logs hostPaths * cleanup/wip * fixes, add test, update baselines * fix dd_nodename * fix test, bump version, update baselines * update readme, fix test * cleanup/refactor * apply review suggestions * bump chart version and update baselines/docs * remove redundant template --- charts/datadog/CHANGELOG.md | 4 + charts/datadog/Chart.yaml | 2 +- charts/datadog/README.md | 3 +- charts/datadog/ci/gke-gdc-values.yaml | 20 ++ .../templates/_components-common-env.yaml | 6 + .../datadog/templates/_container-agent.yaml | 10 +- .../_container-cri-volumemounts.yaml | 2 +- .../_container-host-release-volumemounts.yaml | 2 + .../templates/_container-trace-agent.yaml | 4 +- .../templates/_containers-common-env.yaml | 11 +- .../templates/_containers-init-linux.yaml | 12 +- .../templates/_daemonset-volumes-linux.yaml | 31 +- .../templates/_daemonset-volumes-windows.yaml | 2 +- charts/datadog/templates/_helpers.tpl | 57 +++- .../templates/_processes-common-env.yaml | 4 +- charts/datadog/templates/daemonset.yaml | 2 +- charts/datadog/values.yaml | 3 + ...gent-clusterchecks-deployment_default.yaml | 6 +- .../cluster-agent-deployment_default.yaml | 10 +- ...loyment_default_advanced_AC_injection.yaml | 10 +- ...ployment_default_minimal_AC_injection.yaml | 10 +- test/datadog/baseline/daemonset_default.yaml | 25 +- .../baseline/gdc_daemonset_default.yaml | 280 ++++++++++++++++ .../gdc_daemonset_logs_collection.yaml | 301 ++++++++++++++++++ test/datadog/baseline/other_default.yaml | 103 +++--- test/datadog/baseline_test.go | 36 +++ test/datadog/gdc_test.go | 90 ++++++ 27 files changed, 920 insertions(+), 126 deletions(-) create mode 100644 charts/datadog/ci/gke-gdc-values.yaml create mode 100644 test/datadog/baseline/gdc_daemonset_default.yaml create mode 100644 test/datadog/baseline/gdc_daemonset_logs_collection.yaml create mode 100644 test/datadog/gdc_test.go diff --git a/charts/datadog/CHANGELOG.md b/charts/datadog/CHANGELOG.md index 9f81f85de..80dc04b8d 100644 --- a/charts/datadog/CHANGELOG.md +++ b/charts/datadog/CHANGELOG.md @@ -1,5 +1,9 @@ # Datadog changelog +## 3.79.0 + +* Add Logs Collection support for Google GKE on GDC + ## 3.78.0 * Set default `Agent` and `Cluster-Agent` version to `7.59.0`. diff --git a/charts/datadog/Chart.yaml b/charts/datadog/Chart.yaml index a35ac09d1..5f4f70b25 100644 --- a/charts/datadog/Chart.yaml +++ b/charts/datadog/Chart.yaml @@ -1,6 +1,6 @@ apiVersion: v1 name: datadog -version: 3.78.0 +version: 3.79.0 appVersion: "7" description: Datadog Agent keywords: diff --git a/charts/datadog/README.md b/charts/datadog/README.md index 0e927ad0f..3ad8260ea 100644 --- a/charts/datadog/README.md +++ b/charts/datadog/README.md @@ -1,6 +1,6 @@ # Datadog -![Version: 3.78.0](https://img.shields.io/badge/Version-3.78.0-informational?style=flat-square) ![AppVersion: 7](https://img.shields.io/badge/AppVersion-7-informational?style=flat-square) +![Version: 3.79.0](https://img.shields.io/badge/Version-3.79.0-informational?style=flat-square) ![AppVersion: 7](https://img.shields.io/badge/AppVersion-7-informational?style=flat-square) [Datadog](https://www.datadoghq.com/) is a hosted infrastructure monitoring platform. This chart adds the Datadog Agent to all nodes in your cluster via a DaemonSet. It also optionally depends on the [kube-state-metrics chart](https://github.com/prometheus-community/helm-charts/tree/main/charts/kube-state-metrics). For more information about monitoring Kubernetes with Datadog, please refer to the [Datadog documentation website](https://docs.datadoghq.com/agent/basic_agent_usage/kubernetes/). @@ -879,6 +879,7 @@ helm install \ | providers.eks.ec2.useHostnameFromFile | bool | `false` | Use hostname from EC2 filesystem instead of fetching from metadata endpoint. | | providers.gke.autopilot | bool | `false` | Enables Datadog Agent deployment on GKE Autopilot | | providers.gke.cos | bool | `false` | Enables Datadog Agent deployment on GKE with Container-Optimized OS (COS) | +| providers.gke.gdc | bool | `false` | Enables Datadog Agent deployment on GKE on Google Distributed Cloud (GDC) | | registry | string | `nil` | Registry to use for all Agent images (default to [gcr.io | eu.gcr.io | asia.gcr.io | datadoghq.azurecr.io | public.ecr.aws/datadog] depending on datadog.site value) | | remoteConfiguration.enabled | bool | `true` | Set to true to enable remote configuration on the Cluster Agent (if set) and the node agent. Can be overridden if `datadog.remoteConfiguration.enabled` Preferred way to enable Remote Configuration. | | targetSystem | string | `"linux"` | Target OS for this deployment (possible values: linux, windows) | diff --git a/charts/datadog/ci/gke-gdc-values.yaml b/charts/datadog/ci/gke-gdc-values.yaml new file mode 100644 index 000000000..1c6fcc087 --- /dev/null +++ b/charts/datadog/ci/gke-gdc-values.yaml @@ -0,0 +1,20 @@ +providers: + gke: + gdc: true + +datadog: + apiKey: "00000000000000000000000000000000" + appKey: "0000000000000000000000000000000000000000" + + apm: + socketEnabled: false + portEnabled: false + + logs: + enabled: true + containerCollectAll: true + containerCollectUsingFiles: true + autoMultiLineDetection: true + + kubeStateMetricsCore: + enabled: true diff --git a/charts/datadog/templates/_components-common-env.yaml b/charts/datadog/templates/_components-common-env.yaml index 0a58d9114..0ca7b0363 100644 --- a/charts/datadog/templates/_components-common-env.yaml +++ b/charts/datadog/templates/_components-common-env.yaml @@ -64,4 +64,10 @@ - name: DD_EXCLUDE_PAUSE_CONTAINER value: "false" {{- end }} +{{- if .Values.providers.gke.gdc }} +- name: DD_KUBELET_CLIENT_CRT + value: /certs/tls.crt +- name: DD_KUBELET_CLIENT_KEY + value: /certs/tls.key +{{- end }} {{- end }} diff --git a/charts/datadog/templates/_container-agent.yaml b/charts/datadog/templates/_container-agent.yaml index 5288da809..5219db7ed 100644 --- a/charts/datadog/templates/_container-agent.yaml +++ b/charts/datadog/templates/_container-agent.yaml @@ -121,7 +121,7 @@ - name: DD_HEALTH_PORT {{- $healthPort := .Values.agents.containers.agent.healthPort }} value: {{ $healthPort | quote }} - {{- if eq .Values.targetSystem "linux" }} + {{- if and (eq .Values.targetSystem "linux") (not .Values.providers.gke.gdc) }} - name: DD_DOGSTATSD_SOCKET value: {{ .Values.datadog.dogstatsd.socketPath | quote }} {{- end }} @@ -237,6 +237,7 @@ readOnly: true {{- end }} {{- if eq .Values.targetSystem "linux" }} + {{- if not .Values.providers.gke.gdc }} - name: dsdsocket mountPath: {{ (dir .Values.datadog.dogstatsd.socketPath) }} readOnly: false @@ -262,6 +263,7 @@ mountPath: /etc/passwd readOnly: true {{- end }} + {{- end }} {{- if or .Values.datadog.logs.enabled .Values.datadog.logsEnabled }} - name: pointerdir mountPath: /opt/datadog-agent/run @@ -275,7 +277,7 @@ mountPath: /var/log/containers mountPropagation: {{ .Values.datadog.hostVolumeMountPropagation }} readOnly: true - {{- if not .Values.datadog.criSocketPath }} + {{- if and (not .Values.datadog.criSocketPath) (not .Values.providers.gke.gdc) }} - name: logdockercontainerpath mountPath: /var/lib/docker/containers mountPropagation: {{ .Values.datadog.hostVolumeMountPropagation }} @@ -338,6 +340,10 @@ {{- if .Values.datadog.kubelet.hostCAPath }} {{ include "datadog.kubelet.volumeMount" . | indent 4 }} {{- end }} + {{- if .Values.providers.gke.gdc }} + - name: kubelet-cert-volume + mountPath: /certs + {{- end }} {{- if .Values.agents.volumeMounts }} {{ toYaml .Values.agents.volumeMounts | indent 4 }} {{- end }} diff --git a/charts/datadog/templates/_container-cri-volumemounts.yaml b/charts/datadog/templates/_container-cri-volumemounts.yaml index fa85ce44e..af88ed5f3 100644 --- a/charts/datadog/templates/_container-cri-volumemounts.yaml +++ b/charts/datadog/templates/_container-cri-volumemounts.yaml @@ -1,5 +1,5 @@ {{- define "container-crisocket-volumemounts" -}} -{{- if .Values.datadog.containerRuntimeSupport.enabled }} +{{- if (eq (include "container-runtime-support-enabled" .) "true") }} {{- if eq .Values.targetSystem "linux" }} - name: runtimesocketdir mountPath: {{ print "/host/" (dir (include "datadog.dockerOrCriSocketPath" .)) | clean }} diff --git a/charts/datadog/templates/_container-host-release-volumemounts.yaml b/charts/datadog/templates/_container-host-release-volumemounts.yaml index 7e3ad1ac4..b775b7953 100644 --- a/charts/datadog/templates/_container-host-release-volumemounts.yaml +++ b/charts/datadog/templates/_container-host-release-volumemounts.yaml @@ -1,4 +1,5 @@ {{- define "linux-container-host-release-volumemounts" -}} +{{- if not .Values.providers.gke.gdc }} {{- if eq (include "should-enable-system-probe" .) "true" }} - name: os-release-file mountPath: /host{{ .Values.datadog.systemProbe.osReleasePath | default .Values.datadog.osReleasePath }} @@ -9,3 +10,4 @@ readOnly: true {{- end }} {{- end }} +{{- end }} diff --git a/charts/datadog/templates/_container-trace-agent.yaml b/charts/datadog/templates/_container-trace-agent.yaml index c14094a09..66130e2f1 100644 --- a/charts/datadog/templates/_container-trace-agent.yaml +++ b/charts/datadog/templates/_container-trace-agent.yaml @@ -86,7 +86,7 @@ readOnly: true {{- end }} {{- if eq .Values.targetSystem "linux" }} - {{- if not .Values.providers.gke.autopilot }} + {{- if not (or .Values.providers.gke.autopilot .Values.providers.gke.gdc) }} - name: procdir mountPath: /host/proc mountPropagation: {{ .Values.datadog.hostVolumeMountPropagation }} @@ -99,6 +99,7 @@ - name: tmpdir mountPath: /tmp readOnly: false # Need RW for tmp directory + {{- if not .Values.providers.gke.gdc }} - name: dsdsocket mountPath: {{ (dir .Values.datadog.dogstatsd.socketPath) }} readOnly: false # Need RW for UDS DSD socket @@ -109,6 +110,7 @@ {{- end }} {{- end }} {{- include "container-crisocket-volumemounts" . | nindent 4 }} + {{- end }} {{- include "container-cloudinit-volumemounts" . | nindent 4 }} {{- if .Values.datadog.kubelet.hostCAPath }} {{ include "datadog.kubelet.volumeMount" . | indent 4 }} diff --git a/charts/datadog/templates/_containers-common-env.yaml b/charts/datadog/templates/_containers-common-env.yaml index faa496348..84428aeb1 100644 --- a/charts/datadog/templates/_containers-common-env.yaml +++ b/charts/datadog/templates/_containers-common-env.yaml @@ -30,6 +30,15 @@ - name: DD_KUBERNETES_HTTPS_KUBELET_PORT value: "0" {{- end }} +{{- if .Values.providers.gke.gdc }} +- name: DD_NODE_NAME + valueFrom: + fieldRef: + apiVersion: v1 + fieldPath: spec.nodeName +- name: DD_HOSTNAME + value: "$(DD_NODE_NAME)-$(DD_CLUSTER_NAME)" +{{- end }} {{- if eq .Values.targetSystem "linux" }} {{- if .Values.providers.eks.ec2.useHostnameFromFile }} - name: DD_HOSTNAME_FILE @@ -116,7 +125,7 @@ {{- end }} {{- end }} {{- else }} # No support for env AD -{{- if .Values.datadog.containerRuntimeSupport.enabled }} +{{- if (eq (include "container-runtime-support-enabled" .) "true") }} {{- if or .Values.providers.gke.autopilot .Values.datadog.criSocketPath }} - name: DD_CRI_SOCKET_PATH value: {{ print "/host/" (include "datadog.dockerOrCriSocketPath" .) | clean }} diff --git a/charts/datadog/templates/_containers-init-linux.yaml b/charts/datadog/templates/_containers-init-linux.yaml index 089555505..fd0636250 100644 --- a/charts/datadog/templates/_containers-init-linux.yaml +++ b/charts/datadog/templates/_containers-init-linux.yaml @@ -1,7 +1,7 @@ {{- define "containers-init-linux" -}} - name: init-volume {{- if not .Values.providers.gke.autopilot }} -{{ include "generate-security-context" (dict "securityContext" .Values.agents.containers.initContainers.securityContext "targetSystem" .Values.targetSystem "seccomp" "" "kubeversion" .Capabilities.KubeVersion.Version) | indent 2 }} +{{- include "generate-security-context" (dict "securityContext" .Values.agents.containers.initContainers.securityContext "targetSystem" .Values.targetSystem "seccomp" "" "kubeversion" .Capabilities.KubeVersion.Version) | indent 2 }} {{- end }} image: "{{ include "image-path" (dict "root" .Values "image" .Values.agents.image) }}" imagePullPolicy: {{ .Values.agents.image.pullPolicy }} @@ -16,7 +16,7 @@ {{ toYaml .Values.agents.containers.initContainers.resources | indent 4 }} - name: init-config {{- if not .Values.providers.gke.autopilot }} -{{ include "generate-security-context" (dict "securityContext" .Values.agents.containers.initContainers.securityContext "targetSystem" .Values.targetSystem "seccomp" "" "kubeversion" .Capabilities.KubeVersion.Version) | indent 2 }} +{{- include "generate-security-context" (dict "securityContext" .Values.agents.containers.initContainers.securityContext "targetSystem" .Values.targetSystem "seccomp" "" "kubeversion" .Capabilities.KubeVersion.Version) | indent 2 }} {{- end }} image: "{{ include "image-path" (dict "root" .Values "image" .Values.agents.image) }}" imagePullPolicy: {{ .Values.agents.image.pullPolicy }} @@ -26,9 +26,6 @@ args: - for script in $(find /etc/cont-init.d/ -type f -name '*.sh' | sort) ; do bash $script ; done volumeMounts: - - name: logdatadog - mountPath: {{ template "datadog.logDirectoryPath" . }} - readOnly: false # Need RW to write logs - name: config mountPath: /etc/datadog-agent readOnly: false # Need RW for config path @@ -42,11 +39,16 @@ mountPath: /checks.d readOnly: true {{- end }} + {{- if not .Values.providers.gke.gdc }} + - name: logdatadog + mountPath: {{ template "datadog.logDirectoryPath" . }} + readOnly: false # Need RW to write logs - name: procdir mountPath: /host/proc mountPropagation: {{ .Values.datadog.hostVolumeMountPropagation }} readOnly: true {{- include "container-crisocket-volumemounts" . | nindent 4 }} + {{- end }} {{- if eq (include "should-enable-system-probe" .) "true" }} - name: sysprobe-config mountPath: /etc/datadog-agent/system-probe.yaml diff --git a/charts/datadog/templates/_daemonset-volumes-linux.yaml b/charts/datadog/templates/_daemonset-volumes-linux.yaml index fe07cdc45..de1e13924 100644 --- a/charts/datadog/templates/_daemonset-volumes-linux.yaml +++ b/charts/datadog/templates/_daemonset-volumes-linux.yaml @@ -3,6 +3,14 @@ emptyDir: {} - name: tmpdir emptyDir: {} +- name: s6-run + emptyDir: {} +{{- if (or (.Values.datadog.confd) (.Values.datadog.autoconf)) }} +- name: confd + configMap: + name: {{ include "agents.confd-configmap-name" . }} +{{- end }} +{{- if not .Values.providers.gke.gdc }} - hostPath: path: /proc name: procdir @@ -58,13 +66,6 @@ type: DirectoryOrCreate name: apmsocket {{- end }} -- name: s6-run - emptyDir: {} -{{- if (or (.Values.datadog.confd) (.Values.datadog.autoconf)) }} -- name: confd - configMap: - name: {{ include "agents.confd-configmap-name" . }} -{{- end }} {{- if eq (include "should-enable-system-probe" .) "true" }} - name: sysprobe-config configMap: @@ -183,6 +184,12 @@ name: {{ .Values.datadog.securityAgent.runtime.policies.configMap }} {{- end }} {{- end }} +{{- if (eq (include "container-runtime-support-enabled" .) "true") }} +- hostPath: + path: {{ dir (include "datadog.dockerOrCriSocketPath" .) }} + name: runtimesocketdir +{{- end }} +{{- end }} {{- if or .Values.datadog.logs.enabled .Values.datadog.logsEnabled }} - hostPath: path: {{ template "datadog.hostMountRoot" . }}/logs @@ -193,15 +200,15 @@ - hostPath: path: /var/log/containers name: logscontainerspath -{{- if not .Values.datadog.criSocketPath }} +{{- if and (not .Values.datadog.criSocketPath) (not .Values.providers.gke.gdc) }} - hostPath: path: /var/lib/docker/containers name: logdockercontainerpath {{- end }} {{- end }} -{{- if .Values.datadog.containerRuntimeSupport.enabled }} -- hostPath: - path: {{ dir (include "datadog.dockerOrCriSocketPath" .) }} - name: runtimesocketdir +{{- if .Values.providers.gke.gdc }} +- secret: + secretName: datadog-kubelet-cert + name: kubelet-cert-volume {{- end }} {{- end -}} diff --git a/charts/datadog/templates/_daemonset-volumes-windows.yaml b/charts/datadog/templates/_daemonset-volumes-windows.yaml index 39598e91b..55a606065 100644 --- a/charts/datadog/templates/_daemonset-volumes-windows.yaml +++ b/charts/datadog/templates/_daemonset-volumes-windows.yaml @@ -21,7 +21,7 @@ path: C:/ProgramData name: logdockercontainerpath {{- end }} -{{- if .Values.datadog.containerRuntimeSupport.enabled }} +{{- if (eq (include "container-runtime-support-enabled" .) "true") }} - hostPath: path: {{ template "datadog.dockerOrCriSocketPath" . }} name: runtimesocket diff --git a/charts/datadog/templates/_helpers.tpl b/charts/datadog/templates/_helpers.tpl index 3b7b455a5..3a3eeced0 100644 --- a/charts/datadog/templates/_helpers.tpl +++ b/charts/datadog/templates/_helpers.tpl @@ -110,7 +110,7 @@ Create chart name and version as used by the chart label. Return true if the OTelAgent needs to be deployed */}} {{- define "should-enable-otel-agent" -}} -{{- if and .Values.datadog.otelCollector.enabled -}} +{{- if and .Values.datadog.otelCollector.enabled (not .Values.providers.gke.gdc) -}} true {{- else -}} false @@ -237,6 +237,8 @@ Return agent host mount root {{- define "datadog.hostMountRoot" -}} {{- if .Values.providers.gke.autopilot -}} /var/autopilot/addon/datadog +{{- else if .Values.providers.gke.gdc -}} +/var/datadog {{- else -}} /var/lib/datadog-agent {{- end -}} @@ -340,7 +342,7 @@ false Return true if the system-probe container should be created. */}} {{- define "should-enable-system-probe" -}} -{{- if and (not .Values.providers.gke.autopilot) (eq (include "system-probe-feature" .) "true") (eq .Values.targetSystem "linux") -}} +{{- if and (not (or .Values.providers.gke.autopilot .Values.providers.gke.gdc )) (eq (include "system-probe-feature" .) "true") (eq .Values.targetSystem "linux") -}} true {{- else -}} false @@ -363,7 +365,7 @@ false Return true if the fips side car container should be created. */}} {{- define "should-enable-fips" -}} -{{- if and (not .Values.providers.gke.autopilot) (eq .Values.targetSystem "linux") .Values.fips.enabled -}} +{{- if and (not (or .Values.providers.gke.autopilot .Values.providers.gke.gdc )) (eq .Values.targetSystem "linux") .Values.fips.enabled -}} true {{- else -}} false @@ -385,7 +387,7 @@ false Return true if the security-agent container should be created. */}} {{- define "should-enable-security-agent" -}} -{{- if and (not .Values.providers.gke.autopilot) (eq .Values.targetSystem "linux") (eq (include "security-agent-feature" .) "true") -}} +{{- if and (not (or .Values.providers.gke.autopilot .Values.providers.gke.gdc )) (eq .Values.targetSystem "linux") (eq (include "security-agent-feature" .) "true") -}} true {{- else -}} false @@ -396,7 +398,7 @@ false Return true if the compliance features should be enabled. */}} {{- define "should-enable-compliance" -}} -{{- if and (not .Values.providers.gke.autopilot) (eq .Values.targetSystem "linux") .Values.datadog.securityAgent.compliance.enabled -}} +{{- if and (not (or .Values.providers.gke.autopilot .Values.providers.gke.gdc )) (eq .Values.targetSystem "linux") .Values.datadog.securityAgent.compliance.enabled -}} true {{- else -}} false @@ -407,7 +409,7 @@ false Return true if the runtime security features should be enabled. */}} {{- define "should-enable-runtime-security" -}} -{{- if and (not .Values.providers.gke.autopilot) (or .Values.datadog.securityAgent.runtime.enabled .Values.datadog.securityAgent.runtime.fimEnabled) -}} +{{- if and (not (or .Values.providers.gke.autopilot .Values.providers.gke.gdc)) (or .Values.datadog.securityAgent.runtime.enabled .Values.datadog.securityAgent.runtime.fimEnabled) -}} true {{- else -}} false @@ -420,7 +422,7 @@ Return true if the hostPid features should be enabled for the Agent pod. {{- define "should-enable-host-pid" -}} {{- if eq .Values.targetSystem "windows" -}} false -{{- else if and (not .Values.providers.gke.autopilot) (or (eq (include "should-enable-compliance" .) "true") .Values.datadog.dogstatsd.useHostPID .Values.datadog.useHostPID) -}} +{{- else if and (not (or .Values.providers.gke.autopilot .Values.providers.gke.gdc)) (or (eq (include "should-enable-compliance" .) "true") .Values.datadog.dogstatsd.useHostPID .Values.datadog.useHostPID) -}} true {{- else -}} false @@ -474,10 +476,10 @@ false {{- end -}} {{/* -Return true hostPath should be use for DSD socket. Return always false on GKE autopilot. +Return true hostPath should be use for DSD socket. Return always false on GKE autopilot or GDC. */}} {{- define "should-mount-hostPath-for-dsd-socket" -}} -{{- if or .Values.providers.gke.autopilot (eq .Values.targetSystem "windows") -}} +{{- if or .Values.providers.gke.autopilot .Values.providers.gke.gdc (eq .Values.targetSystem "windows") -}} false {{- end -}} {{- if .Values.datadog.dogstatsd.useSocketVolume -}} @@ -488,13 +490,13 @@ false {{- end -}} {{/* -Return true if a APM over UDS is configured. Return always false on GKE autopilot. +Return true if a APM over UDS is configured. Return always false on GKE Autopilot or Google Distributed Cloud. */}} {{- define "trace-agent-use-uds" -}} -{{- if or .Values.providers.gke.autopilot (eq .Values.targetSystem "windows") -}} +{{- if or .Values.providers.gke.autopilot .Values.providers.gke.gdc (eq .Values.targetSystem "windows") -}} false {{- end -}} -{{- if or .Values.datadog.apm.socketEnabled .Values.datadog.apm.useSocketVolume -}} +{{- if and (or .Values.datadog.apm.socketEnabled .Values.datadog.apm.useSocketVolume) (not .Values.providers.gke.gdc) -}} true {{- else -}} false @@ -542,6 +544,9 @@ Returns provider kind {{- if .Values.providers.gke.autopilot -}} gke-autopilot {{- end -}} +{{- if .Values.providers.gke.gdc -}} +gke-gdc +{{- end -}} {{- end -}} {{/* @@ -854,7 +859,7 @@ In 7.36, `--config` was deprecated and `--cfgpath` should be used instead. {{/* Returns whether or not the underlying OS is Google Container-Optimized-OS -Note: GKE Autopilot clusters only use COS (see https://cloud.google.com/kubernetes-engine/docs/concepts/node-images) +Note: GKE Autopilot only use COS (see https://cloud.google.com/kubernetes-engine/docs/concepts/node-images) */}} {{- define "can-mount-host-usr-src" -}} {{- if or .Values.providers.gke.autopilot .Values.providers.gke.cos -}} @@ -868,7 +873,7 @@ false Returns whether Remote Configuration should be enabled in the agent */}} {{- define "datadog-remoteConfiguration-enabled" -}} -{{- if and (.Values.remoteConfiguration.enabled) (.Values.datadog.remoteConfiguration.enabled) -}} +{{- if and (.Values.remoteConfiguration.enabled) (.Values.datadog.remoteConfiguration.enabled) (not .Values.providers.gke.gdc ) -}} true {{- else -}} false @@ -879,7 +884,7 @@ false Returns whether Remote Configuration should be enabled in the cluster agent */}} {{- define "clusterAgent-remoteConfiguration-enabled" -}} -{{- if and .Values.remoteConfiguration.enabled (or .Values.clusterAgent.admissionController.remoteInstrumentation.enabled (((.Values.datadog.autoscaling).workload).enabled)) -}} +{{- if and .Values.remoteConfiguration.enabled (or .Values.clusterAgent.admissionController.remoteInstrumentation.enabled (((.Values.datadog.autoscaling).workload).enabled)) (not .Values.providers.gke.gdc ) -}} true {{- else -}} false @@ -902,11 +907,22 @@ Create RBACs for custom resources {{- end }} {{- end }} +{{/* + Return true if Container Runtime Support is enabled +*/}} +{{- define "container-runtime-support-enabled" -}} + {{- if and .Values.datadog.containerRuntimeSupport.enabled (not .Values.providers.gke.gdc) -}} + true + {{- else -}} + false + {{- end -}} +{{- end -}} + {{/* Return true if container image collection is enabled */}} {{- define "should-enable-container-image-collection" -}} - {{- if and (not .Values.datadog.containerRuntimeSupport.enabled) (or .Values.datadog.containerImageCollection.enabled .Values.datadog.sbom.containerImage.enabled) -}} + {{- if and (not (include "container-runtime-support-enabled" .)) (or .Values.datadog.containerImageCollection.enabled .Values.datadog.sbom.containerImage.enabled) -}} {{- fail "Container runtime support has to be enabled for container image collection to work. Please enable it using `datadog.containerRuntimeSupport.enabled`." -}} {{- end -}} {{- if or .Values.datadog.containerImageCollection.enabled .Values.datadog.sbom.containerImage.enabled -}} @@ -945,6 +961,9 @@ Create RBACs for custom resources Return true if any process-related check is enabled */}} {{- define "process-checks-enabled" -}} + {{- if .Values.providers.gke.gdc }} + false + {{- end -}} {{- if or .Values.datadog.processAgent.containerCollection .Values.datadog.processAgent.processCollection .Values.datadog.processAgent.processDiscovery (eq (include "language-detection-enabled" .) "true") -}} true {{- else -}} @@ -967,6 +986,9 @@ Create RBACs for custom resources Returns true if process-related checks should run on the core agent. */}} {{- define "should-run-process-checks-on-core-agent" -}} + {{- if .Values.providers.gke.gdc -}} + false + {{- end -}} {{- if ne .Values.targetSystem "linux" -}} false {{- else if (ne (include "get-process-checks-in-core-agent-envvar" .) "") -}} @@ -982,6 +1004,9 @@ Create RBACs for custom resources Returns true if the process-agent container should be created. */}} {{- define "should-enable-process-agent" -}} + {{- if .Values.providers.gke.gdc -}} + false + {{- end -}} {{- if or .Values.datadog.networkMonitoring.enabled .Values.datadog.serviceMonitoring.enabled -}} true {{- else if and (not .Values.agents.image.doNotCheckTag) (eq (include "should-enable-k8s-resource-monitoring" .) "true") (semverCompare "<=7.51.0-0" (include "get-agent-version" .)) -}} diff --git a/charts/datadog/templates/_processes-common-env.yaml b/charts/datadog/templates/_processes-common-env.yaml index 41f723d26..65fcd07f8 100644 --- a/charts/datadog/templates/_processes-common-env.yaml +++ b/charts/datadog/templates/_processes-common-env.yaml @@ -1,5 +1,6 @@ # Defines set of environment variables for Processes-related checks. {{- define "processes-common-envs" -}} +{{- if not .Values.providers.gke.gdc }} - name: DD_PROCESS_CONFIG_PROCESS_COLLECTION_ENABLED value: {{ .Values.datadog.processAgent.processCollection | quote }} - name: DD_PROCESS_CONFIG_CONTAINER_COLLECTION_ENABLED @@ -11,5 +12,6 @@ {{- if and (eq .Values.targetSystem "linux") (eq (include "get-process-checks-in-core-agent-envvar" .) "") }} - name: DD_PROCESS_CONFIG_RUN_IN_CORE_AGENT_ENABLED value: {{ (include "should-run-process-checks-on-core-agent" .) | quote }} -{{- end }} +{{- end }} +{{- end }} {{- end -}} diff --git a/charts/datadog/templates/daemonset.yaml b/charts/datadog/templates/daemonset.yaml index ad4b959a2..45dc64663 100644 --- a/charts/datadog/templates/daemonset.yaml +++ b/charts/datadog/templates/daemonset.yaml @@ -139,7 +139,7 @@ spec: {{ include "containers-init-windows" . | nindent 6 }} {{- end }} {{- if eq .Values.targetSystem "linux" }} - {{ include "containers-init-linux" . | nindent 6 }} + {{- include "containers-init-linux" . | nindent 6 -}} {{- end }} {{- if and (eq (include "should-enable-system-probe" .) "true") (eq .Values.datadog.systemProbe.seccomp "localhost/system-probe") }} {{ include "system-probe-init" . | nindent 6 }} diff --git a/charts/datadog/values.yaml b/charts/datadog/values.yaml index 1c1c9baf8..f7d49a2e4 100644 --- a/charts/datadog/values.yaml +++ b/charts/datadog/values.yaml @@ -2275,6 +2275,9 @@ providers: # providers.gke.cos -- Enables Datadog Agent deployment on GKE with Container-Optimized OS (COS) cos: false + # providers.gke.gdc -- Enables Datadog Agent deployment on GKE on Google Distributed Cloud (GDC) + gdc: false + eks: ec2: # providers.eks.ec2.useHostnameFromFile -- Use hostname from EC2 filesystem instead of fetching from metadata endpoint. diff --git a/test/datadog/baseline/agent-clusterchecks-deployment_default.yaml b/test/datadog/baseline/agent-clusterchecks-deployment_default.yaml index d920f7a94..f0d675e83 100644 --- a/test/datadog/baseline/agent-clusterchecks-deployment_default.yaml +++ b/test/datadog/baseline/agent-clusterchecks-deployment_default.yaml @@ -6,7 +6,7 @@ metadata: name: datadog-clusterchecks namespace: datadog-agent labels: - helm.sh/chart: 'datadog-3.78.0' + helm.sh/chart: 'datadog-3.79.0' app.kubernetes.io/name: "datadog" app.kubernetes.io/instance: "datadog" app.kubernetes.io/managed-by: Helm @@ -36,8 +36,8 @@ spec: name: datadog-clusterchecks annotations: - checksum/clusteragent_token: 469c53bc0541e25237e65b1972c755bf51ba2a3faff0db4200a5e616c1a85ae6 - checksum/install_info: 8e66003a020dd0b648cc0ee91a46e96257f348938a3e1a58fd54ea6f86adbd5e + checksum/clusteragent_token: 7252ac95e9b7a2be76a893f29be97ba3ddfa93e988f208d18a1e4e410b6b9b7a + checksum/install_info: 113a50d660d16d7edc1f9242b70b5dde0f3f6f12ce82ce794a8dc01e2863e6a5 spec: serviceAccountName: datadog-cluster-checks automountServiceAccountToken: true diff --git a/test/datadog/baseline/cluster-agent-deployment_default.yaml b/test/datadog/baseline/cluster-agent-deployment_default.yaml index 6319408cb..20f97b46b 100644 --- a/test/datadog/baseline/cluster-agent-deployment_default.yaml +++ b/test/datadog/baseline/cluster-agent-deployment_default.yaml @@ -6,7 +6,7 @@ metadata: name: datadog-cluster-agent namespace: datadog-agent labels: - helm.sh/chart: 'datadog-3.78.0' + helm.sh/chart: 'datadog-3.79.0' app.kubernetes.io/name: "datadog" app.kubernetes.io/instance: "datadog" app.kubernetes.io/managed-by: Helm @@ -36,11 +36,11 @@ spec: name: datadog-cluster-agent annotations: - checksum/clusteragent_token: 050ab49a451e1238668b8df86b20941fe655e87b3a55aa57497dea39ac9163c5 - checksum/clusteragent-configmap: 6fea41ac9179f9a526bbb2b5c3f168fd232111ff2c4bdf1cd922c31e45038c31 - checksum/api_key: 5aa9dfe916543cbcf1014dfa812cc46d36156564f56704b12c5f9e9c77afd266 + checksum/clusteragent_token: 789eaddd8ebf97ad196c8ccbad93bdfa98bebad0d60672807686f6587b30fe99 + checksum/clusteragent-configmap: f7ddc12f1f727af3c450b5b1fc979f56419ae0902320da72a4077d5a3e899f8d + checksum/api_key: 16b334660f377f7344c3de471b1b9c142c4ff1a49cf6dbf2acbc92d4b2979115 checksum/application_key: 01ba4719c80b6fe911b091a7c05124b64eeece964e09c058ef8f9805daca546b - checksum/install_info: 8e66003a020dd0b648cc0ee91a46e96257f348938a3e1a58fd54ea6f86adbd5e + checksum/install_info: 113a50d660d16d7edc1f9242b70b5dde0f3f6f12ce82ce794a8dc01e2863e6a5 spec: serviceAccountName: datadog-cluster-agent automountServiceAccountToken: true diff --git a/test/datadog/baseline/cluster-agent-deployment_default_advanced_AC_injection.yaml b/test/datadog/baseline/cluster-agent-deployment_default_advanced_AC_injection.yaml index 772799b96..567fca801 100644 --- a/test/datadog/baseline/cluster-agent-deployment_default_advanced_AC_injection.yaml +++ b/test/datadog/baseline/cluster-agent-deployment_default_advanced_AC_injection.yaml @@ -6,7 +6,7 @@ metadata: name: datadog-cluster-agent namespace: datadog-agent labels: - helm.sh/chart: 'datadog-3.78.0' + helm.sh/chart: 'datadog-3.79.0' app.kubernetes.io/name: "datadog" app.kubernetes.io/instance: "datadog" app.kubernetes.io/managed-by: Helm @@ -36,11 +36,11 @@ spec: name: datadog-cluster-agent annotations: - checksum/clusteragent_token: 6723707eea64584b2ca85a11cd177a99c2fe52117542bffbdf61a38592a0b2a5 - checksum/clusteragent-configmap: 6fea41ac9179f9a526bbb2b5c3f168fd232111ff2c4bdf1cd922c31e45038c31 - checksum/api_key: 5aa9dfe916543cbcf1014dfa812cc46d36156564f56704b12c5f9e9c77afd266 + checksum/clusteragent_token: e3466aa95772fd657b731896232e59a2386ac6c1a38b0ab18cbdeb09156544e8 + checksum/clusteragent-configmap: f7ddc12f1f727af3c450b5b1fc979f56419ae0902320da72a4077d5a3e899f8d + checksum/api_key: 16b334660f377f7344c3de471b1b9c142c4ff1a49cf6dbf2acbc92d4b2979115 checksum/application_key: 01ba4719c80b6fe911b091a7c05124b64eeece964e09c058ef8f9805daca546b - checksum/install_info: 8e66003a020dd0b648cc0ee91a46e96257f348938a3e1a58fd54ea6f86adbd5e + checksum/install_info: 113a50d660d16d7edc1f9242b70b5dde0f3f6f12ce82ce794a8dc01e2863e6a5 spec: serviceAccountName: datadog-cluster-agent automountServiceAccountToken: true diff --git a/test/datadog/baseline/cluster-agent-deployment_default_minimal_AC_injection.yaml b/test/datadog/baseline/cluster-agent-deployment_default_minimal_AC_injection.yaml index 5edd494e5..6421f7579 100644 --- a/test/datadog/baseline/cluster-agent-deployment_default_minimal_AC_injection.yaml +++ b/test/datadog/baseline/cluster-agent-deployment_default_minimal_AC_injection.yaml @@ -6,7 +6,7 @@ metadata: name: datadog-cluster-agent namespace: datadog-agent labels: - helm.sh/chart: 'datadog-3.78.0' + helm.sh/chart: 'datadog-3.79.0' app.kubernetes.io/name: "datadog" app.kubernetes.io/instance: "datadog" app.kubernetes.io/managed-by: Helm @@ -36,11 +36,11 @@ spec: name: datadog-cluster-agent annotations: - checksum/clusteragent_token: 7d36a45b80acd6890bafa74cae91697ea7b85a2561cc27f38148d00607a734b4 - checksum/clusteragent-configmap: 6fea41ac9179f9a526bbb2b5c3f168fd232111ff2c4bdf1cd922c31e45038c31 - checksum/api_key: 5aa9dfe916543cbcf1014dfa812cc46d36156564f56704b12c5f9e9c77afd266 + checksum/clusteragent_token: 153bf4c7a1851a4a2b03bcb46a026255dda1d786c6a5b95827e5364391602e55 + checksum/clusteragent-configmap: f7ddc12f1f727af3c450b5b1fc979f56419ae0902320da72a4077d5a3e899f8d + checksum/api_key: 16b334660f377f7344c3de471b1b9c142c4ff1a49cf6dbf2acbc92d4b2979115 checksum/application_key: 01ba4719c80b6fe911b091a7c05124b64eeece964e09c058ef8f9805daca546b - checksum/install_info: 8e66003a020dd0b648cc0ee91a46e96257f348938a3e1a58fd54ea6f86adbd5e + checksum/install_info: 113a50d660d16d7edc1f9242b70b5dde0f3f6f12ce82ce794a8dc01e2863e6a5 spec: serviceAccountName: datadog-cluster-agent automountServiceAccountToken: true diff --git a/test/datadog/baseline/daemonset_default.yaml b/test/datadog/baseline/daemonset_default.yaml index fcc8a00b5..15abb4696 100644 --- a/test/datadog/baseline/daemonset_default.yaml +++ b/test/datadog/baseline/daemonset_default.yaml @@ -6,7 +6,7 @@ metadata: name: datadog namespace: datadog-agent labels: - helm.sh/chart: 'datadog-3.78.0' + helm.sh/chart: 'datadog-3.79.0' app.kubernetes.io/name: "datadog" app.kubernetes.io/instance: "datadog" app.kubernetes.io/managed-by: Helm @@ -30,8 +30,8 @@ spec: name: datadog annotations: - checksum/clusteragent_token: 36783249a1a56e6ad7e24b5b38037b6fa09535bcbf5d09bfa9ae9d87be97990e - checksum/install_info: 8e66003a020dd0b648cc0ee91a46e96257f348938a3e1a58fd54ea6f86adbd5e + checksum/clusteragent_token: 36d1e9094d3cb200659405983a1c3aa58982bd20ea30a71974a01965e0df5ddf + checksum/install_info: 113a50d660d16d7edc1f9242b70b5dde0f3f6f12ce82ce794a8dc01e2863e6a5 checksum/autoconf-config: 74234e98afe7498fb5daf1f36ac2d78acc339464f950703b8c019892f982b90b checksum/confd-config: 44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a checksum/checksd-config: 44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a @@ -77,6 +77,7 @@ spec: value: "false" + - name: DD_PROCESS_CONFIG_PROCESS_COLLECTION_ENABLED value: "false" - name: DD_PROCESS_CONFIG_CONTAINER_COLLECTION_ENABLED @@ -349,6 +350,7 @@ spec: name: datadog-cluster-agent key: token + - name: DD_PROCESS_CONFIG_PROCESS_COLLECTION_ENABLED value: "false" - name: DD_PROCESS_CONFIG_CONTAINER_COLLECTION_ENABLED @@ -405,9 +407,7 @@ spec: mountPropagation: None readOnly: true initContainers: - - - name: init-volume - + - name: init-volume image: "gcr.io/datadoghq/agent:7.59.0" imagePullPolicy: IfNotPresent command: ["bash", "-c"] @@ -419,8 +419,7 @@ spec: readOnly: false # Need RW for config path resources: {} - - name: init-config - + - name: init-config image: "gcr.io/datadoghq/agent:7.59.0" imagePullPolicy: IfNotPresent command: @@ -429,12 +428,12 @@ spec: args: - for script in $(find /etc/cont-init.d/ -type f -name '*.sh' | sort) ; do bash $script ; done volumeMounts: - - name: logdatadog - mountPath: /var/log/datadog - readOnly: false # Need RW to write logs - name: config mountPath: /etc/datadog-agent readOnly: false # Need RW for config path + - name: logdatadog + mountPath: /var/log/datadog + readOnly: false # Need RW to write logs - name: procdir mountPath: /host/proc mountPropagation: None @@ -483,6 +482,8 @@ spec: emptyDir: {} - name: tmpdir emptyDir: {} + - name: s6-run + emptyDir: {} - hostPath: path: /proc name: procdir @@ -500,8 +501,6 @@ spec: path: /var/run/datadog/ type: DirectoryOrCreate name: apmsocket - - name: s6-run - emptyDir: {} - hostPath: path: /etc/passwd name: passwd diff --git a/test/datadog/baseline/gdc_daemonset_default.yaml b/test/datadog/baseline/gdc_daemonset_default.yaml new file mode 100644 index 000000000..829e5c79f --- /dev/null +++ b/test/datadog/baseline/gdc_daemonset_default.yaml @@ -0,0 +1,280 @@ +--- +# Source: datadog/templates/daemonset.yaml +apiVersion: apps/v1 +kind: DaemonSet +metadata: + name: datadog + namespace: datadog-agent + labels: + helm.sh/chart: 'datadog-3.79.0' + app.kubernetes.io/name: "datadog" + app.kubernetes.io/instance: "datadog" + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/version: "7" + app.kubernetes.io/component: agent + env.datadoghq.com/kind: gke-gdc +spec: + revisionHistoryLimit: 10 + selector: + matchLabels: + app: datadog + template: + metadata: + labels: + app.kubernetes.io/name: "datadog" + app.kubernetes.io/instance: "datadog" + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/component: agent + admission.datadoghq.com/enabled: "false" + app: datadog + env.datadoghq.com/kind: gke-gdc + name: datadog + annotations: + checksum/clusteragent_token: ac6f3df32a82b47f1cec6be0a9dce0cc1978c1f64fd5b75177734090bacf54da + checksum/install_info: 113a50d660d16d7edc1f9242b70b5dde0f3f6f12ce82ce794a8dc01e2863e6a5 + checksum/autoconf-config: 74234e98afe7498fb5daf1f36ac2d78acc339464f950703b8c019892f982b90b + checksum/confd-config: 44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a + checksum/checksd-config: 44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a + spec: + + securityContext: + runAsUser: 0 + containers: + - name: agent + image: "gcr.io/datadoghq/agent:7.59.0" + imagePullPolicy: IfNotPresent + command: ["agent", "run"] + + resources: + {} + ports: + - containerPort: 8125 + name: dogstatsdport + protocol: UDP + env: + - name: DD_API_KEY + valueFrom: + secretKeyRef: + name: "datadog-secret" + key: api-key + - name: DD_REMOTE_CONFIGURATION_ENABLED + value: "false" + - name: DD_AUTH_TOKEN_FILE_PATH + value: /etc/datadog-agent/auth/token + + - name: KUBERNETES + value: "yes" + - name: DD_KUBELET_CLIENT_CRT + value: /certs/tls.crt + - name: DD_KUBELET_CLIENT_KEY + value: /certs/tls.key + - name: DD_LANGUAGE_DETECTION_ENABLED + value: "false" + - name: DD_LANGUAGE_DETECTION_REPORTING_ENABLED + value: "false" + - name: DD_KUBERNETES_KUBELET_HOST + valueFrom: + fieldRef: + fieldPath: status.hostIP + - name: DD_NODE_NAME + valueFrom: + fieldRef: + apiVersion: v1 + fieldPath: spec.nodeName + - name: DD_HOSTNAME + value: "$(DD_NODE_NAME)-$(DD_CLUSTER_NAME)" + - name: DD_OTLP_CONFIG_LOGS_ENABLED + value: "false" + - name: DD_PROVIDER_KIND + value: gke-gdc + + + - name: DD_LOG_LEVEL + value: "INFO" + - name: DD_DOGSTATSD_PORT + value: "8125" + - name: DD_DOGSTATSD_NON_LOCAL_TRAFFIC + value: "true" + - name: DD_DOGSTATSD_TAG_CARDINALITY + value: "low" + - name: DD_CLUSTER_AGENT_ENABLED + value: "true" + - name: DD_CLUSTER_AGENT_KUBERNETES_SERVICE_NAME + value: datadog-cluster-agent + - name: DD_CLUSTER_AGENT_AUTH_TOKEN + valueFrom: + secretKeyRef: + name: datadog-cluster-agent + key: token + - name: DD_APM_ENABLED + value: "false" + - name: DD_LOGS_ENABLED + value: "false" + - name: DD_LOGS_CONFIG_CONTAINER_COLLECT_ALL + value: "false" + - name: DD_LOGS_CONFIG_K8S_CONTAINER_USE_FILE + value: "true" + - name: DD_LOGS_CONFIG_AUTO_MULTI_LINE_DETECTION + value: "false" + - name: DD_HEALTH_PORT + value: "5555" + - name: DD_EXTRA_CONFIG_PROVIDERS + value: "clusterchecks endpointschecks" + - name: DD_IGNORE_AUTOCONF + value: "kubernetes_state" + - name: DD_CONTAINER_LIFECYCLE_ENABLED + value: "true" + - name: DD_ORCHESTRATOR_EXPLORER_ENABLED + value: "true" + - name: DD_EXPVAR_PORT + value: "6000" + - name: DD_COMPLIANCE_CONFIG_ENABLED + value: "false" + - name: DD_CONTAINER_IMAGE_ENABLED + value: "true" + - name: DD_KUBELET_CORE_CHECK_ENABLED + value: "true" + volumeMounts: + - name: logdatadog + mountPath: /var/log/datadog + readOnly: false # Need RW to write logs + - name: installinfo + subPath: install_info + mountPath: /etc/datadog-agent/install_info + readOnly: true + - name: tmpdir + mountPath: /tmp + readOnly: false # Need RW to write to /tmp directory + + - name: config + mountPath: /etc/datadog-agent + readOnly: false # Need RW to mount to config path + - name: auth-token + mountPath: /etc/datadog-agent/auth + readOnly: false # Need RW to write auth token + + + - name: kubelet-cert-volume + mountPath: /certs + livenessProbe: + failureThreshold: 6 + httpGet: + path: /live + port: 5555 + scheme: HTTP + initialDelaySeconds: 15 + periodSeconds: 15 + successThreshold: 1 + timeoutSeconds: 5 + readinessProbe: + failureThreshold: 6 + httpGet: + path: /ready + port: 5555 + scheme: HTTP + initialDelaySeconds: 15 + periodSeconds: 15 + successThreshold: 1 + timeoutSeconds: 5 + startupProbe: + failureThreshold: 6 + httpGet: + path: /startup + port: 5555 + scheme: HTTP + initialDelaySeconds: 15 + periodSeconds: 15 + successThreshold: 1 + timeoutSeconds: 5 + initContainers: + - name: init-volume + image: "gcr.io/datadoghq/agent:7.59.0" + imagePullPolicy: IfNotPresent + command: ["bash", "-c"] + args: + - cp -r /etc/datadog-agent /opt + volumeMounts: + - name: config + mountPath: /opt/datadog-agent + readOnly: false # Need RW for config path + resources: + {} + - name: init-config + image: "gcr.io/datadoghq/agent:7.59.0" + imagePullPolicy: IfNotPresent + command: + - bash + - -c + args: + - for script in $(find /etc/cont-init.d/ -type f -name '*.sh' | sort) ; do bash $script ; done + volumeMounts: + - name: config + mountPath: /etc/datadog-agent + readOnly: false # Need RW for config path + env: + - name: DD_API_KEY + valueFrom: + secretKeyRef: + name: "datadog-secret" + key: api-key + - name: DD_REMOTE_CONFIGURATION_ENABLED + value: "false" + - name: DD_AUTH_TOKEN_FILE_PATH + value: /etc/datadog-agent/auth/token + + - name: KUBERNETES + value: "yes" + - name: DD_KUBELET_CLIENT_CRT + value: /certs/tls.crt + - name: DD_KUBELET_CLIENT_KEY + value: /certs/tls.key + - name: DD_LANGUAGE_DETECTION_ENABLED + value: "false" + - name: DD_LANGUAGE_DETECTION_REPORTING_ENABLED + value: "false" + - name: DD_KUBERNETES_KUBELET_HOST + valueFrom: + fieldRef: + fieldPath: status.hostIP + - name: DD_NODE_NAME + valueFrom: + fieldRef: + apiVersion: v1 + fieldPath: spec.nodeName + - name: DD_HOSTNAME + value: "$(DD_NODE_NAME)-$(DD_CLUSTER_NAME)" + - name: DD_OTLP_CONFIG_LOGS_ENABLED + value: "false" + - name: DD_PROVIDER_KIND + value: gke-gdc + resources: + {} + volumes: + - name: auth-token + emptyDir: {} + - name: installinfo + configMap: + name: datadog-installinfo + - name: config + emptyDir: {} + + - name: logdatadog + emptyDir: {} + - name: tmpdir + emptyDir: {} + - name: s6-run + emptyDir: {} + - secret: + secretName: datadog-kubelet-cert + name: kubelet-cert-volume + tolerations: + affinity: + {} + serviceAccountName: "datadog" + automountServiceAccountToken: true + nodeSelector: + kubernetes.io/os: linux + updateStrategy: + rollingUpdate: + maxUnavailable: 10% + type: RollingUpdate \ No newline at end of file diff --git a/test/datadog/baseline/gdc_daemonset_logs_collection.yaml b/test/datadog/baseline/gdc_daemonset_logs_collection.yaml new file mode 100644 index 000000000..46d33c986 --- /dev/null +++ b/test/datadog/baseline/gdc_daemonset_logs_collection.yaml @@ -0,0 +1,301 @@ +--- +# Source: datadog/templates/daemonset.yaml +apiVersion: apps/v1 +kind: DaemonSet +metadata: + name: datadog + namespace: datadog-agent + labels: + helm.sh/chart: 'datadog-3.79.0' + app.kubernetes.io/name: "datadog" + app.kubernetes.io/instance: "datadog" + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/version: "7" + app.kubernetes.io/component: agent + env.datadoghq.com/kind: gke-gdc +spec: + revisionHistoryLimit: 10 + selector: + matchLabels: + app: datadog + template: + metadata: + labels: + app.kubernetes.io/name: "datadog" + app.kubernetes.io/instance: "datadog" + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/component: agent + admission.datadoghq.com/enabled: "false" + app: datadog + env.datadoghq.com/kind: gke-gdc + name: datadog + annotations: + checksum/clusteragent_token: 009553ab18468f5e3c937f34ded921a712214a78b4cbd82f8233e4512e20390d + checksum/install_info: 113a50d660d16d7edc1f9242b70b5dde0f3f6f12ce82ce794a8dc01e2863e6a5 + checksum/autoconf-config: 74234e98afe7498fb5daf1f36ac2d78acc339464f950703b8c019892f982b90b + checksum/confd-config: 44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a + checksum/checksd-config: 44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a + spec: + + securityContext: + runAsUser: 0 + containers: + - name: agent + image: "gcr.io/datadoghq/agent:7.59.0" + imagePullPolicy: IfNotPresent + command: ["agent", "run"] + + resources: + {} + ports: + - containerPort: 8125 + name: dogstatsdport + protocol: UDP + env: + - name: DD_API_KEY + valueFrom: + secretKeyRef: + name: "datadog-secret" + key: api-key + - name: DD_REMOTE_CONFIGURATION_ENABLED + value: "false" + - name: DD_AUTH_TOKEN_FILE_PATH + value: /etc/datadog-agent/auth/token + + - name: KUBERNETES + value: "yes" + - name: DD_KUBELET_CLIENT_CRT + value: /certs/tls.crt + - name: DD_KUBELET_CLIENT_KEY + value: /certs/tls.key + - name: DD_LANGUAGE_DETECTION_ENABLED + value: "false" + - name: DD_LANGUAGE_DETECTION_REPORTING_ENABLED + value: "false" + - name: DD_KUBERNETES_KUBELET_HOST + valueFrom: + fieldRef: + fieldPath: status.hostIP + - name: DD_NODE_NAME + valueFrom: + fieldRef: + apiVersion: v1 + fieldPath: spec.nodeName + - name: DD_HOSTNAME + value: "$(DD_NODE_NAME)-$(DD_CLUSTER_NAME)" + - name: DD_OTLP_CONFIG_LOGS_ENABLED + value: "false" + - name: DD_PROVIDER_KIND + value: gke-gdc + + + - name: DD_LOG_LEVEL + value: "INFO" + - name: DD_DOGSTATSD_PORT + value: "8125" + - name: DD_DOGSTATSD_NON_LOCAL_TRAFFIC + value: "true" + - name: DD_DOGSTATSD_TAG_CARDINALITY + value: "low" + - name: DD_CLUSTER_AGENT_ENABLED + value: "true" + - name: DD_CLUSTER_AGENT_KUBERNETES_SERVICE_NAME + value: datadog-cluster-agent + - name: DD_CLUSTER_AGENT_AUTH_TOKEN + valueFrom: + secretKeyRef: + name: datadog-cluster-agent + key: token + - name: DD_APM_ENABLED + value: "false" + - name: DD_LOGS_ENABLED + value: "true" + - name: DD_LOGS_CONFIG_CONTAINER_COLLECT_ALL + value: "true" + - name: DD_LOGS_CONFIG_K8S_CONTAINER_USE_FILE + value: "true" + - name: DD_LOGS_CONFIG_AUTO_MULTI_LINE_DETECTION + value: "true" + - name: DD_HEALTH_PORT + value: "5555" + - name: DD_EXTRA_CONFIG_PROVIDERS + value: "clusterchecks endpointschecks" + - name: DD_IGNORE_AUTOCONF + value: "kubernetes_state" + - name: DD_CONTAINER_LIFECYCLE_ENABLED + value: "true" + - name: DD_ORCHESTRATOR_EXPLORER_ENABLED + value: "true" + - name: DD_EXPVAR_PORT + value: "6000" + - name: DD_COMPLIANCE_CONFIG_ENABLED + value: "false" + - name: DD_CONTAINER_IMAGE_ENABLED + value: "true" + - name: DD_KUBELET_CORE_CHECK_ENABLED + value: "true" + volumeMounts: + - name: logdatadog + mountPath: /var/log/datadog + readOnly: false # Need RW to write logs + - name: installinfo + subPath: install_info + mountPath: /etc/datadog-agent/install_info + readOnly: true + - name: tmpdir + mountPath: /tmp + readOnly: false # Need RW to write to /tmp directory + + - name: config + mountPath: /etc/datadog-agent + readOnly: false # Need RW to mount to config path + - name: auth-token + mountPath: /etc/datadog-agent/auth + readOnly: false # Need RW to write auth token + + + - name: pointerdir + mountPath: /opt/datadog-agent/run + mountPropagation: None + readOnly: false # Need RW for logs pointer + - name: logpodpath + mountPath: /var/log/pods + mountPropagation: None + readOnly: true + - name: logscontainerspath + mountPath: /var/log/containers + mountPropagation: None + readOnly: true + - name: kubelet-cert-volume + mountPath: /certs + livenessProbe: + failureThreshold: 6 + httpGet: + path: /live + port: 5555 + scheme: HTTP + initialDelaySeconds: 15 + periodSeconds: 15 + successThreshold: 1 + timeoutSeconds: 5 + readinessProbe: + failureThreshold: 6 + httpGet: + path: /ready + port: 5555 + scheme: HTTP + initialDelaySeconds: 15 + periodSeconds: 15 + successThreshold: 1 + timeoutSeconds: 5 + startupProbe: + failureThreshold: 6 + httpGet: + path: /startup + port: 5555 + scheme: HTTP + initialDelaySeconds: 15 + periodSeconds: 15 + successThreshold: 1 + timeoutSeconds: 5 + initContainers: + - name: init-volume + image: "gcr.io/datadoghq/agent:7.59.0" + imagePullPolicy: IfNotPresent + command: ["bash", "-c"] + args: + - cp -r /etc/datadog-agent /opt + volumeMounts: + - name: config + mountPath: /opt/datadog-agent + readOnly: false # Need RW for config path + resources: + {} + - name: init-config + image: "gcr.io/datadoghq/agent:7.59.0" + imagePullPolicy: IfNotPresent + command: + - bash + - -c + args: + - for script in $(find /etc/cont-init.d/ -type f -name '*.sh' | sort) ; do bash $script ; done + volumeMounts: + - name: config + mountPath: /etc/datadog-agent + readOnly: false # Need RW for config path + env: + - name: DD_API_KEY + valueFrom: + secretKeyRef: + name: "datadog-secret" + key: api-key + - name: DD_REMOTE_CONFIGURATION_ENABLED + value: "false" + - name: DD_AUTH_TOKEN_FILE_PATH + value: /etc/datadog-agent/auth/token + + - name: KUBERNETES + value: "yes" + - name: DD_KUBELET_CLIENT_CRT + value: /certs/tls.crt + - name: DD_KUBELET_CLIENT_KEY + value: /certs/tls.key + - name: DD_LANGUAGE_DETECTION_ENABLED + value: "false" + - name: DD_LANGUAGE_DETECTION_REPORTING_ENABLED + value: "false" + - name: DD_KUBERNETES_KUBELET_HOST + valueFrom: + fieldRef: + fieldPath: status.hostIP + - name: DD_NODE_NAME + valueFrom: + fieldRef: + apiVersion: v1 + fieldPath: spec.nodeName + - name: DD_HOSTNAME + value: "$(DD_NODE_NAME)-$(DD_CLUSTER_NAME)" + - name: DD_OTLP_CONFIG_LOGS_ENABLED + value: "false" + - name: DD_PROVIDER_KIND + value: gke-gdc + resources: + {} + volumes: + - name: auth-token + emptyDir: {} + - name: installinfo + configMap: + name: datadog-installinfo + - name: config + emptyDir: {} + + - name: logdatadog + emptyDir: {} + - name: tmpdir + emptyDir: {} + - name: s6-run + emptyDir: {} + - hostPath: + path: /var/datadog/logs + name: pointerdir + - hostPath: + path: /var/log/pods + name: logpodpath + - hostPath: + path: /var/log/containers + name: logscontainerspath + - secret: + secretName: datadog-kubelet-cert + name: kubelet-cert-volume + tolerations: + affinity: + {} + serviceAccountName: "datadog" + automountServiceAccountToken: true + nodeSelector: + kubernetes.io/os: linux + updateStrategy: + rollingUpdate: + maxUnavailable: 10% + type: RollingUpdate \ No newline at end of file diff --git a/test/datadog/baseline/other_default.yaml b/test/datadog/baseline/other_default.yaml index 151d23cce..b203ba643 100644 --- a/test/datadog/baseline/other_default.yaml +++ b/test/datadog/baseline/other_default.yaml @@ -6,7 +6,7 @@ metadata: name: datadog-clusterchecks namespace: datadog-agent labels: - helm.sh/chart: 'datadog-3.78.0' + helm.sh/chart: 'datadog-3.79.0' app.kubernetes.io/name: "datadog" app.kubernetes.io/instance: "datadog" app.kubernetes.io/managed-by: Helm @@ -24,7 +24,7 @@ metadata: name: datadog-cluster-agent namespace: datadog-agent labels: - helm.sh/chart: 'datadog-3.78.0' + helm.sh/chart: 'datadog-3.79.0' app.kubernetes.io/name: "datadog" app.kubernetes.io/instance: "datadog" app.kubernetes.io/managed-by: Helm @@ -41,13 +41,13 @@ kind: ServiceAccount automountServiceAccountToken: true metadata: labels: - helm.sh/chart: 'datadog-3.78.0' + helm.sh/chart: 'datadog-3.79.0' app.kubernetes.io/name: "datadog" app.kubernetes.io/instance: "datadog" app.kubernetes.io/managed-by: Helm app.kubernetes.io/version: "7" app: "datadog" - chart: "datadog-3.78.0" + chart: "datadog-3.79.0" heritage: "Helm" release: "datadog" name: datadog-cluster-checks @@ -60,10 +60,10 @@ automountServiceAccountToken: true metadata: labels: app: "datadog" - chart: "datadog-3.78.0" + chart: "datadog-3.79.0" heritage: "Helm" release: "datadog" - helm.sh/chart: 'datadog-3.78.0' + helm.sh/chart: 'datadog-3.79.0' app.kubernetes.io/name: "datadog" app.kubernetes.io/instance: "datadog" app.kubernetes.io/managed-by: Helm @@ -79,7 +79,7 @@ metadata: name: datadog namespace: datadog-agent labels: - helm.sh/chart: 'datadog-3.78.0' + helm.sh/chart: 'datadog-3.79.0' app.kubernetes.io/name: "datadog" app.kubernetes.io/instance: "datadog" app.kubernetes.io/managed-by: Helm @@ -92,14 +92,14 @@ metadata: name: datadog-cluster-agent namespace: datadog-agent labels: - helm.sh/chart: 'datadog-3.78.0' + helm.sh/chart: 'datadog-3.79.0' app.kubernetes.io/name: "datadog" app.kubernetes.io/instance: "datadog" app.kubernetes.io/managed-by: Helm app.kubernetes.io/version: "7" type: Opaque data: - token: "b0pkcDdBWU9DZENhcDU1T2ZEbnRXMkxjbW9LT3phdEE=" + token: "VUhXVVpZMDVTb1Bnd2VxODM1bTRDcU43SFc0UEhTSng=" --- # Source: datadog/templates/cluster-agent-confd-configmap.yaml apiVersion: v1 @@ -108,7 +108,7 @@ metadata: name: datadog-cluster-agent-confd namespace: datadog-agent labels: - helm.sh/chart: 'datadog-3.78.0' + helm.sh/chart: 'datadog-3.79.0' app.kubernetes.io/name: "datadog" app.kubernetes.io/instance: "datadog" app.kubernetes.io/managed-by: Helm @@ -162,20 +162,20 @@ metadata: name: datadog-installinfo namespace: datadog-agent labels: - helm.sh/chart: 'datadog-3.78.0' + helm.sh/chart: 'datadog-3.79.0' app.kubernetes.io/name: "datadog" app.kubernetes.io/instance: "datadog" app.kubernetes.io/managed-by: Helm app.kubernetes.io/version: "7" annotations: - checksum/install_info: 8e66003a020dd0b648cc0ee91a46e96257f348938a3e1a58fd54ea6f86adbd5e + checksum/install_info: 113a50d660d16d7edc1f9242b70b5dde0f3f6f12ce82ce794a8dc01e2863e6a5 data: install_info: | --- install_method: tool: helm tool_version: Helm - installer_version: datadog-3.78.0 + installer_version: datadog-3.79.0 --- # Source: datadog/templates/kpi-telemetry-configmap.yaml apiVersion: v1 @@ -184,22 +184,22 @@ metadata: name: datadog-kpi-telemetry-configmap namespace: datadog-agent labels: - helm.sh/chart: 'datadog-3.78.0' + helm.sh/chart: 'datadog-3.79.0' app.kubernetes.io/name: "datadog" app.kubernetes.io/instance: "datadog" app.kubernetes.io/managed-by: Helm app.kubernetes.io/version: "7" data: install_type: k8s_manual - install_id: "417924d1-f1c7-4c44-b681-a4b82f54d07d" - install_time: "1731094912" + install_id: "3111252e-d253-4641-b8b3-30b9c6be6466" + install_time: "1731360232" --- # Source: datadog/templates/cluster-agent-rbac.yaml apiVersion: "rbac.authorization.k8s.io/v1" kind: ClusterRole metadata: labels: - helm.sh/chart: 'datadog-3.78.0' + helm.sh/chart: 'datadog-3.79.0' app.kubernetes.io/name: "datadog" app.kubernetes.io/instance: "datadog" app.kubernetes.io/managed-by: Helm @@ -416,7 +416,7 @@ apiVersion: "rbac.authorization.k8s.io/v1" kind: ClusterRole metadata: labels: - helm.sh/chart: 'datadog-3.78.0' + helm.sh/chart: 'datadog-3.79.0' app.kubernetes.io/name: "datadog" app.kubernetes.io/instance: "datadog" app.kubernetes.io/managed-by: Helm @@ -512,7 +512,7 @@ kind: ClusterRole metadata: name: datadog labels: - helm.sh/chart: 'datadog-3.78.0' + helm.sh/chart: 'datadog-3.79.0' app.kubernetes.io/name: "datadog" app.kubernetes.io/instance: "datadog" app.kubernetes.io/managed-by: Helm @@ -560,7 +560,7 @@ apiVersion: "rbac.authorization.k8s.io/v1" kind: ClusterRoleBinding metadata: labels: - helm.sh/chart: 'datadog-3.78.0' + helm.sh/chart: 'datadog-3.79.0' app.kubernetes.io/name: "datadog" app.kubernetes.io/instance: "datadog" app.kubernetes.io/managed-by: Helm @@ -580,7 +580,7 @@ apiVersion: "rbac.authorization.k8s.io/v1" kind: ClusterRoleBinding metadata: labels: - helm.sh/chart: 'datadog-3.78.0' + helm.sh/chart: 'datadog-3.79.0' app.kubernetes.io/name: "datadog" app.kubernetes.io/instance: "datadog" app.kubernetes.io/managed-by: Helm @@ -600,7 +600,7 @@ apiVersion: "rbac.authorization.k8s.io/v1" kind: ClusterRoleBinding metadata: labels: - helm.sh/chart: 'datadog-3.78.0' + helm.sh/chart: 'datadog-3.79.0' app.kubernetes.io/name: "datadog" app.kubernetes.io/instance: "datadog" app.kubernetes.io/managed-by: Helm @@ -621,7 +621,7 @@ kind: ClusterRoleBinding metadata: name: datadog labels: - helm.sh/chart: 'datadog-3.78.0' + helm.sh/chart: 'datadog-3.79.0' app.kubernetes.io/name: "datadog" app.kubernetes.io/instance: "datadog" app.kubernetes.io/managed-by: Helm @@ -640,7 +640,7 @@ apiVersion: "rbac.authorization.k8s.io/v1" kind: Role metadata: labels: - helm.sh/chart: 'datadog-3.78.0' + helm.sh/chart: 'datadog-3.79.0' app.kubernetes.io/name: "datadog" app.kubernetes.io/instance: "datadog" app.kubernetes.io/managed-by: Helm @@ -657,7 +657,7 @@ apiVersion: "rbac.authorization.k8s.io/v1" kind: Role metadata: labels: - helm.sh/chart: 'datadog-3.78.0' + helm.sh/chart: 'datadog-3.79.0' app.kubernetes.io/name: "datadog" app.kubernetes.io/instance: "datadog" app.kubernetes.io/managed-by: Helm @@ -679,7 +679,7 @@ apiVersion: "rbac.authorization.k8s.io/v1" kind: RoleBinding metadata: labels: - helm.sh/chart: 'datadog-3.78.0' + helm.sh/chart: 'datadog-3.79.0' app.kubernetes.io/name: "datadog" app.kubernetes.io/instance: "datadog" app.kubernetes.io/managed-by: Helm @@ -700,7 +700,7 @@ apiVersion: "rbac.authorization.k8s.io/v1" kind: RoleBinding metadata: labels: - helm.sh/chart: 'datadog-3.78.0' + helm.sh/chart: 'datadog-3.79.0' app.kubernetes.io/name: "datadog" app.kubernetes.io/instance: "datadog" app.kubernetes.io/managed-by: Helm @@ -723,7 +723,7 @@ metadata: name: datadog-cluster-agent namespace: datadog-agent labels: - helm.sh/chart: 'datadog-3.78.0' + helm.sh/chart: 'datadog-3.79.0' app.kubernetes.io/name: "datadog" app.kubernetes.io/instance: "datadog" app.kubernetes.io/managed-by: Helm @@ -745,10 +745,10 @@ metadata: namespace: datadog-agent labels: app: "datadog" - chart: "datadog-3.78.0" + chart: "datadog-3.79.0" release: "datadog" heritage: "Helm" - helm.sh/chart: 'datadog-3.78.0' + helm.sh/chart: 'datadog-3.79.0' app.kubernetes.io/name: "datadog" app.kubernetes.io/instance: "datadog" app.kubernetes.io/managed-by: Helm @@ -771,10 +771,10 @@ metadata: namespace: datadog-agent labels: app: "datadog" - chart: "datadog-3.78.0" + chart: "datadog-3.79.0" release: "datadog" heritage: "Helm" - helm.sh/chart: 'datadog-3.78.0' + helm.sh/chart: 'datadog-3.79.0' app.kubernetes.io/name: "datadog" app.kubernetes.io/instance: "datadog" app.kubernetes.io/managed-by: Helm @@ -800,7 +800,7 @@ metadata: name: datadog namespace: datadog-agent labels: - helm.sh/chart: 'datadog-3.78.0' + helm.sh/chart: 'datadog-3.79.0' app.kubernetes.io/name: "datadog" app.kubernetes.io/instance: "datadog" app.kubernetes.io/managed-by: Helm @@ -824,8 +824,8 @@ spec: name: datadog annotations: - checksum/clusteragent_token: dbcee8ba14e360a887c9426f7a91014cf4c59f37e317f7084bb28729aedcfb38 - checksum/install_info: 8e66003a020dd0b648cc0ee91a46e96257f348938a3e1a58fd54ea6f86adbd5e + checksum/clusteragent_token: f00581a69706d733ac0c8e932c003a67a287dff70bc15af0030fff5a1e66e0cd + checksum/install_info: 113a50d660d16d7edc1f9242b70b5dde0f3f6f12ce82ce794a8dc01e2863e6a5 checksum/autoconf-config: 74234e98afe7498fb5daf1f36ac2d78acc339464f950703b8c019892f982b90b checksum/confd-config: 44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a checksum/checksd-config: 44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a @@ -871,6 +871,7 @@ spec: value: "false" + - name: DD_PROCESS_CONFIG_PROCESS_COLLECTION_ENABLED value: "false" - name: DD_PROCESS_CONFIG_CONTAINER_COLLECTION_ENABLED @@ -1144,6 +1145,7 @@ spec: name: datadog-cluster-agent key: token + - name: DD_PROCESS_CONFIG_PROCESS_COLLECTION_ENABLED value: "false" - name: DD_PROCESS_CONFIG_CONTAINER_COLLECTION_ENABLED @@ -1200,9 +1202,7 @@ spec: mountPropagation: None readOnly: true initContainers: - - - name: init-volume - + - name: init-volume image: "gcr.io/datadoghq/agent:7.59.0" imagePullPolicy: IfNotPresent command: ["bash", "-c"] @@ -1214,8 +1214,7 @@ spec: readOnly: false # Need RW for config path resources: {} - - name: init-config - + - name: init-config image: "gcr.io/datadoghq/agent:7.59.0" imagePullPolicy: IfNotPresent command: @@ -1224,12 +1223,12 @@ spec: args: - for script in $(find /etc/cont-init.d/ -type f -name '*.sh' | sort) ; do bash $script ; done volumeMounts: - - name: logdatadog - mountPath: /var/log/datadog - readOnly: false # Need RW to write logs - name: config mountPath: /etc/datadog-agent readOnly: false # Need RW for config path + - name: logdatadog + mountPath: /var/log/datadog + readOnly: false # Need RW to write logs - name: procdir mountPath: /host/proc mountPropagation: None @@ -1278,6 +1277,8 @@ spec: emptyDir: {} - name: tmpdir emptyDir: {} + - name: s6-run + emptyDir: {} - hostPath: path: /proc name: procdir @@ -1295,8 +1296,6 @@ spec: path: /var/run/datadog/ type: DirectoryOrCreate name: apmsocket - - name: s6-run - emptyDir: {} - hostPath: path: /etc/passwd name: passwd @@ -1322,7 +1321,7 @@ metadata: name: datadog-clusterchecks namespace: datadog-agent labels: - helm.sh/chart: 'datadog-3.78.0' + helm.sh/chart: 'datadog-3.79.0' app.kubernetes.io/name: "datadog" app.kubernetes.io/instance: "datadog" app.kubernetes.io/managed-by: Helm @@ -1352,8 +1351,8 @@ spec: name: datadog-clusterchecks annotations: - checksum/clusteragent_token: cc7c556be49df89c9540b1769bcc9af7f787d18b2770ccf885920cd3c3867fd2 - checksum/install_info: 8e66003a020dd0b648cc0ee91a46e96257f348938a3e1a58fd54ea6f86adbd5e + checksum/clusteragent_token: 0f3c4653bf6f20423353df3b2c09b545f377c8943c78e038a764c08ee01e7cec + checksum/install_info: 113a50d660d16d7edc1f9242b70b5dde0f3f6f12ce82ce794a8dc01e2863e6a5 spec: serviceAccountName: datadog-cluster-checks automountServiceAccountToken: true @@ -1514,7 +1513,7 @@ metadata: name: datadog-cluster-agent namespace: datadog-agent labels: - helm.sh/chart: 'datadog-3.78.0' + helm.sh/chart: 'datadog-3.79.0' app.kubernetes.io/name: "datadog" app.kubernetes.io/instance: "datadog" app.kubernetes.io/managed-by: Helm @@ -1544,9 +1543,9 @@ spec: name: datadog-cluster-agent annotations: - checksum/clusteragent_token: 982bf49be535679f1005e6648f369a19b8525b1f802f5874952fcf32b5b56bfe - checksum/clusteragent-configmap: 18b94379f076d60b9b9aaa9bd8ebbc2fdc70563de1beae32de2018cacf2a237e - checksum/install_info: 8e66003a020dd0b648cc0ee91a46e96257f348938a3e1a58fd54ea6f86adbd5e + checksum/clusteragent_token: dc1e3efaa7c41119e5e666c61d458d5dd5b608c3f5be3e7044f14e087aadeca2 + checksum/clusteragent-configmap: 01caadfa4eb3983f3938c37d3a44a51e3ca2969b2d5ffff36f24d025f3246067 + checksum/install_info: 113a50d660d16d7edc1f9242b70b5dde0f3f6f12ce82ce794a8dc01e2863e6a5 spec: serviceAccountName: datadog-cluster-agent automountServiceAccountToken: true diff --git a/test/datadog/baseline_test.go b/test/datadog/baseline_test.go index 8118d5128..baf66fe53 100644 --- a/test/datadog/baseline_test.go +++ b/test/datadog/baseline_test.go @@ -113,6 +113,42 @@ func Test_baseline_manifests(t *testing.T) { baselineManifestPath: "./baseline/other_default.yaml", assertions: verifyUntypedResources, }, + { + name: "GDC DaemonSet default", + command: common.HelmCommand{ + ReleaseName: "datadog", + ChartPath: "../../charts/datadog", + ShowOnly: []string{"templates/daemonset.yaml"}, + Values: []string{"../../charts/datadog/values.yaml"}, + Overrides: map[string]string{ + "datadog.apiKeyExistingSecret": "datadog-secret", + "datadog.appKeyExistingSecret": "datadog-secret", + "providers.gke.gdc": "true", + }, + }, + baselineManifestPath: "./baseline/gdc_daemonset_default.yaml", + assertions: verifyDaemonset, + }, + { + name: "GDC DaemonSet logs collection enabled", + command: common.HelmCommand{ + ReleaseName: "datadog", + ChartPath: "../../charts/datadog", + ShowOnly: []string{"templates/daemonset.yaml"}, + Values: []string{"../../charts/datadog/values.yaml"}, + Overrides: map[string]string{ + "datadog.apiKeyExistingSecret": "datadog-secret", + "datadog.appKeyExistingSecret": "datadog-secret", + "datadog.logs.enabled": "true", + "datadog.logs.containerCollectAll": "true", + "datadog.logs.containerCollectUsingFiles": "true", + "datadog.logs.autoMultiLineDetection": "true", + "providers.gke.gdc": "true", + }, + }, + baselineManifestPath: "./baseline/gdc_daemonset_logs_collection.yaml", + assertions: verifyDaemonset, + }, } for _, tt := range tests { diff --git a/test/datadog/gdc_test.go b/test/datadog/gdc_test.go new file mode 100644 index 000000000..b8b2ecf98 --- /dev/null +++ b/test/datadog/gdc_test.go @@ -0,0 +1,90 @@ +package datadog + +import ( + "fmt" + "github.com/DataDog/helm-charts/test/common" + "github.com/stretchr/testify/assert" + appsv1 "k8s.io/api/apps/v1" + corev1 "k8s.io/api/core/v1" + "testing" +) + +var allowedHostPaths = map[string]interface{}{ + "/var/datadog/logs": nil, + "/var/log/pods": nil, + "/var/log/containers": nil, +} + +func Test_gdcConfigs(t *testing.T) { + tests := []struct { + name string + command common.HelmCommand + assertions func(t *testing.T, manifest string) + }{ + { + name: "default", + command: common.HelmCommand{ + ReleaseName: "datadog", + ChartPath: "../../charts/datadog", + ShowOnly: []string{"templates/daemonset.yaml"}, + Values: []string{"../../charts/datadog/values.yaml"}, + Overrides: map[string]string{ + "datadog.apiKeyExistingSecret": "datadog-secret", + "datadog.appKeyExistingSecret": "datadog-secret", + "datadog.logs.enabled": "true", + "agents.image.doNotCheckTag": "true", + "datadog.logs.containerCollectAll": "true", + "datadog.logs.containerCollectUsingFiles": "true", + "datadog.logs.autoMultiLineDetection": "true", + "providers.gke.gdc": "true", + }, + }, + assertions: verifyDaemonsetGDCMinimal, + }, + } + + for _, tt := range tests { + t.Run(tt.name, func(t *testing.T) { + manifest, err := common.RenderChart(t, tt.command) + assert.Nil(t, err, "couldn't render template") + tt.assertions(t, manifest) + }) + } +} + +func verifyDaemonsetGDCMinimal(t *testing.T, manifest string) { + var ds appsv1.DaemonSet + common.Unmarshal(t, manifest, &ds) + agentContainer := &corev1.Container{} + + assert.Equal(t, 1, len(ds.Spec.Template.Spec.Containers)) + + for _, container := range ds.Spec.Template.Spec.Containers { + if container.Name == "agent" { + agentContainer = &container + } + } + + assert.NotNil(t, agentContainer) + + var validHostPath = true + for _, volume := range ds.Spec.Template.Spec.Volumes { + if volume.HostPath != nil { + _, validHostPath = allowedHostPaths[volume.HostPath.Path] + assert.True(t, validHostPath, fmt.Sprintf("DaemonSet has restricted hostPath mounted: %s ", volume.HostPath.Path)) + } + } + + validPorts := true + for _, container := range ds.Spec.Template.Spec.Containers { + if container.Ports != nil { + for _, port := range container.Ports { + if port.HostPort > 0 { + validPorts = false + break + } + } + } + } + assert.True(t, validPorts, "Daemonset has restricted hostPort mounted.") +} From 995a087b3d426bb9aca6949b446b413960bb1709 Mon Sep 17 00:00:00 2001 From: Cedric Lamoriniere Date: Tue, 12 Nov 2024 19:19:37 +0100 Subject: [PATCH 172/209] doc(datadog): docuement datadog.envDict usage (#1605) --- charts/datadog/CHANGELOG.md | 4 ++++ charts/datadog/Chart.yaml | 2 +- charts/datadog/README.md | 12 +++++++++++- charts/datadog/README.md.gotmpl | 10 ++++++++++ 4 files changed, 26 insertions(+), 2 deletions(-) diff --git a/charts/datadog/CHANGELOG.md b/charts/datadog/CHANGELOG.md index 80dc04b8d..54ab81f36 100644 --- a/charts/datadog/CHANGELOG.md +++ b/charts/datadog/CHANGELOG.md @@ -1,5 +1,9 @@ # Datadog changelog +## 3.79.1 + +* Document how to use `datadog.envDict` option with the `--set` helm's flag. + ## 3.79.0 * Add Logs Collection support for Google GKE on GDC diff --git a/charts/datadog/Chart.yaml b/charts/datadog/Chart.yaml index 5f4f70b25..507ebcc04 100644 --- a/charts/datadog/Chart.yaml +++ b/charts/datadog/Chart.yaml @@ -1,6 +1,6 @@ apiVersion: v1 name: datadog -version: 3.79.0 +version: 3.79.1 appVersion: "7" description: Datadog Agent keywords: diff --git a/charts/datadog/README.md b/charts/datadog/README.md index 3ad8260ea..f562d72c5 100644 --- a/charts/datadog/README.md +++ b/charts/datadog/README.md @@ -1,6 +1,6 @@ # Datadog -![Version: 3.79.0](https://img.shields.io/badge/Version-3.79.0-informational?style=flat-square) ![AppVersion: 7](https://img.shields.io/badge/AppVersion-7-informational?style=flat-square) +![Version: 3.79.1](https://img.shields.io/badge/Version-3.79.1-informational?style=flat-square) ![AppVersion: 7](https://img.shields.io/badge/AppVersion-7-informational?style=flat-square) [Datadog](https://www.datadoghq.com/) is a hosted infrastructure monitoring platform. This chart adds the Datadog Agent to all nodes in your cluster via a DaemonSet. It also optionally depends on the [kube-state-metrics chart](https://github.com/prometheus-community/helm-charts/tree/main/charts/kube-state-metrics). For more information about monitoring Kubernetes with Datadog, please refer to the [Datadog documentation website](https://docs.datadoghq.com/agent/basic_agent_usage/kubernetes/). @@ -441,6 +441,16 @@ agents: # (...) ``` +## Set an environment variable with the `--set` helm flag + +You can set environment variables using the `--set` helm's flag thanks to the `datadog.envDict` field. + +For example, to set the `DD_ENV` environment variable: + +```console +$ helm install --set datadog.envDict.DD_ENV=prod datadog/datadog +``` + ## All configuration options The following table lists the configurable parameters of the Datadog chart and their default values. Specify each parameter using the `--set key=value[,key=value]` argument to `helm install`. For example, diff --git a/charts/datadog/README.md.gotmpl b/charts/datadog/README.md.gotmpl index 6e4708ca0..5e99e6f20 100644 --- a/charts/datadog/README.md.gotmpl +++ b/charts/datadog/README.md.gotmpl @@ -437,6 +437,16 @@ agents: # (...) ``` +## Set an environment variable with the `--set` helm flag + +You can set environment variables using the `--set` helm's flag thanks to the `datadog.envDict` field. + +For example, to set the `DD_ENV` environment variable: + +```console +$ helm install --set datadog.envDict.DD_ENV=prod datadog/datadog +``` + ## All configuration options The following table lists the configurable parameters of the Datadog chart and their default values. Specify each parameter using the `--set key=value[,key=value]` argument to `helm install`. For example, From 81548e03de31e6994b7da0205449408a8d35ab1f Mon Sep 17 00:00:00 2001 From: Wassim Dhif Date: Wed, 13 Nov 2024 18:41:39 +0100 Subject: [PATCH 173/209] feat(admission controller): Add new webhook settings (#1564) Signed-off-by: Wassim DHIF --- charts/datadog/CHANGELOG.md | 4 ++++ charts/datadog/Chart.yaml | 2 +- charts/datadog/README.md | 6 +++++- charts/datadog/templates/cluster-agent-deployment.yaml | 4 ++++ charts/datadog/values.yaml | 10 ++++++++++ 5 files changed, 24 insertions(+), 2 deletions(-) diff --git a/charts/datadog/CHANGELOG.md b/charts/datadog/CHANGELOG.md index 54ab81f36..7ed4ebbd8 100644 --- a/charts/datadog/CHANGELOG.md +++ b/charts/datadog/CHANGELOG.md @@ -1,5 +1,9 @@ # Datadog changelog +## 3.80.0 + +* Add `datadog.admissionController.validation` and `datadog.admissionController.mutation` to enable/disable the admission controller validation and mutation webhooks. + ## 3.79.1 * Document how to use `datadog.envDict` option with the `--set` helm's flag. diff --git a/charts/datadog/Chart.yaml b/charts/datadog/Chart.yaml index 507ebcc04..f8279e5d2 100644 --- a/charts/datadog/Chart.yaml +++ b/charts/datadog/Chart.yaml @@ -1,6 +1,6 @@ apiVersion: v1 name: datadog -version: 3.79.1 +version: 3.80.0 appVersion: "7" description: Datadog Agent keywords: diff --git a/charts/datadog/README.md b/charts/datadog/README.md index f562d72c5..765f1db4c 100644 --- a/charts/datadog/README.md +++ b/charts/datadog/README.md @@ -1,6 +1,6 @@ # Datadog -![Version: 3.79.1](https://img.shields.io/badge/Version-3.79.1-informational?style=flat-square) ![AppVersion: 7](https://img.shields.io/badge/AppVersion-7-informational?style=flat-square) +![Version: 3.80.0](https://img.shields.io/badge/Version-3.80.0-informational?style=flat-square) ![AppVersion: 7](https://img.shields.io/badge/AppVersion-7-informational?style=flat-square) [Datadog](https://www.datadoghq.com/) is a hosted infrastructure monitoring platform. This chart adds the Datadog Agent to all nodes in your cluster via a DaemonSet. It also optionally depends on the [kube-state-metrics chart](https://github.com/prometheus-community/helm-charts/tree/main/charts/kube-state-metrics). For more information about monitoring Kubernetes with Datadog, please refer to the [Datadog documentation website](https://docs.datadoghq.com/agent/basic_agent_usage/kubernetes/). @@ -574,8 +574,12 @@ helm install \ | clusterAgent.admissionController.enabled | bool | `true` | Enable the admissionController to be able to inject APM/Dogstatsd config and standard tags (env, service, version) automatically into your pods | | clusterAgent.admissionController.failurePolicy | string | `"Ignore"` | Set the failure policy for dynamic admission control.' | | clusterAgent.admissionController.mutateUnlabelled | bool | `false` | Enable injecting config without having the pod label 'admission.datadoghq.com/enabled="true"' | +| clusterAgent.admissionController.mutation | object | `{"enabled":true}` | Mutation Webhook configuration options | +| clusterAgent.admissionController.mutation.enabled | bool | `true` | Enabled enables the Admission Controller mutation webhook. Default: true. (Requires Agent 7.59.0+). | | clusterAgent.admissionController.port | int | `8000` | Set port of cluster-agent admission controller service | | clusterAgent.admissionController.remoteInstrumentation.enabled | bool | `false` | Enable polling and applying library injection using Remote Config. # This feature is in beta, and enables Remote Config in the Cluster Agent. It also requires Cluster Agent version 7.43+. # Enabling this feature grants the Cluster Agent the permissions to patch Deployment objects in the cluster. | +| clusterAgent.admissionController.validation | object | `{"enabled":true}` | Validation Webhook configuration options | +| clusterAgent.admissionController.validation.enabled | bool | `true` | Enabled enables the Admission Controller validation webhook. Default: true. (Requires Agent 7.59.0+). | | clusterAgent.admissionController.webhookName | string | `"datadog-webhook"` | Name of the validatingwebhookconfiguration and mutatingwebhookconfiguration created by the cluster-agent | | clusterAgent.advancedConfd | object | `{}` | Provide additional cluster check configurations. Each key is an integration containing several config files. | | clusterAgent.affinity | object | `{}` | Allow the Cluster Agent Deployment to schedule using affinity rules | diff --git a/charts/datadog/templates/cluster-agent-deployment.yaml b/charts/datadog/templates/cluster-agent-deployment.yaml index b82fbcc6a..9549a90ae 100644 --- a/charts/datadog/templates/cluster-agent-deployment.yaml +++ b/charts/datadog/templates/cluster-agent-deployment.yaml @@ -203,6 +203,10 @@ spec: {{- if .Values.clusterAgent.admissionController.enabled }} - name: DD_ADMISSION_CONTROLLER_ENABLED value: {{ .Values.clusterAgent.admissionController.enabled | quote }} + - name: DD_ADMISSION_CONTROLLER_VALIDATION_ENABLED + value: {{ .Values.clusterAgent.admissionController.validation.enabled | quote }} + - name: DD_ADMISSION_CONTROLLER_MUTATION_ENABLED + value: {{ .Values.clusterAgent.admissionController.mutation.enabled | quote }} - name: DD_ADMISSION_CONTROLLER_WEBHOOK_NAME value: {{ .Values.clusterAgent.admissionController.webhookName | quote }} - name: DD_ADMISSION_CONTROLLER_MUTATE_UNLABELLED diff --git a/charts/datadog/values.yaml b/charts/datadog/values.yaml index f7d49a2e4..d38cba42a 100644 --- a/charts/datadog/values.yaml +++ b/charts/datadog/values.yaml @@ -1147,6 +1147,16 @@ clusterAgent: # clusterAgent.admissionController.enabled -- Enable the admissionController to be able to inject APM/Dogstatsd config and standard tags (env, service, version) automatically into your pods enabled: true + # clusterAgent.admissionController.validation -- Validation Webhook configuration options + validation: + # clusterAgent.admissionController.validation.enabled -- Enabled enables the Admission Controller validation webhook. Default: true. (Requires Agent 7.59.0+). + enabled: true + + # clusterAgent.admissionController.mutation -- Mutation Webhook configuration options + mutation: + # clusterAgent.admissionController.mutation.enabled -- Enabled enables the Admission Controller mutation webhook. Default: true. (Requires Agent 7.59.0+). + enabled: true + # clusterAgent.admissionController.webhookName -- Name of the validatingwebhookconfiguration and mutatingwebhookconfiguration created by the cluster-agent webhookName: datadog-webhook From 746f94270d4f8afc67e3bf4bc284e2973bb19668 Mon Sep 17 00:00:00 2001 From: neuronull Date: Mon, 18 Nov 2024 10:59:03 -0700 Subject: [PATCH 174/209] [observability-pipelines-worker] 2.2.2 release (#1608) --- charts/observability-pipelines-worker/CHANGELOG.md | 4 ++++ charts/observability-pipelines-worker/Chart.yaml | 4 ++-- charts/observability-pipelines-worker/README.md | 4 ++-- charts/observability-pipelines-worker/values.yaml | 2 +- 4 files changed, 9 insertions(+), 5 deletions(-) diff --git a/charts/observability-pipelines-worker/CHANGELOG.md b/charts/observability-pipelines-worker/CHANGELOG.md index aac9b3464..8343fb4c1 100644 --- a/charts/observability-pipelines-worker/CHANGELOG.md +++ b/charts/observability-pipelines-worker/CHANGELOG.md @@ -1,5 +1,9 @@ # Changelog +## 2.2.2 + +* Official image `2.2.2` + ## 2.2.1 * Official image `2.2.1` diff --git a/charts/observability-pipelines-worker/Chart.yaml b/charts/observability-pipelines-worker/Chart.yaml index 757f49855..5029e59d3 100644 --- a/charts/observability-pipelines-worker/Chart.yaml +++ b/charts/observability-pipelines-worker/Chart.yaml @@ -1,6 +1,6 @@ apiVersion: v2 name: observability-pipelines-worker -version: "2.2.1" +version: "2.2.2" description: Observability Pipelines Worker type: application keywords: @@ -13,7 +13,7 @@ icon: https://datadog-live.imgix.net/img/dd_logo_70x75.png maintainers: - name: Datadog email: support@datadoghq.com -appVersion: "2.2.1" +appVersion: "2.2.2" annotations: artifacthub.io/links: | - name: Chart Source diff --git a/charts/observability-pipelines-worker/README.md b/charts/observability-pipelines-worker/README.md index a9e50e99e..45a1b3c03 100644 --- a/charts/observability-pipelines-worker/README.md +++ b/charts/observability-pipelines-worker/README.md @@ -1,6 +1,6 @@ # Observability Pipelines Worker -![Version: 2.2.1](https://img.shields.io/badge/Version-2.2.1-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 2.2.1](https://img.shields.io/badge/AppVersion-2.2.1-informational?style=flat-square) +![Version: 2.2.2](https://img.shields.io/badge/Version-2.2.2-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 2.2.2](https://img.shields.io/badge/AppVersion-2.2.2-informational?style=flat-square) ## How to use Datadog Helm repository @@ -110,7 +110,7 @@ The command removes all the Kubernetes components associated with the chart and | image.pullPolicy | string | `"IfNotPresent"` | Specify the [pullPolicy](https://kubernetes.io/docs/concepts/containers/images/#image-pull-policy). | | image.pullSecrets | list | `[]` | Specify the [imagePullSecrets](https://kubernetes.io/docs/concepts/containers/images/#specifying-imagepullsecrets-on-a-pod). | | image.repository | string | `"gcr.io/datadoghq"` | Specify the image repository to use. | -| image.tag | string | `"2.2.1"` | Specify the image tag to use. | +| image.tag | string | `"2.2.2"` | Specify the image tag to use. | | ingress.annotations | object | `{}` | Specify annotations for the Ingress. | | ingress.className | string | `""` | Specify the [ingressClassName](https://kubernetes.io/blog/2020/04/02/improvements-to-the-ingress-api-in-kubernetes-1.18/#specifying-the-class-of-an-ingress), requires Kubernetes >= 1.18. | | ingress.enabled | bool | `false` | If **true**, create an Ingress resource. | diff --git a/charts/observability-pipelines-worker/values.yaml b/charts/observability-pipelines-worker/values.yaml index 566c7333e..12db3e3ea 100644 --- a/charts/observability-pipelines-worker/values.yaml +++ b/charts/observability-pipelines-worker/values.yaml @@ -42,7 +42,7 @@ image: # image.name -- Specify the image name to use (relative to `image.repository`). name: observability-pipelines-worker # image.tag -- Specify the image tag to use. - tag: 2.2.1 + tag: 2.2.2 # image.digest -- (string) Specify the image digest to use; takes precedence over `image.tag`. digest: ## Currently, we offer images at: From 9479b17f7d526b3aa7fcd0737a011f713597994c Mon Sep 17 00:00:00 2001 From: Gabriel Plassard <138318954+dd-gplassard@users.noreply.github.com> Date: Tue, 19 Nov 2024 18:40:35 +0100 Subject: [PATCH 175/209] Upgrade helm chart with new private action runner version (#1610) --- charts/private-action-runner/CHANGELOG.md | 4 ++++ charts/private-action-runner/Chart.yaml | 2 +- charts/private-action-runner/README.md | 4 ++-- charts/private-action-runner/README.md.gotmpl | 2 +- charts/private-action-runner/values.yaml | 2 +- test/private-action-runner/__snapshot__/default.yaml | 2 +- .../__snapshot__/enable-kubernetes-actions.yaml | 2 +- 7 files changed, 11 insertions(+), 7 deletions(-) diff --git a/charts/private-action-runner/CHANGELOG.md b/charts/private-action-runner/CHANGELOG.md index 89adc7088..fb7d362c5 100644 --- a/charts/private-action-runner/CHANGELOG.md +++ b/charts/private-action-runner/CHANGELOG.md @@ -1,5 +1,9 @@ # Datadog changelog +## 0.15.0 + +* Update private action image version to `v0.1.5-beta` + ## 0.14.3 * Add GitLab private actions and fix image repository link. diff --git a/charts/private-action-runner/Chart.yaml b/charts/private-action-runner/Chart.yaml index 269eac221..a6f65933a 100644 --- a/charts/private-action-runner/Chart.yaml +++ b/charts/private-action-runner/Chart.yaml @@ -3,7 +3,7 @@ name: private-action-runner description: A Helm chart to deploy the private action runner type: application -version: 0.14.3 +version: 0.15.0 appVersion: "1.22.0" keywords: - app builder diff --git a/charts/private-action-runner/README.md b/charts/private-action-runner/README.md index af2b7bad5..e0f476e0a 100644 --- a/charts/private-action-runner/README.md +++ b/charts/private-action-runner/README.md @@ -1,6 +1,6 @@ # Datadog Private Action Runner -![Version: 0.14.3](https://img.shields.io/badge/Version-0.14.3-informational?style=flat-square) ![AppVersion: v0.1.4-beta](https://img.shields.io/badge/AppVersion-v0.1.4--beta-informational?style=flat-square) +![Version: 0.15.0](https://img.shields.io/badge/Version-0.15.0-informational?style=flat-square) ![AppVersion: v0.1.5-beta](https://img.shields.io/badge/AppVersion-v0.1.5--beta-informational?style=flat-square) This Helm Chart deploys the Datadog Private Action runner inside a Kubernetes cluster. It allows you to use private actions from the Datadog Workflow and Datadog App Builder products. When deploying this chart, you can give permissions to the runner in order to be able to run Kubernetes actions. @@ -42,7 +42,7 @@ helm repo update | Key | Type | Default | Description | |-----|------|---------|-------------| -| common.image | object | `{"repository":"gcr.io/datadoghq/private-action-runner","tag":"v0.1.4-beta"}` | Current Datadog Private Action Runner image | +| common.image | object | `{"repository":"gcr.io/datadoghq/private-action-runner","tag":"v0.1.5-beta"}` | Current Datadog Private Action Runner image | | credentialFiles | list | `[]` | List of credential files to be used by the Datadog Private Action Runner | | runners[0].config | object | `{"actionsAllowlist":[],"ddBaseURL":"https://app.datadoghq.com","modes":["workflowAutomation","appBuilder"],"port":9016,"privateKey":"CHANGE_ME_PRIVATE_KEY_FROM_CONFIG","urn":"CHANGE_ME_URN_FROM_CONFIG"}` | Configuration for the Datadog Private Action Runner | | runners[0].config.actionsAllowlist | list | `[]` | List of actions that the Datadog Private Action Runner is allowed to execute | diff --git a/charts/private-action-runner/README.md.gotmpl b/charts/private-action-runner/README.md.gotmpl index 061bb5ec3..a7cb66089 100644 --- a/charts/private-action-runner/README.md.gotmpl +++ b/charts/private-action-runner/README.md.gotmpl @@ -1,6 +1,6 @@ # Datadog Private Action Runner -![Version: 0.14.3](https://img.shields.io/badge/Version-0.14.3-informational?style=flat-square) ![AppVersion: v0.1.4-beta](https://img.shields.io/badge/AppVersion-v0.1.4--beta-informational?style=flat-square) +![Version: 0.15.0](https://img.shields.io/badge/Version-0.15.0-informational?style=flat-square) ![AppVersion: v0.1.5-beta](https://img.shields.io/badge/AppVersion-v0.1.5--beta-informational?style=flat-square) This Helm Chart deploys the Datadog Private Action runner inside a Kubernetes cluster. It allows you to use private actions from the Datadog Workflow and Datadog App Builder products. When deploying this chart, you can give permissions to the runner in order to be able to run Kubernetes actions. diff --git a/charts/private-action-runner/values.yaml b/charts/private-action-runner/values.yaml index b72ae56df..8b453c4d9 100644 --- a/charts/private-action-runner/values.yaml +++ b/charts/private-action-runner/values.yaml @@ -6,7 +6,7 @@ common: # -- Current Datadog Private Action Runner image image: repository: gcr.io/datadoghq/private-action-runner - tag: v0.1.4-beta + tag: v0.1.5-beta runners: # runners[0].name -- Name of the Datadog Private Action Runner diff --git a/test/private-action-runner/__snapshot__/default.yaml b/test/private-action-runner/__snapshot__/default.yaml index 0ff7ed363..3766b77ec 100644 --- a/test/private-action-runner/__snapshot__/default.yaml +++ b/test/private-action-runner/__snapshot__/default.yaml @@ -100,7 +100,7 @@ spec: value: nodeless containers: - name: runner - image: "gcr.io/datadoghq/private-action-runner:v0.1.4-beta" + image: "gcr.io/datadoghq/private-action-runner:v0.1.5-beta" imagePullPolicy: IfNotPresent ports: - name: http diff --git a/test/private-action-runner/__snapshot__/enable-kubernetes-actions.yaml b/test/private-action-runner/__snapshot__/enable-kubernetes-actions.yaml index c4d5a2779..6b2d3f55c 100644 --- a/test/private-action-runner/__snapshot__/enable-kubernetes-actions.yaml +++ b/test/private-action-runner/__snapshot__/enable-kubernetes-actions.yaml @@ -144,7 +144,7 @@ spec: value: nodeless containers: - name: runner - image: "gcr.io/datadoghq/private-action-runner:v0.1.4-beta" + image: "gcr.io/datadoghq/private-action-runner:v0.1.5-beta" imagePullPolicy: IfNotPresent ports: - name: http From 3df0db954ccc9069057d7475151ad513072b8701 Mon Sep 17 00:00:00 2001 From: mrmcpat <109171317+mrdoggopat@users.noreply.github.com> Date: Wed, 20 Nov 2024 13:30:46 -0500 Subject: [PATCH 176/209] Add a new option `datadog.apm.useLocalService` to disable hostPorts for the trace-agent (#1552) * add a new option to disable hostPorts for the trace-agent with * add new line character at end of file for agent-apm-use-local-service-values.yaml * Update agent-apm-use-local-service-values.yaml * fix a small issue with the logic in the should-enable-trace-agent logic * docs fix --------- Co-authored-by: Fanny Jiang --- charts/datadog/CHANGELOG.md | 4 ++++ charts/datadog/Chart.yaml | 2 +- charts/datadog/README.md | 3 ++- .../agent-apm-use-local-service-values.yaml | 11 +++++++++ charts/datadog/templates/NOTES.txt | 14 +++++++++++ charts/datadog/templates/_helpers.tpl | 24 ++++++++++++++++--- .../templates/cluster-agent-deployment.yaml | 4 +++- charts/datadog/values.yaml | 7 ++++++ 8 files changed, 63 insertions(+), 6 deletions(-) create mode 100644 charts/datadog/ci/agent-apm-use-local-service-values.yaml diff --git a/charts/datadog/CHANGELOG.md b/charts/datadog/CHANGELOG.md index 7ed4ebbd8..d9817331a 100644 --- a/charts/datadog/CHANGELOG.md +++ b/charts/datadog/CHANGELOG.md @@ -1,5 +1,9 @@ # Datadog changelog +## 3.81.0 + +* Add a new option to disable hostPorts for the trace-agent with `datadog.apm.useLocalService`. This option enables K8s clusters with hostPort and hostPath volumes restrictions to use the K8s local service to send traces. + ## 3.80.0 * Add `datadog.admissionController.validation` and `datadog.admissionController.mutation` to enable/disable the admission controller validation and mutation webhooks. diff --git a/charts/datadog/Chart.yaml b/charts/datadog/Chart.yaml index f8279e5d2..a7f218f42 100644 --- a/charts/datadog/Chart.yaml +++ b/charts/datadog/Chart.yaml @@ -1,6 +1,6 @@ apiVersion: v1 name: datadog -version: 3.80.0 +version: 3.81.0 appVersion: "7" description: Datadog Agent keywords: diff --git a/charts/datadog/README.md b/charts/datadog/README.md index 765f1db4c..5ef7b7343 100644 --- a/charts/datadog/README.md +++ b/charts/datadog/README.md @@ -1,6 +1,6 @@ # Datadog -![Version: 3.80.0](https://img.shields.io/badge/Version-3.80.0-informational?style=flat-square) ![AppVersion: 7](https://img.shields.io/badge/AppVersion-7-informational?style=flat-square) +![Version: 3.81.0](https://img.shields.io/badge/Version-3.81.0-informational?style=flat-square) ![AppVersion: 7](https://img.shields.io/badge/AppVersion-7-informational?style=flat-square) [Datadog](https://www.datadoghq.com/) is a hosted infrastructure monitoring platform. This chart adds the Datadog Agent to all nodes in your cluster via a DaemonSet. It also optionally depends on the [kube-state-metrics chart](https://github.com/prometheus-community/helm-charts/tree/main/charts/kube-state-metrics). For more information about monitoring Kubernetes with Datadog, please refer to the [Datadog documentation website](https://docs.datadoghq.com/agent/basic_agent_usage/kubernetes/). @@ -699,6 +699,7 @@ helm install \ | datadog.apm.portEnabled | bool | `false` | Enable APM over TCP communication (hostPort 8126 by default) | | datadog.apm.socketEnabled | bool | `true` | Enable APM over Socket (Unix Socket or windows named pipe) | | datadog.apm.socketPath | string | `"/var/run/datadog/apm.socket"` | Path to the trace-agent socket | +| datadog.apm.useLocalService | bool | `false` | Enable APM over TCP communication to use the local service only (requires Kubernetes v1.22+) Note: The hostPort 8126 is disabled when this is enabled. | | datadog.apm.useSocketVolume | bool | `false` | Enable APM over Unix Domain Socket DEPRECATED. Use datadog.apm.socketEnabled instead | | datadog.appKey | string | `nil` | Datadog APP key required to use metricsProvider | | datadog.appKeyExistingSecret | string | `nil` | Use existing Secret which stores APP key instead of creating a new one. The value should be set with the `app-key` key inside the secret. | diff --git a/charts/datadog/ci/agent-apm-use-local-service-values.yaml b/charts/datadog/ci/agent-apm-use-local-service-values.yaml new file mode 100644 index 000000000..baec19cf1 --- /dev/null +++ b/charts/datadog/ci/agent-apm-use-local-service-values.yaml @@ -0,0 +1,11 @@ +datadog: + apiKey: "00000000000000000000000000000000" + appKey: "0000000000000000000000000000000000000000" + kubelet: + tlsVerify: false + dogstatsd: + useSocketVolume: false + apm: + portEnabled: false + socketEnabled: false + useLocalService: true diff --git a/charts/datadog/templates/NOTES.txt b/charts/datadog/templates/NOTES.txt index e6002afba..f2db9ed25 100644 --- a/charts/datadog/templates/NOTES.txt +++ b/charts/datadog/templates/NOTES.txt @@ -240,6 +240,20 @@ The option `datadog.apm.socketEnabled` is enabled by default and can be used to {{- end }} +{{- if .Values.datadog.apm.useLocalService }} + +################################################################# +#### WARNING: Configuration notice #### +################################################################# + +The option `datadog.apm.useLocalService` will disable the trace-agent's hostPort. +Make sure that `datadog.apm.portEnabled` is set to `false` for this to take effect. + +If you are using the Admission Controller APM library injection method to send traces to Datadog, this option will send traces via TCP to the local service. +Make sure that `datadog.apm.socketEnabled` is set to `false` when enabling this or it defaults to sending traces via UDS. + +{{- end }} + {{- if or .Values.datadog.systemProbe.enableKernelHeaderDownload .Values.datadog.systemProbe.enableRuntimeCompiler }} ################################################################# diff --git a/charts/datadog/templates/_helpers.tpl b/charts/datadog/templates/_helpers.tpl index 3a3eeced0..c601eae97 100644 --- a/charts/datadog/templates/_helpers.tpl +++ b/charts/datadog/templates/_helpers.tpl @@ -468,7 +468,7 @@ false Return true if a trace-agent needs to be deployed. */}} {{- define "should-enable-trace-agent" -}} -{{- if or (eq (include "trace-agent-use-tcp-port" .) "true") (eq (include "trace-agent-use-uds" .) "true") -}} +{{- if or (eq (include "trace-agent-use-tcp-port" .) "true") (eq (include "trace-agent-use-uds" .) "true") (eq (include "trace-agent-use-local-service" .) "true") -}} true {{- else -}} false @@ -504,9 +504,17 @@ false {{- end -}} {{/* -Return true if a traffic over TCP is configured for APM. +Return true if APM is configured to only use local service via the trace-agent's containerPort otherwise matches datadog.apm.portEnabled. */}} -{{- define "trace-agent-use-tcp-port" -}} +{{- define "trace-agent-use-local-service" -}} +{{- default (include "trace-agent-use-host-port" .) .Values.datadog.apm.useLocalService -}} +{{- end -}} + + +{{/* +Return true if a host port is desired for APM. +*/}} +{{- define "trace-agent-use-host-port" -}} {{- if or .Values.datadog.apm.portEnabled .Values.datadog.apm.enabled -}} true {{- else -}} @@ -514,6 +522,16 @@ false {{- end -}} {{- end -}} +{{/* +Return true if a traffic over TCP is configured for APM. +*/}} +{{- define "trace-agent-use-tcp-port" -}} +{{- if or (eq (include "trace-agent-use-host-port" .) "true") (eq (include "trace-agent-use-local-service" .) "true") -}} +true +{{- else -}} +false +{{- end -}} +{{- end -}} {{/* Return true if Kubernetes resource monitoring (orchestrator explorer) should be enabled. diff --git a/charts/datadog/templates/cluster-agent-deployment.yaml b/charts/datadog/templates/cluster-agent-deployment.yaml index 9549a90ae..ba6b9119a 100644 --- a/charts/datadog/templates/cluster-agent-deployment.yaml +++ b/charts/datadog/templates/cluster-agent-deployment.yaml @@ -218,8 +218,10 @@ spec: value: {{ .Values.clusterAgent.admissionController.configMode }} {{- else if eq (include "trace-agent-use-uds" .) "true" }} value: socket - {{- else if or (eq (include "trace-agent-use-tcp-port" .) "true") ( .Values.providers.gke.autopilot )}} + {{- else if or (eq (include "trace-agent-use-host-port" .) "true") ( .Values.providers.gke.autopilot )}} value: hostip + {{- else if (eq (include "trace-agent-use-local-service" .) "true")}} + value: service {{- else if or (not .Values.datadog.apm.enabled ) (and (eq (include "trace-agent-use-tcp-port" .) "true") (eq (include "trace-agent-use-uds" .) "true")) }} value: socket {{- else }} diff --git a/charts/datadog/values.yaml b/charts/datadog/values.yaml index d38cba42a..9a0efb3bf 100644 --- a/charts/datadog/values.yaml +++ b/charts/datadog/values.yaml @@ -481,6 +481,12 @@ datadog: ## ref: https://docs.datadoghq.com/agent/kubernetes/apm/ portEnabled: false + # datadog.apm.useLocalService -- Enable APM over TCP communication to use the local service only (requires Kubernetes v1.22+) + # Note: The hostPort 8126 is disabled when this is enabled. + + ## ref: https://docs.datadoghq.com/tracing/guide/setting_up_apm_with_kubernetes_service/?tab=helm + useLocalService: false + # datadog.apm.enabled -- Enable this to enable APM and tracing, on port 8126 # DEPRECATED. Use datadog.apm.portEnabled instead @@ -1168,6 +1174,7 @@ clusterAgent: ## If clusterAgent.admissionController.configMode is not set: ## * and datadog.apm.socketEnabled is true, the Admission Controller uses socket. ## * and datadog.apm.portEnabled is true, the Admission Controller uses hostip. + ## * and datadog.apm.useLocalService is true and the aformentioned two are false, the Admission Controller uses service. ## * Otherwise, the Admission Controller defaults to hostip. ## Note: "service" mode relies on the internal traffic service to target the agent running on the local node (requires Kubernetes v1.22+). ## ref: https://docs.datadoghq.com/agent/cluster_agent/admission_controller/#configure-apm-and-dogstatsd-communication-mode From 76c137d42b1b3f1283371493e5dfc81d0063b8f4 Mon Sep 17 00:00:00 2001 From: louis-cqrl <93274433+louis-cqrl@users.noreply.github.com> Date: Wed, 27 Nov 2024 13:57:54 +0100 Subject: [PATCH 177/209] Update FIPS Proxy version to 1.1.6 (#1616) * Update tag version for fips image * fix typo * Update charts/datadog/CHANGELOG.md Co-authored-by: Celene --------- Co-authored-by: Celene --- charts/datadog/CHANGELOG.md | 4 ++++ charts/datadog/Chart.yaml | 2 +- charts/datadog/README.md | 4 ++-- charts/datadog/values.yaml | 2 +- 4 files changed, 8 insertions(+), 4 deletions(-) diff --git a/charts/datadog/CHANGELOG.md b/charts/datadog/CHANGELOG.md index d9817331a..30012d4e8 100644 --- a/charts/datadog/CHANGELOG.md +++ b/charts/datadog/CHANGELOG.md @@ -1,5 +1,9 @@ # Datadog changelog +## 3.81.1 + +* Update default `fips.image.tag` to `1.1.6`, which updates PCRE2 version to 10.44 and HAProxy version to 2.4.28 + ## 3.81.0 * Add a new option to disable hostPorts for the trace-agent with `datadog.apm.useLocalService`. This option enables K8s clusters with hostPort and hostPath volumes restrictions to use the K8s local service to send traces. diff --git a/charts/datadog/Chart.yaml b/charts/datadog/Chart.yaml index a7f218f42..2fc906c6f 100644 --- a/charts/datadog/Chart.yaml +++ b/charts/datadog/Chart.yaml @@ -1,6 +1,6 @@ apiVersion: v1 name: datadog -version: 3.81.0 +version: 3.81.1 appVersion: "7" description: Datadog Agent keywords: diff --git a/charts/datadog/README.md b/charts/datadog/README.md index 5ef7b7343..4422c7fc8 100644 --- a/charts/datadog/README.md +++ b/charts/datadog/README.md @@ -1,6 +1,6 @@ # Datadog -![Version: 3.81.0](https://img.shields.io/badge/Version-3.81.0-informational?style=flat-square) ![AppVersion: 7](https://img.shields.io/badge/AppVersion-7-informational?style=flat-square) +![Version: 3.81.1](https://img.shields.io/badge/Version-3.81.1-informational?style=flat-square) ![AppVersion: 7](https://img.shields.io/badge/AppVersion-7-informational?style=flat-square) [Datadog](https://www.datadoghq.com/) is a hosted infrastructure monitoring platform. This chart adds the Datadog Agent to all nodes in your cluster via a DaemonSet. It also optionally depends on the [kube-state-metrics chart](https://github.com/prometheus-community/helm-charts/tree/main/charts/kube-state-metrics). For more information about monitoring Kubernetes with Datadog, please refer to the [Datadog documentation website](https://docs.datadoghq.com/agent/basic_agent_usage/kubernetes/). @@ -876,7 +876,7 @@ helm install \ | fips.image.name | string | `"fips-proxy"` | | | fips.image.pullPolicy | string | `"IfNotPresent"` | Datadog the FIPS sidecar image pull policy | | fips.image.repository | string | `nil` | Override default registry + image.name for the FIPS sidecar container. | -| fips.image.tag | string | `"1.1.5"` | Define the FIPS sidecar container version to use. | +| fips.image.tag | string | `"1.1.6"` | Define the FIPS sidecar container version to use. | | fips.local_address | string | `"127.0.0.1"` | Set local IP address | | fips.port | int | `9803` | Specifies which port is used by the containers to communicate to the FIPS sidecar. | | fips.portRange | int | `15` | Specifies the number of ports used, defaults to 13 https://github.com/DataDog/datadog-agent/blob/7.44.x/pkg/config/config.go#L1564-L1577 | diff --git a/charts/datadog/values.yaml b/charts/datadog/values.yaml index 9a0efb3bf..cccf21d2c 100644 --- a/charts/datadog/values.yaml +++ b/charts/datadog/values.yaml @@ -1475,7 +1475,7 @@ fips: name: fips-proxy # fips.image.tag -- Define the FIPS sidecar container version to use. - tag: 1.1.5 + tag: 1.1.6 # fips.image.pullPolicy -- Datadog the FIPS sidecar image pull policy pullPolicy: IfNotPresent From 1ccd7aaa914de63e5b9f294219ebd15cda3f1893 Mon Sep 17 00:00:00 2001 From: Cedric Lamoriniere Date: Tue, 3 Dec 2024 09:55:36 +0100 Subject: [PATCH 178/209] fix(mergequeue): check gitlab-ci to merge PR (#1620) --- repository.datadog.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/repository.datadog.yml b/repository.datadog.yml index 814d38c3e..d7d2e4d3c 100644 --- a/repository.datadog.yml +++ b/repository.datadog.yml @@ -1,7 +1,7 @@ --- schema-version: v1 kind: mergequeue -gitlab_check_enable: false +gitlab_check_enable: true github_teams_restrictions: - action-platform - agent-all From b1b9f4c19f828e1e95af0c942dcc3640c21d3a73 Mon Sep 17 00:00:00 2001 From: Cedric Lamoriniere Date: Tue, 3 Dec 2024 12:38:54 +0100 Subject: [PATCH 179/209] fix(datadog): rename ci values files to be properly tested (#1612) --- charts/datadog/CHANGELOG.md | 4 ++++ charts/datadog/Chart.yaml | 2 +- charts/datadog/README.md | 2 +- ...apshotter.yaml => agent-sbom-snapshotter-values.yaml} | 0 .../ci/{autoscaling.yaml => autoscaling-values.yaml} | 3 ++- charts/datadog/ci/image-digest-values.yaml | 9 +++++++++ charts/datadog/ci/image-digest.yaml | 9 --------- .../ci/{otlp-ingest.yaml => otlp-ingest-values.yaml} | 2 +- 8 files changed, 18 insertions(+), 13 deletions(-) rename charts/datadog/ci/{agent-sbom-snapshotter.yaml => agent-sbom-snapshotter-values.yaml} (100%) rename charts/datadog/ci/{autoscaling.yaml => autoscaling-values.yaml} (78%) create mode 100644 charts/datadog/ci/image-digest-values.yaml delete mode 100644 charts/datadog/ci/image-digest.yaml rename charts/datadog/ci/{otlp-ingest.yaml => otlp-ingest-values.yaml} (80%) diff --git a/charts/datadog/CHANGELOG.md b/charts/datadog/CHANGELOG.md index 30012d4e8..bb852d4de 100644 --- a/charts/datadog/CHANGELOG.md +++ b/charts/datadog/CHANGELOG.md @@ -1,5 +1,9 @@ # Datadog changelog +## 3.81.2 + +* Fix ci values.yaml files name to be taken into account by the ci job. + ## 3.81.1 * Update default `fips.image.tag` to `1.1.6`, which updates PCRE2 version to 10.44 and HAProxy version to 2.4.28 diff --git a/charts/datadog/Chart.yaml b/charts/datadog/Chart.yaml index 2fc906c6f..8ac68f8fc 100644 --- a/charts/datadog/Chart.yaml +++ b/charts/datadog/Chart.yaml @@ -1,6 +1,6 @@ apiVersion: v1 name: datadog -version: 3.81.1 +version: 3.81.2 appVersion: "7" description: Datadog Agent keywords: diff --git a/charts/datadog/README.md b/charts/datadog/README.md index 4422c7fc8..7d58c19a9 100644 --- a/charts/datadog/README.md +++ b/charts/datadog/README.md @@ -1,6 +1,6 @@ # Datadog -![Version: 3.81.1](https://img.shields.io/badge/Version-3.81.1-informational?style=flat-square) ![AppVersion: 7](https://img.shields.io/badge/AppVersion-7-informational?style=flat-square) +![Version: 3.81.2](https://img.shields.io/badge/Version-3.81.2-informational?style=flat-square) ![AppVersion: 7](https://img.shields.io/badge/AppVersion-7-informational?style=flat-square) [Datadog](https://www.datadoghq.com/) is a hosted infrastructure monitoring platform. This chart adds the Datadog Agent to all nodes in your cluster via a DaemonSet. It also optionally depends on the [kube-state-metrics chart](https://github.com/prometheus-community/helm-charts/tree/main/charts/kube-state-metrics). For more information about monitoring Kubernetes with Datadog, please refer to the [Datadog documentation website](https://docs.datadoghq.com/agent/basic_agent_usage/kubernetes/). diff --git a/charts/datadog/ci/agent-sbom-snapshotter.yaml b/charts/datadog/ci/agent-sbom-snapshotter-values.yaml similarity index 100% rename from charts/datadog/ci/agent-sbom-snapshotter.yaml rename to charts/datadog/ci/agent-sbom-snapshotter-values.yaml diff --git a/charts/datadog/ci/autoscaling.yaml b/charts/datadog/ci/autoscaling-values.yaml similarity index 78% rename from charts/datadog/ci/autoscaling.yaml rename to charts/datadog/ci/autoscaling-values.yaml index 1c2602297..6d677b170 100644 --- a/charts/datadog/ci/autoscaling.yaml +++ b/charts/datadog/ci/autoscaling-values.yaml @@ -3,7 +3,7 @@ datadog: appKey: "0000000000000000000000000000000000000000" orchestratorExplorer: customResources: - - datadoghq.com/v1alpha1/datadogpodautoscalers + - datadoghq.com/v1alpha1/datadogpodautoscalers autoscaling: workload: enabled: true @@ -12,3 +12,4 @@ datadog: clusterAgent: image: tag: beta + doNotCheckTag: true diff --git a/charts/datadog/ci/image-digest-values.yaml b/charts/datadog/ci/image-digest-values.yaml new file mode 100644 index 000000000..c3bf66a1b --- /dev/null +++ b/charts/datadog/ci/image-digest-values.yaml @@ -0,0 +1,9 @@ +clusterAgent: + image: + digest: sha256:28a5e138123e273643527341c3e38721cec2d89a472958df8e956ae681c10d75 # corresponds to 7.59.0 +agents: + image: + digest: sha256:9b4be18f644bd35dad2387f37d9859674080889642b970c0e924d027c4182f6d # corresponds to 7.59.0 +clusterChecksRunner: + image: + digest: sha256:9b4be18f644bd35dad2387f37d9859674080889642b970c0e924d027c4182f6d # corresponds to 7.59.0 diff --git a/charts/datadog/ci/image-digest.yaml b/charts/datadog/ci/image-digest.yaml deleted file mode 100644 index 5e81f2ec4..000000000 --- a/charts/datadog/ci/image-digest.yaml +++ /dev/null @@ -1,9 +0,0 @@ -clusterAgent: - image: - digest: sha256:4a1c4b21597c1b4415bdbecb28a3296c6b5e23ca4f9feeb599860a1dac6a0108 -agents: - image: - digest: sha256:4a1c4b21597c1b4415bdbecb28a3296c6b5e23ca4f9feeb599860a1dac6a0108 -clusterChecksRunner: - image: - digest: sha256:4a1c4b21597c1b4415bdbecb28a3296c6b5e23ca4f9feeb599860a1dac6a0108 \ No newline at end of file diff --git a/charts/datadog/ci/otlp-ingest.yaml b/charts/datadog/ci/otlp-ingest-values.yaml similarity index 80% rename from charts/datadog/ci/otlp-ingest.yaml rename to charts/datadog/ci/otlp-ingest-values.yaml index cfeed5ef4..39fb464fd 100644 --- a/charts/datadog/ci/otlp-ingest.yaml +++ b/charts/datadog/ci/otlp-ingest-values.yaml @@ -3,6 +3,6 @@ datadog: receiver: protocols: grpc: - enabled: true + enabled: true http: enabled: true From 19f1358ec56cce70d7cb14c5d3e778216d6c0ca8 Mon Sep 17 00:00:00 2001 From: Guillaume Fournier <36961134+Gui774ume@users.noreply.github.com> Date: Tue, 3 Dec 2024 16:12:58 +0100 Subject: [PATCH 180/209] [CWS] Configuration options for enabling CWSInstrumentation in the `cluster-agent` (#1382) * [CWS] Configuration options for enabling CWSInstrumentation in the cluster-agent and from the operator * [cws-instrumentation] Nest configuration under clusterRole --- charts/datadog-operator/CHANGELOG.md | 4 ++++ charts/datadog-operator/Chart.yaml | 2 +- charts/datadog-operator/README.md | 4 ++-- charts/datadog-operator/templates/clusterrole.yaml | 5 +++++ charts/datadog-operator/values.yaml | 3 +++ charts/datadog/CHANGELOG.md | 4 ++++ charts/datadog/Chart.yaml | 2 +- charts/datadog/README.md | 4 +++- charts/datadog/templates/cluster-agent-deployment.yaml | 10 ++++++++++ charts/datadog/templates/cluster-agent-rbac.yaml | 5 +++++ charts/datadog/values.yaml | 8 ++++++++ 11 files changed, 46 insertions(+), 5 deletions(-) diff --git a/charts/datadog-operator/CHANGELOG.md b/charts/datadog-operator/CHANGELOG.md index 773a75e11..c0e157a71 100644 --- a/charts/datadog-operator/CHANGELOG.md +++ b/charts/datadog-operator/CHANGELOG.md @@ -1,5 +1,9 @@ # Changelog +## 2.4.0 + +* Add configuration to grant the necessary RBAC to the operator for the CWS Instrumentation Admission Controller feature in the Cluster-Agent. + ## 2.3.0 * Update Datadog Operator version to 1.10.0. diff --git a/charts/datadog-operator/Chart.yaml b/charts/datadog-operator/Chart.yaml index c9e85b586..1c88e1898 100644 --- a/charts/datadog-operator/Chart.yaml +++ b/charts/datadog-operator/Chart.yaml @@ -1,6 +1,6 @@ apiVersion: v2 name: datadog-operator -version: 2.3.0 +version: 2.4.0 appVersion: 1.10.0 description: Datadog Operator keywords: diff --git a/charts/datadog-operator/README.md b/charts/datadog-operator/README.md index 532eb73ce..91a76093e 100644 --- a/charts/datadog-operator/README.md +++ b/charts/datadog-operator/README.md @@ -1,6 +1,6 @@ # Datadog Operator -![Version: 2.3.0](https://img.shields.io/badge/Version-2.3.0-informational?style=flat-square) ![AppVersion: 1.10.0](https://img.shields.io/badge/AppVersion-1.10.0-informational?style=flat-square) +![Version: 2.4.0](https://img.shields.io/badge/Version-2.4.0-informational?style=flat-square) ![AppVersion: 1.10.0](https://img.shields.io/badge/AppVersion-1.10.0-informational?style=flat-square) ## Values @@ -12,7 +12,7 @@ | appKey | string | `nil` | Your Datadog APP key | | appKeyExistingSecret | string | `nil` | Use existing Secret which stores APP key instead of creating a new one | | clusterName | string | `nil` | Set a unique cluster name reporting from the Datadog Operator. | -| clusterRole | object | `{"allowReadAllResources":false}` | Set specific configuration for the cluster role | +| clusterRole | object | `{"allowCreatePodsExec":false,"allowReadAllResources":false}` | Set specific configuration for the cluster role | | collectOperatorMetrics | bool | `true` | Configures an openmetrics check to collect operator metrics | | containerSecurityContext | object | `{}` | A security context defines privileges and access control settings for a container. | | datadogAgent.enabled | bool | `true` | Enables Datadog Agent controller | diff --git a/charts/datadog-operator/templates/clusterrole.yaml b/charts/datadog-operator/templates/clusterrole.yaml index 1032e2aba..1b7f4b2c4 100644 --- a/charts/datadog-operator/templates/clusterrole.yaml +++ b/charts/datadog-operator/templates/clusterrole.yaml @@ -803,4 +803,9 @@ rules: - list - watch {{- end }} +{{- if .Values.clusterRole.allowCreatePodsExec }} +- apiGroups: [""] + resources: ["pods/exec"] + verbs: ["create"] {{- end }} +{{- end -}} diff --git a/charts/datadog-operator/values.yaml b/charts/datadog-operator/values.yaml index 3558679f4..31f8ecd9c 100644 --- a/charts/datadog-operator/values.yaml +++ b/charts/datadog-operator/values.yaml @@ -196,3 +196,6 @@ clusterRole: # allowReadAllResources is required to allow the operator to view all custom resources. # If collecting CRDs in the Kubernetes Explorer this is required allowReadAllResources: false + + # allowCreatePodsExec is required for `remote_copy` mode of the CWS Instrumentation feature. + allowCreatePodsExec: false diff --git a/charts/datadog/CHANGELOG.md b/charts/datadog/CHANGELOG.md index bb852d4de..a2523c9a5 100644 --- a/charts/datadog/CHANGELOG.md +++ b/charts/datadog/CHANGELOG.md @@ -1,5 +1,9 @@ # Datadog changelog +## 3.82.0 + +* Add `pods/exec` RBAC to the `Cluster-Agent` when needed and inject the service account name of the `Cluster-Agent` as environment variable. + ## 3.81.2 * Fix ci values.yaml files name to be taken into account by the ci job. diff --git a/charts/datadog/Chart.yaml b/charts/datadog/Chart.yaml index 8ac68f8fc..4243de025 100644 --- a/charts/datadog/Chart.yaml +++ b/charts/datadog/Chart.yaml @@ -1,6 +1,6 @@ apiVersion: v1 name: datadog -version: 3.81.2 +version: 3.82.0 appVersion: "7" description: Datadog Agent keywords: diff --git a/charts/datadog/README.md b/charts/datadog/README.md index 7d58c19a9..4eb643233 100644 --- a/charts/datadog/README.md +++ b/charts/datadog/README.md @@ -1,6 +1,6 @@ # Datadog -![Version: 3.81.2](https://img.shields.io/badge/Version-3.81.2-informational?style=flat-square) ![AppVersion: 7](https://img.shields.io/badge/AppVersion-7-informational?style=flat-square) +![Version: 3.82.0](https://img.shields.io/badge/Version-3.82.0-informational?style=flat-square) ![AppVersion: 7](https://img.shields.io/badge/AppVersion-7-informational?style=flat-square) [Datadog](https://www.datadoghq.com/) is a hosted infrastructure monitoring platform. This chart adds the Datadog Agent to all nodes in your cluster via a DaemonSet. It also optionally depends on the [kube-state-metrics chart](https://github.com/prometheus-community/helm-charts/tree/main/charts/kube-state-metrics). For more information about monitoring Kubernetes with Datadog, please refer to the [Datadog documentation website](https://docs.datadoghq.com/agent/basic_agent_usage/kubernetes/). @@ -571,6 +571,8 @@ helm install \ | clusterAgent.admissionController.agentSidecarInjection.selectors | list | `[]` | Defines the pod selector for sidecar injection, currently only one rule is supported. | | clusterAgent.admissionController.configMode | string | `nil` | The kind of configuration to be injected, it can be "hostip", "service", or "socket". | | clusterAgent.admissionController.containerRegistry | string | `nil` | Override the default registry for the admission controller. | +| clusterAgent.admissionController.cwsInstrumentation.enabled | bool | `false` | Enable the CWS Instrumentation admission controller endpoint. | +| clusterAgent.admissionController.cwsInstrumentation.mode | string | `"remote_copy"` | Mode defines how the CWS Instrumentation should behave. Options are "remote_copy" or "init_container" | | clusterAgent.admissionController.enabled | bool | `true` | Enable the admissionController to be able to inject APM/Dogstatsd config and standard tags (env, service, version) automatically into your pods | | clusterAgent.admissionController.failurePolicy | string | `"Ignore"` | Set the failure policy for dynamic admission control.' | | clusterAgent.admissionController.mutateUnlabelled | bool | `false` | Enable injecting config without having the pod label 'admission.datadoghq.com/enabled="true"' | diff --git a/charts/datadog/templates/cluster-agent-deployment.yaml b/charts/datadog/templates/cluster-agent-deployment.yaml index ba6b9119a..1eb9c4fbb 100644 --- a/charts/datadog/templates/cluster-agent-deployment.yaml +++ b/charts/datadog/templates/cluster-agent-deployment.yaml @@ -160,6 +160,10 @@ spec: valueFrom: fieldRef: fieldPath: metadata.name + - name: DD_CLUSTER_AGENT_SERVICE_ACCOUNT_NAME + valueFrom: + fieldRef: + fieldPath: spec.serviceAccountName - name: DD_HEALTH_PORT {{- $healthPort := .Values.clusterAgent.healthPort }} value: {{ $healthPort | quote }} @@ -248,6 +252,12 @@ spec: {{- else }} value: {{ include "registry" .Values | quote }} {{- end }} + {{- if .Values.clusterAgent.admissionController.cwsInstrumentation.enabled }} + - name: DD_ADMISSION_CONTROLLER_CWS_INSTRUMENTATION_ENABLED + value: "true" + - name: DD_ADMISSION_CONTROLLER_CWS_INSTRUMENTATION_MODE + value: {{ .Values.clusterAgent.admissionController.cwsInstrumentation.mode | quote }} + {{- end }} {{ include "ac-agent-sidecar-env" . | nindent 10 }} - name: DD_REMOTE_CONFIGURATION_ENABLED value: {{ include "clusterAgent-remoteConfiguration-enabled" . | quote }} diff --git a/charts/datadog/templates/cluster-agent-rbac.yaml b/charts/datadog/templates/cluster-agent-rbac.yaml index e02be2434..2da18ea9b 100644 --- a/charts/datadog/templates/cluster-agent-rbac.yaml +++ b/charts/datadog/templates/cluster-agent-rbac.yaml @@ -262,6 +262,11 @@ rules: - apiGroups: ["apps"] resources: ["statefulsets", "replicasets", "deployments", "daemonsets"] verbs: ["get"] +{{- if and .Values.clusterAgent.admissionController.cwsInstrumentation.enabled (eq .Values.clusterAgent.admissionController.cwsInstrumentation.mode "remote_copy") }} +- apiGroups: [""] + resources: ["pods/exec"] + verbs: ["create"] +{{- end }} {{- end }} {{- if eq (include "should-enable-security-agent" .) "true" }} {{- if .Values.datadog.securityAgent.compliance.enabled }} diff --git a/charts/datadog/values.yaml b/charts/datadog/values.yaml index cccf21d2c..d492b8ed9 100644 --- a/charts/datadog/values.yaml +++ b/charts/datadog/values.yaml @@ -1201,6 +1201,14 @@ clusterAgent: # clusterAgent.admissionController.port -- Set port of cluster-agent admission controller service port: 8000 + cwsInstrumentation: + # clusterAgent.admissionController.cwsInstrumentation.enabled -- Enable the CWS Instrumentation admission controller endpoint. + enabled: false + + # clusterAgent.admissionController.cwsInstrumentation.mode -- Mode defines how the CWS Instrumentation should behave. + # Options are "remote_copy" or "init_container" + mode: remote_copy + agentSidecarInjection: # clusterAgent.admissionController.agentSidecarInjection.enabled -- Enables Datadog Agent sidecar injection. From 54edc22d80a42329ab63fa5a9d80159b8962b0f7 Mon Sep 17 00:00:00 2001 From: Cedric Lamoriniere Date: Wed, 4 Dec 2024 10:28:55 +0100 Subject: [PATCH 181/209] Add talos support for os-release files (#1611) Co-authored-by: faelis <91593249+faelis@users.noreply.github.com> --- charts/datadog/CHANGELOG.md | 6 ++++ charts/datadog/Chart.yaml | 3 +- charts/datadog/README.md | 5 ++- .../disable-defaultosreleasepath-values.yaml | 4 +++ charts/datadog/ci/provider-talos-values.yaml | 8 +++++ charts/datadog/templates/NOTES.txt | 19 +++++++++++ .../datadog/templates/_container-agent.yaml | 4 ++- .../_container-host-release-volumemounts.yaml | 10 +++--- .../templates/_container-process-agent.yaml | 2 +- .../templates/_container-security-agent.yaml | 2 ++ .../templates/_container-system-probe.yaml | 2 +- .../templates/_daemonset-volumes-linux.yaml | 4 +-- charts/datadog/templates/_helpers.tpl | 34 ++++++++++++++++++- charts/datadog/values.yaml | 16 +++++++++ 14 files changed, 107 insertions(+), 12 deletions(-) create mode 100644 charts/datadog/ci/disable-defaultosreleasepath-values.yaml create mode 100644 charts/datadog/ci/provider-talos-values.yaml diff --git a/charts/datadog/CHANGELOG.md b/charts/datadog/CHANGELOG.md index a2523c9a5..bfb699795 100644 --- a/charts/datadog/CHANGELOG.md +++ b/charts/datadog/CHANGELOG.md @@ -1,5 +1,11 @@ # Datadog changelog +## 3.83.0 + +* Added the configuration value `datadog.disablePasswdMount` to disable mounting the `/etc/passwd` path from the host filesystem. This option should be used when the underlying OS does not have these files (e.g., Talos OS). +* Added the configuration value `datadog.disableDefaultOsReleasePaths` to disable mounting the default "os-release" file paths from the host filesystem (e.g., `/etc/redhat-release`, `/etc/fedora-release`, etc.). Note that this change does not affect the `datadog.osReleasePath` option. To avoid mounting the `/etc/os-release` host path, set the `datadog.osReleasePath` configuration value to an empty string. This option should be used when the underlying OS does not have these files (e.g., Talos OS). +* Add `providers.talos.enabled` to simplify agent deployment configuration on Talos OS. + ## 3.82.0 * Add `pods/exec` RBAC to the `Cluster-Agent` when needed and inject the service account name of the `Cluster-Agent` as environment variable. diff --git a/charts/datadog/Chart.yaml b/charts/datadog/Chart.yaml index 4243de025..51ac9983d 100644 --- a/charts/datadog/Chart.yaml +++ b/charts/datadog/Chart.yaml @@ -1,6 +1,7 @@ +--- apiVersion: v1 name: datadog -version: 3.82.0 +version: 3.83.0 appVersion: "7" description: Datadog Agent keywords: diff --git a/charts/datadog/README.md b/charts/datadog/README.md index 4eb643233..8e5b1fb00 100644 --- a/charts/datadog/README.md +++ b/charts/datadog/README.md @@ -1,6 +1,6 @@ # Datadog -![Version: 3.82.0](https://img.shields.io/badge/Version-3.82.0-informational?style=flat-square) ![AppVersion: 7](https://img.shields.io/badge/AppVersion-7-informational?style=flat-square) +![Version: 3.83.0](https://img.shields.io/badge/Version-3.83.0-informational?style=flat-square) ![AppVersion: 7](https://img.shields.io/badge/AppVersion-7-informational?style=flat-square) [Datadog](https://www.datadoghq.com/) is a hosted infrastructure monitoring platform. This chart adds the Datadog Agent to all nodes in your cluster via a DaemonSet. It also optionally depends on the [kube-state-metrics chart](https://github.com/prometheus-community/helm-charts/tree/main/charts/kube-state-metrics). For more information about monitoring Kubernetes with Datadog, please refer to the [Datadog documentation website](https://docs.datadoghq.com/agent/basic_agent_usage/kubernetes/). @@ -727,6 +727,8 @@ helm install \ | datadog.containerRuntimeSupport.enabled | bool | `true` | Set this to false to disable agent access to container runtime. | | datadog.criSocketPath | string | `nil` | Path to the container runtime socket (if different from Docker) | | datadog.dd_url | string | `nil` | The host of the Datadog intake server to send Agent data to, only set this option if you need the Agent to send data to a custom URL | +| datadog.disableDefaultOsReleasePaths | bool | `false` | Set this to true to disable mounting datadog.osReleasePath in all containers | +| datadog.disablePasswdMount | bool | `false` | Set this to true to disable mounting /etc/passwd in all containers | | datadog.dockerSocketPath | string | `nil` | Path to the docker socket | | datadog.dogstatsd.hostSocketPath | string | `"/var/run/datadog/"` | Host path to the DogStatsD socket | | datadog.dogstatsd.nonLocalTraffic | bool | `true` | Enable this to make each node accept non-local statsd traffic (from outside of the pod) | @@ -897,6 +899,7 @@ helm install \ | providers.gke.autopilot | bool | `false` | Enables Datadog Agent deployment on GKE Autopilot | | providers.gke.cos | bool | `false` | Enables Datadog Agent deployment on GKE with Container-Optimized OS (COS) | | providers.gke.gdc | bool | `false` | Enables Datadog Agent deployment on GKE on Google Distributed Cloud (GDC) | +| providers.talos.enabled | bool | `false` | Activate all required specificities related to Talos.dev configuration, as currently the chart cannot auto-detect Talos.dev cluster. Note: The Agent deployment requires additional privileges that are not permitted by the default pod security policy. The annotation `pod-security.kubernetes.io/enforce=privileged` must be applied to the Datadog installation Kubernetes namespace. For more information on pod security policies in Talos.dev clusters, see: https://www.talos.dev/v1.8/kubernetes-guides/configuration/pod-security/ | | registry | string | `nil` | Registry to use for all Agent images (default to [gcr.io | eu.gcr.io | asia.gcr.io | datadoghq.azurecr.io | public.ecr.aws/datadog] depending on datadog.site value) | | remoteConfiguration.enabled | bool | `true` | Set to true to enable remote configuration on the Cluster Agent (if set) and the node agent. Can be overridden if `datadog.remoteConfiguration.enabled` Preferred way to enable Remote Configuration. | | targetSystem | string | `"linux"` | Target OS for this deployment (possible values: linux, windows) | diff --git a/charts/datadog/ci/disable-defaultosreleasepath-values.yaml b/charts/datadog/ci/disable-defaultosreleasepath-values.yaml new file mode 100644 index 000000000..ec6a32782 --- /dev/null +++ b/charts/datadog/ci/disable-defaultosreleasepath-values.yaml @@ -0,0 +1,4 @@ +datadog: + apiKey: "00000000000000000000000000000000" + appKey: "0000000000000000000000000000000000000000" + disableDefaultOsReleasePaths: true diff --git a/charts/datadog/ci/provider-talos-values.yaml b/charts/datadog/ci/provider-talos-values.yaml new file mode 100644 index 000000000..48de269ef --- /dev/null +++ b/charts/datadog/ci/provider-talos-values.yaml @@ -0,0 +1,8 @@ +--- +datadog: + apiKey: "00000000000000000000000000000000" + appKey: "0000000000000000000000000000000000000000" + +providers: + talos: + enabled: true diff --git a/charts/datadog/templates/NOTES.txt b/charts/datadog/templates/NOTES.txt index f2db9ed25..1978f03df 100644 --- a/charts/datadog/templates/NOTES.txt +++ b/charts/datadog/templates/NOTES.txt @@ -534,6 +534,25 @@ More information about this change: https://github.com/DataDog/helm-charts/pull/ {{- end }} +{{- if and (eq .Values.targetSystem "linux") (eq .Values.datadog.osReleasePath "") (eq (include "should-add-host-path-for-os-release-paths" .) "false") .Values.datadog.sbom.host.enabled }} +################################################################# +#### ERROR: Configuration notice #### +################################################################# +The SBOM host filesystem collection feature requires access to the os-release information from the host. +`datadog.sbom.host.enabled: true` can't be used with `datadog.disableDefaultOsReleasePaths: true`. +{{- fail "The SBOM host filesystem collection feature requires access to the os-release information from the host." }} +{{- end }} + +{{- if and (eq .Values.targetSystem "linux") (eq .Values.datadog.osReleasePath "") (eq (include "should-add-host-path-for-os-release-paths" .) "false") (eq (include "should-enable-system-probe" .) "true") }} +################################################################# +#### ERROR: Configuration notice #### +################################################################# +The current set of options used to install the chart requires the system-probe container to be enabled. +However, the `datadog.disableDefaultOsReleasePaths` option set to `true` and `datadog.osReleasePath` is empty which is not compatible when the system-probe container is required. +{{- fail "OS Release information is required when system-probe is enabled." }} +{{- end }} + + {{- $hasContainerIncludeEnv := false }} {{- range $key := .Values.datadog.env }} {{- if eq $key.name "DD_CONTAINER_INCLUDE" }} diff --git a/charts/datadog/templates/_container-agent.yaml b/charts/datadog/templates/_container-agent.yaml index 5219db7ed..151e1cebd 100644 --- a/charts/datadog/templates/_container-agent.yaml +++ b/charts/datadog/templates/_container-agent.yaml @@ -258,7 +258,7 @@ mountPath: /host/sys/fs/cgroup mountPropagation: {{ .Values.datadog.hostVolumeMountPropagation }} readOnly: true - {{- if (eq (include "should-run-process-checks-on-core-agent" .) "true") }} + {{- if and (eq (include "should-add-host-path-for-etc-passwd" .) "true") (eq (include "should-run-process-checks-on-core-agent" .) "true") }} - name: passwd mountPath: /etc/passwd readOnly: true @@ -302,6 +302,7 @@ - name: host-rpm-dir mountPath: /host/var/lib/rpm readOnly: true + {{- if eq (include "should-add-host-path-for-os-release-paths" .) "true" }} {{- if ne .Values.datadog.osReleasePath "/etc/redhat-release" }} - name: etc-redhat-release mountPath: /host/etc/redhat-release @@ -324,6 +325,7 @@ {{- end }} {{- end }} {{- end }} + {{- end }} {{- if eq .Values.targetSystem "windows" }} {{- if or .Values.datadog.logs.enabled .Values.datadog.logsEnabled }} - name: pointerdir diff --git a/charts/datadog/templates/_container-host-release-volumemounts.yaml b/charts/datadog/templates/_container-host-release-volumemounts.yaml index b775b7953..af1cfea68 100644 --- a/charts/datadog/templates/_container-host-release-volumemounts.yaml +++ b/charts/datadog/templates/_container-host-release-volumemounts.yaml @@ -1,13 +1,15 @@ {{- define "linux-container-host-release-volumemounts" -}} -{{- if not .Values.providers.gke.gdc }} -{{- if eq (include "should-enable-system-probe" .) "true" }} +{{- if or .Values.datadog.osReleasePath .Values.datadog.systemProbe.osReleasePath }} + {{- if and (not .Values.providers.gke.gdc) (not .Values.providers.gke.autopilot) }} + {{- if eq (include "should-enable-system-probe" .) "true" }} - name: os-release-file mountPath: /host{{ .Values.datadog.systemProbe.osReleasePath | default .Values.datadog.osReleasePath }} readOnly: true -{{- else if not .Values.providers.gke.autopilot}} + {{- else if .Values.datadog.osReleasePath }} - name: os-release-file mountPath: /host{{ .Values.datadog.osReleasePath }} readOnly: true -{{- end }} + {{- end }} + {{- end }} {{- end }} {{- end }} diff --git a/charts/datadog/templates/_container-process-agent.yaml b/charts/datadog/templates/_container-process-agent.yaml index baeccc41a..d5c3434c8 100644 --- a/charts/datadog/templates/_container-process-agent.yaml +++ b/charts/datadog/templates/_container-process-agent.yaml @@ -79,7 +79,7 @@ mountPath: /host/sys/fs/cgroup mountPropagation: {{ .Values.datadog.hostVolumeMountPropagation }} readOnly: true - {{- if or .Values.datadog.processAgent.processCollection .Values.datadog.processAgent.processDiscovery .Values.datadog.processAgent.containerCollection}} + {{- if and (eq (include "should-add-host-path-for-etc-passwd" .) "true") (or .Values.datadog.processAgent.processCollection .Values.datadog.processAgent.processDiscovery .Values.datadog.processAgent.containerCollection) }} - name: passwd mountPath: /etc/passwd readOnly: true diff --git a/charts/datadog/templates/_container-security-agent.yaml b/charts/datadog/templates/_container-security-agent.yaml index 0a6be843e..7269ddd8f 100644 --- a/charts/datadog/templates/_container-security-agent.yaml +++ b/charts/datadog/templates/_container-security-agent.yaml @@ -91,9 +91,11 @@ - name: cgroups mountPath: /host/sys/fs/cgroup readOnly: true + {{- if (eq (include "should-add-host-path-for-etc-passwd" .) "true") }} - name: passwd mountPath: /etc/passwd readOnly: true + {{- end }} - name: group mountPath: /etc/group readOnly: true diff --git a/charts/datadog/templates/_container-system-probe.yaml b/charts/datadog/templates/_container-system-probe.yaml index c891a30d1..cf77ed4db 100644 --- a/charts/datadog/templates/_container-system-probe.yaml +++ b/charts/datadog/templates/_container-system-probe.yaml @@ -65,7 +65,7 @@ mountPropagation: {{ .Values.datadog.hostVolumeMountPropagation }} readOnly: true {{- include "linux-container-host-release-volumemounts" . | nindent 4 }} - {{- if .Values.datadog.systemProbe.enableDefaultOsReleasePaths }} + {{- if (eq (include "should-add-host-path-for-os-release-paths" .) "true") }} {{- if ne .Values.datadog.osReleasePath "/etc/redhat-release" }} - name: etc-redhat-release mountPath: /host/etc/redhat-release diff --git a/charts/datadog/templates/_daemonset-volumes-linux.yaml b/charts/datadog/templates/_daemonset-volumes-linux.yaml index de1e13924..6b6cb50f0 100644 --- a/charts/datadog/templates/_daemonset-volumes-linux.yaml +++ b/charts/datadog/templates/_daemonset-volumes-linux.yaml @@ -22,7 +22,7 @@ path: {{ .Values.datadog.systemProbe.osReleasePath | default .Values.datadog.osReleasePath }} name: os-release-file {{- end }} -{{- if or (and (eq (include "should-enable-system-probe" .) "true") .Values.datadog.systemProbe.enableDefaultOsReleasePaths) .Values.datadog.sbom.host.enabled }} +{{- if and (eq (include "should-add-host-path-for-os-release-paths" .) "true") (or (eq (include "should-enable-system-probe" .) "true") .Values.datadog.sbom.host.enabled) }} - hostPath: path: /etc/redhat-release name: etc-redhat-release @@ -138,7 +138,7 @@ name: btf-path {{- end }} {{- end }} -{{- if or (eq (include "process-checks-enabled" .) "true") (eq (include "should-run-process-checks-on-core-agent" .) "true") (eq (include "should-enable-system-probe" .) "true") (eq (include "should-enable-security-agent" .) "true") }} +{{- if and (eq (include "should-add-host-path-for-etc-passwd" .) "true") (or (eq (include "process-checks-enabled" .) "true") (eq (include "should-run-process-checks-on-core-agent" .) "true") (eq (include "should-enable-system-probe" .) "true") (eq (include "should-enable-security-agent" .) "true")) }} - hostPath: path: /etc/passwd name: passwd diff --git a/charts/datadog/templates/_helpers.tpl b/charts/datadog/templates/_helpers.tpl index c601eae97..f069eed1f 100644 --- a/charts/datadog/templates/_helpers.tpl +++ b/charts/datadog/templates/_helpers.tpl @@ -891,7 +891,7 @@ false Returns whether Remote Configuration should be enabled in the agent */}} {{- define "datadog-remoteConfiguration-enabled" -}} -{{- if and (.Values.remoteConfiguration.enabled) (.Values.datadog.remoteConfiguration.enabled) (not .Values.providers.gke.gdc ) -}} +{{- if and (.Values.remoteConfiguration.enabled) (.Values.datadog.remoteConfiguration.enabled) (not .Values.providers.gke.gdc) -}} true {{- else -}} false @@ -1045,3 +1045,35 @@ Create RBACs for custom resources {{- end -}} {{- end -}} {{- end -}} + + +{{/* + Returns true if Host paths for default OS Release Paths need to be added to the volumes. +*/}} +{{- define "should-add-host-path-for-os-release-paths" -}} + {{- if ne .Values.targetSystem "linux" -}} + false + {{- else if .Values.providers.talos.enabled -}} + false + {{- else if (and .Values.datadog.systemProbe.enableDefaultOsReleasePaths (not .Values.datadog.disableDefaultOsReleasePaths)) -}} + true + {{- else -}} + false + {{- end -}} +{{- end -}} + + +{{/* + Returns true if the host file /etc/passwd should be mounted, else return false. +*/}} +{{- define "should-add-host-path-for-etc-passwd" -}} + {{- if ne .Values.targetSystem "linux" -}} + false + {{- else if .Values.providers.talos.enabled -}} + false + {{- else if not .Values.datadog.disablePasswdMount -}} + true + {{- else -}} + false + {{- end -}} +{{- end -}} diff --git a/charts/datadog/values.yaml b/charts/datadog/values.yaml index d492b8ed9..50c0c7aa2 100644 --- a/charts/datadog/values.yaml +++ b/charts/datadog/values.yaml @@ -698,6 +698,12 @@ datadog: ## ref: https://docs.datadoghq.com/infrastructure/containers/?tab=helm containerCollection: true + # datadog.disableDefaultOsReleasePaths -- Set this to true to disable mounting datadog.osReleasePath in all containers + disableDefaultOsReleasePaths: false + + # datadog.disablePasswdMount -- Set this to true to disable mounting /etc/passwd in all containers + disablePasswdMount: false + # datadog.osReleasePath -- Specify the path to your os-release file osReleasePath: /etc/os-release @@ -759,6 +765,7 @@ datadog: # datadog.systemProbe.conntrackInitTimeout -- the time to wait for conntrack to initialize before failing conntrackInitTimeout: 10s + # DEPRECATED. Use datadog.disableDefaultOsReleasePaths instead. # datadog.systemProbe.enableDefaultOsReleasePaths -- enable default os-release files mount enableDefaultOsReleasePaths: true @@ -2315,6 +2322,15 @@ providers: # providers.aks.enabled -- Activate all specificities related to AKS configuration. Required as currently we cannot auto-detect AKS. enabled: false + talos: + # providers.talos.enabled -- Activate all required specificities related to Talos.dev configuration, + # as currently the chart cannot auto-detect Talos.dev cluster. + # Note: The Agent deployment requires additional privileges that are not permitted by the default pod security policy. + # The annotation `pod-security.kubernetes.io/enforce=privileged` must be applied to the Datadog installation + # Kubernetes namespace. For more information on pod security policies in Talos.dev clusters, see: + # https://www.talos.dev/v1.8/kubernetes-guides/configuration/pod-security/ + enabled: false + remoteConfiguration: # remoteConfiguration.enabled -- Set to true to enable remote configuration on the Cluster Agent (if set) and the node agent. # Can be overridden if `datadog.remoteConfiguration.enabled` From 49c13ec4d5aed9a599538bc9cc9bf7a37b18911a Mon Sep 17 00:00:00 2001 From: Gabriel Plassard <138318954+dd-gplassard@users.noreply.github.com> Date: Mon, 9 Dec 2024 16:45:23 +0100 Subject: [PATCH 182/209] [PAR] update PAR image (#1624) --- charts/private-action-runner/CHANGELOG.md | 4 ++++ charts/private-action-runner/Chart.yaml | 2 +- charts/private-action-runner/README.md | 4 ++-- charts/private-action-runner/README.md.gotmpl | 2 +- charts/private-action-runner/values.yaml | 2 +- test/private-action-runner/__snapshot__/default.yaml | 2 +- .../__snapshot__/enable-kubernetes-actions.yaml | 2 +- 7 files changed, 11 insertions(+), 7 deletions(-) diff --git a/charts/private-action-runner/CHANGELOG.md b/charts/private-action-runner/CHANGELOG.md index fb7d362c5..e7645d5cf 100644 --- a/charts/private-action-runner/CHANGELOG.md +++ b/charts/private-action-runner/CHANGELOG.md @@ -1,5 +1,9 @@ # Datadog changelog +## 0.15.1 + +* Update private action image version to `v0.1.6-beta` + ## 0.15.0 * Update private action image version to `v0.1.5-beta` diff --git a/charts/private-action-runner/Chart.yaml b/charts/private-action-runner/Chart.yaml index a6f65933a..dc246d089 100644 --- a/charts/private-action-runner/Chart.yaml +++ b/charts/private-action-runner/Chart.yaml @@ -3,7 +3,7 @@ name: private-action-runner description: A Helm chart to deploy the private action runner type: application -version: 0.15.0 +version: 0.15.1 appVersion: "1.22.0" keywords: - app builder diff --git a/charts/private-action-runner/README.md b/charts/private-action-runner/README.md index e0f476e0a..7ef069322 100644 --- a/charts/private-action-runner/README.md +++ b/charts/private-action-runner/README.md @@ -1,6 +1,6 @@ # Datadog Private Action Runner -![Version: 0.15.0](https://img.shields.io/badge/Version-0.15.0-informational?style=flat-square) ![AppVersion: v0.1.5-beta](https://img.shields.io/badge/AppVersion-v0.1.5--beta-informational?style=flat-square) +![Version: 0.15.1](https://img.shields.io/badge/Version-0.15.1-informational?style=flat-square) ![AppVersion: v0.1.6-beta](https://img.shields.io/badge/AppVersion-v0.1.6--beta-informational?style=flat-square) This Helm Chart deploys the Datadog Private Action runner inside a Kubernetes cluster. It allows you to use private actions from the Datadog Workflow and Datadog App Builder products. When deploying this chart, you can give permissions to the runner in order to be able to run Kubernetes actions. @@ -42,7 +42,7 @@ helm repo update | Key | Type | Default | Description | |-----|------|---------|-------------| -| common.image | object | `{"repository":"gcr.io/datadoghq/private-action-runner","tag":"v0.1.5-beta"}` | Current Datadog Private Action Runner image | +| common.image | object | `{"repository":"gcr.io/datadoghq/private-action-runner","tag":"v0.1.6-beta"}` | Current Datadog Private Action Runner image | | credentialFiles | list | `[]` | List of credential files to be used by the Datadog Private Action Runner | | runners[0].config | object | `{"actionsAllowlist":[],"ddBaseURL":"https://app.datadoghq.com","modes":["workflowAutomation","appBuilder"],"port":9016,"privateKey":"CHANGE_ME_PRIVATE_KEY_FROM_CONFIG","urn":"CHANGE_ME_URN_FROM_CONFIG"}` | Configuration for the Datadog Private Action Runner | | runners[0].config.actionsAllowlist | list | `[]` | List of actions that the Datadog Private Action Runner is allowed to execute | diff --git a/charts/private-action-runner/README.md.gotmpl b/charts/private-action-runner/README.md.gotmpl index a7cb66089..1f817e5fd 100644 --- a/charts/private-action-runner/README.md.gotmpl +++ b/charts/private-action-runner/README.md.gotmpl @@ -1,6 +1,6 @@ # Datadog Private Action Runner -![Version: 0.15.0](https://img.shields.io/badge/Version-0.15.0-informational?style=flat-square) ![AppVersion: v0.1.5-beta](https://img.shields.io/badge/AppVersion-v0.1.5--beta-informational?style=flat-square) +![Version: 0.15.1](https://img.shields.io/badge/Version-0.15.1-informational?style=flat-square) ![AppVersion: v0.1.6-beta](https://img.shields.io/badge/AppVersion-v0.1.6--beta-informational?style=flat-square) This Helm Chart deploys the Datadog Private Action runner inside a Kubernetes cluster. It allows you to use private actions from the Datadog Workflow and Datadog App Builder products. When deploying this chart, you can give permissions to the runner in order to be able to run Kubernetes actions. diff --git a/charts/private-action-runner/values.yaml b/charts/private-action-runner/values.yaml index 8b453c4d9..34c74b2eb 100644 --- a/charts/private-action-runner/values.yaml +++ b/charts/private-action-runner/values.yaml @@ -6,7 +6,7 @@ common: # -- Current Datadog Private Action Runner image image: repository: gcr.io/datadoghq/private-action-runner - tag: v0.1.5-beta + tag: v0.1.6-beta runners: # runners[0].name -- Name of the Datadog Private Action Runner diff --git a/test/private-action-runner/__snapshot__/default.yaml b/test/private-action-runner/__snapshot__/default.yaml index 3766b77ec..8dcfdd4b6 100644 --- a/test/private-action-runner/__snapshot__/default.yaml +++ b/test/private-action-runner/__snapshot__/default.yaml @@ -100,7 +100,7 @@ spec: value: nodeless containers: - name: runner - image: "gcr.io/datadoghq/private-action-runner:v0.1.5-beta" + image: "gcr.io/datadoghq/private-action-runner:v0.1.6-beta" imagePullPolicy: IfNotPresent ports: - name: http diff --git a/test/private-action-runner/__snapshot__/enable-kubernetes-actions.yaml b/test/private-action-runner/__snapshot__/enable-kubernetes-actions.yaml index 6b2d3f55c..ef5256028 100644 --- a/test/private-action-runner/__snapshot__/enable-kubernetes-actions.yaml +++ b/test/private-action-runner/__snapshot__/enable-kubernetes-actions.yaml @@ -144,7 +144,7 @@ spec: value: nodeless containers: - name: runner - image: "gcr.io/datadoghq/private-action-runner:v0.1.5-beta" + image: "gcr.io/datadoghq/private-action-runner:v0.1.6-beta" imagePullPolicy: IfNotPresent ports: - name: http From b08b9e86fd12aa282d17351282d3816ea6d33628 Mon Sep 17 00:00:00 2001 From: Robert Li Date: Mon, 9 Dec 2024 12:09:26 -0500 Subject: [PATCH 183/209] [CODEOWNERS] Update processes to container-intake (#1614) Co-authored-by: khewonc <39867936+khewonc@users.noreply.github.com> --- .github/CODEOWNERS | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/CODEOWNERS b/.github/CODEOWNERS index 88dcac83a..57dbce109 100644 --- a/.github/CODEOWNERS +++ b/.github/CODEOWNERS @@ -10,7 +10,7 @@ charts/datadog-crds @DataDog/container-ecosys charts/datadog-operator @DataDog/container-ecosystems charts/extended-daemon-set @DataDog/container-ecosystems charts/datadog @DataDog/container-helm-chart-maintainers -charts/datadog/templates/_container-process-agent.yaml @DataDog/processes @DataDog/container-helm-chart-maintainers +charts/datadog/templates/_container-process-agent.yaml @DataDog/container-intake @DataDog/container-helm-chart-maintainers charts/datadog/templates/_container-system-probe.yaml @DataDog/ebpf-platform @DataDog/container-helm-chart-maintainers charts/datadog/templates/_container-trace-agent.yaml @DataDog/agent-apm @DataDog/container-helm-chart-maintainers charts/datadog/templates/_system-probe-init.yaml @DataDog/ebpf-platform @DataDog/container-helm-chart-maintainers From 29ff9d0b0ee46ace619643be950472fccbc0a1ae Mon Sep 17 00:00:00 2001 From: Gabriel Plassard <138318954+dd-gplassard@users.noreply.github.com> Date: Wed, 11 Dec 2024 16:57:55 +0100 Subject: [PATCH 184/209] [PAR] update PAR image to v0.1.8-beta (#1630) * [PAR] update PAR image to v0.1.8-beta * actually update the version --- charts/private-action-runner/CHANGELOG.md | 4 ++++ charts/private-action-runner/Chart.yaml | 2 +- charts/private-action-runner/README.md | 4 ++-- charts/private-action-runner/README.md.gotmpl | 2 +- charts/private-action-runner/values.yaml | 2 +- test/private-action-runner/__snapshot__/default.yaml | 2 +- .../__snapshot__/enable-kubernetes-actions.yaml | 2 +- 7 files changed, 11 insertions(+), 7 deletions(-) diff --git a/charts/private-action-runner/CHANGELOG.md b/charts/private-action-runner/CHANGELOG.md index e7645d5cf..df7661326 100644 --- a/charts/private-action-runner/CHANGELOG.md +++ b/charts/private-action-runner/CHANGELOG.md @@ -1,5 +1,9 @@ # Datadog changelog +## 0.15.2 + +* Update private action image version to `v0.1.8-beta` + ## 0.15.1 * Update private action image version to `v0.1.6-beta` diff --git a/charts/private-action-runner/Chart.yaml b/charts/private-action-runner/Chart.yaml index dc246d089..5f188e146 100644 --- a/charts/private-action-runner/Chart.yaml +++ b/charts/private-action-runner/Chart.yaml @@ -3,7 +3,7 @@ name: private-action-runner description: A Helm chart to deploy the private action runner type: application -version: 0.15.1 +version: 0.15.2 appVersion: "1.22.0" keywords: - app builder diff --git a/charts/private-action-runner/README.md b/charts/private-action-runner/README.md index 7ef069322..744d74bdb 100644 --- a/charts/private-action-runner/README.md +++ b/charts/private-action-runner/README.md @@ -1,6 +1,6 @@ # Datadog Private Action Runner -![Version: 0.15.1](https://img.shields.io/badge/Version-0.15.1-informational?style=flat-square) ![AppVersion: v0.1.6-beta](https://img.shields.io/badge/AppVersion-v0.1.6--beta-informational?style=flat-square) +![Version: 0.15.2](https://img.shields.io/badge/Version-0.15.2-informational?style=flat-square) ![AppVersion: v0.1.8-beta](https://img.shields.io/badge/AppVersion-v0.1.6--beta-informational?style=flat-square) This Helm Chart deploys the Datadog Private Action runner inside a Kubernetes cluster. It allows you to use private actions from the Datadog Workflow and Datadog App Builder products. When deploying this chart, you can give permissions to the runner in order to be able to run Kubernetes actions. @@ -42,7 +42,7 @@ helm repo update | Key | Type | Default | Description | |-----|------|---------|-------------| -| common.image | object | `{"repository":"gcr.io/datadoghq/private-action-runner","tag":"v0.1.6-beta"}` | Current Datadog Private Action Runner image | +| common.image | object | `{"repository":"gcr.io/datadoghq/private-action-runner","tag":"v0.1.8-beta"}` | Current Datadog Private Action Runner image | | credentialFiles | list | `[]` | List of credential files to be used by the Datadog Private Action Runner | | runners[0].config | object | `{"actionsAllowlist":[],"ddBaseURL":"https://app.datadoghq.com","modes":["workflowAutomation","appBuilder"],"port":9016,"privateKey":"CHANGE_ME_PRIVATE_KEY_FROM_CONFIG","urn":"CHANGE_ME_URN_FROM_CONFIG"}` | Configuration for the Datadog Private Action Runner | | runners[0].config.actionsAllowlist | list | `[]` | List of actions that the Datadog Private Action Runner is allowed to execute | diff --git a/charts/private-action-runner/README.md.gotmpl b/charts/private-action-runner/README.md.gotmpl index 1f817e5fd..8927be905 100644 --- a/charts/private-action-runner/README.md.gotmpl +++ b/charts/private-action-runner/README.md.gotmpl @@ -1,6 +1,6 @@ # Datadog Private Action Runner -![Version: 0.15.1](https://img.shields.io/badge/Version-0.15.1-informational?style=flat-square) ![AppVersion: v0.1.6-beta](https://img.shields.io/badge/AppVersion-v0.1.6--beta-informational?style=flat-square) +![Version: 0.15.2](https://img.shields.io/badge/Version-0.15.2-informational?style=flat-square) ![AppVersion: v0.1.8-beta](https://img.shields.io/badge/AppVersion-v0.1.6--beta-informational?style=flat-square) This Helm Chart deploys the Datadog Private Action runner inside a Kubernetes cluster. It allows you to use private actions from the Datadog Workflow and Datadog App Builder products. When deploying this chart, you can give permissions to the runner in order to be able to run Kubernetes actions. diff --git a/charts/private-action-runner/values.yaml b/charts/private-action-runner/values.yaml index 34c74b2eb..419e0df8c 100644 --- a/charts/private-action-runner/values.yaml +++ b/charts/private-action-runner/values.yaml @@ -6,7 +6,7 @@ common: # -- Current Datadog Private Action Runner image image: repository: gcr.io/datadoghq/private-action-runner - tag: v0.1.6-beta + tag: v0.1.8-beta runners: # runners[0].name -- Name of the Datadog Private Action Runner diff --git a/test/private-action-runner/__snapshot__/default.yaml b/test/private-action-runner/__snapshot__/default.yaml index 8dcfdd4b6..73d4bdddc 100644 --- a/test/private-action-runner/__snapshot__/default.yaml +++ b/test/private-action-runner/__snapshot__/default.yaml @@ -100,7 +100,7 @@ spec: value: nodeless containers: - name: runner - image: "gcr.io/datadoghq/private-action-runner:v0.1.6-beta" + image: "gcr.io/datadoghq/private-action-runner:v0.1.8-beta" imagePullPolicy: IfNotPresent ports: - name: http diff --git a/test/private-action-runner/__snapshot__/enable-kubernetes-actions.yaml b/test/private-action-runner/__snapshot__/enable-kubernetes-actions.yaml index ef5256028..3d5951c6a 100644 --- a/test/private-action-runner/__snapshot__/enable-kubernetes-actions.yaml +++ b/test/private-action-runner/__snapshot__/enable-kubernetes-actions.yaml @@ -144,7 +144,7 @@ spec: value: nodeless containers: - name: runner - image: "gcr.io/datadoghq/private-action-runner:v0.1.6-beta" + image: "gcr.io/datadoghq/private-action-runner:v0.1.8-beta" imagePullPolicy: IfNotPresent ports: - name: http From 95332af7e65127c253a4bc5799a8735459e2f9c9 Mon Sep 17 00:00:00 2001 From: Ethan Wood-Thomas Date: Mon, 16 Dec 2024 16:14:12 -0500 Subject: [PATCH 185/209] Bump python version to 3.12 in CI (#1637) * Bump python version to 3.12 in CI * Dummy change to trigger CI * Dummy change with version bump * Dummy changelog * Update readme too... * Remove dummy changes * Include .DS_Store in gitignore * Removed .DS_Store from tracking --- .github/workflows/ci.yaml | 6 +++--- .gitignore | 1 + 2 files changed, 4 insertions(+), 3 deletions(-) diff --git a/.github/workflows/ci.yaml b/.github/workflows/ci.yaml index bbce00ed9..1276ef2ed 100644 --- a/.github/workflows/ci.yaml +++ b/.github/workflows/ci.yaml @@ -26,7 +26,7 @@ jobs: version: v3.6.3 - uses: actions/setup-python@v4 with: - python-version: 3.7 + python-version: 3.12 - name: Set up chart-testing uses: helm/chart-testing-action@v2.6.1 - name: Run chart-testing (list-changed) @@ -57,7 +57,7 @@ jobs: fetch-depth: 0 - uses: actions/setup-python@v4 with: - python-version: 3.7 + python-version: 3.12 - name: Set up chart-testing uses: helm/chart-testing-action@v2.6.1 - name: Run chart-testing (lint) @@ -156,7 +156,7 @@ jobs: config: .github/kind_config.yaml - uses: actions/setup-python@v4 with: - python-version: 3.7 + python-version: 3.12 - name: Set up chart-testing uses: helm/chart-testing-action@v2.6.1 - name: Run chart-testing (install) diff --git a/.gitignore b/.gitignore index 089390f06..504caf976 100644 --- a/.gitignore +++ b/.gitignore @@ -5,3 +5,4 @@ kubeconform vendor/ .vscode go.work* +.DS_Store From 92dd9288ce12b51e1c3595ff50516a58fd1d0f8f Mon Sep 17 00:00:00 2001 From: Merchrist <99204620+merchristK@users.noreply.github.com> Date: Tue, 17 Dec 2024 15:04:24 +0100 Subject: [PATCH 186/209] [ACTP] Bump runner version to v0.1.9-beta (#1638) * [ACTP] Bump runner version to v0.1.9-beta * update changelog --- charts/private-action-runner/CHANGELOG.md | 4 ++++ charts/private-action-runner/Chart.yaml | 2 +- charts/private-action-runner/README.md | 4 ++-- charts/private-action-runner/README.md.gotmpl | 2 +- charts/private-action-runner/values.yaml | 2 +- test/private-action-runner/__snapshot__/default.yaml | 2 +- .../__snapshot__/enable-kubernetes-actions.yaml | 2 +- 7 files changed, 11 insertions(+), 7 deletions(-) diff --git a/charts/private-action-runner/CHANGELOG.md b/charts/private-action-runner/CHANGELOG.md index df7661326..8a5eb8488 100644 --- a/charts/private-action-runner/CHANGELOG.md +++ b/charts/private-action-runner/CHANGELOG.md @@ -1,5 +1,9 @@ # Datadog changelog +## 0.15.3 + +* Update private action image version to `v0.1.9-beta` + ## 0.15.2 * Update private action image version to `v0.1.8-beta` diff --git a/charts/private-action-runner/Chart.yaml b/charts/private-action-runner/Chart.yaml index 5f188e146..c8eedbc6e 100644 --- a/charts/private-action-runner/Chart.yaml +++ b/charts/private-action-runner/Chart.yaml @@ -3,7 +3,7 @@ name: private-action-runner description: A Helm chart to deploy the private action runner type: application -version: 0.15.2 +version: 0.15.3 appVersion: "1.22.0" keywords: - app builder diff --git a/charts/private-action-runner/README.md b/charts/private-action-runner/README.md index 744d74bdb..2971dffb0 100644 --- a/charts/private-action-runner/README.md +++ b/charts/private-action-runner/README.md @@ -1,6 +1,6 @@ # Datadog Private Action Runner -![Version: 0.15.2](https://img.shields.io/badge/Version-0.15.2-informational?style=flat-square) ![AppVersion: v0.1.8-beta](https://img.shields.io/badge/AppVersion-v0.1.6--beta-informational?style=flat-square) +![Version: 0.15.3](https://img.shields.io/badge/Version-0.15.3-informational?style=flat-square) ![AppVersion: v0.1.9-beta](https://img.shields.io/badge/AppVersion-v0.1.6--beta-informational?style=flat-square) This Helm Chart deploys the Datadog Private Action runner inside a Kubernetes cluster. It allows you to use private actions from the Datadog Workflow and Datadog App Builder products. When deploying this chart, you can give permissions to the runner in order to be able to run Kubernetes actions. @@ -42,7 +42,7 @@ helm repo update | Key | Type | Default | Description | |-----|------|---------|-------------| -| common.image | object | `{"repository":"gcr.io/datadoghq/private-action-runner","tag":"v0.1.8-beta"}` | Current Datadog Private Action Runner image | +| common.image | object | `{"repository":"gcr.io/datadoghq/private-action-runner","tag":"v0.1.9-beta"}` | Current Datadog Private Action Runner image | | credentialFiles | list | `[]` | List of credential files to be used by the Datadog Private Action Runner | | runners[0].config | object | `{"actionsAllowlist":[],"ddBaseURL":"https://app.datadoghq.com","modes":["workflowAutomation","appBuilder"],"port":9016,"privateKey":"CHANGE_ME_PRIVATE_KEY_FROM_CONFIG","urn":"CHANGE_ME_URN_FROM_CONFIG"}` | Configuration for the Datadog Private Action Runner | | runners[0].config.actionsAllowlist | list | `[]` | List of actions that the Datadog Private Action Runner is allowed to execute | diff --git a/charts/private-action-runner/README.md.gotmpl b/charts/private-action-runner/README.md.gotmpl index 8927be905..7d2e219b3 100644 --- a/charts/private-action-runner/README.md.gotmpl +++ b/charts/private-action-runner/README.md.gotmpl @@ -1,6 +1,6 @@ # Datadog Private Action Runner -![Version: 0.15.2](https://img.shields.io/badge/Version-0.15.2-informational?style=flat-square) ![AppVersion: v0.1.8-beta](https://img.shields.io/badge/AppVersion-v0.1.6--beta-informational?style=flat-square) +![Version: 0.15.3](https://img.shields.io/badge/Version-0.15.3-informational?style=flat-square) ![AppVersion: v0.1.9-beta](https://img.shields.io/badge/AppVersion-v0.1.6--beta-informational?style=flat-square) This Helm Chart deploys the Datadog Private Action runner inside a Kubernetes cluster. It allows you to use private actions from the Datadog Workflow and Datadog App Builder products. When deploying this chart, you can give permissions to the runner in order to be able to run Kubernetes actions. diff --git a/charts/private-action-runner/values.yaml b/charts/private-action-runner/values.yaml index 419e0df8c..0403a983b 100644 --- a/charts/private-action-runner/values.yaml +++ b/charts/private-action-runner/values.yaml @@ -6,7 +6,7 @@ common: # -- Current Datadog Private Action Runner image image: repository: gcr.io/datadoghq/private-action-runner - tag: v0.1.8-beta + tag: v0.1.9-beta runners: # runners[0].name -- Name of the Datadog Private Action Runner diff --git a/test/private-action-runner/__snapshot__/default.yaml b/test/private-action-runner/__snapshot__/default.yaml index 73d4bdddc..42959b880 100644 --- a/test/private-action-runner/__snapshot__/default.yaml +++ b/test/private-action-runner/__snapshot__/default.yaml @@ -100,7 +100,7 @@ spec: value: nodeless containers: - name: runner - image: "gcr.io/datadoghq/private-action-runner:v0.1.8-beta" + image: "gcr.io/datadoghq/private-action-runner:v0.1.9-beta" imagePullPolicy: IfNotPresent ports: - name: http diff --git a/test/private-action-runner/__snapshot__/enable-kubernetes-actions.yaml b/test/private-action-runner/__snapshot__/enable-kubernetes-actions.yaml index 3d5951c6a..c94556425 100644 --- a/test/private-action-runner/__snapshot__/enable-kubernetes-actions.yaml +++ b/test/private-action-runner/__snapshot__/enable-kubernetes-actions.yaml @@ -144,7 +144,7 @@ spec: value: nodeless containers: - name: runner - image: "gcr.io/datadoghq/private-action-runner:v0.1.8-beta" + image: "gcr.io/datadoghq/private-action-runner:v0.1.9-beta" imagePullPolicy: IfNotPresent ports: - name: http From 3baa94baafc3145e587825dade7364eb21a21985 Mon Sep 17 00:00:00 2001 From: Hasan Mahmood <6599778+hmahmood@users.noreply.github.com> Date: Tue, 17 Dec 2024 12:20:07 -0600 Subject: [PATCH 187/209] Add /sys/fs/bpf to system-probe container volumes (#1634) --- charts/datadog/CHANGELOG.md | 4 ++++ charts/datadog/Chart.yaml | 2 +- charts/datadog/README.md | 2 +- charts/datadog/templates/_container-system-probe.yaml | 6 ++++++ charts/datadog/templates/_daemonset-volumes-linux.yaml | 5 +++++ 5 files changed, 17 insertions(+), 2 deletions(-) diff --git a/charts/datadog/CHANGELOG.md b/charts/datadog/CHANGELOG.md index bfb699795..d9923af94 100644 --- a/charts/datadog/CHANGELOG.md +++ b/charts/datadog/CHANGELOG.md @@ -1,5 +1,9 @@ # Datadog changelog +## 3.83.1 + +* Add /sys/fs/bpf to system-probe volume mounts + ## 3.83.0 * Added the configuration value `datadog.disablePasswdMount` to disable mounting the `/etc/passwd` path from the host filesystem. This option should be used when the underlying OS does not have these files (e.g., Talos OS). diff --git a/charts/datadog/Chart.yaml b/charts/datadog/Chart.yaml index 51ac9983d..6add375c6 100644 --- a/charts/datadog/Chart.yaml +++ b/charts/datadog/Chart.yaml @@ -1,7 +1,7 @@ --- apiVersion: v1 name: datadog -version: 3.83.0 +version: 3.83.1 appVersion: "7" description: Datadog Agent keywords: diff --git a/charts/datadog/README.md b/charts/datadog/README.md index 8e5b1fb00..c4243577b 100644 --- a/charts/datadog/README.md +++ b/charts/datadog/README.md @@ -1,6 +1,6 @@ # Datadog -![Version: 3.83.0](https://img.shields.io/badge/Version-3.83.0-informational?style=flat-square) ![AppVersion: 7](https://img.shields.io/badge/AppVersion-7-informational?style=flat-square) +![Version: 3.83.1](https://img.shields.io/badge/Version-3.83.1-informational?style=flat-square) ![AppVersion: 7](https://img.shields.io/badge/AppVersion-7-informational?style=flat-square) [Datadog](https://www.datadoghq.com/) is a hosted infrastructure monitoring platform. This chart adds the Datadog Agent to all nodes in your cluster via a DaemonSet. It also optionally depends on the [kube-state-metrics chart](https://github.com/prometheus-community/helm-charts/tree/main/charts/kube-state-metrics). For more information about monitoring Kubernetes with Datadog, please refer to the [Datadog documentation website](https://docs.datadoghq.com/agent/basic_agent_usage/kubernetes/). diff --git a/charts/datadog/templates/_container-system-probe.yaml b/charts/datadog/templates/_container-system-probe.yaml index cf77ed4db..d3935459e 100644 --- a/charts/datadog/templates/_container-system-probe.yaml +++ b/charts/datadog/templates/_container-system-probe.yaml @@ -43,6 +43,12 @@ mountPath: /sys/kernel/debug mountPropagation: {{ .Values.datadog.hostVolumeMountPropagation }} readOnly: false # Need RW for kprobe_events +{{- if .Values.datadog.networkMonitoring.enabled }} + - name: bpffs + mountPath: /sys/fs/bpf + mountPropagation: {{ .Values.datadog.hostVolumeMountPropagation }} + readOnly: true +{{- end }} - name: config mountPath: {{ template "datadog.confPath" . }} readOnly: true diff --git a/charts/datadog/templates/_daemonset-volumes-linux.yaml b/charts/datadog/templates/_daemonset-volumes-linux.yaml index 6b6cb50f0..4a2251f65 100644 --- a/charts/datadog/templates/_daemonset-volumes-linux.yaml +++ b/charts/datadog/templates/_daemonset-volumes-linux.yaml @@ -81,6 +81,11 @@ - hostPath: path: /sys/kernel/debug name: debugfs +{{- if .Values.datadog.networkMonitoring.enabled }} +- hostPath: + path: /sys/fs/bpf + name: bpffs +{{- end }} - name: sysprobe-socket-dir emptyDir: {} {{- if and (eq (include "runtime-compilation-enabled" .) "true") .Values.datadog.systemProbe.enableDefaultKernelHeadersPaths }} From 59746d36ffe661a22761fbcd92be380af4fc7e20 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Timoth=C3=A9e=20Bavelier?= <97530782+tbavelier@users.noreply.github.com> Date: Wed, 18 Dec 2024 13:45:59 +0100 Subject: [PATCH 188/209] [datadog-crds] Update CRDs from Datadog Operator v1.11.0 tag (#1640) * update-crds.sh v1.11.0 * crd changelog --- charts/datadog-crds/CHANGELOG.md | 4 + charts/datadog-crds/Chart.yaml | 2 +- charts/datadog-crds/README.md | 2 +- ...datadoghq.com_datadogagentprofiles_v1.yaml | 47 +-- .../datadoghq.com_datadogagents_v1.yaml | 361 +++++++++++++++++- .../datadoghq.com_datadogdashboards_v1.yaml | 28 +- .../datadoghq.com_datadogmetrics_v1.yaml | 2 +- .../datadoghq.com_datadogmonitors_v1.yaml | 2 +- ...atadoghq.com_datadogpodautoscalers_v1.yaml | 2 +- .../datadoghq.com_datadogslos_v1.yaml | 28 +- crds/datadoghq.com_datadogagentprofiles.yaml | 47 +-- crds/datadoghq.com_datadogagents.yaml | 361 +++++++++++++++++- crds/datadoghq.com_datadogdashboards.yaml | 28 +- crds/datadoghq.com_datadogmetrics.yaml | 2 +- crds/datadoghq.com_datadogmonitors.yaml | 2 +- crds/datadoghq.com_datadogpodautoscalers.yaml | 2 +- crds/datadoghq.com_datadogslos.yaml | 28 +- 17 files changed, 756 insertions(+), 192 deletions(-) diff --git a/charts/datadog-crds/CHANGELOG.md b/charts/datadog-crds/CHANGELOG.md index 39f9e8402..b55387c05 100644 --- a/charts/datadog-crds/CHANGELOG.md +++ b/charts/datadog-crds/CHANGELOG.md @@ -1,5 +1,9 @@ # Changelog +# 2.3.0 + +* Update CRDs from Datadog Operator v1.11.0 tag. + # 2.2.0 * Update CRDs from Datadog Operator v1.10.0 tag. diff --git a/charts/datadog-crds/Chart.yaml b/charts/datadog-crds/Chart.yaml index f4e6c9763..3402f3d30 100644 --- a/charts/datadog-crds/Chart.yaml +++ b/charts/datadog-crds/Chart.yaml @@ -1,7 +1,7 @@ apiVersion: v1 name: datadog-crds description: Datadog Kubernetes CRDs chart -version: 2.2.0 +version: 2.3.0 appVersion: "1" keywords: - monitoring diff --git a/charts/datadog-crds/README.md b/charts/datadog-crds/README.md index 851d16f49..3da17dcde 100644 --- a/charts/datadog-crds/README.md +++ b/charts/datadog-crds/README.md @@ -1,6 +1,6 @@ # Datadog CRDs -![Version: 2.2.0](https://img.shields.io/badge/Version-2.2.0-informational?style=flat-square) ![AppVersion: 1](https://img.shields.io/badge/AppVersion-1-informational?style=flat-square) +![Version: 2.3.0](https://img.shields.io/badge/Version-2.3.0-informational?style=flat-square) ![AppVersion: 1](https://img.shields.io/badge/AppVersion-1-informational?style=flat-square) This chart was designed to allow other "datadog" charts to share `CustomResourceDefinitions` such as the `DatadogMetric`. diff --git a/charts/datadog-crds/templates/datadoghq.com_datadogagentprofiles_v1.yaml b/charts/datadog-crds/templates/datadoghq.com_datadogagentprofiles_v1.yaml index 985391de5..e16b1bdcf 100644 --- a/charts/datadog-crds/templates/datadoghq.com_datadogagentprofiles_v1.yaml +++ b/charts/datadog-crds/templates/datadoghq.com_datadogagentprofiles_v1.yaml @@ -4,7 +4,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.14.0 + controller-gen.kubebuilder.io/version: v0.16.3 name: datadogagentprofiles.datadoghq.com labels: helm.sh/chart: '{{ include "datadog-crds.chart" . }}' @@ -97,10 +97,13 @@ spec: description: The key to select. type: string name: + default: "" description: |- Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, uid? type: string optional: description: Specify whether the ConfigMap or its key must be defined @@ -153,10 +156,13 @@ spec: description: The key of the secret to select from. Must be a valid secret key. type: string name: + default: "" description: |- Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, uid? type: string optional: description: Specify whether the Secret or its key must be defined @@ -184,11 +190,9 @@ spec: Claims lists the names of resources, defined in spec.resourceClaims, that are used by this container. - This is an alpha field and requires enabling the DynamicResourceAllocation feature gate. - This field is immutable. It can only be set for containers. items: description: ResourceClaim references one entry in PodSpec.ResourceClaims. @@ -199,6 +203,12 @@ spec: the Pod where this field is used. It makes that resource available inside a container. type: string + request: + description: |- + Request is the name chosen for a request in the referenced claim. + If empty, everything from the claim is made available, otherwise + only the result of this request. + type: string required: - name type: object @@ -312,6 +322,7 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic required: - key - operator @@ -328,24 +339,7 @@ spec: conditions: description: Conditions represents the latest available observations of a DatadogAgentProfile's current state. items: - description: |- - Condition contains details for one aspect of the current state of this API Resource. - --- - This struct is intended for direct use as an array at the field path .status.conditions. For example, - - - type FooStatus struct{ - // Represents the observations of a foo's current state. - // Known .status.conditions.type are: "Available", "Progressing", and "Degraded" - // +patchMergeKey=type - // +patchStrategy=merge - // +listType=map - // +listMapKey=type - Conditions []metav1.Condition `json:"conditions,omitempty" patchStrategy:"merge" patchMergeKey:"type" protobuf:"bytes,1,rep,name=conditions"` - - - // other fields - } + description: Condition contains details for one aspect of the current state of this API Resource. properties: lastTransitionTime: description: |- @@ -386,12 +380,7 @@ spec: - Unknown type: string type: - description: |- - type of condition in CamelCase or in foo.example.com/CamelCase. - --- - Many .condition.type values are consistent across resources like Available, but because arbitrary conditions can be - useful (see .node.status.conditions), the ability to deconflict is important. - The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt) + description: type of condition in CamelCase or in foo.example.com/CamelCase. maxLength: 316 pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ type: string diff --git a/charts/datadog-crds/templates/datadoghq.com_datadogagents_v1.yaml b/charts/datadog-crds/templates/datadoghq.com_datadogagents_v1.yaml index 5359f9b03..af1e555c1 100644 --- a/charts/datadog-crds/templates/datadoghq.com_datadogagents_v1.yaml +++ b/charts/datadog-crds/templates/datadoghq.com_datadogagents_v1.yaml @@ -4,7 +4,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.14.0 + controller-gen.kubebuilder.io/version: v0.16.3 name: datadogagents.datadoghq.com labels: helm.sh/chart: '{{ include "datadog-crds.chart" . }}' @@ -71,6 +71,7 @@ spec: items: properties: name: + default: "" type: string type: object x-kubernetes-map-type: atomic @@ -95,6 +96,7 @@ spec: key: type: string name: + default: "" type: string optional: type: boolean @@ -133,6 +135,7 @@ spec: key: type: string name: + default: "" type: string optional: type: boolean @@ -155,6 +158,8 @@ spec: properties: name: type: string + request: + type: string required: - name type: object @@ -202,11 +207,13 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic required: - key - operator type: object type: array + x-kubernetes-list-type: atomic matchLabels: additionalProperties: type: string @@ -226,11 +233,13 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic required: - key - operator type: object type: array + x-kubernetes-list-type: atomic matchLabels: additionalProperties: type: string @@ -254,10 +263,20 @@ spec: type: string mutateUnlabelled: type: boolean + mutation: + properties: + enabled: + type: boolean + type: object registry: type: string serviceName: type: string + validation: + properties: + enabled: + type: boolean + type: object webhookName: type: string type: object @@ -778,6 +797,11 @@ spec: type: boolean type: object type: object + serviceDiscovery: + properties: + enabled: + type: boolean + type: object tcpQueueLength: properties: enabled: @@ -791,6 +815,8 @@ spec: type: object global: properties: + checksTagCardinality: + type: string clusterAgentToken: type: string clusterAgentTokenSecret: @@ -881,6 +907,7 @@ spec: key: type: string name: + default: "" type: string optional: type: boolean @@ -919,6 +946,7 @@ spec: key: type: string name: + default: "" type: string optional: type: boolean @@ -978,6 +1006,7 @@ spec: items: properties: name: + default: "" type: string type: object x-kubernetes-map-type: atomic @@ -1000,6 +1029,8 @@ spec: properties: name: type: string + request: + type: string required: - name type: object @@ -1038,6 +1069,7 @@ spec: key: type: string name: + default: "" type: string optional: type: boolean @@ -1076,6 +1108,7 @@ spec: key: type: string name: + default: "" type: string optional: type: boolean @@ -1136,11 +1169,13 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic required: - key - operator type: object type: array + x-kubernetes-list-type: atomic matchLabels: additionalProperties: type: string @@ -1171,6 +1206,8 @@ spec: type: object registry: type: string + runProcessChecksInCoreAgent: + type: boolean secretBackend: properties: args: @@ -1189,6 +1226,9 @@ spec: type: string type: array x-kubernetes-list-type: set + required: + - namespace + - secrets type: object type: array x-kubernetes-list-type: atomic @@ -1227,11 +1267,13 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic required: - key - operator type: object type: array + x-kubernetes-list-type: atomic matchFields: items: properties: @@ -1243,11 +1285,13 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic required: - key - operator type: object type: array + x-kubernetes-list-type: atomic type: object x-kubernetes-map-type: atomic weight: @@ -1258,6 +1302,7 @@ spec: - weight type: object type: array + x-kubernetes-list-type: atomic requiredDuringSchedulingIgnoredDuringExecution: properties: nodeSelectorTerms: @@ -1274,11 +1319,13 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic required: - key - operator type: object type: array + x-kubernetes-list-type: atomic matchFields: items: properties: @@ -1290,14 +1337,17 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic required: - key - operator type: object type: array + x-kubernetes-list-type: atomic type: object x-kubernetes-map-type: atomic type: array + x-kubernetes-list-type: atomic required: - nodeSelectorTerms type: object @@ -1323,17 +1373,29 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic required: - key - operator type: object type: array + x-kubernetes-list-type: atomic matchLabels: additionalProperties: type: string type: object type: object x-kubernetes-map-type: atomic + matchLabelKeys: + items: + type: string + type: array + x-kubernetes-list-type: atomic + mismatchLabelKeys: + items: + type: string + type: array + x-kubernetes-list-type: atomic namespaceSelector: properties: matchExpressions: @@ -1347,11 +1409,13 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic required: - key - operator type: object type: array + x-kubernetes-list-type: atomic matchLabels: additionalProperties: type: string @@ -1362,6 +1426,7 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic topologyKey: type: string required: @@ -1375,6 +1440,7 @@ spec: - weight type: object type: array + x-kubernetes-list-type: atomic requiredDuringSchedulingIgnoredDuringExecution: items: properties: @@ -1391,17 +1457,29 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic required: - key - operator type: object type: array + x-kubernetes-list-type: atomic matchLabels: additionalProperties: type: string type: object type: object x-kubernetes-map-type: atomic + matchLabelKeys: + items: + type: string + type: array + x-kubernetes-list-type: atomic + mismatchLabelKeys: + items: + type: string + type: array + x-kubernetes-list-type: atomic namespaceSelector: properties: matchExpressions: @@ -1415,11 +1493,13 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic required: - key - operator type: object type: array + x-kubernetes-list-type: atomic matchLabels: additionalProperties: type: string @@ -1430,12 +1510,14 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic topologyKey: type: string required: - topologyKey type: object type: array + x-kubernetes-list-type: atomic type: object podAntiAffinity: properties: @@ -1457,17 +1539,29 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic required: - key - operator type: object type: array + x-kubernetes-list-type: atomic matchLabels: additionalProperties: type: string type: object type: object x-kubernetes-map-type: atomic + matchLabelKeys: + items: + type: string + type: array + x-kubernetes-list-type: atomic + mismatchLabelKeys: + items: + type: string + type: array + x-kubernetes-list-type: atomic namespaceSelector: properties: matchExpressions: @@ -1481,11 +1575,13 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic required: - key - operator type: object type: array + x-kubernetes-list-type: atomic matchLabels: additionalProperties: type: string @@ -1496,6 +1592,7 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic topologyKey: type: string required: @@ -1509,6 +1606,7 @@ spec: - weight type: object type: array + x-kubernetes-list-type: atomic requiredDuringSchedulingIgnoredDuringExecution: items: properties: @@ -1525,17 +1623,29 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic required: - key - operator type: object type: array + x-kubernetes-list-type: atomic matchLabels: additionalProperties: type: string type: object type: object x-kubernetes-map-type: atomic + matchLabelKeys: + items: + type: string + type: array + x-kubernetes-list-type: atomic + mismatchLabelKeys: + items: + type: string + type: array + x-kubernetes-list-type: atomic namespaceSelector: properties: matchExpressions: @@ -1549,11 +1659,13 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic required: - key - operator type: object type: array + x-kubernetes-list-type: atomic matchLabels: additionalProperties: type: string @@ -1564,12 +1676,14 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic topologyKey: type: string required: - topologyKey type: object type: array + x-kubernetes-list-type: atomic type: object type: object annotations: @@ -1605,6 +1719,7 @@ spec: key: type: string name: + default: "" type: string optional: type: boolean @@ -1643,6 +1758,7 @@ spec: key: type: string name: + default: "" type: string optional: type: boolean @@ -1669,6 +1785,7 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic type: object failureThreshold: format: int32 @@ -1679,6 +1796,7 @@ spec: format: int32 type: integer service: + default: "" type: string required: - port @@ -1699,6 +1817,7 @@ spec: - value type: object type: array + x-kubernetes-list-type: atomic path: type: string port: @@ -1751,6 +1870,7 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic type: object failureThreshold: format: int32 @@ -1761,6 +1881,7 @@ spec: format: int32 type: integer service: + default: "" type: string required: - port @@ -1781,6 +1902,7 @@ spec: - value type: object type: array + x-kubernetes-list-type: atomic path: type: string port: @@ -1828,6 +1950,8 @@ spec: properties: name: type: string + request: + type: string required: - name type: object @@ -1889,16 +2013,27 @@ spec: properties: allowPrivilegeEscalation: type: boolean + appArmorProfile: + properties: + localhostProfile: + type: string + type: + type: string + required: + - type + type: object capabilities: properties: add: items: type: string type: array + x-kubernetes-list-type: atomic drop: items: type: string type: array + x-kubernetes-list-type: atomic type: object privileged: type: boolean @@ -1946,6 +2081,87 @@ spec: type: string type: object type: object + startupProbe: + properties: + exec: + properties: + command: + items: + type: string + type: array + x-kubernetes-list-type: atomic + type: object + failureThreshold: + format: int32 + type: integer + grpc: + properties: + port: + format: int32 + type: integer + service: + default: "" + type: string + required: + - port + type: object + httpGet: + properties: + host: + type: string + httpHeaders: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + x-kubernetes-list-type: atomic + path: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + scheme: + type: string + required: + - port + type: object + initialDelaySeconds: + format: int32 + type: integer + periodSeconds: + format: int32 + type: integer + successThreshold: + format: int32 + type: integer + tcpSocket: + properties: + host: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + required: + - port + type: object + terminationGracePeriodSeconds: + format: int64 + type: integer + timeoutSeconds: + format: int32 + type: integer + type: object volumeMounts: items: properties: @@ -1957,6 +2173,8 @@ spec: type: string readOnly: type: boolean + recursiveReadOnly: + type: string subPath: type: string subPathExpr: @@ -1972,6 +2190,8 @@ spec: x-kubernetes-list-type: map type: object type: object + createPodDisruptionBudget: + type: boolean createRbac: type: boolean customConfigurations: @@ -2012,6 +2232,7 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic options: items: properties: @@ -2021,10 +2242,12 @@ spec: type: string type: object type: array + x-kubernetes-list-type: atomic searches: items: type: string type: array + x-kubernetes-list-type: atomic type: object dnsPolicy: type: string @@ -2042,6 +2265,7 @@ spec: key: type: string name: + default: "" type: string optional: type: boolean @@ -2080,6 +2304,7 @@ spec: key: type: string name: + default: "" type: string optional: type: boolean @@ -2101,6 +2326,7 @@ spec: configMapRef: properties: name: + default: "" type: string optional: type: boolean @@ -2111,6 +2337,7 @@ spec: secretRef: properties: name: + default: "" type: string optional: type: boolean @@ -2194,6 +2421,7 @@ spec: items: properties: name: + default: "" type: string type: object x-kubernetes-map-type: atomic @@ -2218,6 +2446,15 @@ spec: type: integer securityContext: properties: + appArmorProfile: + properties: + localhostProfile: + type: string + type: + type: string + required: + - type + type: object fsGroup: format: int64 type: integer @@ -2256,6 +2493,9 @@ spec: format: int64 type: integer type: array + x-kubernetes-list-type: atomic + supplementalGroupsPolicy: + type: string sysctls: items: properties: @@ -2268,6 +2508,7 @@ spec: - value type: object type: array + x-kubernetes-list-type: atomic windowsOptions: properties: gmsaCredentialSpec: @@ -2347,10 +2588,12 @@ spec: diskURI: type: string fsType: + default: ext4 type: string kind: type: string readOnly: + default: false type: boolean required: - diskName @@ -2374,6 +2617,7 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic path: type: string readOnly: @@ -2383,6 +2627,7 @@ spec: secretRef: properties: name: + default: "" type: string type: object x-kubernetes-map-type: atomic @@ -2400,6 +2645,7 @@ spec: secretRef: properties: name: + default: "" type: string type: object x-kubernetes-map-type: atomic @@ -2428,7 +2674,9 @@ spec: - path type: object type: array + x-kubernetes-list-type: atomic name: + default: "" type: string optional: type: boolean @@ -2443,6 +2691,7 @@ spec: nodePublishSecretRef: properties: name: + default: "" type: string type: object x-kubernetes-map-type: atomic @@ -2498,6 +2747,7 @@ spec: - path type: object type: array + x-kubernetes-list-type: atomic type: object emptyDir: properties: @@ -2522,6 +2772,7 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic dataSource: properties: apiGroup: @@ -2551,18 +2802,6 @@ spec: type: object resources: properties: - claims: - items: - properties: - name: - type: string - required: - - name - type: object - type: array - x-kubernetes-list-map-keys: - - name - x-kubernetes-list-type: map limits: additionalProperties: anyOf: @@ -2593,11 +2832,13 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic required: - key - operator type: object type: array + x-kubernetes-list-type: atomic matchLabels: additionalProperties: type: string @@ -2606,6 +2847,8 @@ spec: x-kubernetes-map-type: atomic storageClassName: type: string + volumeAttributesClassName: + type: string volumeMode: type: string volumeName: @@ -2628,10 +2871,12 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic wwids: items: type: string type: array + x-kubernetes-list-type: atomic type: object flexVolume: properties: @@ -2648,6 +2893,7 @@ spec: secretRef: properties: name: + default: "" type: string type: object x-kubernetes-map-type: atomic @@ -2707,6 +2953,13 @@ spec: required: - path type: object + image: + properties: + pullPolicy: + type: string + reference: + type: string + type: object iscsi: properties: chapAuthDiscovery: @@ -2720,6 +2973,7 @@ spec: iqn: type: string iscsiInterface: + default: default type: string lun: format: int32 @@ -2728,11 +2982,13 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic readOnly: type: boolean secretRef: properties: name: + default: "" type: string type: object x-kubernetes-map-type: atomic @@ -2794,6 +3050,45 @@ spec: sources: items: properties: + clusterTrustBundle: + properties: + labelSelector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + type: object + type: object + x-kubernetes-map-type: atomic + name: + type: string + optional: + type: boolean + path: + type: string + signerName: + type: string + required: + - path + type: object configMap: properties: items: @@ -2811,7 +3106,9 @@ spec: - path type: object type: array + x-kubernetes-list-type: atomic name: + default: "" type: string optional: type: boolean @@ -2857,6 +3154,7 @@ spec: - path type: object type: array + x-kubernetes-list-type: atomic type: object secret: properties: @@ -2875,7 +3173,9 @@ spec: - path type: object type: array + x-kubernetes-list-type: atomic name: + default: "" type: string optional: type: boolean @@ -2895,6 +3195,7 @@ spec: type: object type: object type: array + x-kubernetes-list-type: atomic type: object quobyte: properties: @@ -2921,22 +3222,27 @@ spec: image: type: string keyring: + default: /etc/ceph/keyring type: string monitors: items: type: string type: array + x-kubernetes-list-type: atomic pool: + default: rbd type: string readOnly: type: boolean secretRef: properties: name: + default: "" type: string type: object x-kubernetes-map-type: atomic user: + default: admin type: string required: - image @@ -2945,6 +3251,7 @@ spec: scaleIO: properties: fsType: + default: xfs type: string gateway: type: string @@ -2955,12 +3262,14 @@ spec: secretRef: properties: name: + default: "" type: string type: object x-kubernetes-map-type: atomic sslEnabled: type: boolean storageMode: + default: ThinProvisioned type: string storagePool: type: string @@ -2993,6 +3302,7 @@ spec: - path type: object type: array + x-kubernetes-list-type: atomic optional: type: boolean secretName: @@ -3007,6 +3317,7 @@ spec: secretRef: properties: name: + default: "" type: string type: object x-kubernetes-map-type: atomic @@ -3240,6 +3551,7 @@ spec: items: properties: name: + default: "" type: string type: object x-kubernetes-map-type: atomic @@ -3264,6 +3576,7 @@ spec: key: type: string name: + default: "" type: string optional: type: boolean @@ -3302,6 +3615,7 @@ spec: key: type: string name: + default: "" type: string optional: type: boolean @@ -3324,6 +3638,8 @@ spec: properties: name: type: string + request: + type: string required: - name type: object @@ -3371,11 +3687,13 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic required: - key - operator type: object type: array + x-kubernetes-list-type: atomic matchLabels: additionalProperties: type: string @@ -3395,11 +3713,13 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic required: - key - operator type: object type: array + x-kubernetes-list-type: atomic matchLabels: additionalProperties: type: string @@ -3423,10 +3743,20 @@ spec: type: string mutateUnlabelled: type: boolean + mutation: + properties: + enabled: + type: boolean + type: object registry: type: string serviceName: type: string + validation: + properties: + enabled: + type: boolean + type: object webhookName: type: string type: object @@ -3947,6 +4277,11 @@ spec: type: boolean type: object type: object + serviceDiscovery: + properties: + enabled: + type: boolean + type: object tcpQueueLength: properties: enabled: diff --git a/charts/datadog-crds/templates/datadoghq.com_datadogdashboards_v1.yaml b/charts/datadog-crds/templates/datadoghq.com_datadogdashboards_v1.yaml index aa593079c..4b5a7a504 100644 --- a/charts/datadog-crds/templates/datadoghq.com_datadogdashboards_v1.yaml +++ b/charts/datadog-crds/templates/datadoghq.com_datadogdashboards_v1.yaml @@ -4,7 +4,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.14.0 + controller-gen.kubebuilder.io/version: v0.16.3 name: datadogdashboards.datadoghq.com labels: helm.sh/chart: '{{ include "datadog-crds.chart" . }}' @@ -159,24 +159,7 @@ spec: conditions: description: Conditions represents the latest available observations of the state of a DatadogDashboard. items: - description: |- - Condition contains details for one aspect of the current state of this API Resource. - --- - This struct is intended for direct use as an array at the field path .status.conditions. For example, - - - type FooStatus struct{ - // Represents the observations of a foo's current state. - // Known .status.conditions.type are: "Available", "Progressing", and "Degraded" - // +patchMergeKey=type - // +patchStrategy=merge - // +listType=map - // +listMapKey=type - Conditions []metav1.Condition `json:"conditions,omitempty" patchStrategy:"merge" patchMergeKey:"type" protobuf:"bytes,1,rep,name=conditions"` - - - // other fields - } + description: Condition contains details for one aspect of the current state of this API Resource. properties: lastTransitionTime: description: |- @@ -217,12 +200,7 @@ spec: - Unknown type: string type: - description: |- - type of condition in CamelCase or in foo.example.com/CamelCase. - --- - Many .condition.type values are consistent across resources like Available, but because arbitrary conditions can be - useful (see .node.status.conditions), the ability to deconflict is important. - The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt) + description: type of condition in CamelCase or in foo.example.com/CamelCase. maxLength: 316 pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ type: string diff --git a/charts/datadog-crds/templates/datadoghq.com_datadogmetrics_v1.yaml b/charts/datadog-crds/templates/datadoghq.com_datadogmetrics_v1.yaml index 614eea1e6..bbefe7dfc 100644 --- a/charts/datadog-crds/templates/datadoghq.com_datadogmetrics_v1.yaml +++ b/charts/datadog-crds/templates/datadoghq.com_datadogmetrics_v1.yaml @@ -4,7 +4,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.14.0 + controller-gen.kubebuilder.io/version: v0.16.3 name: datadogmetrics.datadoghq.com labels: helm.sh/chart: '{{ include "datadog-crds.chart" . }}' diff --git a/charts/datadog-crds/templates/datadoghq.com_datadogmonitors_v1.yaml b/charts/datadog-crds/templates/datadoghq.com_datadogmonitors_v1.yaml index dd9811dd8..8a734a69b 100644 --- a/charts/datadog-crds/templates/datadoghq.com_datadogmonitors_v1.yaml +++ b/charts/datadog-crds/templates/datadoghq.com_datadogmonitors_v1.yaml @@ -4,7 +4,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.14.0 + controller-gen.kubebuilder.io/version: v0.16.3 name: datadogmonitors.datadoghq.com labels: helm.sh/chart: '{{ include "datadog-crds.chart" . }}' diff --git a/charts/datadog-crds/templates/datadoghq.com_datadogpodautoscalers_v1.yaml b/charts/datadog-crds/templates/datadoghq.com_datadogpodautoscalers_v1.yaml index ecbfd2c37..7ef853b56 100644 --- a/charts/datadog-crds/templates/datadoghq.com_datadogpodautoscalers_v1.yaml +++ b/charts/datadog-crds/templates/datadoghq.com_datadogpodautoscalers_v1.yaml @@ -4,7 +4,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.14.0 + controller-gen.kubebuilder.io/version: v0.16.3 name: datadogpodautoscalers.datadoghq.com labels: helm.sh/chart: '{{ include "datadog-crds.chart" . }}' diff --git a/charts/datadog-crds/templates/datadoghq.com_datadogslos_v1.yaml b/charts/datadog-crds/templates/datadoghq.com_datadogslos_v1.yaml index 0cb8c68bd..bbaa77066 100644 --- a/charts/datadog-crds/templates/datadoghq.com_datadogslos_v1.yaml +++ b/charts/datadog-crds/templates/datadoghq.com_datadogslos_v1.yaml @@ -4,7 +4,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.14.0 + controller-gen.kubebuilder.io/version: v0.16.3 name: datadogslos.datadoghq.com labels: helm.sh/chart: '{{ include "datadog-crds.chart" . }}' @@ -143,24 +143,7 @@ spec: conditions: description: Conditions represents the latest available observations of the state of a DatadogSLO. items: - description: |- - Condition contains details for one aspect of the current state of this API Resource. - --- - This struct is intended for direct use as an array at the field path .status.conditions. For example, - - - type FooStatus struct{ - // Represents the observations of a foo's current state. - // Known .status.conditions.type are: "Available", "Progressing", and "Degraded" - // +patchMergeKey=type - // +patchStrategy=merge - // +listType=map - // +listMapKey=type - Conditions []metav1.Condition `json:"conditions,omitempty" patchStrategy:"merge" patchMergeKey:"type" protobuf:"bytes,1,rep,name=conditions"` - - - // other fields - } + description: Condition contains details for one aspect of the current state of this API Resource. properties: lastTransitionTime: description: |- @@ -201,12 +184,7 @@ spec: - Unknown type: string type: - description: |- - type of condition in CamelCase or in foo.example.com/CamelCase. - --- - Many .condition.type values are consistent across resources like Available, but because arbitrary conditions can be - useful (see .node.status.conditions), the ability to deconflict is important. - The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt) + description: type of condition in CamelCase or in foo.example.com/CamelCase. maxLength: 316 pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ type: string diff --git a/crds/datadoghq.com_datadogagentprofiles.yaml b/crds/datadoghq.com_datadogagentprofiles.yaml index c080a083f..5c4ed60b7 100644 --- a/crds/datadoghq.com_datadogagentprofiles.yaml +++ b/crds/datadoghq.com_datadogagentprofiles.yaml @@ -3,7 +3,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.14.0 + controller-gen.kubebuilder.io/version: v0.16.3 name: datadogagentprofiles.datadoghq.com spec: group: datadoghq.com @@ -91,10 +91,13 @@ spec: description: The key to select. type: string name: + default: "" description: |- Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, uid? type: string optional: description: Specify whether the ConfigMap or its key must be defined @@ -147,10 +150,13 @@ spec: description: The key of the secret to select from. Must be a valid secret key. type: string name: + default: "" description: |- Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, uid? type: string optional: description: Specify whether the Secret or its key must be defined @@ -178,11 +184,9 @@ spec: Claims lists the names of resources, defined in spec.resourceClaims, that are used by this container. - This is an alpha field and requires enabling the DynamicResourceAllocation feature gate. - This field is immutable. It can only be set for containers. items: description: ResourceClaim references one entry in PodSpec.ResourceClaims. @@ -193,6 +197,12 @@ spec: the Pod where this field is used. It makes that resource available inside a container. type: string + request: + description: |- + Request is the name chosen for a request in the referenced claim. + If empty, everything from the claim is made available, otherwise + only the result of this request. + type: string required: - name type: object @@ -306,6 +316,7 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic required: - key - operator @@ -322,24 +333,7 @@ spec: conditions: description: Conditions represents the latest available observations of a DatadogAgentProfile's current state. items: - description: |- - Condition contains details for one aspect of the current state of this API Resource. - --- - This struct is intended for direct use as an array at the field path .status.conditions. For example, - - - type FooStatus struct{ - // Represents the observations of a foo's current state. - // Known .status.conditions.type are: "Available", "Progressing", and "Degraded" - // +patchMergeKey=type - // +patchStrategy=merge - // +listType=map - // +listMapKey=type - Conditions []metav1.Condition `json:"conditions,omitempty" patchStrategy:"merge" patchMergeKey:"type" protobuf:"bytes,1,rep,name=conditions"` - - - // other fields - } + description: Condition contains details for one aspect of the current state of this API Resource. properties: lastTransitionTime: description: |- @@ -380,12 +374,7 @@ spec: - Unknown type: string type: - description: |- - type of condition in CamelCase or in foo.example.com/CamelCase. - --- - Many .condition.type values are consistent across resources like Available, but because arbitrary conditions can be - useful (see .node.status.conditions), the ability to deconflict is important. - The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt) + description: type of condition in CamelCase or in foo.example.com/CamelCase. maxLength: 316 pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ type: string diff --git a/crds/datadoghq.com_datadogagents.yaml b/crds/datadoghq.com_datadogagents.yaml index b8a5b538c..cd982f6df 100644 --- a/crds/datadoghq.com_datadogagents.yaml +++ b/crds/datadoghq.com_datadogagents.yaml @@ -3,7 +3,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.14.0 + controller-gen.kubebuilder.io/version: v0.16.3 name: datadogagents.datadoghq.com spec: group: datadoghq.com @@ -65,6 +65,7 @@ spec: items: properties: name: + default: "" type: string type: object x-kubernetes-map-type: atomic @@ -89,6 +90,7 @@ spec: key: type: string name: + default: "" type: string optional: type: boolean @@ -127,6 +129,7 @@ spec: key: type: string name: + default: "" type: string optional: type: boolean @@ -149,6 +152,8 @@ spec: properties: name: type: string + request: + type: string required: - name type: object @@ -196,11 +201,13 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic required: - key - operator type: object type: array + x-kubernetes-list-type: atomic matchLabels: additionalProperties: type: string @@ -220,11 +227,13 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic required: - key - operator type: object type: array + x-kubernetes-list-type: atomic matchLabels: additionalProperties: type: string @@ -248,10 +257,20 @@ spec: type: string mutateUnlabelled: type: boolean + mutation: + properties: + enabled: + type: boolean + type: object registry: type: string serviceName: type: string + validation: + properties: + enabled: + type: boolean + type: object webhookName: type: string type: object @@ -772,6 +791,11 @@ spec: type: boolean type: object type: object + serviceDiscovery: + properties: + enabled: + type: boolean + type: object tcpQueueLength: properties: enabled: @@ -785,6 +809,8 @@ spec: type: object global: properties: + checksTagCardinality: + type: string clusterAgentToken: type: string clusterAgentTokenSecret: @@ -875,6 +901,7 @@ spec: key: type: string name: + default: "" type: string optional: type: boolean @@ -913,6 +940,7 @@ spec: key: type: string name: + default: "" type: string optional: type: boolean @@ -972,6 +1000,7 @@ spec: items: properties: name: + default: "" type: string type: object x-kubernetes-map-type: atomic @@ -994,6 +1023,8 @@ spec: properties: name: type: string + request: + type: string required: - name type: object @@ -1032,6 +1063,7 @@ spec: key: type: string name: + default: "" type: string optional: type: boolean @@ -1070,6 +1102,7 @@ spec: key: type: string name: + default: "" type: string optional: type: boolean @@ -1130,11 +1163,13 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic required: - key - operator type: object type: array + x-kubernetes-list-type: atomic matchLabels: additionalProperties: type: string @@ -1165,6 +1200,8 @@ spec: type: object registry: type: string + runProcessChecksInCoreAgent: + type: boolean secretBackend: properties: args: @@ -1183,6 +1220,9 @@ spec: type: string type: array x-kubernetes-list-type: set + required: + - namespace + - secrets type: object type: array x-kubernetes-list-type: atomic @@ -1221,11 +1261,13 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic required: - key - operator type: object type: array + x-kubernetes-list-type: atomic matchFields: items: properties: @@ -1237,11 +1279,13 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic required: - key - operator type: object type: array + x-kubernetes-list-type: atomic type: object x-kubernetes-map-type: atomic weight: @@ -1252,6 +1296,7 @@ spec: - weight type: object type: array + x-kubernetes-list-type: atomic requiredDuringSchedulingIgnoredDuringExecution: properties: nodeSelectorTerms: @@ -1268,11 +1313,13 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic required: - key - operator type: object type: array + x-kubernetes-list-type: atomic matchFields: items: properties: @@ -1284,14 +1331,17 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic required: - key - operator type: object type: array + x-kubernetes-list-type: atomic type: object x-kubernetes-map-type: atomic type: array + x-kubernetes-list-type: atomic required: - nodeSelectorTerms type: object @@ -1317,17 +1367,29 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic required: - key - operator type: object type: array + x-kubernetes-list-type: atomic matchLabels: additionalProperties: type: string type: object type: object x-kubernetes-map-type: atomic + matchLabelKeys: + items: + type: string + type: array + x-kubernetes-list-type: atomic + mismatchLabelKeys: + items: + type: string + type: array + x-kubernetes-list-type: atomic namespaceSelector: properties: matchExpressions: @@ -1341,11 +1403,13 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic required: - key - operator type: object type: array + x-kubernetes-list-type: atomic matchLabels: additionalProperties: type: string @@ -1356,6 +1420,7 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic topologyKey: type: string required: @@ -1369,6 +1434,7 @@ spec: - weight type: object type: array + x-kubernetes-list-type: atomic requiredDuringSchedulingIgnoredDuringExecution: items: properties: @@ -1385,17 +1451,29 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic required: - key - operator type: object type: array + x-kubernetes-list-type: atomic matchLabels: additionalProperties: type: string type: object type: object x-kubernetes-map-type: atomic + matchLabelKeys: + items: + type: string + type: array + x-kubernetes-list-type: atomic + mismatchLabelKeys: + items: + type: string + type: array + x-kubernetes-list-type: atomic namespaceSelector: properties: matchExpressions: @@ -1409,11 +1487,13 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic required: - key - operator type: object type: array + x-kubernetes-list-type: atomic matchLabels: additionalProperties: type: string @@ -1424,12 +1504,14 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic topologyKey: type: string required: - topologyKey type: object type: array + x-kubernetes-list-type: atomic type: object podAntiAffinity: properties: @@ -1451,17 +1533,29 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic required: - key - operator type: object type: array + x-kubernetes-list-type: atomic matchLabels: additionalProperties: type: string type: object type: object x-kubernetes-map-type: atomic + matchLabelKeys: + items: + type: string + type: array + x-kubernetes-list-type: atomic + mismatchLabelKeys: + items: + type: string + type: array + x-kubernetes-list-type: atomic namespaceSelector: properties: matchExpressions: @@ -1475,11 +1569,13 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic required: - key - operator type: object type: array + x-kubernetes-list-type: atomic matchLabels: additionalProperties: type: string @@ -1490,6 +1586,7 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic topologyKey: type: string required: @@ -1503,6 +1600,7 @@ spec: - weight type: object type: array + x-kubernetes-list-type: atomic requiredDuringSchedulingIgnoredDuringExecution: items: properties: @@ -1519,17 +1617,29 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic required: - key - operator type: object type: array + x-kubernetes-list-type: atomic matchLabels: additionalProperties: type: string type: object type: object x-kubernetes-map-type: atomic + matchLabelKeys: + items: + type: string + type: array + x-kubernetes-list-type: atomic + mismatchLabelKeys: + items: + type: string + type: array + x-kubernetes-list-type: atomic namespaceSelector: properties: matchExpressions: @@ -1543,11 +1653,13 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic required: - key - operator type: object type: array + x-kubernetes-list-type: atomic matchLabels: additionalProperties: type: string @@ -1558,12 +1670,14 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic topologyKey: type: string required: - topologyKey type: object type: array + x-kubernetes-list-type: atomic type: object type: object annotations: @@ -1599,6 +1713,7 @@ spec: key: type: string name: + default: "" type: string optional: type: boolean @@ -1637,6 +1752,7 @@ spec: key: type: string name: + default: "" type: string optional: type: boolean @@ -1663,6 +1779,7 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic type: object failureThreshold: format: int32 @@ -1673,6 +1790,7 @@ spec: format: int32 type: integer service: + default: "" type: string required: - port @@ -1693,6 +1811,7 @@ spec: - value type: object type: array + x-kubernetes-list-type: atomic path: type: string port: @@ -1745,6 +1864,7 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic type: object failureThreshold: format: int32 @@ -1755,6 +1875,7 @@ spec: format: int32 type: integer service: + default: "" type: string required: - port @@ -1775,6 +1896,7 @@ spec: - value type: object type: array + x-kubernetes-list-type: atomic path: type: string port: @@ -1822,6 +1944,8 @@ spec: properties: name: type: string + request: + type: string required: - name type: object @@ -1883,16 +2007,27 @@ spec: properties: allowPrivilegeEscalation: type: boolean + appArmorProfile: + properties: + localhostProfile: + type: string + type: + type: string + required: + - type + type: object capabilities: properties: add: items: type: string type: array + x-kubernetes-list-type: atomic drop: items: type: string type: array + x-kubernetes-list-type: atomic type: object privileged: type: boolean @@ -1940,6 +2075,87 @@ spec: type: string type: object type: object + startupProbe: + properties: + exec: + properties: + command: + items: + type: string + type: array + x-kubernetes-list-type: atomic + type: object + failureThreshold: + format: int32 + type: integer + grpc: + properties: + port: + format: int32 + type: integer + service: + default: "" + type: string + required: + - port + type: object + httpGet: + properties: + host: + type: string + httpHeaders: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + x-kubernetes-list-type: atomic + path: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + scheme: + type: string + required: + - port + type: object + initialDelaySeconds: + format: int32 + type: integer + periodSeconds: + format: int32 + type: integer + successThreshold: + format: int32 + type: integer + tcpSocket: + properties: + host: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + required: + - port + type: object + terminationGracePeriodSeconds: + format: int64 + type: integer + timeoutSeconds: + format: int32 + type: integer + type: object volumeMounts: items: properties: @@ -1951,6 +2167,8 @@ spec: type: string readOnly: type: boolean + recursiveReadOnly: + type: string subPath: type: string subPathExpr: @@ -1966,6 +2184,8 @@ spec: x-kubernetes-list-type: map type: object type: object + createPodDisruptionBudget: + type: boolean createRbac: type: boolean customConfigurations: @@ -2006,6 +2226,7 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic options: items: properties: @@ -2015,10 +2236,12 @@ spec: type: string type: object type: array + x-kubernetes-list-type: atomic searches: items: type: string type: array + x-kubernetes-list-type: atomic type: object dnsPolicy: type: string @@ -2036,6 +2259,7 @@ spec: key: type: string name: + default: "" type: string optional: type: boolean @@ -2074,6 +2298,7 @@ spec: key: type: string name: + default: "" type: string optional: type: boolean @@ -2095,6 +2320,7 @@ spec: configMapRef: properties: name: + default: "" type: string optional: type: boolean @@ -2105,6 +2331,7 @@ spec: secretRef: properties: name: + default: "" type: string optional: type: boolean @@ -2188,6 +2415,7 @@ spec: items: properties: name: + default: "" type: string type: object x-kubernetes-map-type: atomic @@ -2212,6 +2440,15 @@ spec: type: integer securityContext: properties: + appArmorProfile: + properties: + localhostProfile: + type: string + type: + type: string + required: + - type + type: object fsGroup: format: int64 type: integer @@ -2250,6 +2487,9 @@ spec: format: int64 type: integer type: array + x-kubernetes-list-type: atomic + supplementalGroupsPolicy: + type: string sysctls: items: properties: @@ -2262,6 +2502,7 @@ spec: - value type: object type: array + x-kubernetes-list-type: atomic windowsOptions: properties: gmsaCredentialSpec: @@ -2341,10 +2582,12 @@ spec: diskURI: type: string fsType: + default: ext4 type: string kind: type: string readOnly: + default: false type: boolean required: - diskName @@ -2368,6 +2611,7 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic path: type: string readOnly: @@ -2377,6 +2621,7 @@ spec: secretRef: properties: name: + default: "" type: string type: object x-kubernetes-map-type: atomic @@ -2394,6 +2639,7 @@ spec: secretRef: properties: name: + default: "" type: string type: object x-kubernetes-map-type: atomic @@ -2422,7 +2668,9 @@ spec: - path type: object type: array + x-kubernetes-list-type: atomic name: + default: "" type: string optional: type: boolean @@ -2437,6 +2685,7 @@ spec: nodePublishSecretRef: properties: name: + default: "" type: string type: object x-kubernetes-map-type: atomic @@ -2492,6 +2741,7 @@ spec: - path type: object type: array + x-kubernetes-list-type: atomic type: object emptyDir: properties: @@ -2516,6 +2766,7 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic dataSource: properties: apiGroup: @@ -2545,18 +2796,6 @@ spec: type: object resources: properties: - claims: - items: - properties: - name: - type: string - required: - - name - type: object - type: array - x-kubernetes-list-map-keys: - - name - x-kubernetes-list-type: map limits: additionalProperties: anyOf: @@ -2587,11 +2826,13 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic required: - key - operator type: object type: array + x-kubernetes-list-type: atomic matchLabels: additionalProperties: type: string @@ -2600,6 +2841,8 @@ spec: x-kubernetes-map-type: atomic storageClassName: type: string + volumeAttributesClassName: + type: string volumeMode: type: string volumeName: @@ -2622,10 +2865,12 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic wwids: items: type: string type: array + x-kubernetes-list-type: atomic type: object flexVolume: properties: @@ -2642,6 +2887,7 @@ spec: secretRef: properties: name: + default: "" type: string type: object x-kubernetes-map-type: atomic @@ -2701,6 +2947,13 @@ spec: required: - path type: object + image: + properties: + pullPolicy: + type: string + reference: + type: string + type: object iscsi: properties: chapAuthDiscovery: @@ -2714,6 +2967,7 @@ spec: iqn: type: string iscsiInterface: + default: default type: string lun: format: int32 @@ -2722,11 +2976,13 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic readOnly: type: boolean secretRef: properties: name: + default: "" type: string type: object x-kubernetes-map-type: atomic @@ -2788,6 +3044,45 @@ spec: sources: items: properties: + clusterTrustBundle: + properties: + labelSelector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + type: object + type: object + x-kubernetes-map-type: atomic + name: + type: string + optional: + type: boolean + path: + type: string + signerName: + type: string + required: + - path + type: object configMap: properties: items: @@ -2805,7 +3100,9 @@ spec: - path type: object type: array + x-kubernetes-list-type: atomic name: + default: "" type: string optional: type: boolean @@ -2851,6 +3148,7 @@ spec: - path type: object type: array + x-kubernetes-list-type: atomic type: object secret: properties: @@ -2869,7 +3167,9 @@ spec: - path type: object type: array + x-kubernetes-list-type: atomic name: + default: "" type: string optional: type: boolean @@ -2889,6 +3189,7 @@ spec: type: object type: object type: array + x-kubernetes-list-type: atomic type: object quobyte: properties: @@ -2915,22 +3216,27 @@ spec: image: type: string keyring: + default: /etc/ceph/keyring type: string monitors: items: type: string type: array + x-kubernetes-list-type: atomic pool: + default: rbd type: string readOnly: type: boolean secretRef: properties: name: + default: "" type: string type: object x-kubernetes-map-type: atomic user: + default: admin type: string required: - image @@ -2939,6 +3245,7 @@ spec: scaleIO: properties: fsType: + default: xfs type: string gateway: type: string @@ -2949,12 +3256,14 @@ spec: secretRef: properties: name: + default: "" type: string type: object x-kubernetes-map-type: atomic sslEnabled: type: boolean storageMode: + default: ThinProvisioned type: string storagePool: type: string @@ -2987,6 +3296,7 @@ spec: - path type: object type: array + x-kubernetes-list-type: atomic optional: type: boolean secretName: @@ -3001,6 +3311,7 @@ spec: secretRef: properties: name: + default: "" type: string type: object x-kubernetes-map-type: atomic @@ -3234,6 +3545,7 @@ spec: items: properties: name: + default: "" type: string type: object x-kubernetes-map-type: atomic @@ -3258,6 +3570,7 @@ spec: key: type: string name: + default: "" type: string optional: type: boolean @@ -3296,6 +3609,7 @@ spec: key: type: string name: + default: "" type: string optional: type: boolean @@ -3318,6 +3632,8 @@ spec: properties: name: type: string + request: + type: string required: - name type: object @@ -3365,11 +3681,13 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic required: - key - operator type: object type: array + x-kubernetes-list-type: atomic matchLabels: additionalProperties: type: string @@ -3389,11 +3707,13 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic required: - key - operator type: object type: array + x-kubernetes-list-type: atomic matchLabels: additionalProperties: type: string @@ -3417,10 +3737,20 @@ spec: type: string mutateUnlabelled: type: boolean + mutation: + properties: + enabled: + type: boolean + type: object registry: type: string serviceName: type: string + validation: + properties: + enabled: + type: boolean + type: object webhookName: type: string type: object @@ -3941,6 +4271,11 @@ spec: type: boolean type: object type: object + serviceDiscovery: + properties: + enabled: + type: boolean + type: object tcpQueueLength: properties: enabled: diff --git a/crds/datadoghq.com_datadogdashboards.yaml b/crds/datadoghq.com_datadogdashboards.yaml index 608dccf89..6c4f9252f 100644 --- a/crds/datadoghq.com_datadogdashboards.yaml +++ b/crds/datadoghq.com_datadogdashboards.yaml @@ -3,7 +3,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.14.0 + controller-gen.kubebuilder.io/version: v0.16.3 name: datadogdashboards.datadoghq.com spec: group: datadoghq.com @@ -153,24 +153,7 @@ spec: conditions: description: Conditions represents the latest available observations of the state of a DatadogDashboard. items: - description: |- - Condition contains details for one aspect of the current state of this API Resource. - --- - This struct is intended for direct use as an array at the field path .status.conditions. For example, - - - type FooStatus struct{ - // Represents the observations of a foo's current state. - // Known .status.conditions.type are: "Available", "Progressing", and "Degraded" - // +patchMergeKey=type - // +patchStrategy=merge - // +listType=map - // +listMapKey=type - Conditions []metav1.Condition `json:"conditions,omitempty" patchStrategy:"merge" patchMergeKey:"type" protobuf:"bytes,1,rep,name=conditions"` - - - // other fields - } + description: Condition contains details for one aspect of the current state of this API Resource. properties: lastTransitionTime: description: |- @@ -211,12 +194,7 @@ spec: - Unknown type: string type: - description: |- - type of condition in CamelCase or in foo.example.com/CamelCase. - --- - Many .condition.type values are consistent across resources like Available, but because arbitrary conditions can be - useful (see .node.status.conditions), the ability to deconflict is important. - The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt) + description: type of condition in CamelCase or in foo.example.com/CamelCase. maxLength: 316 pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ type: string diff --git a/crds/datadoghq.com_datadogmetrics.yaml b/crds/datadoghq.com_datadogmetrics.yaml index 7a886335f..2aec4afbd 100644 --- a/crds/datadoghq.com_datadogmetrics.yaml +++ b/crds/datadoghq.com_datadogmetrics.yaml @@ -3,7 +3,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.14.0 + controller-gen.kubebuilder.io/version: v0.16.3 name: datadogmetrics.datadoghq.com spec: group: datadoghq.com diff --git a/crds/datadoghq.com_datadogmonitors.yaml b/crds/datadoghq.com_datadogmonitors.yaml index 11c854954..dc58b1133 100644 --- a/crds/datadoghq.com_datadogmonitors.yaml +++ b/crds/datadoghq.com_datadogmonitors.yaml @@ -3,7 +3,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.14.0 + controller-gen.kubebuilder.io/version: v0.16.3 name: datadogmonitors.datadoghq.com spec: group: datadoghq.com diff --git a/crds/datadoghq.com_datadogpodautoscalers.yaml b/crds/datadoghq.com_datadogpodautoscalers.yaml index fc1a26779..148d84206 100644 --- a/crds/datadoghq.com_datadogpodautoscalers.yaml +++ b/crds/datadoghq.com_datadogpodautoscalers.yaml @@ -3,7 +3,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.14.0 + controller-gen.kubebuilder.io/version: v0.16.3 name: datadogpodautoscalers.datadoghq.com spec: group: datadoghq.com diff --git a/crds/datadoghq.com_datadogslos.yaml b/crds/datadoghq.com_datadogslos.yaml index 3098d729c..1033ce065 100644 --- a/crds/datadoghq.com_datadogslos.yaml +++ b/crds/datadoghq.com_datadogslos.yaml @@ -3,7 +3,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.14.0 + controller-gen.kubebuilder.io/version: v0.16.3 name: datadogslos.datadoghq.com spec: group: datadoghq.com @@ -137,24 +137,7 @@ spec: conditions: description: Conditions represents the latest available observations of the state of a DatadogSLO. items: - description: |- - Condition contains details for one aspect of the current state of this API Resource. - --- - This struct is intended for direct use as an array at the field path .status.conditions. For example, - - - type FooStatus struct{ - // Represents the observations of a foo's current state. - // Known .status.conditions.type are: "Available", "Progressing", and "Degraded" - // +patchMergeKey=type - // +patchStrategy=merge - // +listType=map - // +listMapKey=type - Conditions []metav1.Condition `json:"conditions,omitempty" patchStrategy:"merge" patchMergeKey:"type" protobuf:"bytes,1,rep,name=conditions"` - - - // other fields - } + description: Condition contains details for one aspect of the current state of this API Resource. properties: lastTransitionTime: description: |- @@ -195,12 +178,7 @@ spec: - Unknown type: string type: - description: |- - type of condition in CamelCase or in foo.example.com/CamelCase. - --- - Many .condition.type values are consistent across resources like Available, but because arbitrary conditions can be - useful (see .node.status.conditions), the ability to deconflict is important. - The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt) + description: type of condition in CamelCase or in foo.example.com/CamelCase. maxLength: 316 pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ type: string From 0909ae25e00e282f1c8d4aac721beadc31b3e3d8 Mon Sep 17 00:00:00 2001 From: Daniel Tafoya <63120739+daniel-taf@users.noreply.github.com> Date: Wed, 18 Dec 2024 17:39:59 -0500 Subject: [PATCH 189/209] [PROCS-4586] Enable process checks in the core agent by default (#1627) Co-authored-by: levan-m <116471169+levan-m@users.noreply.github.com> --- charts/datadog/CHANGELOG.md | 4 ++ charts/datadog/Chart.yaml | 2 +- charts/datadog/README.md | 4 +- charts/datadog/templates/_helpers.tpl | 4 +- charts/datadog/values.yaml | 4 +- test/datadog/process_agent_test.go | 80 +++++++++------------------ 6 files changed, 37 insertions(+), 61 deletions(-) diff --git a/charts/datadog/CHANGELOG.md b/charts/datadog/CHANGELOG.md index d9923af94..a950a35c5 100644 --- a/charts/datadog/CHANGELOG.md +++ b/charts/datadog/CHANGELOG.md @@ -1,5 +1,9 @@ # Datadog changelog +## 3.84.0 + +* Set the default value of `datadog.processAgent.runInCoreAgent` to `true`. + ## 3.83.1 * Add /sys/fs/bpf to system-probe volume mounts diff --git a/charts/datadog/Chart.yaml b/charts/datadog/Chart.yaml index 6add375c6..3130a881a 100644 --- a/charts/datadog/Chart.yaml +++ b/charts/datadog/Chart.yaml @@ -1,7 +1,7 @@ --- apiVersion: v1 name: datadog -version: 3.83.1 +version: 3.84.0 appVersion: "7" description: Datadog Agent keywords: diff --git a/charts/datadog/README.md b/charts/datadog/README.md index c4243577b..83a3d6d4e 100644 --- a/charts/datadog/README.md +++ b/charts/datadog/README.md @@ -1,6 +1,6 @@ # Datadog -![Version: 3.83.1](https://img.shields.io/badge/Version-3.83.1-informational?style=flat-square) ![AppVersion: 7](https://img.shields.io/badge/AppVersion-7-informational?style=flat-square) +![Version: 3.84.0](https://img.shields.io/badge/Version-3.84.0-informational?style=flat-square) ![AppVersion: 7](https://img.shields.io/badge/AppVersion-7-informational?style=flat-square) [Datadog](https://www.datadoghq.com/) is a hosted infrastructure monitoring platform. This chart adds the Datadog Agent to all nodes in your cluster via a DaemonSet. It also optionally depends on the [kube-state-metrics chart](https://github.com/prometheus-community/helm-charts/tree/main/charts/kube-state-metrics). For more information about monitoring Kubernetes with Datadog, please refer to the [Datadog documentation website](https://docs.datadoghq.com/agent/basic_agent_usage/kubernetes/). @@ -811,7 +811,7 @@ helm install \ | datadog.processAgent.enabled | bool | `true` | Set this to true to enable live process monitoring agent DEPRECATED. Set `datadog.processAgent.processCollection` or `datadog.processAgent.containerCollection` instead. # Note: /etc/passwd is automatically mounted when `processCollection`, `processDiscovery`, or `containerCollection` is enabled. # ref: https://docs.datadoghq.com/graphing/infrastructure/process/#kubernetes-daemonset | | datadog.processAgent.processCollection | bool | `false` | Set this to true to enable process collection | | datadog.processAgent.processDiscovery | bool | `true` | Enables or disables autodiscovery of integrations | -| datadog.processAgent.runInCoreAgent | bool | `false` | Set this to true to run the following features in the core agent: Live Processes, Live Containers, Process Discovery. # This requires Agent 7.57.0+ and Linux. | +| datadog.processAgent.runInCoreAgent | bool | `true` | Set this to true to run the following features in the core agent: Live Processes, Live Containers, Process Discovery. # This requires Agent 7.60.0+ and Linux. | | datadog.processAgent.stripProcessArguments | bool | `false` | Set this to scrub all arguments from collected processes # Requires datadog.processAgent.processCollection to be set to true to have any effect # ref: https://docs.datadoghq.com/infrastructure/process/?tab=linuxwindows#process-arguments-scrubbing | | datadog.profiling.enabled | string | `nil` | Enable Continuous Profiler by injecting `DD_PROFILING_ENABLED` environment variable with the same value to all pods in the cluster Valid values are: - false: Profiler is turned off and can not be turned on by other means. - null: Profiler is turned off, but can be turned on by other means. - auto: Profiler is turned off, but the library will turn it on if the application is a good candidate for profiling. - true: Profiler is turned on. | | datadog.prometheusScrape.additionalConfigs | list | `[]` | Allows adding advanced openmetrics check configurations with custom discovery rules. (Requires Agent version 7.27+) | diff --git a/charts/datadog/templates/_helpers.tpl b/charts/datadog/templates/_helpers.tpl index f069eed1f..596224db4 100644 --- a/charts/datadog/templates/_helpers.tpl +++ b/charts/datadog/templates/_helpers.tpl @@ -10,7 +10,7 @@ {{- $version = "6.55.1" -}} {{- end -}} {{- if and (eq $length 1) (or (eq $version "7") (eq $version "latest")) -}} -{{- $version = "7.58.1" -}} +{{- $version = "7.59.0" -}} {{- end -}} {{- $version -}} {{- end -}} @@ -1011,7 +1011,7 @@ Create RBACs for custom resources false {{- else if (ne (include "get-process-checks-in-core-agent-envvar" .) "") -}} {{- include "get-process-checks-in-core-agent-envvar" . -}} - {{- else if and (not .Values.agents.image.doNotCheckTag) .Values.datadog.processAgent.runInCoreAgent (semverCompare ">=7.57.0-0" (include "get-agent-version" .)) -}} + {{- else if and (not .Values.agents.image.doNotCheckTag) .Values.datadog.processAgent.runInCoreAgent (semverCompare ">=7.60.0-0" (include "get-agent-version" .)) -}} true {{- else -}} false diff --git a/charts/datadog/values.yaml b/charts/datadog/values.yaml index 50c0c7aa2..8de044eec 100644 --- a/charts/datadog/values.yaml +++ b/charts/datadog/values.yaml @@ -691,8 +691,8 @@ datadog: processDiscovery: true # datadog.processAgent.runInCoreAgent -- Set this to true to run the following features in the core agent: Live Processes, Live Containers, Process Discovery. - ## This requires Agent 7.57.0+ and Linux. - runInCoreAgent: false + ## This requires Agent 7.60.0+ and Linux. + runInCoreAgent: true # datadog.processAgent.containerCollection -- Set this to true to enable container collection ## ref: https://docs.datadoghq.com/infrastructure/containers/?tab=helm diff --git a/test/datadog/process_agent_test.go b/test/datadog/process_agent_test.go index 09c042e2b..10946f82d 100644 --- a/test/datadog/process_agent_test.go +++ b/test/datadog/process_agent_test.go @@ -29,21 +29,22 @@ func Test_processAgentConfigs(t *testing.T) { assertions func(t *testing.T, manifest string) }{ { - name: "default", + name: "checks in process agent -- linux", command: common.HelmCommand{ ReleaseName: "datadog", ChartPath: "../../charts/datadog", ShowOnly: []string{"templates/daemonset.yaml"}, Values: []string{"../../charts/datadog/values.yaml"}, Overrides: map[string]string{ - "datadog.apiKeyExistingSecret": "datadog-secret", - "datadog.appKeyExistingSecret": "datadog-secret", + "datadog.apiKeyExistingSecret": "datadog-secret", + "datadog.appKeyExistingSecret": "datadog-secret", + "datadog.processAgent.runInCoreAgent": "false", }, }, - assertions: verifyDaemonsetMinimal, + assertions: verifyDaemonsetProcessAgentChecks, }, { - name: "default windows", + name: "checks in process agent -- windows", command: common.HelmCommand{ ReleaseName: "datadog", ChartPath: "../../charts/datadog", @@ -55,10 +56,10 @@ func Test_processAgentConfigs(t *testing.T) { "targetSystem": "windows", }, }, - assertions: verifyDaemonsetMinimalWindows, + assertions: verifyDaemonsetWindowsProcessAgentChecks, }, { - name: "all checks off", + name: "no checks -- linux", command: common.HelmCommand{ ReleaseName: "datadog", ChartPath: "../../charts/datadog", @@ -71,6 +72,7 @@ func Test_processAgentConfigs(t *testing.T) { "datadog.processAgent.containerCollection": "false", "datadog.processAgent.processDiscovery": "false", "datadog.apm.instrumentation.language_detection.enabled": "false", + "datadog.processAgent.runInCoreAgent": "false", }, }, assertions: verifyChecksOff, @@ -90,45 +92,13 @@ func Test_processAgentConfigs(t *testing.T) { "datadog.processAgent.processDiscovery": "false", "datadog.apm.instrumentation.language_detection.enabled": "false", "datadog.networkMonitoring.enabled": "true", + "datadog.processAgent.runInCoreAgent": "false", }, }, assertions: verifyOnlyNetworkMonitoringEnabled, }, { - name: "enable process checks in core agent -- linux with default version", - command: common.HelmCommand{ - ReleaseName: "datadog", - ChartPath: "../../charts/datadog", - ShowOnly: []string{"templates/daemonset.yaml"}, - Values: []string{"../../charts/datadog/values.yaml"}, - Overrides: map[string]string{ - "datadog.apiKeyExistingSecret": "datadog-secret", - "datadog.appKeyExistingSecret": "datadog-secret", - "datadog.processAgent.runInCoreAgent": "true", - "datadog.processAgent.processCollection": "true", - }, - }, - assertions: verifyLinuxRunInCoreAgent, - }, - { - name: "enable process checks in core agent -- linux with latest version", - command: common.HelmCommand{ - ReleaseName: "datadog", - ChartPath: "../../charts/datadog", - ShowOnly: []string{"templates/daemonset.yaml"}, - Values: []string{"../../charts/datadog/values.yaml"}, - Overrides: map[string]string{ - "datadog.apiKeyExistingSecret": "datadog-secret", - "datadog.appKeyExistingSecret": "datadog-secret", - "datadog.processAgent.runInCoreAgent": "true", - "datadog.processAgent.processCollection": "true", - "agents.image.tag": "latest", - }, - }, - assertions: verifyLinuxRunInCoreAgent, - }, - { - name: "enable process checks in core agent -- linux with version 7", + name: "enable process checks in core agent -- linux", command: common.HelmCommand{ ReleaseName: "datadog", ChartPath: "../../charts/datadog", @@ -139,7 +109,7 @@ func Test_processAgentConfigs(t *testing.T) { "datadog.appKeyExistingSecret": "datadog-secret", "datadog.processAgent.runInCoreAgent": "true", "datadog.processAgent.processCollection": "true", - "agents.image.tag": "7", + "agents.image.tag": "7.60.0", }, }, assertions: verifyLinuxRunInCoreAgent, @@ -156,9 +126,10 @@ func Test_processAgentConfigs(t *testing.T) { "datadog.appKeyExistingSecret": "datadog-secret", "targetSystem": "windows", "datadog.processAgent.runInCoreAgent": "true", + "agents.image.tag": "7.60.0", }, }, - assertions: verifyDaemonsetMinimalWindows, + assertions: verifyDaemonsetWindowsProcessAgentChecks, }, { name: "orchestrator enabled - latest version", @@ -175,6 +146,7 @@ func Test_processAgentConfigs(t *testing.T) { "datadog.processAgent.processDiscovery": "false", "datadog.apm.instrumentation.language_detection.enabled": "false", "datadog.orchestratorExplorer.enabled": "true", + "datadog.processAgent.runInCoreAgent": "false", }, }, assertions: verifyOrchestratorEnabledLatest, @@ -207,10 +179,10 @@ func Test_processAgentConfigs(t *testing.T) { ShowOnly: []string{"templates/daemonset.yaml"}, Values: []string{"../../charts/datadog/values.yaml"}, Overrides: map[string]string{ - "datadog.apiKeyExistingSecret": "datadog-secret", - "datadog.appKeyExistingSecret": "datadog-secret", - "datadog.processAgent.runInCoreAgent": "true", - "agents.image.tag": "7.52.0", + "datadog.apiKeyExistingSecret": "datadog-secret", + "datadog.appKeyExistingSecret": "datadog-secret", + "datadog.processAgent.runInCoreAgent": "true", + "agents.image.tag": "7.52.0", }, }, assertions: verifyLinuxRunInCoreAgentOld, @@ -223,10 +195,10 @@ func Test_processAgentConfigs(t *testing.T) { ShowOnly: []string{"templates/daemonset.yaml"}, Values: []string{"../../charts/datadog/values.yaml"}, Overrides: map[string]string{ - "datadog.apiKeyExistingSecret": "datadog-secret", - "datadog.appKeyExistingSecret": "datadog-secret", - "datadog.processAgent.runInCoreAgent": "true", - "agents.image.doNotCheckTag": "true", + "datadog.apiKeyExistingSecret": "datadog-secret", + "datadog.appKeyExistingSecret": "datadog-secret", + "datadog.processAgent.runInCoreAgent": "true", + "agents.image.doNotCheckTag": "true", }, }, assertions: verifyLinuxRunInCoreAgentOld, @@ -279,7 +251,7 @@ func Test_processAgentConfigs(t *testing.T) { "datadog.appKeyExistingSecret": "datadog-secret", "datadog.processAgent.runInCoreAgent": "true", "datadog.processAgent.processCollection": "true", - "agents.image.tag": "7.57", + "agents.image.tag": "7.60.0", "datadog.apm.instrumentation.language_detection.enabled": "true", "datadog.apm.instrumentation.enabled": "true", }, @@ -297,7 +269,7 @@ func Test_processAgentConfigs(t *testing.T) { } } -func verifyDaemonsetMinimal(t *testing.T, manifest string) { +func verifyDaemonsetProcessAgentChecks(t *testing.T, manifest string) { var deployment appsv1.DaemonSet common.Unmarshal(t, manifest, &deployment) coreAgentContainer, ok := getContainer(t, deployment.Spec.Template.Spec.Containers, "agent") @@ -315,7 +287,7 @@ func verifyDaemonsetMinimal(t *testing.T, manifest string) { assert.True(t, getPasswdMount(t, processAgentContainer.VolumeMounts)) } -func verifyDaemonsetMinimalWindows(t *testing.T, manifest string) { +func verifyDaemonsetWindowsProcessAgentChecks(t *testing.T, manifest string) { var deployment appsv1.DaemonSet common.Unmarshal(t, manifest, &deployment) coreAgentContainer, ok := getContainer(t, deployment.Spec.Template.Spec.Containers, "agent") From 9f509a263a48ddfffc323928b33037c490b19bdc Mon Sep 17 00:00:00 2001 From: Rafael Melo de Oliveira Date: Thu, 19 Dec 2024 16:30:21 +0100 Subject: [PATCH 190/209] [release]: Synthetics Private Location 1.54.0 (#1646) --- charts/synthetics-private-location/CHANGELOG.md | 4 ++++ charts/synthetics-private-location/Chart.yaml | 4 ++-- charts/synthetics-private-location/README.md | 4 ++-- charts/synthetics-private-location/values.yaml | 2 +- 4 files changed, 9 insertions(+), 5 deletions(-) diff --git a/charts/synthetics-private-location/CHANGELOG.md b/charts/synthetics-private-location/CHANGELOG.md index a8bc6cf18..c63b178cd 100644 --- a/charts/synthetics-private-location/CHANGELOG.md +++ b/charts/synthetics-private-location/CHANGELOG.md @@ -1,5 +1,9 @@ # Datadog changelog +## 0.17.5 + +* Update private location image version to `1.54.0`. + ## 0.17.4 * Update private location image version to `1.53.0`. diff --git a/charts/synthetics-private-location/Chart.yaml b/charts/synthetics-private-location/Chart.yaml index 1effbb319..bea5e9485 100644 --- a/charts/synthetics-private-location/Chart.yaml +++ b/charts/synthetics-private-location/Chart.yaml @@ -1,7 +1,7 @@ apiVersion: v2 name: synthetics-private-location -version: 0.17.4 -appVersion: 1.53.0 +version: 0.17.5 +appVersion: 1.54.0 description: Datadog Synthetics Private Location keywords: - monitoring diff --git a/charts/synthetics-private-location/README.md b/charts/synthetics-private-location/README.md index 7ea53f254..1396ee637 100644 --- a/charts/synthetics-private-location/README.md +++ b/charts/synthetics-private-location/README.md @@ -1,6 +1,6 @@ # Datadog Synthetics Private Location -![Version: 0.17.4](https://img.shields.io/badge/Version-0.17.4-informational?style=flat-square) ![AppVersion: 1.53.0](https://img.shields.io/badge/AppVersion-1.53.0-informational?style=flat-square) +![Version: 0.17.5](https://img.shields.io/badge/Version-0.17.4-informational?style=flat-square) ![AppVersion: 1.54.0](https://img.shields.io/badge/AppVersion-1.54.0-informational?style=flat-square) [Datadog](https://www.datadoghq.com/) is a hosted infrastructure monitoring platform. This chart adds a Datadog Synthetics Private Location Deployment. For more information about synthetics monitoring with Datadog, please refer to the [Datadog documentation website](https://docs.datadoghq.com/synthetics/private_locations/?tab=helmchart). @@ -41,7 +41,7 @@ helm install datadog/synthetics-private-location --set-file confi | hostAliases | list | `[]` | Add entries to Datadog Synthetics Private Location PODs' /etc/hosts | | image.pullPolicy | string | `"IfNotPresent"` | Define the pullPolicy for Datadog Synthetics Private Location image | | image.repository | string | `"gcr.io/datadoghq/synthetics-private-location-worker"` | Repository to use for Datadog Synthetics Private Location image | -| image.tag | string | `"1.53.0"` | Define the Datadog Synthetics Private Location version to use | +| image.tag | string | `"1.54.0"` | Define the Datadog Synthetics Private Location version to use | | imagePullSecrets | list | `[]` | Datadog Synthetics Private Location repository pullSecret (ex: specify docker registry credentials) | | nameOverride | string | `""` | Override name of app | | nodeSelector | object | `{}` | Allows to schedule Datadog Synthetics Private Location on specific nodes | diff --git a/charts/synthetics-private-location/values.yaml b/charts/synthetics-private-location/values.yaml index e1bb1e48c..fa6a5c5df 100644 --- a/charts/synthetics-private-location/values.yaml +++ b/charts/synthetics-private-location/values.yaml @@ -15,7 +15,7 @@ image: # image.pullPolicy -- Define the pullPolicy for Datadog Synthetics Private Location image pullPolicy: IfNotPresent # image.tag -- Define the Datadog Synthetics Private Location version to use - tag: 1.53.0 + tag: 1.54.0 # dnsPolicy -- DNS Policy to set to the Datadog Synthetics Private Location PODs dnsPolicy: ClusterFirst From 43b876a1de1cd7b84b72caa9f821cc22f555e9a8 Mon Sep 17 00:00:00 2001 From: Lout Philipps Date: Thu, 19 Dec 2024 16:35:27 +0100 Subject: [PATCH 191/209] Update README.md (#1647) --- charts/synthetics-private-location/README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/charts/synthetics-private-location/README.md b/charts/synthetics-private-location/README.md index 1396ee637..7826f5972 100644 --- a/charts/synthetics-private-location/README.md +++ b/charts/synthetics-private-location/README.md @@ -1,6 +1,6 @@ # Datadog Synthetics Private Location -![Version: 0.17.5](https://img.shields.io/badge/Version-0.17.4-informational?style=flat-square) ![AppVersion: 1.54.0](https://img.shields.io/badge/AppVersion-1.54.0-informational?style=flat-square) +![Version: 0.17.5](https://img.shields.io/badge/Version-0.17.5-informational?style=flat-square) ![AppVersion: 1.54.0](https://img.shields.io/badge/AppVersion-1.54.0-informational?style=flat-square) [Datadog](https://www.datadoghq.com/) is a hosted infrastructure monitoring platform. This chart adds a Datadog Synthetics Private Location Deployment. For more information about synthetics monitoring with Datadog, please refer to the [Datadog documentation website](https://docs.datadoghq.com/synthetics/private_locations/?tab=helmchart). From 2c10d22acc48a5f5f36dac9c3efa03ebb644dbe8 Mon Sep 17 00:00:00 2001 From: aquiladayc <56868556+aquiladayc@users.noreply.github.com> Date: Fri, 20 Dec 2024 03:06:11 +0900 Subject: [PATCH 192/209] Remove deployments.apps example for resources tag option (#1615) * Remove deployments.apps example for resources tag option * Update README * update readme --- charts/datadog/CHANGELOG.md | 4 ++++ charts/datadog/Chart.yaml | 2 +- charts/datadog/README.md | 2 +- charts/datadog/values.yaml | 4 ---- 4 files changed, 6 insertions(+), 6 deletions(-) diff --git a/charts/datadog/CHANGELOG.md b/charts/datadog/CHANGELOG.md index a950a35c5..7db2d99fa 100644 --- a/charts/datadog/CHANGELOG.md +++ b/charts/datadog/CHANGELOG.md @@ -1,5 +1,9 @@ # Datadog changelog +## 3.84.1 + +* Remove deployments.apps example of `datadog.kubernetesResourcesLabelsAsTags` and `datadog.kubernetesResourcesAnnotationsAsTags` since it's not implemented yet + ## 3.84.0 * Set the default value of `datadog.processAgent.runInCoreAgent` to `true`. diff --git a/charts/datadog/Chart.yaml b/charts/datadog/Chart.yaml index 3130a881a..a4357b730 100644 --- a/charts/datadog/Chart.yaml +++ b/charts/datadog/Chart.yaml @@ -1,7 +1,7 @@ --- apiVersion: v1 name: datadog -version: 3.84.0 +version: 3.84.1 appVersion: "7" description: Datadog Agent keywords: diff --git a/charts/datadog/README.md b/charts/datadog/README.md index 83a3d6d4e..cad18efbf 100644 --- a/charts/datadog/README.md +++ b/charts/datadog/README.md @@ -1,6 +1,6 @@ # Datadog -![Version: 3.84.0](https://img.shields.io/badge/Version-3.84.0-informational?style=flat-square) ![AppVersion: 7](https://img.shields.io/badge/AppVersion-7-informational?style=flat-square) +![Version: 3.84.1](https://img.shields.io/badge/Version-3.84.1-informational?style=flat-square) ![AppVersion: 7](https://img.shields.io/badge/AppVersion-7-informational?style=flat-square) [Datadog](https://www.datadoghq.com/) is a hosted infrastructure monitoring platform. This chart adds the Datadog Agent to all nodes in your cluster via a DaemonSet. It also optionally depends on the [kube-state-metrics chart](https://github.com/prometheus-community/helm-charts/tree/main/charts/kube-state-metrics). For more information about monitoring Kubernetes with Datadog, please refer to the [Datadog documentation website](https://docs.datadoghq.com/agent/basic_agent_usage/kubernetes/). diff --git a/charts/datadog/values.yaml b/charts/datadog/values.yaml index 8de044eec..a3b72aa89 100644 --- a/charts/datadog/values.yaml +++ b/charts/datadog/values.yaml @@ -257,8 +257,6 @@ datadog: # datadog.kubernetesResourcesLabelsAsTags -- Provide a mapping of Kubernetes Resources Labels to Datadog Tags kubernetesResourcesLabelsAsTags: {} - # deployments.apps: - # x-team: team-from-label # pods: # x-ref: reference # namespaces: @@ -268,8 +266,6 @@ datadog: # datadog.kubernetesResourcesAnnotationsAsTags -- Provide a mapping of Kubernetes Resources Annotations to Datadog Tags kubernetesResourcesAnnotationsAsTags: {} - # deployments.apps: - # x-team: team-from-annotation # pods: # x-ann: annotation-reference # namespaces: From 9ac1574321787b917eecc8a5e1e12ef013fc26e2 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Timoth=C3=A9e=20Bavelier?= <97530782+tbavelier@users.noreply.github.com> Date: Fri, 20 Dec 2024 13:54:11 +0100 Subject: [PATCH 193/209] [datadog-operator] Update operator version to 1.11.1 (#1641) * before running baseline tests * baseline test * 1.11.1 --- charts/datadog-operator/CHANGELOG.md | 4 + charts/datadog-operator/Chart.lock | 6 +- charts/datadog-operator/Chart.yaml | 6 +- charts/datadog-operator/README.md | 4 +- .../datadog-operator/templates/_helpers.tpl | 2 +- .../templates/clusterrole.yaml | 427 +----------------- charts/datadog-operator/values.yaml | 2 +- .../baseline/DatadogAgent_CRD_default.yaml | 363 ++++++++++++++- .../baseline/Operator_Deployment_default.yaml | 6 +- .../operator_deployment_test.go | 2 +- 10 files changed, 391 insertions(+), 431 deletions(-) diff --git a/charts/datadog-operator/CHANGELOG.md b/charts/datadog-operator/CHANGELOG.md index c0e157a71..f906c0f5f 100644 --- a/charts/datadog-operator/CHANGELOG.md +++ b/charts/datadog-operator/CHANGELOG.md @@ -1,5 +1,9 @@ # Changelog +## 2.5.0 + +* Update Datadog Operator version to 1.11.1. + ## 2.4.0 * Add configuration to grant the necessary RBAC to the operator for the CWS Instrumentation Admission Controller feature in the Cluster-Agent. diff --git a/charts/datadog-operator/Chart.lock b/charts/datadog-operator/Chart.lock index 41fd2ccbd..e5aa3049e 100644 --- a/charts/datadog-operator/Chart.lock +++ b/charts/datadog-operator/Chart.lock @@ -1,6 +1,6 @@ dependencies: - name: datadog-crds repository: https://helm.datadoghq.com - version: 2.2.0 -digest: sha256:42b9b7296f565f17f11adea26fa8cb003c0f01551a84793873a3ae6c73efedc2 -generated: "2024-11-08T14:03:54.721912-05:00" + version: 2.3.0 +digest: sha256:67db7e15aa50bde3e2e62273b71402d2e4302c71f13201c3646ee5865e236106 +generated: "2024-12-18T14:19:32.327237+01:00" diff --git a/charts/datadog-operator/Chart.yaml b/charts/datadog-operator/Chart.yaml index 1c88e1898..775805d90 100644 --- a/charts/datadog-operator/Chart.yaml +++ b/charts/datadog-operator/Chart.yaml @@ -1,7 +1,7 @@ apiVersion: v2 name: datadog-operator -version: 2.4.0 -appVersion: 1.10.0 +version: 2.5.0 +appVersion: 1.11.1 description: Datadog Operator keywords: - monitoring @@ -17,7 +17,7 @@ maintainers: email: support@datadoghq.com dependencies: - name: datadog-crds - version: "=2.2.0" + version: "=2.3.0" alias: datadogCRDs repository: https://helm.datadoghq.com condition: installCRDs diff --git a/charts/datadog-operator/README.md b/charts/datadog-operator/README.md index 91a76093e..3ceba5808 100644 --- a/charts/datadog-operator/README.md +++ b/charts/datadog-operator/README.md @@ -1,6 +1,6 @@ # Datadog Operator -![Version: 2.4.0](https://img.shields.io/badge/Version-2.4.0-informational?style=flat-square) ![AppVersion: 1.10.0](https://img.shields.io/badge/AppVersion-1.10.0-informational?style=flat-square) +![Version: 2.5.0](https://img.shields.io/badge/Version-2.5.0-informational?style=flat-square) ![AppVersion: 1.11.1](https://img.shields.io/badge/AppVersion-1.11.1-informational?style=flat-square) ## Values @@ -33,7 +33,7 @@ | image.doNotCheckTag | bool | `false` | Permit skipping operator image tag compatibility with the chart. | | image.pullPolicy | string | `"IfNotPresent"` | Define the pullPolicy for Datadog Operator image | | image.repository | string | `"gcr.io/datadoghq/operator"` | Repository to use for Datadog Operator image | -| image.tag | string | `"1.10.0"` | Define the Datadog Operator version to use | +| image.tag | string | `"1.11.1"` | Define the Datadog Operator version to use | | imagePullSecrets | list | `[]` | Datadog Operator repository pullSecret (ex: specify docker registry credentials) | | installCRDs | bool | `true` | Set to true to deploy the Datadog's CRDs | | introspection.enabled | bool | `false` | If true, enables introspection feature (beta). Requires v1.4.0+ | diff --git a/charts/datadog-operator/templates/_helpers.tpl b/charts/datadog-operator/templates/_helpers.tpl index afc48dc57..50dc92353 100644 --- a/charts/datadog-operator/templates/_helpers.tpl +++ b/charts/datadog-operator/templates/_helpers.tpl @@ -85,6 +85,6 @@ Check operator image tag version. {{- if not .Values.image.doNotCheckTag -}} {{- .Values.image.tag -}} {{- else -}} -{{ "1.10.0" }} +{{ "1.11.1" }} {{- end -}} {{- end -}} diff --git a/charts/datadog-operator/templates/clusterrole.yaml b/charts/datadog-operator/templates/clusterrole.yaml index 1b7f4b2c4..79c245eb6 100644 --- a/charts/datadog-operator/templates/clusterrole.yaml +++ b/charts/datadog-operator/templates/clusterrole.yaml @@ -8,9 +8,6 @@ metadata: rules: - nonResourceURLs: - /metrics - verbs: - - get -- nonResourceURLs: - /metrics/slis verbs: - get @@ -18,26 +15,8 @@ rules: - "" resources: - componentstatuses - verbs: - - get - - list - - watch -- apiGroups: - - "" - resources: - - configmaps - verbs: - - create - - delete - - get - - list - - patch - - update - - watch -- apiGroups: - - "" - resources: - deployments + - namespaces verbs: - get - list @@ -45,19 +24,13 @@ rules: - apiGroups: - "" resources: + - configmaps - endpoints - verbs: - - create - - delete - - get - - list - - patch - - update - - watch -- apiGroups: - - "" - resources: - events + - pods + - secrets + - serviceaccounts + - services verbs: - create - delete @@ -70,17 +43,13 @@ rules: - "" resources: - limitranges + - persistentvolumeclaims + - persistentvolumes + - replicationcontrollers + - resourcequotas verbs: - list - watch -- apiGroups: - - "" - resources: - - namespaces - verbs: - - get - - list - - watch - apiGroups: - "" resources: @@ -93,102 +62,11 @@ rules: - "" resources: - nodes/metrics - verbs: - - get -- apiGroups: - - "" - resources: - nodes/proxy - verbs: - - get -- apiGroups: - - "" - resources: - nodes/spec - verbs: - - get -- apiGroups: - - "" - resources: - nodes/stats verbs: - get -- apiGroups: - - "" - resources: - - persistentvolumeclaims - verbs: - - list - - watch -- apiGroups: - - "" - resources: - - persistentvolumes - verbs: - - list - - watch -- apiGroups: - - "" - resources: - - pods - verbs: - - create - - delete - - get - - list - - patch - - update - - watch -- apiGroups: - - "" - resources: - - replicationcontrollers - verbs: - - list - - watch -- apiGroups: - - "" - resources: - - resourcequotas - verbs: - - list - - watch -- apiGroups: - - "" - resources: - - secrets - verbs: - - create - - delete - - get - - list - - patch - - update - - watch -- apiGroups: - - "" - resources: - - serviceaccounts - verbs: - - create - - delete - - get - - list - - patch - - update - - watch -- apiGroups: - - "" - resources: - - services - verbs: - - create - - delete - - get - - list - - patch - - update - - watch - apiGroups: - '*' resources: @@ -205,6 +83,7 @@ rules: - '*' - apiGroups: - apiextensions.k8s.io + - extensions resources: - customresourcedefinitions verbs: @@ -222,17 +101,6 @@ rules: - apps resources: - daemonsets - verbs: - - create - - delete - - get - - list - - patch - - update - - watch -- apiGroups: - - apps - resources: - deployments verbs: - create @@ -246,6 +114,7 @@ rules: - apps resources: - replicasets + - statefulsets verbs: - get - list @@ -257,14 +126,6 @@ rules: verbs: - list - watch -- apiGroups: - - apps - resources: - - statefulsets - verbs: - - get - - list - - watch - apiGroups: - apps - extensions @@ -285,48 +146,18 @@ rules: - apiGroups: - authorization.k8s.io resources: - - clusterrolebindings + - subjectaccessreviews verbs: - create - - delete - get - - list - - patch - - update - - watch - apiGroups: - authorization.k8s.io + - rbac.authorization.k8s.io + - roles.rbac.authorization.k8s.io resources: + - clusterrolebindings - clusterroles - verbs: - - create - - delete - - get - - list - - patch - - update - - watch -- apiGroups: - - authorization.k8s.io - resources: - - pods/exec - verbs: - - create -- apiGroups: - - authorization.k8s.io - resources: - rolebindings - verbs: - - create - - delete - - get - - list - - patch - - update - - watch -- apiGroups: - - authorization.k8s.io - resources: - roles verbs: - create @@ -336,13 +167,6 @@ rules: - patch - update - watch -- apiGroups: - - authorization.k8s.io - resources: - - subjectaccessreviews - verbs: - - create - - get - apiGroups: - autoscaling resources: @@ -361,13 +185,6 @@ rules: - batch resources: - cronjobs - verbs: - - get - - list - - watch -- apiGroups: - - batch - resources: - jobs verbs: - get @@ -408,18 +225,12 @@ rules: - datadoghq.com resources: - datadogagents - verbs: - - create - - delete - - get - - list - - patch - - update - - watch -- apiGroups: - - datadoghq.com - resources: - datadogagents/finalizers + - datadogmonitors + - datadogmonitors/finalizers + - datadogslos + - datadogslos/finalizers + - extendeddaemonsets verbs: - create - delete @@ -432,19 +243,12 @@ rules: - datadoghq.com resources: - datadogagents/status + - datadogmonitors/status + - datadogslos/status verbs: - get - patch - update -- apiGroups: - - datadoghq.com - resources: - - datadogmetrics - verbs: - - create - - delete - - list - - watch - apiGroups: - datadoghq.com resources: @@ -454,97 +258,25 @@ rules: - apiGroups: - datadoghq.com resources: - - datadogmonitors - verbs: - - create - - delete - - get - - list - - patch - - update - - watch -- apiGroups: - - datadoghq.com - resources: - - datadogmonitors/finalizers + - datadogmetrics verbs: - create - delete - - get - list - - patch - - update - watch -- apiGroups: - - datadoghq.com - resources: - - datadogmonitors/status - verbs: - - get - - patch - - update - apiGroups: - datadoghq.com resources: - datadogpodautoscalers - verbs: - - '*' -- apiGroups: - - datadoghq.com - resources: - datadogpodautoscalers/status verbs: - '*' -- apiGroups: - - datadoghq.com - resources: - - datadogslos - verbs: - - create - - delete - - get - - list - - patch - - update - - watch -- apiGroups: - - datadoghq.com - resources: - - datadogslos/finalizers - verbs: - - create - - delete - - get - - list - - patch - - update - - watch -- apiGroups: - - datadoghq.com - resources: - - datadogslos/status - verbs: - - get - - patch - - update - apiGroups: - datadoghq.com resources: - extendeddaemonsetreplicasets verbs: - get -- apiGroups: - - datadoghq.com - resources: - - extendeddaemonsets - verbs: - - create - - delete - - get - - list - - patch - - update - - watch - apiGroups: - datadoghq.com resources: @@ -553,13 +285,6 @@ rules: - get - list - watch -- apiGroups: - - extensions - resources: - - customresourcedefinitions - verbs: - - list - - watch - apiGroups: - external.metrics.k8s.io resources: @@ -599,14 +324,6 @@ rules: - patch - update - watch -- apiGroups: - - policy - resources: - - podsecuritypolicies - verbs: - - get - - list - - watch - apiGroups: - quota.openshift.io resources: @@ -614,102 +331,6 @@ rules: verbs: - get - list -- apiGroups: - - rbac.authorization.k8s.io - resources: - - clusterrolebindings - verbs: - - create - - delete - - get - - list - - patch - - update - - watch -- apiGroups: - - rbac.authorization.k8s.io - resources: - - clusterroles - verbs: - - create - - delete - - get - - list - - patch - - update - - watch -- apiGroups: - - rbac.authorization.k8s.io - resources: - - rolebindings - verbs: - - create - - delete - - get - - list - - patch - - update - - watch -- apiGroups: - - rbac.authorization.k8s.io - resources: - - roles - verbs: - - create - - delete - - get - - list - - patch - - update - - watch -- apiGroups: - - roles.rbac.authorization.k8s.io - resources: - - clusterrolebindings - verbs: - - create - - delete - - get - - list - - patch - - update - - watch -- apiGroups: - - roles.rbac.authorization.k8s.io - resources: - - clusterroles - verbs: - - create - - delete - - get - - list - - patch - - update - - watch -- apiGroups: - - roles.rbac.authorization.k8s.io - resources: - - rolebindings - verbs: - - create - - delete - - get - - list - - patch - - update - - watch -- apiGroups: - - roles.rbac.authorization.k8s.io - resources: - - roles - verbs: - - create - - delete - - get - - list - - patch - - update - - watch - apiGroups: - security.openshift.io resourceNames: diff --git a/charts/datadog-operator/values.yaml b/charts/datadog-operator/values.yaml index 31f8ecd9c..9881b8687 100644 --- a/charts/datadog-operator/values.yaml +++ b/charts/datadog-operator/values.yaml @@ -47,7 +47,7 @@ image: # image.repository -- Repository to use for Datadog Operator image repository: gcr.io/datadoghq/operator # image.tag -- Define the Datadog Operator version to use - tag: 1.10.0 + tag: 1.11.1 # image.pullPolicy -- Define the pullPolicy for Datadog Operator image pullPolicy: IfNotPresent # image.doNotCheckTag -- Permit skipping operator image tag compatibility with the chart. diff --git a/test/datadog-operator/baseline/DatadogAgent_CRD_default.yaml b/test/datadog-operator/baseline/DatadogAgent_CRD_default.yaml index 2b46bb5d6..0a364f99e 100644 --- a/test/datadog-operator/baseline/DatadogAgent_CRD_default.yaml +++ b/test/datadog-operator/baseline/DatadogAgent_CRD_default.yaml @@ -4,10 +4,10 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.14.0 + controller-gen.kubebuilder.io/version: v0.16.3 name: datadogagents.datadoghq.com labels: - helm.sh/chart: 'datadogCRDs-2.2.0' + helm.sh/chart: 'datadogCRDs-2.3.0' app.kubernetes.io/managed-by: 'Helm' app.kubernetes.io/name: 'datadogCRDs' app.kubernetes.io/instance: 'datadog-operator' @@ -71,6 +71,7 @@ spec: items: properties: name: + default: "" type: string type: object x-kubernetes-map-type: atomic @@ -95,6 +96,7 @@ spec: key: type: string name: + default: "" type: string optional: type: boolean @@ -133,6 +135,7 @@ spec: key: type: string name: + default: "" type: string optional: type: boolean @@ -155,6 +158,8 @@ spec: properties: name: type: string + request: + type: string required: - name type: object @@ -202,11 +207,13 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic required: - key - operator type: object type: array + x-kubernetes-list-type: atomic matchLabels: additionalProperties: type: string @@ -226,11 +233,13 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic required: - key - operator type: object type: array + x-kubernetes-list-type: atomic matchLabels: additionalProperties: type: string @@ -254,10 +263,20 @@ spec: type: string mutateUnlabelled: type: boolean + mutation: + properties: + enabled: + type: boolean + type: object registry: type: string serviceName: type: string + validation: + properties: + enabled: + type: boolean + type: object webhookName: type: string type: object @@ -778,6 +797,11 @@ spec: type: boolean type: object type: object + serviceDiscovery: + properties: + enabled: + type: boolean + type: object tcpQueueLength: properties: enabled: @@ -791,6 +815,8 @@ spec: type: object global: properties: + checksTagCardinality: + type: string clusterAgentToken: type: string clusterAgentTokenSecret: @@ -881,6 +907,7 @@ spec: key: type: string name: + default: "" type: string optional: type: boolean @@ -919,6 +946,7 @@ spec: key: type: string name: + default: "" type: string optional: type: boolean @@ -978,6 +1006,7 @@ spec: items: properties: name: + default: "" type: string type: object x-kubernetes-map-type: atomic @@ -1000,6 +1029,8 @@ spec: properties: name: type: string + request: + type: string required: - name type: object @@ -1038,6 +1069,7 @@ spec: key: type: string name: + default: "" type: string optional: type: boolean @@ -1076,6 +1108,7 @@ spec: key: type: string name: + default: "" type: string optional: type: boolean @@ -1136,11 +1169,13 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic required: - key - operator type: object type: array + x-kubernetes-list-type: atomic matchLabels: additionalProperties: type: string @@ -1171,6 +1206,8 @@ spec: type: object registry: type: string + runProcessChecksInCoreAgent: + type: boolean secretBackend: properties: args: @@ -1189,6 +1226,9 @@ spec: type: string type: array x-kubernetes-list-type: set + required: + - namespace + - secrets type: object type: array x-kubernetes-list-type: atomic @@ -1227,11 +1267,13 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic required: - key - operator type: object type: array + x-kubernetes-list-type: atomic matchFields: items: properties: @@ -1243,11 +1285,13 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic required: - key - operator type: object type: array + x-kubernetes-list-type: atomic type: object x-kubernetes-map-type: atomic weight: @@ -1258,6 +1302,7 @@ spec: - weight type: object type: array + x-kubernetes-list-type: atomic requiredDuringSchedulingIgnoredDuringExecution: properties: nodeSelectorTerms: @@ -1274,11 +1319,13 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic required: - key - operator type: object type: array + x-kubernetes-list-type: atomic matchFields: items: properties: @@ -1290,14 +1337,17 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic required: - key - operator type: object type: array + x-kubernetes-list-type: atomic type: object x-kubernetes-map-type: atomic type: array + x-kubernetes-list-type: atomic required: - nodeSelectorTerms type: object @@ -1323,17 +1373,29 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic required: - key - operator type: object type: array + x-kubernetes-list-type: atomic matchLabels: additionalProperties: type: string type: object type: object x-kubernetes-map-type: atomic + matchLabelKeys: + items: + type: string + type: array + x-kubernetes-list-type: atomic + mismatchLabelKeys: + items: + type: string + type: array + x-kubernetes-list-type: atomic namespaceSelector: properties: matchExpressions: @@ -1347,11 +1409,13 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic required: - key - operator type: object type: array + x-kubernetes-list-type: atomic matchLabels: additionalProperties: type: string @@ -1362,6 +1426,7 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic topologyKey: type: string required: @@ -1375,6 +1440,7 @@ spec: - weight type: object type: array + x-kubernetes-list-type: atomic requiredDuringSchedulingIgnoredDuringExecution: items: properties: @@ -1391,17 +1457,29 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic required: - key - operator type: object type: array + x-kubernetes-list-type: atomic matchLabels: additionalProperties: type: string type: object type: object x-kubernetes-map-type: atomic + matchLabelKeys: + items: + type: string + type: array + x-kubernetes-list-type: atomic + mismatchLabelKeys: + items: + type: string + type: array + x-kubernetes-list-type: atomic namespaceSelector: properties: matchExpressions: @@ -1415,11 +1493,13 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic required: - key - operator type: object type: array + x-kubernetes-list-type: atomic matchLabels: additionalProperties: type: string @@ -1430,12 +1510,14 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic topologyKey: type: string required: - topologyKey type: object type: array + x-kubernetes-list-type: atomic type: object podAntiAffinity: properties: @@ -1457,17 +1539,29 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic required: - key - operator type: object type: array + x-kubernetes-list-type: atomic matchLabels: additionalProperties: type: string type: object type: object x-kubernetes-map-type: atomic + matchLabelKeys: + items: + type: string + type: array + x-kubernetes-list-type: atomic + mismatchLabelKeys: + items: + type: string + type: array + x-kubernetes-list-type: atomic namespaceSelector: properties: matchExpressions: @@ -1481,11 +1575,13 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic required: - key - operator type: object type: array + x-kubernetes-list-type: atomic matchLabels: additionalProperties: type: string @@ -1496,6 +1592,7 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic topologyKey: type: string required: @@ -1509,6 +1606,7 @@ spec: - weight type: object type: array + x-kubernetes-list-type: atomic requiredDuringSchedulingIgnoredDuringExecution: items: properties: @@ -1525,17 +1623,29 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic required: - key - operator type: object type: array + x-kubernetes-list-type: atomic matchLabels: additionalProperties: type: string type: object type: object x-kubernetes-map-type: atomic + matchLabelKeys: + items: + type: string + type: array + x-kubernetes-list-type: atomic + mismatchLabelKeys: + items: + type: string + type: array + x-kubernetes-list-type: atomic namespaceSelector: properties: matchExpressions: @@ -1549,11 +1659,13 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic required: - key - operator type: object type: array + x-kubernetes-list-type: atomic matchLabels: additionalProperties: type: string @@ -1564,12 +1676,14 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic topologyKey: type: string required: - topologyKey type: object type: array + x-kubernetes-list-type: atomic type: object type: object annotations: @@ -1605,6 +1719,7 @@ spec: key: type: string name: + default: "" type: string optional: type: boolean @@ -1643,6 +1758,7 @@ spec: key: type: string name: + default: "" type: string optional: type: boolean @@ -1669,6 +1785,7 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic type: object failureThreshold: format: int32 @@ -1679,6 +1796,7 @@ spec: format: int32 type: integer service: + default: "" type: string required: - port @@ -1699,6 +1817,7 @@ spec: - value type: object type: array + x-kubernetes-list-type: atomic path: type: string port: @@ -1751,6 +1870,7 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic type: object failureThreshold: format: int32 @@ -1761,6 +1881,7 @@ spec: format: int32 type: integer service: + default: "" type: string required: - port @@ -1781,6 +1902,7 @@ spec: - value type: object type: array + x-kubernetes-list-type: atomic path: type: string port: @@ -1828,6 +1950,8 @@ spec: properties: name: type: string + request: + type: string required: - name type: object @@ -1889,16 +2013,27 @@ spec: properties: allowPrivilegeEscalation: type: boolean + appArmorProfile: + properties: + localhostProfile: + type: string + type: + type: string + required: + - type + type: object capabilities: properties: add: items: type: string type: array + x-kubernetes-list-type: atomic drop: items: type: string type: array + x-kubernetes-list-type: atomic type: object privileged: type: boolean @@ -1946,6 +2081,87 @@ spec: type: string type: object type: object + startupProbe: + properties: + exec: + properties: + command: + items: + type: string + type: array + x-kubernetes-list-type: atomic + type: object + failureThreshold: + format: int32 + type: integer + grpc: + properties: + port: + format: int32 + type: integer + service: + default: "" + type: string + required: + - port + type: object + httpGet: + properties: + host: + type: string + httpHeaders: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + x-kubernetes-list-type: atomic + path: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + scheme: + type: string + required: + - port + type: object + initialDelaySeconds: + format: int32 + type: integer + periodSeconds: + format: int32 + type: integer + successThreshold: + format: int32 + type: integer + tcpSocket: + properties: + host: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + required: + - port + type: object + terminationGracePeriodSeconds: + format: int64 + type: integer + timeoutSeconds: + format: int32 + type: integer + type: object volumeMounts: items: properties: @@ -1957,6 +2173,8 @@ spec: type: string readOnly: type: boolean + recursiveReadOnly: + type: string subPath: type: string subPathExpr: @@ -1972,6 +2190,8 @@ spec: x-kubernetes-list-type: map type: object type: object + createPodDisruptionBudget: + type: boolean createRbac: type: boolean customConfigurations: @@ -2012,6 +2232,7 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic options: items: properties: @@ -2021,10 +2242,12 @@ spec: type: string type: object type: array + x-kubernetes-list-type: atomic searches: items: type: string type: array + x-kubernetes-list-type: atomic type: object dnsPolicy: type: string @@ -2042,6 +2265,7 @@ spec: key: type: string name: + default: "" type: string optional: type: boolean @@ -2080,6 +2304,7 @@ spec: key: type: string name: + default: "" type: string optional: type: boolean @@ -2101,6 +2326,7 @@ spec: configMapRef: properties: name: + default: "" type: string optional: type: boolean @@ -2111,6 +2337,7 @@ spec: secretRef: properties: name: + default: "" type: string optional: type: boolean @@ -2194,6 +2421,7 @@ spec: items: properties: name: + default: "" type: string type: object x-kubernetes-map-type: atomic @@ -2218,6 +2446,15 @@ spec: type: integer securityContext: properties: + appArmorProfile: + properties: + localhostProfile: + type: string + type: + type: string + required: + - type + type: object fsGroup: format: int64 type: integer @@ -2256,6 +2493,9 @@ spec: format: int64 type: integer type: array + x-kubernetes-list-type: atomic + supplementalGroupsPolicy: + type: string sysctls: items: properties: @@ -2268,6 +2508,7 @@ spec: - value type: object type: array + x-kubernetes-list-type: atomic windowsOptions: properties: gmsaCredentialSpec: @@ -2347,10 +2588,12 @@ spec: diskURI: type: string fsType: + default: ext4 type: string kind: type: string readOnly: + default: false type: boolean required: - diskName @@ -2374,6 +2617,7 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic path: type: string readOnly: @@ -2383,6 +2627,7 @@ spec: secretRef: properties: name: + default: "" type: string type: object x-kubernetes-map-type: atomic @@ -2400,6 +2645,7 @@ spec: secretRef: properties: name: + default: "" type: string type: object x-kubernetes-map-type: atomic @@ -2428,7 +2674,9 @@ spec: - path type: object type: array + x-kubernetes-list-type: atomic name: + default: "" type: string optional: type: boolean @@ -2443,6 +2691,7 @@ spec: nodePublishSecretRef: properties: name: + default: "" type: string type: object x-kubernetes-map-type: atomic @@ -2498,6 +2747,7 @@ spec: - path type: object type: array + x-kubernetes-list-type: atomic type: object emptyDir: properties: @@ -2522,6 +2772,7 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic dataSource: properties: apiGroup: @@ -2551,18 +2802,6 @@ spec: type: object resources: properties: - claims: - items: - properties: - name: - type: string - required: - - name - type: object - type: array - x-kubernetes-list-map-keys: - - name - x-kubernetes-list-type: map limits: additionalProperties: anyOf: @@ -2593,11 +2832,13 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic required: - key - operator type: object type: array + x-kubernetes-list-type: atomic matchLabels: additionalProperties: type: string @@ -2606,6 +2847,8 @@ spec: x-kubernetes-map-type: atomic storageClassName: type: string + volumeAttributesClassName: + type: string volumeMode: type: string volumeName: @@ -2628,10 +2871,12 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic wwids: items: type: string type: array + x-kubernetes-list-type: atomic type: object flexVolume: properties: @@ -2648,6 +2893,7 @@ spec: secretRef: properties: name: + default: "" type: string type: object x-kubernetes-map-type: atomic @@ -2707,6 +2953,13 @@ spec: required: - path type: object + image: + properties: + pullPolicy: + type: string + reference: + type: string + type: object iscsi: properties: chapAuthDiscovery: @@ -2720,6 +2973,7 @@ spec: iqn: type: string iscsiInterface: + default: default type: string lun: format: int32 @@ -2728,11 +2982,13 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic readOnly: type: boolean secretRef: properties: name: + default: "" type: string type: object x-kubernetes-map-type: atomic @@ -2794,6 +3050,45 @@ spec: sources: items: properties: + clusterTrustBundle: + properties: + labelSelector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + type: object + type: object + x-kubernetes-map-type: atomic + name: + type: string + optional: + type: boolean + path: + type: string + signerName: + type: string + required: + - path + type: object configMap: properties: items: @@ -2811,7 +3106,9 @@ spec: - path type: object type: array + x-kubernetes-list-type: atomic name: + default: "" type: string optional: type: boolean @@ -2857,6 +3154,7 @@ spec: - path type: object type: array + x-kubernetes-list-type: atomic type: object secret: properties: @@ -2875,7 +3173,9 @@ spec: - path type: object type: array + x-kubernetes-list-type: atomic name: + default: "" type: string optional: type: boolean @@ -2895,6 +3195,7 @@ spec: type: object type: object type: array + x-kubernetes-list-type: atomic type: object quobyte: properties: @@ -2921,22 +3222,27 @@ spec: image: type: string keyring: + default: /etc/ceph/keyring type: string monitors: items: type: string type: array + x-kubernetes-list-type: atomic pool: + default: rbd type: string readOnly: type: boolean secretRef: properties: name: + default: "" type: string type: object x-kubernetes-map-type: atomic user: + default: admin type: string required: - image @@ -2945,6 +3251,7 @@ spec: scaleIO: properties: fsType: + default: xfs type: string gateway: type: string @@ -2955,12 +3262,14 @@ spec: secretRef: properties: name: + default: "" type: string type: object x-kubernetes-map-type: atomic sslEnabled: type: boolean storageMode: + default: ThinProvisioned type: string storagePool: type: string @@ -2993,6 +3302,7 @@ spec: - path type: object type: array + x-kubernetes-list-type: atomic optional: type: boolean secretName: @@ -3007,6 +3317,7 @@ spec: secretRef: properties: name: + default: "" type: string type: object x-kubernetes-map-type: atomic @@ -3240,6 +3551,7 @@ spec: items: properties: name: + default: "" type: string type: object x-kubernetes-map-type: atomic @@ -3264,6 +3576,7 @@ spec: key: type: string name: + default: "" type: string optional: type: boolean @@ -3302,6 +3615,7 @@ spec: key: type: string name: + default: "" type: string optional: type: boolean @@ -3324,6 +3638,8 @@ spec: properties: name: type: string + request: + type: string required: - name type: object @@ -3371,11 +3687,13 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic required: - key - operator type: object type: array + x-kubernetes-list-type: atomic matchLabels: additionalProperties: type: string @@ -3395,11 +3713,13 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic required: - key - operator type: object type: array + x-kubernetes-list-type: atomic matchLabels: additionalProperties: type: string @@ -3423,10 +3743,20 @@ spec: type: string mutateUnlabelled: type: boolean + mutation: + properties: + enabled: + type: boolean + type: object registry: type: string serviceName: type: string + validation: + properties: + enabled: + type: boolean + type: object webhookName: type: string type: object @@ -3947,6 +4277,11 @@ spec: type: boolean type: object type: object + serviceDiscovery: + properties: + enabled: + type: boolean + type: object tcpQueueLength: properties: enabled: diff --git a/test/datadog-operator/baseline/Operator_Deployment_default.yaml b/test/datadog-operator/baseline/Operator_Deployment_default.yaml index cd52a9683..882c74159 100644 --- a/test/datadog-operator/baseline/Operator_Deployment_default.yaml +++ b/test/datadog-operator/baseline/Operator_Deployment_default.yaml @@ -7,9 +7,9 @@ metadata: namespace: datadog-agent labels: app.kubernetes.io/name: datadog-operator - helm.sh/chart: datadog-operator-2.3.0 + helm.sh/chart: datadog-operator-2.5.0 app.kubernetes.io/instance: datadog-operator - app.kubernetes.io/version: "1.10.0" + app.kubernetes.io/version: "1.11.1" app.kubernetes.io/managed-by: Helm spec: replicas: 1 @@ -35,7 +35,7 @@ spec: serviceAccountName: datadog-operator containers: - name: datadog-operator - image: "gcr.io/datadoghq/operator:1.10.0" + image: "gcr.io/datadoghq/operator:1.11.1" imagePullPolicy: IfNotPresent env: - name: WATCH_NAMESPACE diff --git a/test/datadog-operator/operator_deployment_test.go b/test/datadog-operator/operator_deployment_test.go index d97cad2a5..47184d4ad 100644 --- a/test/datadog-operator/operator_deployment_test.go +++ b/test/datadog-operator/operator_deployment_test.go @@ -104,7 +104,7 @@ func verifyDeployment(t *testing.T, manifest string) { assert.Equal(t, 1, len(deployment.Spec.Template.Spec.Containers)) operatorContainer := deployment.Spec.Template.Spec.Containers[0] assert.Equal(t, v1.PullPolicy("IfNotPresent"), operatorContainer.ImagePullPolicy) - assert.Equal(t, "gcr.io/datadoghq/operator:1.10.0", operatorContainer.Image) + assert.Equal(t, "gcr.io/datadoghq/operator:1.11.1", operatorContainer.Image) assert.NotContains(t, operatorContainer.Args, "-webhookEnabled=false") assert.NotContains(t, operatorContainer.Args, "-webhookEnabled=true") } From 4e863bcdf063dc25b2f6cb8a98909970a0d57d94 Mon Sep 17 00:00:00 2001 From: Ethan Wood-Thomas Date: Fri, 20 Dec 2024 10:55:00 -0500 Subject: [PATCH 194/209] Add helm option to enable kubernetesUseEndpointSlices and add endpointslices to DCA RBAC (#1636) * Added kubernetesUseEndpointSlices config option and endpointslices to DCA RBAC * Removed DS_Store from tracked files * Version bump in readme * Set endpointslices as default in RBAC --- charts/datadog/CHANGELOG.md | 5 +++++ charts/datadog/Chart.yaml | 2 +- charts/datadog/README.md | 3 ++- charts/datadog/templates/cluster-agent-deployment.yaml | 2 ++ charts/datadog/templates/cluster-agent-rbac.yaml | 8 ++++++++ charts/datadog/values.yaml | 3 +++ 6 files changed, 21 insertions(+), 2 deletions(-) diff --git a/charts/datadog/CHANGELOG.md b/charts/datadog/CHANGELOG.md index 7db2d99fa..c4d6d3a9b 100644 --- a/charts/datadog/CHANGELOG.md +++ b/charts/datadog/CHANGELOG.md @@ -1,5 +1,10 @@ # Datadog changelog +## 3.84.2 + +* Add `endpointslices.discovery.k8s.io` to the list of resources to collect in the Cluster Agent RBAC. +* Add configuration option for `datadog.kubernetesUseEndpointSlices` to map Kubernetes services to endpoint slices instead of endpoints. Disabled by default. + ## 3.84.1 * Remove deployments.apps example of `datadog.kubernetesResourcesLabelsAsTags` and `datadog.kubernetesResourcesAnnotationsAsTags` since it's not implemented yet diff --git a/charts/datadog/Chart.yaml b/charts/datadog/Chart.yaml index a4357b730..6f16cf41d 100644 --- a/charts/datadog/Chart.yaml +++ b/charts/datadog/Chart.yaml @@ -1,7 +1,7 @@ --- apiVersion: v1 name: datadog -version: 3.84.1 +version: 3.84.2 appVersion: "7" description: Datadog Agent keywords: diff --git a/charts/datadog/README.md b/charts/datadog/README.md index cad18efbf..8a8bde5fd 100644 --- a/charts/datadog/README.md +++ b/charts/datadog/README.md @@ -1,6 +1,6 @@ # Datadog -![Version: 3.84.1](https://img.shields.io/badge/Version-3.84.1-informational?style=flat-square) ![AppVersion: 7](https://img.shields.io/badge/AppVersion-7-informational?style=flat-square) +![Version: 3.84.2](https://img.shields.io/badge/Version-3.84.2-informational?style=flat-square) ![AppVersion: 7](https://img.shields.io/badge/AppVersion-7-informational?style=flat-square) [Datadog](https://www.datadoghq.com/) is a hosted infrastructure monitoring platform. This chart adds the Datadog Agent to all nodes in your cluster via a DaemonSet. It also optionally depends on the [kube-state-metrics chart](https://github.com/prometheus-community/helm-charts/tree/main/charts/kube-state-metrics). For more information about monitoring Kubernetes with Datadog, please refer to the [Datadog documentation website](https://docs.datadoghq.com/agent/basic_agent_usage/kubernetes/). @@ -775,6 +775,7 @@ helm install \ | datadog.kubernetesEvents.unbundleEvents | bool | `false` | Allow unbundling kubernetes events, 1:1 mapping between Kubernetes and Datadog events. (Requires Cluster Agent 7.42.0+). | | datadog.kubernetesResourcesAnnotationsAsTags | object | `{}` | Provide a mapping of Kubernetes Resources Annotations to Datadog Tags | | datadog.kubernetesResourcesLabelsAsTags | object | `{}` | Provide a mapping of Kubernetes Resources Labels to Datadog Tags | +| datadog.kubernetesUseEndpointSlices | bool | `false` | Enable this to map Kubernetes services to endpointslices instead of endpoints. (Requires Cluster Agent 7.62.0+). | | datadog.leaderElection | bool | `true` | Enables leader election mechanism for event collection | | datadog.leaderElectionResource | string | `"configmap"` | Selects the default resource to use for leader election. Can be: * "lease" / "leases". Only supported in agent 7.47+ * "configmap" / "configmaps". "" to automatically detect which one to use. | | datadog.leaderLeaseDuration | string | `nil` | Set the lease time for leader election in second | diff --git a/charts/datadog/templates/cluster-agent-deployment.yaml b/charts/datadog/templates/cluster-agent-deployment.yaml index 1eb9c4fbb..ba12cf523 100644 --- a/charts/datadog/templates/cluster-agent-deployment.yaml +++ b/charts/datadog/templates/cluster-agent-deployment.yaml @@ -324,6 +324,8 @@ spec: - name: DD_COLLECT_KUBERNETES_EVENTS value: {{ .Values.datadog.collectEvents | quote }} {{- end }} + - name: DD_KUBERNETES_USE_ENDPOINT_SLICES + value: {{ .Values.datadog.kubernetesUseEndpointSlices | quote }} - name: DD_KUBERNETES_EVENTS_SOURCE_DETECTION_ENABLED value: {{ .Values.datadog.kubernetesEvents.sourceDetectionEnabled | quote }} - name: DD_CLUSTER_AGENT_KUBERNETES_SERVICE_NAME diff --git a/charts/datadog/templates/cluster-agent-rbac.yaml b/charts/datadog/templates/cluster-agent-rbac.yaml index 2da18ea9b..c434827f4 100644 --- a/charts/datadog/templates/cluster-agent-rbac.yaml +++ b/charts/datadog/templates/cluster-agent-rbac.yaml @@ -29,6 +29,14 @@ rules: - list - watch - create +- apiGroups: + - "discovery.k8s.io" + resources: + - endpointslices + verbs: + - get + - list + - watch - apiGroups: ["quota.openshift.io"] resources: - clusterresourcequotas diff --git a/charts/datadog/values.yaml b/charts/datadog/values.yaml index a3b72aa89..882a8fb52 100644 --- a/charts/datadog/values.yaml +++ b/charts/datadog/values.yaml @@ -386,6 +386,9 @@ datadog: ## ref: https://docs.datadoghq.com/agent/kubernetes/#event-collection collectEvents: true + # datadog.kubernetesUseEndpointSlices -- Enable this to map Kubernetes services to endpointslices instead of endpoints. (Requires Cluster Agent 7.62.0+). + kubernetesUseEndpointSlices: false + # Configure Kubernetes events collection kubernetesEvents: # datadog.kubernetesEvents.sourceDetectionEnabled -- Enable this to map Kubernetes events to integration sources based on controller names. (Requires Cluster Agent 7.56.0+). From 406d5f0b649804fa6931c754ab9929fa7beb97eb Mon Sep 17 00:00:00 2001 From: Gabriel Dos Santos <91925154+gabedos@users.noreply.github.com> Date: Fri, 20 Dec 2024 14:19:27 -0500 Subject: [PATCH 195/209] [CONTP-519] Support K8s admin events (#1639) * Support K8s admin events * Bump conflict * Undo formatting * Update README.md * Update CHANGELOG.md * Update version --- charts/datadog/CHANGELOG.md | 4 ++++ charts/datadog/README.md | 1 + charts/datadog/templates/cluster-agent-deployment.yaml | 4 ++++ charts/datadog/values.yaml | 4 ++++ 4 files changed, 13 insertions(+) diff --git a/charts/datadog/CHANGELOG.md b/charts/datadog/CHANGELOG.md index c4d6d3a9b..4c65aedd6 100644 --- a/charts/datadog/CHANGELOG.md +++ b/charts/datadog/CHANGELOG.md @@ -1,5 +1,9 @@ # Datadog changelog +## 3.84.3 + +* Added the configuration value `clusterAgent.admissionController.kubernetes_admission_events.enabled` to enabled/disable the Kubernetes Admission Events feature. + ## 3.84.2 * Add `endpointslices.discovery.k8s.io` to the list of resources to collect in the Cluster Agent RBAC. diff --git a/charts/datadog/README.md b/charts/datadog/README.md index 8a8bde5fd..43ebfd355 100644 --- a/charts/datadog/README.md +++ b/charts/datadog/README.md @@ -575,6 +575,7 @@ helm install \ | clusterAgent.admissionController.cwsInstrumentation.mode | string | `"remote_copy"` | Mode defines how the CWS Instrumentation should behave. Options are "remote_copy" or "init_container" | | clusterAgent.admissionController.enabled | bool | `true` | Enable the admissionController to be able to inject APM/Dogstatsd config and standard tags (env, service, version) automatically into your pods | | clusterAgent.admissionController.failurePolicy | string | `"Ignore"` | Set the failure policy for dynamic admission control.' | +| clusterAgent.admissionController.kubernetesAdmissionEvents.enabled | bool | `false` | Enable the Kubernetes Admission Events feature. | | clusterAgent.admissionController.mutateUnlabelled | bool | `false` | Enable injecting config without having the pod label 'admission.datadoghq.com/enabled="true"' | | clusterAgent.admissionController.mutation | object | `{"enabled":true}` | Mutation Webhook configuration options | | clusterAgent.admissionController.mutation.enabled | bool | `true` | Enabled enables the Admission Controller mutation webhook. Default: true. (Requires Agent 7.59.0+). | diff --git a/charts/datadog/templates/cluster-agent-deployment.yaml b/charts/datadog/templates/cluster-agent-deployment.yaml index ba12cf523..36233b62d 100644 --- a/charts/datadog/templates/cluster-agent-deployment.yaml +++ b/charts/datadog/templates/cluster-agent-deployment.yaml @@ -258,6 +258,10 @@ spec: - name: DD_ADMISSION_CONTROLLER_CWS_INSTRUMENTATION_MODE value: {{ .Values.clusterAgent.admissionController.cwsInstrumentation.mode | quote }} {{- end }} + {{- if .Values.clusterAgent.admissionController.kubernetesAdmissionEvents.enabled }} + - name: DD_ADMISSION_CONTROLLER_KUBERNETES_ADMISSION_EVENTS_ENABLED + value: "true" + {{- end }} {{ include "ac-agent-sidecar-env" . | nindent 10 }} - name: DD_REMOTE_CONFIGURATION_ENABLED value: {{ include "clusterAgent-remoteConfiguration-enabled" . | quote }} diff --git a/charts/datadog/values.yaml b/charts/datadog/values.yaml index 882a8fb52..647fc43d9 100644 --- a/charts/datadog/values.yaml +++ b/charts/datadog/values.yaml @@ -1215,6 +1215,10 @@ clusterAgent: # Options are "remote_copy" or "init_container" mode: remote_copy + kubernetesAdmissionEvents: + # clusterAgent.admissionController.kubernetesAdmissionEvents.enabled -- Enable the Kubernetes Admission Events feature. + enabled: false + agentSidecarInjection: # clusterAgent.admissionController.agentSidecarInjection.enabled -- Enables Datadog Agent sidecar injection. From 19de1bf99edcb3d91a52e8217e60dacd7ae23bb9 Mon Sep 17 00:00:00 2001 From: Cedric Lamoriniere Date: Tue, 24 Dec 2024 10:25:13 +0100 Subject: [PATCH 196/209] fix(datadog): version 3.84.3 was not created properly (#1650) --- charts/datadog/Chart.yaml | 2 +- charts/datadog/README.md | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/charts/datadog/Chart.yaml b/charts/datadog/Chart.yaml index 6f16cf41d..a82f76d00 100644 --- a/charts/datadog/Chart.yaml +++ b/charts/datadog/Chart.yaml @@ -1,7 +1,7 @@ --- apiVersion: v1 name: datadog -version: 3.84.2 +version: 3.84.3 appVersion: "7" description: Datadog Agent keywords: diff --git a/charts/datadog/README.md b/charts/datadog/README.md index 43ebfd355..6142fa54f 100644 --- a/charts/datadog/README.md +++ b/charts/datadog/README.md @@ -1,6 +1,6 @@ # Datadog -![Version: 3.84.2](https://img.shields.io/badge/Version-3.84.2-informational?style=flat-square) ![AppVersion: 7](https://img.shields.io/badge/AppVersion-7-informational?style=flat-square) +![Version: 3.84.3](https://img.shields.io/badge/Version-3.84.3-informational?style=flat-square) ![AppVersion: 7](https://img.shields.io/badge/AppVersion-7-informational?style=flat-square) [Datadog](https://www.datadoghq.com/) is a hosted infrastructure monitoring platform. This chart adds the Datadog Agent to all nodes in your cluster via a DaemonSet. It also optionally depends on the [kube-state-metrics chart](https://github.com/prometheus-community/helm-charts/tree/main/charts/kube-state-metrics). For more information about monitoring Kubernetes with Datadog, please refer to the [Datadog documentation website](https://docs.datadoghq.com/agent/basic_agent_usage/kubernetes/). From 0e76dce7f200942e54701f9ebadb9ae5cc188095 Mon Sep 17 00:00:00 2001 From: Cedric Lamoriniere Date: Tue, 24 Dec 2024 14:48:42 +0100 Subject: [PATCH 197/209] fix(datadog): propagate datadog.site option to the otelCollector config (#1649) --- charts/datadog/CHANGELOG.md | 4 ++++ charts/datadog/Chart.yaml | 2 +- charts/datadog/README.md | 2 +- charts/datadog/templates/_otel_agent_config.yaml | 1 + 4 files changed, 7 insertions(+), 2 deletions(-) diff --git a/charts/datadog/CHANGELOG.md b/charts/datadog/CHANGELOG.md index 4c65aedd6..f75a32aad 100644 --- a/charts/datadog/CHANGELOG.md +++ b/charts/datadog/CHANGELOG.md @@ -1,5 +1,9 @@ # Datadog changelog +## 3.84.4 + +* Propagate the `datadog.site` option to the default `datadog.otelCollector` configuration. + ## 3.84.3 * Added the configuration value `clusterAgent.admissionController.kubernetes_admission_events.enabled` to enabled/disable the Kubernetes Admission Events feature. diff --git a/charts/datadog/Chart.yaml b/charts/datadog/Chart.yaml index a82f76d00..faeb010ca 100644 --- a/charts/datadog/Chart.yaml +++ b/charts/datadog/Chart.yaml @@ -1,7 +1,7 @@ --- apiVersion: v1 name: datadog -version: 3.84.3 +version: 3.84.4 appVersion: "7" description: Datadog Agent keywords: diff --git a/charts/datadog/README.md b/charts/datadog/README.md index 6142fa54f..85e1d53d4 100644 --- a/charts/datadog/README.md +++ b/charts/datadog/README.md @@ -1,6 +1,6 @@ # Datadog -![Version: 3.84.3](https://img.shields.io/badge/Version-3.84.3-informational?style=flat-square) ![AppVersion: 7](https://img.shields.io/badge/AppVersion-7-informational?style=flat-square) +![Version: 3.84.4](https://img.shields.io/badge/Version-3.84.4-informational?style=flat-square) ![AppVersion: 7](https://img.shields.io/badge/AppVersion-7-informational?style=flat-square) [Datadog](https://www.datadoghq.com/) is a hosted infrastructure monitoring platform. This chart adds the Datadog Agent to all nodes in your cluster via a DaemonSet. It also optionally depends on the [kube-state-metrics chart](https://github.com/prometheus-community/helm-charts/tree/main/charts/kube-state-metrics). For more information about monitoring Kubernetes with Datadog, please refer to the [Datadog documentation website](https://docs.datadoghq.com/agent/basic_agent_usage/kubernetes/). diff --git a/charts/datadog/templates/_otel_agent_config.yaml b/charts/datadog/templates/_otel_agent_config.yaml index dd18d93c4..f0edd35c3 100644 --- a/charts/datadog/templates/_otel_agent_config.yaml +++ b/charts/datadog/templates/_otel_agent_config.yaml @@ -21,6 +21,7 @@ otel-config.yaml: {{- if .Values.datadog.otelCollector.config }} {{ toYaml .Valu datadog: api: key: ${env:DD_API_KEY} + site: {{ .Values.datadog.site | default "" | quote }} processors: infraattributes: cardinality: 2 From 2c09b7d07fb9a5922e7f4c30bc11bed20860889b Mon Sep 17 00:00:00 2001 From: Guy Arbitman Date: Tue, 24 Dec 2024 20:42:47 +0200 Subject: [PATCH 198/209] [USMON-1389] service discovery: Add support (#1645) * service discovery: Add support * Wip --- charts/datadog/CHANGELOG.md | 4 ++++ charts/datadog/Chart.yaml | 2 +- charts/datadog/README.md | 3 ++- charts/datadog/templates/NOTES.txt | 2 +- charts/datadog/templates/_helpers.tpl | 2 +- charts/datadog/templates/system-probe-configmap.yaml | 4 ++++ charts/datadog/values.yaml | 4 ++++ 7 files changed, 17 insertions(+), 4 deletions(-) diff --git a/charts/datadog/CHANGELOG.md b/charts/datadog/CHANGELOG.md index f75a32aad..91a1d2980 100644 --- a/charts/datadog/CHANGELOG.md +++ b/charts/datadog/CHANGELOG.md @@ -1,5 +1,9 @@ # Datadog changelog +## 3.85.0 + +* Add `datadog.discovery.enabled` configuration to control service-discovery + ## 3.84.4 * Propagate the `datadog.site` option to the default `datadog.otelCollector` configuration. diff --git a/charts/datadog/Chart.yaml b/charts/datadog/Chart.yaml index faeb010ca..782bacb49 100644 --- a/charts/datadog/Chart.yaml +++ b/charts/datadog/Chart.yaml @@ -1,7 +1,7 @@ --- apiVersion: v1 name: datadog -version: 3.84.4 +version: 3.85.0 appVersion: "7" description: Datadog Agent keywords: diff --git a/charts/datadog/README.md b/charts/datadog/README.md index 85e1d53d4..519a822a3 100644 --- a/charts/datadog/README.md +++ b/charts/datadog/README.md @@ -1,6 +1,6 @@ # Datadog -![Version: 3.84.4](https://img.shields.io/badge/Version-3.84.4-informational?style=flat-square) ![AppVersion: 7](https://img.shields.io/badge/AppVersion-7-informational?style=flat-square) +![Version: 3.85.0](https://img.shields.io/badge/Version-3.85.0-informational?style=flat-square) ![AppVersion: 7](https://img.shields.io/badge/AppVersion-7-informational?style=flat-square) [Datadog](https://www.datadoghq.com/) is a hosted infrastructure monitoring platform. This chart adds the Datadog Agent to all nodes in your cluster via a DaemonSet. It also optionally depends on the [kube-state-metrics chart](https://github.com/prometheus-community/helm-charts/tree/main/charts/kube-state-metrics). For more information about monitoring Kubernetes with Datadog, please refer to the [Datadog documentation website](https://docs.datadoghq.com/agent/basic_agent_usage/kubernetes/). @@ -730,6 +730,7 @@ helm install \ | datadog.dd_url | string | `nil` | The host of the Datadog intake server to send Agent data to, only set this option if you need the Agent to send data to a custom URL | | datadog.disableDefaultOsReleasePaths | bool | `false` | Set this to true to disable mounting datadog.osReleasePath in all containers | | datadog.disablePasswdMount | bool | `false` | Set this to true to disable mounting /etc/passwd in all containers | +| datadog.discovery.enabled | bool | `nil` | Enable Service Discovery | | datadog.dockerSocketPath | string | `nil` | Path to the docker socket | | datadog.dogstatsd.hostSocketPath | string | `"/var/run/datadog/"` | Host path to the DogStatsD socket | | datadog.dogstatsd.nonLocalTraffic | bool | `true` | Enable this to make each node accept non-local statsd traffic (from outside of the pod) | diff --git a/charts/datadog/templates/NOTES.txt b/charts/datadog/templates/NOTES.txt index 1978f03df..031e571b2 100644 --- a/charts/datadog/templates/NOTES.txt +++ b/charts/datadog/templates/NOTES.txt @@ -352,7 +352,7 @@ On GKE Autopilot, only one "datadog" Helm chart release is allowed by Kubernetes ##################################################################### #### WARNING: System Probe is not supported on GKE Autopilot #### ##################################################################### -{{- fail "On GKE Autopilot environments, System Probe is not supported. The option 'datadog.securityAgent.runtime.enabled', 'datadog.securityAgent.runtime.fimEnabled', 'datadog.networkMonitoring.enabled', 'datadog.systemProbe.enableTCPQueueLength', 'datadog.systemProbe.enableOOMKill' and 'datadog.serviceMonitoring.enabled' must be set 'false'" }} +{{- fail "On GKE Autopilot environments, System Probe is not supported. The option 'datadog.securityAgent.runtime.enabled', 'datadog.securityAgent.runtime.fimEnabled', 'datadog.networkMonitoring.enabled', 'datadog.systemProbe.enableTCPQueueLength', 'datadog.systemProbe.enableOOMKill', 'datadog.serviceMonitoring.enabled' and 'datadog.discovery.enabled' must be set 'false'" }} {{- end }} diff --git a/charts/datadog/templates/_helpers.tpl b/charts/datadog/templates/_helpers.tpl index 596224db4..1d8b6819d 100644 --- a/charts/datadog/templates/_helpers.tpl +++ b/charts/datadog/templates/_helpers.tpl @@ -331,7 +331,7 @@ Return a remote image path based on `.Values` (passed as root) and `.` (any `.im Return true if a system-probe feature is enabled. */}} {{- define "system-probe-feature" -}} -{{- if or .Values.datadog.securityAgent.runtime.enabled .Values.datadog.securityAgent.runtime.fimEnabled .Values.datadog.networkMonitoring.enabled .Values.datadog.systemProbe.enableTCPQueueLength .Values.datadog.systemProbe.enableOOMKill .Values.datadog.serviceMonitoring.enabled -}} +{{- if or .Values.datadog.securityAgent.runtime.enabled .Values.datadog.securityAgent.runtime.fimEnabled .Values.datadog.networkMonitoring.enabled .Values.datadog.systemProbe.enableTCPQueueLength .Values.datadog.systemProbe.enableOOMKill .Values.datadog.serviceMonitoring.enabled .Values.datadog.discovery.enabled -}} true {{- else -}} false diff --git a/charts/datadog/templates/system-probe-configmap.yaml b/charts/datadog/templates/system-probe-configmap.yaml index 4897b7bb9..d769235d2 100644 --- a/charts/datadog/templates/system-probe-configmap.yaml +++ b/charts/datadog/templates/system-probe-configmap.yaml @@ -43,6 +43,10 @@ data: conntrack_init_timeout: {{ $.Values.datadog.systemProbe.conntrackInitTimeout }} service_monitoring_config: enabled: {{ $.Values.datadog.serviceMonitoring.enabled }} + {{- if not (eq .Values.datadog.discovery.enabled nil) }} + discovery: + enabled: {{ $.Values.datadog.discovery.enabled }} + {{- end }} runtime_security_config: enabled: {{ $.Values.datadog.securityAgent.runtime.enabled }} fim_enabled: {{ $.Values.datadog.securityAgent.runtime.fimEnabled }} diff --git a/charts/datadog/values.yaml b/charts/datadog/values.yaml index 647fc43d9..248f22c0d 100644 --- a/charts/datadog/values.yaml +++ b/charts/datadog/values.yaml @@ -824,6 +824,10 @@ datadog: # datadog.serviceMonitoring.enabled -- Enable Universal Service Monitoring enabled: false + discovery: + # datadog.discovery.enabled -- (bool) Enable Service Discovery + enabled: # false + # Software Bill of Materials configuration sbom: containerImage: From 00764dcde88fa53922a63d11ab045f7868f3fa2a Mon Sep 17 00:00:00 2001 From: Wassim Dhif Date: Fri, 27 Dec 2024 15:37:47 +0100 Subject: [PATCH 199/209] feat(admission): add delete RBAC for datadog-webhook (#1651) Signed-off-by: Wassim DHIF --- charts/datadog/CHANGELOG.md | 6 +++++- charts/datadog/Chart.yaml | 2 +- charts/datadog/README.md | 2 +- charts/datadog/templates/cluster-agent-rbac.yaml | 2 +- 4 files changed, 8 insertions(+), 4 deletions(-) diff --git a/charts/datadog/CHANGELOG.md b/charts/datadog/CHANGELOG.md index 91a1d2980..e97be723a 100644 --- a/charts/datadog/CHANGELOG.md +++ b/charts/datadog/CHANGELOG.md @@ -1,8 +1,12 @@ # Datadog changelog +## 3.86.0 + +* Add `delete` permission for `datadog-webhook` Admission Registration RBACs. + ## 3.85.0 -* Add `datadog.discovery.enabled` configuration to control service-discovery +* Add `datadog.discovery.enabled` configuration to control service-discovery. ## 3.84.4 diff --git a/charts/datadog/Chart.yaml b/charts/datadog/Chart.yaml index 782bacb49..527f24ac7 100644 --- a/charts/datadog/Chart.yaml +++ b/charts/datadog/Chart.yaml @@ -1,7 +1,7 @@ --- apiVersion: v1 name: datadog -version: 3.85.0 +version: 3.86.0 appVersion: "7" description: Datadog Agent keywords: diff --git a/charts/datadog/README.md b/charts/datadog/README.md index 519a822a3..d472512bc 100644 --- a/charts/datadog/README.md +++ b/charts/datadog/README.md @@ -1,6 +1,6 @@ # Datadog -![Version: 3.85.0](https://img.shields.io/badge/Version-3.85.0-informational?style=flat-square) ![AppVersion: 7](https://img.shields.io/badge/AppVersion-7-informational?style=flat-square) +![Version: 3.86.0](https://img.shields.io/badge/Version-3.86.0-informational?style=flat-square) ![AppVersion: 7](https://img.shields.io/badge/AppVersion-7-informational?style=flat-square) [Datadog](https://www.datadoghq.com/) is a hosted infrastructure monitoring platform. This chart adds the Datadog Agent to all nodes in your cluster via a DaemonSet. It also optionally depends on the [kube-state-metrics chart](https://github.com/prometheus-community/helm-charts/tree/main/charts/kube-state-metrics). For more information about monitoring Kubernetes with Datadog, please refer to the [Datadog documentation website](https://docs.datadoghq.com/agent/basic_agent_usage/kubernetes/). diff --git a/charts/datadog/templates/cluster-agent-rbac.yaml b/charts/datadog/templates/cluster-agent-rbac.yaml index c434827f4..8bf355ebb 100644 --- a/charts/datadog/templates/cluster-agent-rbac.yaml +++ b/charts/datadog/templates/cluster-agent-rbac.yaml @@ -257,7 +257,7 @@ rules: - mutatingwebhookconfigurations resourceNames: - {{ .Values.clusterAgent.admissionController.webhookName | quote }} - verbs: ["get", "list", "watch", "update"] + verbs: ["get", "list", "watch", "update", "delete"] - apiGroups: - admissionregistration.k8s.io resources: From a2f2932fa823631390dd574f5d20b93dab0853e9 Mon Sep 17 00:00:00 2001 From: Jaime Fullaondo Date: Mon, 30 Dec 2024 16:06:16 +0400 Subject: [PATCH 200/209] [datadog] otel-agent: the otel-agent should be launched with --core-config (#1653) * [datadog] otel-agent: the otel-agent should be launched with --core-config switch * [datadog] otel-agent: bump minor and more detailed changelog message --- charts/datadog/CHANGELOG.md | 4 ++++ charts/datadog/Chart.yaml | 2 +- charts/datadog/README.md | 2 +- charts/datadog/templates/_container-otel-agent.yaml | 4 ++-- 4 files changed, 8 insertions(+), 4 deletions(-) diff --git a/charts/datadog/CHANGELOG.md b/charts/datadog/CHANGELOG.md index e97be723a..4f321d683 100644 --- a/charts/datadog/CHANGELOG.md +++ b/charts/datadog/CHANGELOG.md @@ -1,5 +1,9 @@ # Datadog changelog +## 3.87.0 + +* Launch `otel-agent` with the `--core-config` switch pointing to the main agent configuration. Note that this affects the OTel Agent beta images, early beta image releases with version tag `<7.59.0-v.1.2.0` will experience issues and should remain on older helm chart versions for their deployments. For regular users not deploying the `otel-agent` beta images, this should be a NOOP. + ## 3.86.0 * Add `delete` permission for `datadog-webhook` Admission Registration RBACs. diff --git a/charts/datadog/Chart.yaml b/charts/datadog/Chart.yaml index 527f24ac7..e498fa421 100644 --- a/charts/datadog/Chart.yaml +++ b/charts/datadog/Chart.yaml @@ -1,7 +1,7 @@ --- apiVersion: v1 name: datadog -version: 3.86.0 +version: 3.87.0 appVersion: "7" description: Datadog Agent keywords: diff --git a/charts/datadog/README.md b/charts/datadog/README.md index d472512bc..ed41fc206 100644 --- a/charts/datadog/README.md +++ b/charts/datadog/README.md @@ -1,6 +1,6 @@ # Datadog -![Version: 3.86.0](https://img.shields.io/badge/Version-3.86.0-informational?style=flat-square) ![AppVersion: 7](https://img.shields.io/badge/AppVersion-7-informational?style=flat-square) +![Version: 3.87.0](https://img.shields.io/badge/Version-3.87.0-informational?style=flat-square) ![AppVersion: 7](https://img.shields.io/badge/AppVersion-7-informational?style=flat-square) [Datadog](https://www.datadoghq.com/) is a hosted infrastructure monitoring platform. This chart adds the Datadog Agent to all nodes in your cluster via a DaemonSet. It also optionally depends on the [kube-state-metrics chart](https://github.com/prometheus-community/helm-charts/tree/main/charts/kube-state-metrics). For more information about monitoring Kubernetes with Datadog, please refer to the [Datadog documentation website](https://docs.datadoghq.com/agent/basic_agent_usage/kubernetes/). diff --git a/charts/datadog/templates/_container-otel-agent.yaml b/charts/datadog/templates/_container-otel-agent.yaml index 16e56bbe2..193748157 100644 --- a/charts/datadog/templates/_container-otel-agent.yaml +++ b/charts/datadog/templates/_container-otel-agent.yaml @@ -3,10 +3,10 @@ image: "{{ include "image-path" (dict "root" .Values "image" .Values.agents.image) }}" imagePullPolicy: {{ .Values.agents.image.pullPolicy }} {{- if eq .Values.targetSystem "linux" }} - command: ["otel-agent", "--config={{ template "datadog.otelconfPath" . }}/otel-config.yaml"] + command: ["otel-agent", "--config={{ template "datadog.otelconfPath" . }}/otel-config.yaml", "--core-config={{ template "datadog.confPath" . }}/datadog.yaml"] {{- end -}} {{- if eq .Values.targetSystem "windows" }} - command: ["otel-agent", "-foreground", "-config={{ template "datadog.otelconfPath" . }}/datadog.yaml"] + command: ["otel-agent", "-foreground", "-config={{ template "datadog.otelconfPath" . }}/otel-config.yaml", "--core-config={{ template "datadog.confPath" . }}/datadog.yaml"] {{- end -}} {{ include "generate-security-context" (dict "securityContext" .Values.agents.containers.otelAgent.securityContext "targetSystem" .Values.targetSystem "seccomp" "" "kubeversion" .Capabilities.KubeVersion.Version) | indent 2 }} resources: From f3adc53910f3d9e0c9b893bc0c45b5ac6e746b33 Mon Sep 17 00:00:00 2001 From: Merchrist <99204620+merchristK@users.noreply.github.com> Date: Tue, 7 Jan 2025 20:39:16 +0100 Subject: [PATCH 201/209] [ACTP] Bump runner version to v0.1.10-beta (#1660) --- charts/private-action-runner/CHANGELOG.md | 4 ++++ charts/private-action-runner/Chart.yaml | 2 +- charts/private-action-runner/README.md | 4 ++-- charts/private-action-runner/README.md.gotmpl | 2 +- charts/private-action-runner/values.yaml | 2 +- test/private-action-runner/__snapshot__/default.yaml | 2 +- .../__snapshot__/enable-kubernetes-actions.yaml | 2 +- 7 files changed, 11 insertions(+), 7 deletions(-) diff --git a/charts/private-action-runner/CHANGELOG.md b/charts/private-action-runner/CHANGELOG.md index 8a5eb8488..0307f7a95 100644 --- a/charts/private-action-runner/CHANGELOG.md +++ b/charts/private-action-runner/CHANGELOG.md @@ -1,5 +1,9 @@ # Datadog changelog +## 0.15.4 + +* Update private action image version to `v0.1.10-beta` + ## 0.15.3 * Update private action image version to `v0.1.9-beta` diff --git a/charts/private-action-runner/Chart.yaml b/charts/private-action-runner/Chart.yaml index c8eedbc6e..e0a6d1dc4 100644 --- a/charts/private-action-runner/Chart.yaml +++ b/charts/private-action-runner/Chart.yaml @@ -3,7 +3,7 @@ name: private-action-runner description: A Helm chart to deploy the private action runner type: application -version: 0.15.3 +version: 0.15.4 appVersion: "1.22.0" keywords: - app builder diff --git a/charts/private-action-runner/README.md b/charts/private-action-runner/README.md index 2971dffb0..e95c90477 100644 --- a/charts/private-action-runner/README.md +++ b/charts/private-action-runner/README.md @@ -1,6 +1,6 @@ # Datadog Private Action Runner -![Version: 0.15.3](https://img.shields.io/badge/Version-0.15.3-informational?style=flat-square) ![AppVersion: v0.1.9-beta](https://img.shields.io/badge/AppVersion-v0.1.6--beta-informational?style=flat-square) +![Version: 0.15.4](https://img.shields.io/badge/Version-0.15.4-informational?style=flat-square) ![AppVersion: v0.1.10-beta](https://img.shields.io/badge/AppVersion-v0.1.6--beta-informational?style=flat-square) This Helm Chart deploys the Datadog Private Action runner inside a Kubernetes cluster. It allows you to use private actions from the Datadog Workflow and Datadog App Builder products. When deploying this chart, you can give permissions to the runner in order to be able to run Kubernetes actions. @@ -42,7 +42,7 @@ helm repo update | Key | Type | Default | Description | |-----|------|---------|-------------| -| common.image | object | `{"repository":"gcr.io/datadoghq/private-action-runner","tag":"v0.1.9-beta"}` | Current Datadog Private Action Runner image | +| common.image | object | `{"repository":"gcr.io/datadoghq/private-action-runner","tag":"v0.1.10-beta"}` | Current Datadog Private Action Runner image | | credentialFiles | list | `[]` | List of credential files to be used by the Datadog Private Action Runner | | runners[0].config | object | `{"actionsAllowlist":[],"ddBaseURL":"https://app.datadoghq.com","modes":["workflowAutomation","appBuilder"],"port":9016,"privateKey":"CHANGE_ME_PRIVATE_KEY_FROM_CONFIG","urn":"CHANGE_ME_URN_FROM_CONFIG"}` | Configuration for the Datadog Private Action Runner | | runners[0].config.actionsAllowlist | list | `[]` | List of actions that the Datadog Private Action Runner is allowed to execute | diff --git a/charts/private-action-runner/README.md.gotmpl b/charts/private-action-runner/README.md.gotmpl index 7d2e219b3..be874474a 100644 --- a/charts/private-action-runner/README.md.gotmpl +++ b/charts/private-action-runner/README.md.gotmpl @@ -1,6 +1,6 @@ # Datadog Private Action Runner -![Version: 0.15.3](https://img.shields.io/badge/Version-0.15.3-informational?style=flat-square) ![AppVersion: v0.1.9-beta](https://img.shields.io/badge/AppVersion-v0.1.6--beta-informational?style=flat-square) +![Version: 0.15.4](https://img.shields.io/badge/Version-0.15.4-informational?style=flat-square) ![AppVersion: v0.1.10-beta](https://img.shields.io/badge/AppVersion-v0.1.6--beta-informational?style=flat-square) This Helm Chart deploys the Datadog Private Action runner inside a Kubernetes cluster. It allows you to use private actions from the Datadog Workflow and Datadog App Builder products. When deploying this chart, you can give permissions to the runner in order to be able to run Kubernetes actions. diff --git a/charts/private-action-runner/values.yaml b/charts/private-action-runner/values.yaml index 0403a983b..5fefaa9cf 100644 --- a/charts/private-action-runner/values.yaml +++ b/charts/private-action-runner/values.yaml @@ -6,7 +6,7 @@ common: # -- Current Datadog Private Action Runner image image: repository: gcr.io/datadoghq/private-action-runner - tag: v0.1.9-beta + tag: v0.1.10-beta runners: # runners[0].name -- Name of the Datadog Private Action Runner diff --git a/test/private-action-runner/__snapshot__/default.yaml b/test/private-action-runner/__snapshot__/default.yaml index 42959b880..a6842ac84 100644 --- a/test/private-action-runner/__snapshot__/default.yaml +++ b/test/private-action-runner/__snapshot__/default.yaml @@ -100,7 +100,7 @@ spec: value: nodeless containers: - name: runner - image: "gcr.io/datadoghq/private-action-runner:v0.1.9-beta" + image: "gcr.io/datadoghq/private-action-runner:v0.1.10-beta" imagePullPolicy: IfNotPresent ports: - name: http diff --git a/test/private-action-runner/__snapshot__/enable-kubernetes-actions.yaml b/test/private-action-runner/__snapshot__/enable-kubernetes-actions.yaml index c94556425..0f68c4cc1 100644 --- a/test/private-action-runner/__snapshot__/enable-kubernetes-actions.yaml +++ b/test/private-action-runner/__snapshot__/enable-kubernetes-actions.yaml @@ -144,7 +144,7 @@ spec: value: nodeless containers: - name: runner - image: "gcr.io/datadoghq/private-action-runner:v0.1.9-beta" + image: "gcr.io/datadoghq/private-action-runner:v0.1.10-beta" imagePullPolicy: IfNotPresent ports: - name: http From c5e55a5253ef6f1d2dd83ea463e8ef2df95d1fa8 Mon Sep 17 00:00:00 2001 From: Mark Spicer Date: Wed, 8 Jan 2025 16:33:05 -0500 Subject: [PATCH 202/209] feat(datadog): allow setting injector version (#1659) Co-authored-by: clamoriniere --- charts/datadog/CHANGELOG.md | 4 ++++ charts/datadog/Chart.yaml | 2 +- charts/datadog/README.md | 3 ++- charts/datadog/templates/cluster-agent-deployment.yaml | 4 ++++ charts/datadog/values.yaml | 5 +++++ 5 files changed, 16 insertions(+), 2 deletions(-) diff --git a/charts/datadog/CHANGELOG.md b/charts/datadog/CHANGELOG.md index 4f321d683..1aa76e322 100644 --- a/charts/datadog/CHANGELOG.md +++ b/charts/datadog/CHANGELOG.md @@ -1,5 +1,9 @@ # Datadog changelog +## 3.87.1 + +* Add the ability to set the image tag to use for the APM Injector. + ## 3.87.0 * Launch `otel-agent` with the `--core-config` switch pointing to the main agent configuration. Note that this affects the OTel Agent beta images, early beta image releases with version tag `<7.59.0-v.1.2.0` will experience issues and should remain on older helm chart versions for their deployments. For regular users not deploying the `otel-agent` beta images, this should be a NOOP. diff --git a/charts/datadog/Chart.yaml b/charts/datadog/Chart.yaml index e498fa421..4551d5fe9 100644 --- a/charts/datadog/Chart.yaml +++ b/charts/datadog/Chart.yaml @@ -1,7 +1,7 @@ --- apiVersion: v1 name: datadog -version: 3.87.0 +version: 3.87.1 appVersion: "7" description: Datadog Agent keywords: diff --git a/charts/datadog/README.md b/charts/datadog/README.md index ed41fc206..c154ed45f 100644 --- a/charts/datadog/README.md +++ b/charts/datadog/README.md @@ -1,6 +1,6 @@ # Datadog -![Version: 3.87.0](https://img.shields.io/badge/Version-3.87.0-informational?style=flat-square) ![AppVersion: 7](https://img.shields.io/badge/AppVersion-7-informational?style=flat-square) +![Version: 3.87.1](https://img.shields.io/badge/Version-3.87.1-informational?style=flat-square) ![AppVersion: 7](https://img.shields.io/badge/AppVersion-7-informational?style=flat-square) [Datadog](https://www.datadoghq.com/) is a hosted infrastructure monitoring platform. This chart adds the Datadog Agent to all nodes in your cluster via a DaemonSet. It also optionally depends on the [kube-state-metrics chart](https://github.com/prometheus-community/helm-charts/tree/main/charts/kube-state-metrics). For more information about monitoring Kubernetes with Datadog, please refer to the [Datadog documentation website](https://docs.datadoghq.com/agent/basic_agent_usage/kubernetes/). @@ -695,6 +695,7 @@ helm install \ | datadog.apm.instrumentation.disabledNamespaces | list | `[]` | Disable injecting the Datadog APM libraries into pods in specific namespaces (beta). | | datadog.apm.instrumentation.enabled | bool | `false` | Enable injecting the Datadog APM libraries into all pods in the cluster (beta). | | datadog.apm.instrumentation.enabledNamespaces | list | `[]` | Enable injecting the Datadog APM libraries into pods in specific namespaces (beta). | +| datadog.apm.instrumentation.injector.imageTag | string | `""` | The image tag to use for the APM Injector (preview). | | datadog.apm.instrumentation.language_detection.enabled | bool | `true` | Run language detection to automatically detect languages of user workloads (beta). | | datadog.apm.instrumentation.libVersions | object | `{}` | Inject specific version of tracing libraries with Single Step Instrumentation (beta). | | datadog.apm.instrumentation.skipKPITelemetry | bool | `false` | Disable generating Configmap for APM Instrumentation KPIs | diff --git a/charts/datadog/templates/cluster-agent-deployment.yaml b/charts/datadog/templates/cluster-agent-deployment.yaml index 36233b62d..08925e9b0 100644 --- a/charts/datadog/templates/cluster-agent-deployment.yaml +++ b/charts/datadog/templates/cluster-agent-deployment.yaml @@ -281,6 +281,10 @@ spec: - name: DD_APM_INSTRUMENTATION_LIB_VERSIONS value: {{ .Values.datadog.apm.instrumentation.libVersions | toJson | quote }} {{- end }} + {{- if .Values.datadog.apm.instrumentation.injector.imageTag }} + - name: DD_APM_INSTRUMENTATION_INJECTOR_IMAGE_TAG + value: {{ .Values.datadog.apm.instrumentation.injector.imageTag | quote }} + {{- end }} {{- if .Values.datadog.asm.threats.enabled }} - name: DD_ADMISSION_CONTROLLER_AUTO_INSTRUMENTATION_APPSEC_ENABLED value: "true" diff --git a/charts/datadog/values.yaml b/charts/datadog/values.yaml index 248f22c0d..3cc942751 100644 --- a/charts/datadog/values.yaml +++ b/charts/datadog/values.yaml @@ -533,6 +533,11 @@ datadog: # datadog.apm.instrumentation.language_detection.enabled -- Run language detection to automatically detect languages of user workloads (beta). enabled: true + # This feature is in preview. It requires Cluster Agent 7.57+. + injector: + # datadog.apm.instrumentation.injector.imageTag -- The image tag to use for the APM Injector (preview). + imageTag: "" + ## Application Security Managment (ASM) configuration ## ## ASM is disabled by default and can be enabled by setting the various `enabled` fields to `true` under the `datadog.asm` section. From 4a45732dcf5131d40bcd4b709370d5d0cbfc9f3b Mon Sep 17 00:00:00 2001 From: levan-m <116471169+levan-m@users.noreply.github.com> Date: Thu, 9 Jan 2025 13:19:46 -0500 Subject: [PATCH 203/209] [datadog-operator] expose CRD-specific watch namespace settings (#1652) --- charts/datadog-operator/CHANGELOG.md | 4 ++ charts/datadog-operator/Chart.yaml | 2 +- charts/datadog-operator/README.md | 8 ++- .../templates/deployment.yaml | 16 ++++++ charts/datadog-operator/values.yaml | 49 +++++++++++++++++++ .../operator_deployment_test.go | 44 +++++++++++++++++ 6 files changed, 120 insertions(+), 3 deletions(-) diff --git a/charts/datadog-operator/CHANGELOG.md b/charts/datadog-operator/CHANGELOG.md index f906c0f5f..a7ed55f0a 100644 --- a/charts/datadog-operator/CHANGELOG.md +++ b/charts/datadog-operator/CHANGELOG.md @@ -1,5 +1,9 @@ # Changelog +## 2.5.1 + +* Expose CRD-specific namespace watch configuration added in Operator 1.8.0 release. + ## 2.5.0 * Update Datadog Operator version to 1.11.1. diff --git a/charts/datadog-operator/Chart.yaml b/charts/datadog-operator/Chart.yaml index 775805d90..23065c712 100644 --- a/charts/datadog-operator/Chart.yaml +++ b/charts/datadog-operator/Chart.yaml @@ -1,6 +1,6 @@ apiVersion: v2 name: datadog-operator -version: 2.5.0 +version: 2.5.1 appVersion: 1.11.1 description: Datadog Operator keywords: diff --git a/charts/datadog-operator/README.md b/charts/datadog-operator/README.md index 3ceba5808..2e67681f0 100644 --- a/charts/datadog-operator/README.md +++ b/charts/datadog-operator/README.md @@ -1,6 +1,6 @@ # Datadog Operator -![Version: 2.5.0](https://img.shields.io/badge/Version-2.5.0-informational?style=flat-square) ![AppVersion: 1.11.1](https://img.shields.io/badge/AppVersion-1.11.1-informational?style=flat-square) +![Version: 2.5.1](https://img.shields.io/badge/Version-2.5.1-informational?style=flat-square) ![AppVersion: 1.11.1](https://img.shields.io/badge/AppVersion-1.11.1-informational?style=flat-square) ## Values @@ -60,7 +60,11 @@ | tolerations | list | `[]` | Allows to schedule Datadog Operator on tainted nodes | | volumeMounts | list | `[]` | Specify additional volumes to mount in the container | | volumes | list | `[]` | Specify additional volumes to mount in the container | -| watchNamespaces | list | `[]` | Restricts the Operator to watch its managed resources on specific namespaces | +| watchNamespaces | list | `[]` | Restricts the Operator to watch its managed resources on specific namespaces unless CRD-specific watchNamespaces properties are set | +| watchNamespacesAgent | list | `[]` | Restricts the Operator to watch DatadogAgent resources on specific namespaces. Requires v1.8.0+ | +| watchNamespacesAgentProfile | list | `[]` | Restricts the Operator to watch DatadogAgentProfile resources on specific namespaces. Requires v1.8.0+ | +| watchNamespacesMonitor | list | `[]` | Restricts the Operator to watch DatadogMonitor resources on specific namespaces. Requires v1.8.0+ | +| watchNamespacesSLO | list | `[]` | Restricts the Operator to watch DatadogSLO resources on specific namespaces. Requires v1.8.0+ | ## How to configure which namespaces are watched by the Operator. diff --git a/charts/datadog-operator/templates/deployment.yaml b/charts/datadog-operator/templates/deployment.yaml index 1bb1b1322..6532eb07c 100644 --- a/charts/datadog-operator/templates/deployment.yaml +++ b/charts/datadog-operator/templates/deployment.yaml @@ -62,6 +62,22 @@ spec: fieldRef: fieldPath: metadata.namespace {{- end }} + {{- if .Values.watchNamespacesAgent }} + - name: DD_AGENT_WATCH_NAMESPACE + value: {{ .Values.watchNamespacesAgent | join "," }} + {{- end }} + {{- if .Values.watchNamespacesMonitor }} + - name: DD_MONITOR_WATCH_NAMESPACE + value: {{ .Values.watchNamespacesMonitor | join "," }} + {{- end }} + {{- if .Values.watchNamespacesSLO }} + - name: DD_SLO_WATCH_NAMESPACE + value: {{ .Values.watchNamespacesSLO | join "," }} + {{- end }} + {{- if .Values.watchNamespacesAgentProfile }} + - name: DD_AGENT_PROFILE_WATCH_NAMESPACE + value: {{ .Values.watchNamespacesAgentProfile | join "," }} + {{- end }} - name: POD_NAME valueFrom: fieldRef: diff --git a/charts/datadog-operator/values.yaml b/charts/datadog-operator/values.yaml index 9881b8687..d2c1be14e 100644 --- a/charts/datadog-operator/values.yaml +++ b/charts/datadog-operator/values.yaml @@ -157,6 +157,7 @@ podLabels: {} collectOperatorMetrics: true # watchNamespaces -- Restricts the Operator to watch its managed resources on specific namespaces +# unless CRD-specific watchNamespaces properties are set watchNamespaces: [] # example: watch only two namespaces: # watchNamespaces: @@ -167,6 +168,54 @@ watchNamespaces: [] # watchNamespaces: # - "" +# watchNamespacesAgent -- Restricts the Operator to watch DatadogAgent resources on specific namespaces. +# Requires v1.8.0+ +watchNamespacesAgent: [] +# example: watch only two namespaces: +# watchNamespacesAgent: +# - "default" +# - "datadog" +# +# to watch all namespaces +# watchNamespacesAgent: +# - "" + +# watchNamespacesMonitor -- Restricts the Operator to watch DatadogMonitor resources on specific namespaces. +# Requires v1.8.0+ +watchNamespacesMonitor: [] +# example: watch only two namespaces: +# watchNamespacesMonitor: +# - "default" +# - "datadog" +# +# to watch all namespaces +# watchNamespacesMonitor: +# - "" + +# watchNamespacesSLO -- Restricts the Operator to watch DatadogSLO resources on specific namespaces. +# Requires v1.8.0+ +watchNamespacesSLO: [] +# example: watch only two namespaces: +# watchNamespacesSLO: +# - "default" +# - "datadog" +# +# to watch all namespaces +# watchNamespacesSLO: +# - "" + +# watchNamespacesAgentProfile -- Restricts the Operator to watch DatadogAgentProfile resources on specific namespaces. +# Requires v1.8.0+ +watchNamespacesAgentProfile: [] +# example: watch only two namespaces: +# watchNamespacesAgentProfile: +# - "default" +# - "datadog" +# +# to watch all namespaces +# watchNamespacesAgentProfile: +# - "" + # containerSecurityContext -- A security context defines privileges and access control settings for a container. containerSecurityContext: {} diff --git a/test/datadog-operator/operator_deployment_test.go b/test/datadog-operator/operator_deployment_test.go index 47184d4ad..9c6ffa94c 100644 --- a/test/datadog-operator/operator_deployment_test.go +++ b/test/datadog-operator/operator_deployment_test.go @@ -84,6 +84,23 @@ func Test_operator_chart(t *testing.T) { assertions: verifyLivenessProbeOverride, skipTest: SkipTest, }, + { + name: "Watch namespaces correctly set", + command: common.HelmCommand{ + ReleaseName: "datadog-operator", + ChartPath: "../../charts/datadog-operator", + ShowOnly: []string{"templates/deployment.yaml"}, + Values: []string{"../../charts/datadog-operator/values.yaml"}, + Overrides: map[string]string{ + "watchNamespaces": "{common1,common2}", + "watchNamespacesAgent": "{dda-ns}", + "watchNamespacesMonitor": "{monitor-ns}", + "watchNamespacesSLO": "{}", + }, + }, + assertions: verifyWatchNamespaces, + skipTest: SkipTest, + }, } for _, tt := range tests { @@ -131,3 +148,30 @@ func verifyLivenessProbeOverride(t *testing.T, manifest string) { assert.Equal(t, int32(20), operatorContainer.LivenessProbe.TimeoutSeconds) assert.Equal(t, int32(3), operatorContainer.LivenessProbe.FailureThreshold) } + +func verifyWatchNamespaces(t *testing.T, manifest string) { + var deployment appsv1.Deployment + common.Unmarshal(t, manifest, &deployment) + assert.Equal(t, 1, len(deployment.Spec.Template.Spec.Containers)) + operatorContainer := deployment.Spec.Template.Spec.Containers[0] + watchNsEnv := FindEnvVarByName(operatorContainer.Env, "WATCH_NAMESPACE") + agentNsEnv := FindEnvVarByName(operatorContainer.Env, "DD_AGENT_WATCH_NAMESPACE") + monitorNsEnv := FindEnvVarByName(operatorContainer.Env, "DD_MONITOR_WATCH_NAMESPACE") + sloNsEnv := FindEnvVarByName(operatorContainer.Env, "DD_SLO_WATCH_NAMESPACE") + dapNsEnv := FindEnvVarByName(operatorContainer.Env, "DD_AGENT_PROFILE_WATCH_NAMESPACE") + + assert.Equal(t, "common1,common2", watchNsEnv.Value) + assert.Equal(t, "dda-ns", agentNsEnv.Value) + assert.Equal(t, "monitor-ns", monitorNsEnv.Value) + assert.Equal(t, "", sloNsEnv.Value) + assert.Nil(t, dapNsEnv) +} + +func FindEnvVarByName(envs []v1.EnvVar, name string) *v1.EnvVar { + for i, env := range envs { + if env.Name == name { + return &envs[i] + } + } + return nil +} From 788d28d504b08ca7d2db040c0e3f97e5ea323852 Mon Sep 17 00:00:00 2001 From: Vincent Whitchurch Date: Fri, 10 Jan 2025 11:02:01 +0100 Subject: [PATCH 204/209] Add host cgroup mount to system-probe (#1665) Co-authored-by: tbavelier <97530782+tbavelier@users.noreply.github.com> --- charts/datadog/CHANGELOG.md | 4 ++++ charts/datadog/Chart.yaml | 2 +- charts/datadog/README.md | 2 +- charts/datadog/templates/_container-system-probe.yaml | 6 ++++++ 4 files changed, 12 insertions(+), 2 deletions(-) diff --git a/charts/datadog/CHANGELOG.md b/charts/datadog/CHANGELOG.md index 1aa76e322..0f26e52f6 100644 --- a/charts/datadog/CHANGELOG.md +++ b/charts/datadog/CHANGELOG.md @@ -1,5 +1,9 @@ # Datadog changelog +## 3.87.2 + +* Add cgroups mount in system-probe for USM, NPM and Service Discovery matching the datadog-operator. + ## 3.87.1 * Add the ability to set the image tag to use for the APM Injector. diff --git a/charts/datadog/Chart.yaml b/charts/datadog/Chart.yaml index 4551d5fe9..d3be3547d 100644 --- a/charts/datadog/Chart.yaml +++ b/charts/datadog/Chart.yaml @@ -1,7 +1,7 @@ --- apiVersion: v1 name: datadog -version: 3.87.1 +version: 3.87.2 appVersion: "7" description: Datadog Agent keywords: diff --git a/charts/datadog/README.md b/charts/datadog/README.md index c154ed45f..29a39ff83 100644 --- a/charts/datadog/README.md +++ b/charts/datadog/README.md @@ -1,6 +1,6 @@ # Datadog -![Version: 3.87.1](https://img.shields.io/badge/Version-3.87.1-informational?style=flat-square) ![AppVersion: 7](https://img.shields.io/badge/AppVersion-7-informational?style=flat-square) +![Version: 3.87.2](https://img.shields.io/badge/Version-3.87.2-informational?style=flat-square) ![AppVersion: 7](https://img.shields.io/badge/AppVersion-7-informational?style=flat-square) [Datadog](https://www.datadoghq.com/) is a hosted infrastructure monitoring platform. This chart adds the Datadog Agent to all nodes in your cluster via a DaemonSet. It also optionally depends on the [kube-state-metrics chart](https://github.com/prometheus-community/helm-charts/tree/main/charts/kube-state-metrics). For more information about monitoring Kubernetes with Datadog, please refer to the [Datadog documentation website](https://docs.datadoghq.com/agent/basic_agent_usage/kubernetes/). diff --git a/charts/datadog/templates/_container-system-probe.yaml b/charts/datadog/templates/_container-system-probe.yaml index d3935459e..6e3127392 100644 --- a/charts/datadog/templates/_container-system-probe.yaml +++ b/charts/datadog/templates/_container-system-probe.yaml @@ -70,6 +70,12 @@ mountPath: /host/proc mountPropagation: {{ .Values.datadog.hostVolumeMountPropagation }} readOnly: true +{{- if or .Values.datadog.serviceMonitoring.enabled .Values.datadog.networkMonitoring.enabled .Values.datadog.discovery.enabled }} + - name: cgroups + mountPath: /host/sys/fs/cgroup + mountPropagation: {{ .Values.datadog.hostVolumeMountPropagation }} + readOnly: true +{{- end }} {{- include "linux-container-host-release-volumemounts" . | nindent 4 }} {{- if (eq (include "should-add-host-path-for-os-release-paths" .) "true") }} {{- if ne .Values.datadog.osReleasePath "/etc/redhat-release" }} From 8c52de9aa7375c0998490ae212038bdf73caf2f6 Mon Sep 17 00:00:00 2001 From: Jennifer Chen <32009013+jennchenn@users.noreply.github.com> Date: Tue, 14 Jan 2025 10:36:20 -0500 Subject: [PATCH 205/209] [datadog] Update agents to version 7.61.0 (#1667) * Bump agent/cluster agent version 7.61.0 * Run update test baselines --- charts/datadog/CHANGELOG.md | 4 + charts/datadog/Chart.yaml | 2 +- charts/datadog/README.md | 8 +- charts/datadog/values.yaml | 6 +- .../baseline/Operator_Deployment_default.yaml | 2 +- ...gent-clusterchecks-deployment_default.yaml | 12 +- .../cluster-agent-deployment_default.yaml | 24 +- ...loyment_default_advanced_AC_injection.yaml | 24 +- ...ployment_default_minimal_AC_injection.yaml | 26 +- test/datadog/baseline/daemonset_default.yaml | 115 +-------- .../baseline/gdc_daemonset_default.yaml | 12 +- .../gdc_daemonset_logs_collection.yaml | 12 +- test/datadog/baseline/other_default.yaml | 223 ++++++------------ 13 files changed, 168 insertions(+), 302 deletions(-) diff --git a/charts/datadog/CHANGELOG.md b/charts/datadog/CHANGELOG.md index 0f26e52f6..61c6024e5 100644 --- a/charts/datadog/CHANGELOG.md +++ b/charts/datadog/CHANGELOG.md @@ -1,5 +1,9 @@ # Datadog changelog +## 3.88.0 + +* Set default `Agent` and `Cluster-Agent` version to `7.61.0`. + ## 3.87.2 * Add cgroups mount in system-probe for USM, NPM and Service Discovery matching the datadog-operator. diff --git a/charts/datadog/Chart.yaml b/charts/datadog/Chart.yaml index d3be3547d..63952f8db 100644 --- a/charts/datadog/Chart.yaml +++ b/charts/datadog/Chart.yaml @@ -1,7 +1,7 @@ --- apiVersion: v1 name: datadog -version: 3.87.2 +version: 3.88.0 appVersion: "7" description: Datadog Agent keywords: diff --git a/charts/datadog/README.md b/charts/datadog/README.md index 29a39ff83..b2cefd2fc 100644 --- a/charts/datadog/README.md +++ b/charts/datadog/README.md @@ -1,6 +1,6 @@ # Datadog -![Version: 3.87.2](https://img.shields.io/badge/Version-3.87.2-informational?style=flat-square) ![AppVersion: 7](https://img.shields.io/badge/AppVersion-7-informational?style=flat-square) +![Version: 3.88.0](https://img.shields.io/badge/Version-3.88.0-informational?style=flat-square) ![AppVersion: 7](https://img.shields.io/badge/AppVersion-7-informational?style=flat-square) [Datadog](https://www.datadoghq.com/) is a hosted infrastructure monitoring platform. This chart adds the Datadog Agent to all nodes in your cluster via a DaemonSet. It also optionally depends on the [kube-state-metrics chart](https://github.com/prometheus-community/helm-charts/tree/main/charts/kube-state-metrics). For more information about monitoring Kubernetes with Datadog, please refer to the [Datadog documentation website](https://docs.datadoghq.com/agent/basic_agent_usage/kubernetes/). @@ -525,7 +525,7 @@ helm install \ | agents.image.pullPolicy | string | `"IfNotPresent"` | Datadog Agent image pull policy | | agents.image.pullSecrets | list | `[]` | Datadog Agent repository pullSecret (ex: specify docker registry credentials) | | agents.image.repository | string | `nil` | Override default registry + image.name for Agent | -| agents.image.tag | string | `"7.59.0"` | Define the Agent version to use | +| agents.image.tag | string | `"7.61.0"` | Define the Agent version to use | | agents.image.tagSuffix | string | `""` | Suffix to append to Agent tag | | agents.localService.forceLocalServiceEnabled | bool | `false` | Force the creation of the internal traffic policy service to target the agent running on the local node. By default, the internal traffic service is created only on Kubernetes 1.22+ where the feature became beta and enabled by default. This option allows to force the creation of the internal traffic service on kubernetes 1.21 where the feature was alpha and required a feature gate to be explicitly enabled. | | agents.localService.overrideName | string | `""` | Name of the internal traffic service to target the agent running on the local node | @@ -607,7 +607,7 @@ helm install \ | clusterAgent.image.pullPolicy | string | `"IfNotPresent"` | Cluster Agent image pullPolicy | | clusterAgent.image.pullSecrets | list | `[]` | Cluster Agent repository pullSecret (ex: specify docker registry credentials) | | clusterAgent.image.repository | string | `nil` | Override default registry + image.name for Cluster Agent | -| clusterAgent.image.tag | string | `"7.59.0"` | Cluster Agent image tag to use | +| clusterAgent.image.tag | string | `"7.61.0"` | Cluster Agent image tag to use | | clusterAgent.livenessProbe | object | Every 15s / 6 KO / 1 OK | Override default Cluster Agent liveness probe settings | | clusterAgent.metricsProvider.aggregator | string | `"avg"` | Define the aggregator the cluster agent will use to process the metrics. The options are (avg, min, max, sum) | | clusterAgent.metricsProvider.createReaderRbac | bool | `true` | Create `external-metrics-reader` RBAC automatically (to allow HPA to read data from Cluster Agent) | @@ -661,7 +661,7 @@ helm install \ | clusterChecksRunner.image.pullPolicy | string | `"IfNotPresent"` | Datadog Agent image pull policy | | clusterChecksRunner.image.pullSecrets | list | `[]` | Datadog Agent repository pullSecret (ex: specify docker registry credentials) | | clusterChecksRunner.image.repository | string | `nil` | Override default registry + image.name for Cluster Check Runners | -| clusterChecksRunner.image.tag | string | `"7.59.0"` | Define the Agent version to use | +| clusterChecksRunner.image.tag | string | `"7.61.0"` | Define the Agent version to use | | clusterChecksRunner.image.tagSuffix | string | `""` | Suffix to append to Agent tag | | clusterChecksRunner.livenessProbe | object | Every 15s / 6 KO / 1 OK | Override default agent liveness probe settings | | clusterChecksRunner.networkPolicy.create | bool | `false` | If true, create a NetworkPolicy for the cluster checks runners. DEPRECATED. Use datadog.networkPolicy.create instead | diff --git a/charts/datadog/values.yaml b/charts/datadog/values.yaml index 3cc942751..c42ff51cd 100644 --- a/charts/datadog/values.yaml +++ b/charts/datadog/values.yaml @@ -1029,7 +1029,7 @@ clusterAgent: name: cluster-agent # clusterAgent.image.tag -- Cluster Agent image tag to use - tag: 7.59.0 + tag: 7.61.0 # clusterAgent.image.digest -- Cluster Agent image digest to use, takes precedence over tag if specified digest: "" @@ -1545,7 +1545,7 @@ agents: name: agent # agents.image.tag -- Define the Agent version to use - tag: 7.59.0 + tag: 7.61.0 # agents.image.digest -- Define Agent image digest to use, takes precedence over tag if specified digest: "" @@ -2051,7 +2051,7 @@ clusterChecksRunner: name: agent # clusterChecksRunner.image.tag -- Define the Agent version to use - tag: 7.59.0 + tag: 7.61.0 # clusterChecksRunner.image.digest -- Define Agent image digest to use, takes precedence over tag if specified digest: "" diff --git a/test/datadog-operator/baseline/Operator_Deployment_default.yaml b/test/datadog-operator/baseline/Operator_Deployment_default.yaml index 882c74159..a1e2c5a8e 100644 --- a/test/datadog-operator/baseline/Operator_Deployment_default.yaml +++ b/test/datadog-operator/baseline/Operator_Deployment_default.yaml @@ -7,7 +7,7 @@ metadata: namespace: datadog-agent labels: app.kubernetes.io/name: datadog-operator - helm.sh/chart: datadog-operator-2.5.0 + helm.sh/chart: datadog-operator-2.5.1 app.kubernetes.io/instance: datadog-operator app.kubernetes.io/version: "1.11.1" app.kubernetes.io/managed-by: Helm diff --git a/test/datadog/baseline/agent-clusterchecks-deployment_default.yaml b/test/datadog/baseline/agent-clusterchecks-deployment_default.yaml index f0d675e83..d14249794 100644 --- a/test/datadog/baseline/agent-clusterchecks-deployment_default.yaml +++ b/test/datadog/baseline/agent-clusterchecks-deployment_default.yaml @@ -6,7 +6,7 @@ metadata: name: datadog-clusterchecks namespace: datadog-agent labels: - helm.sh/chart: 'datadog-3.79.0' + helm.sh/chart: 'datadog-3.88.0' app.kubernetes.io/name: "datadog" app.kubernetes.io/instance: "datadog" app.kubernetes.io/managed-by: Helm @@ -36,8 +36,8 @@ spec: name: datadog-clusterchecks annotations: - checksum/clusteragent_token: 7252ac95e9b7a2be76a893f29be97ba3ddfa93e988f208d18a1e4e410b6b9b7a - checksum/install_info: 113a50d660d16d7edc1f9242b70b5dde0f3f6f12ce82ce794a8dc01e2863e6a5 + checksum/clusteragent_token: 37a2772ca63263767c6e7068e0045e49adbc15740749bda902e911cd80f1b43a + checksum/install_info: c4085619f73a106a92bfd597fcc33dc3860f5a5e984bf75fc16adcda43b15f70 spec: serviceAccountName: datadog-cluster-checks automountServiceAccountToken: true @@ -45,7 +45,7 @@ spec: [] initContainers: - name: init-volume - image: "gcr.io/datadoghq/agent:7.59.0" + image: "gcr.io/datadoghq/agent:7.61.0" imagePullPolicy: IfNotPresent command: ["bash", "-c"] args: @@ -57,7 +57,7 @@ spec: resources: {} - name: init-config - image: "gcr.io/datadoghq/agent:7.59.0" + image: "gcr.io/datadoghq/agent:7.61.0" imagePullPolicy: IfNotPresent command: ["bash", "-c"] args: @@ -70,7 +70,7 @@ spec: {} containers: - name: agent - image: "gcr.io/datadoghq/agent:7.59.0" + image: "gcr.io/datadoghq/agent:7.61.0" command: ["bash", "-c"] args: - find /etc/datadog-agent/conf.d/ -name "*.yaml.default" -type f -delete && touch /etc/datadog-agent/datadog.yaml && exec agent run diff --git a/test/datadog/baseline/cluster-agent-deployment_default.yaml b/test/datadog/baseline/cluster-agent-deployment_default.yaml index 20f97b46b..54b4028fb 100644 --- a/test/datadog/baseline/cluster-agent-deployment_default.yaml +++ b/test/datadog/baseline/cluster-agent-deployment_default.yaml @@ -6,7 +6,7 @@ metadata: name: datadog-cluster-agent namespace: datadog-agent labels: - helm.sh/chart: 'datadog-3.79.0' + helm.sh/chart: 'datadog-3.88.0' app.kubernetes.io/name: "datadog" app.kubernetes.io/instance: "datadog" app.kubernetes.io/managed-by: Helm @@ -36,17 +36,17 @@ spec: name: datadog-cluster-agent annotations: - checksum/clusteragent_token: 789eaddd8ebf97ad196c8ccbad93bdfa98bebad0d60672807686f6587b30fe99 - checksum/clusteragent-configmap: f7ddc12f1f727af3c450b5b1fc979f56419ae0902320da72a4077d5a3e899f8d - checksum/api_key: 16b334660f377f7344c3de471b1b9c142c4ff1a49cf6dbf2acbc92d4b2979115 + checksum/clusteragent_token: 406b54942cb117c07edbdf779143465270e695ae181ac7cb1510d7f51938bcba + checksum/clusteragent-configmap: 57883159e63d717c5682a2f7f362dc07a0ded67378a893d77f99fa5d429b4a8a + checksum/api_key: 08203c81db295de2f7423eec8a95130b34c45870d3d63f36ce185a82b5c8f05b checksum/application_key: 01ba4719c80b6fe911b091a7c05124b64eeece964e09c058ef8f9805daca546b - checksum/install_info: 113a50d660d16d7edc1f9242b70b5dde0f3f6f12ce82ce794a8dc01e2863e6a5 + checksum/install_info: c4085619f73a106a92bfd597fcc33dc3860f5a5e984bf75fc16adcda43b15f70 spec: serviceAccountName: datadog-cluster-agent automountServiceAccountToken: true initContainers: - name: init-volume - image: "gcr.io/datadoghq/cluster-agent:7.59.0" + image: "gcr.io/datadoghq/cluster-agent:7.61.0" imagePullPolicy: IfNotPresent command: - cp @@ -59,7 +59,7 @@ spec: mountPath: /opt/datadog-agent containers: - name: cluster-agent - image: "gcr.io/datadoghq/cluster-agent:7.59.0" + image: "gcr.io/datadoghq/cluster-agent:7.61.0" imagePullPolicy: IfNotPresent resources: {} @@ -78,6 +78,10 @@ spec: valueFrom: fieldRef: fieldPath: metadata.name + - name: DD_CLUSTER_AGENT_SERVICE_ACCOUNT_NAME + valueFrom: + fieldRef: + fieldPath: spec.serviceAccountName - name: DD_HEALTH_PORT value: "5556" - name: DD_API_KEY @@ -95,6 +99,10 @@ spec: value: "false" - name: DD_ADMISSION_CONTROLLER_ENABLED value: "true" + - name: DD_ADMISSION_CONTROLLER_VALIDATION_ENABLED + value: "true" + - name: DD_ADMISSION_CONTROLLER_MUTATION_ENABLED + value: "true" - name: DD_ADMISSION_CONTROLLER_WEBHOOK_NAME value: "datadog-webhook" - name: DD_ADMISSION_CONTROLLER_MUTATE_UNLABELLED @@ -133,6 +141,8 @@ spec: value: datadogtoken - name: DD_COLLECT_KUBERNETES_EVENTS value: "true" + - name: DD_KUBERNETES_USE_ENDPOINT_SLICES + value: "false" - name: DD_KUBERNETES_EVENTS_SOURCE_DETECTION_ENABLED value: "false" - name: DD_CLUSTER_AGENT_KUBERNETES_SERVICE_NAME diff --git a/test/datadog/baseline/cluster-agent-deployment_default_advanced_AC_injection.yaml b/test/datadog/baseline/cluster-agent-deployment_default_advanced_AC_injection.yaml index 567fca801..e16a33377 100644 --- a/test/datadog/baseline/cluster-agent-deployment_default_advanced_AC_injection.yaml +++ b/test/datadog/baseline/cluster-agent-deployment_default_advanced_AC_injection.yaml @@ -6,7 +6,7 @@ metadata: name: datadog-cluster-agent namespace: datadog-agent labels: - helm.sh/chart: 'datadog-3.79.0' + helm.sh/chart: 'datadog-3.88.0' app.kubernetes.io/name: "datadog" app.kubernetes.io/instance: "datadog" app.kubernetes.io/managed-by: Helm @@ -36,17 +36,17 @@ spec: name: datadog-cluster-agent annotations: - checksum/clusteragent_token: e3466aa95772fd657b731896232e59a2386ac6c1a38b0ab18cbdeb09156544e8 - checksum/clusteragent-configmap: f7ddc12f1f727af3c450b5b1fc979f56419ae0902320da72a4077d5a3e899f8d - checksum/api_key: 16b334660f377f7344c3de471b1b9c142c4ff1a49cf6dbf2acbc92d4b2979115 + checksum/clusteragent_token: 795ee1c256c20770693733bfa713d5614c1eea95d15e8141b6fa8a4894f81557 + checksum/clusteragent-configmap: 57883159e63d717c5682a2f7f362dc07a0ded67378a893d77f99fa5d429b4a8a + checksum/api_key: 08203c81db295de2f7423eec8a95130b34c45870d3d63f36ce185a82b5c8f05b checksum/application_key: 01ba4719c80b6fe911b091a7c05124b64eeece964e09c058ef8f9805daca546b - checksum/install_info: 113a50d660d16d7edc1f9242b70b5dde0f3f6f12ce82ce794a8dc01e2863e6a5 + checksum/install_info: c4085619f73a106a92bfd597fcc33dc3860f5a5e984bf75fc16adcda43b15f70 spec: serviceAccountName: datadog-cluster-agent automountServiceAccountToken: true initContainers: - name: init-volume - image: "gcr.io/datadoghq/cluster-agent:7.59.0" + image: "gcr.io/datadoghq/cluster-agent:7.61.0" imagePullPolicy: IfNotPresent command: - cp @@ -59,7 +59,7 @@ spec: mountPath: /opt/datadog-agent containers: - name: cluster-agent - image: "gcr.io/datadoghq/cluster-agent:7.59.0" + image: "gcr.io/datadoghq/cluster-agent:7.61.0" imagePullPolicy: IfNotPresent resources: {} @@ -78,6 +78,10 @@ spec: valueFrom: fieldRef: fieldPath: metadata.name + - name: DD_CLUSTER_AGENT_SERVICE_ACCOUNT_NAME + valueFrom: + fieldRef: + fieldPath: spec.serviceAccountName - name: DD_HEALTH_PORT value: "5556" - name: DD_API_KEY @@ -95,6 +99,10 @@ spec: value: "false" - name: DD_ADMISSION_CONTROLLER_ENABLED value: "true" + - name: DD_ADMISSION_CONTROLLER_VALIDATION_ENABLED + value: "true" + - name: DD_ADMISSION_CONTROLLER_MUTATION_ENABLED + value: "true" - name: DD_ADMISSION_CONTROLLER_WEBHOOK_NAME value: "datadog-webhook" - name: DD_ADMISSION_CONTROLLER_MUTATE_UNLABELLED @@ -147,6 +155,8 @@ spec: value: datadogtoken - name: DD_COLLECT_KUBERNETES_EVENTS value: "true" + - name: DD_KUBERNETES_USE_ENDPOINT_SLICES + value: "false" - name: DD_KUBERNETES_EVENTS_SOURCE_DETECTION_ENABLED value: "false" - name: DD_CLUSTER_AGENT_KUBERNETES_SERVICE_NAME diff --git a/test/datadog/baseline/cluster-agent-deployment_default_minimal_AC_injection.yaml b/test/datadog/baseline/cluster-agent-deployment_default_minimal_AC_injection.yaml index 6421f7579..90137e113 100644 --- a/test/datadog/baseline/cluster-agent-deployment_default_minimal_AC_injection.yaml +++ b/test/datadog/baseline/cluster-agent-deployment_default_minimal_AC_injection.yaml @@ -6,7 +6,7 @@ metadata: name: datadog-cluster-agent namespace: datadog-agent labels: - helm.sh/chart: 'datadog-3.79.0' + helm.sh/chart: 'datadog-3.88.0' app.kubernetes.io/name: "datadog" app.kubernetes.io/instance: "datadog" app.kubernetes.io/managed-by: Helm @@ -36,17 +36,17 @@ spec: name: datadog-cluster-agent annotations: - checksum/clusteragent_token: 153bf4c7a1851a4a2b03bcb46a026255dda1d786c6a5b95827e5364391602e55 - checksum/clusteragent-configmap: f7ddc12f1f727af3c450b5b1fc979f56419ae0902320da72a4077d5a3e899f8d - checksum/api_key: 16b334660f377f7344c3de471b1b9c142c4ff1a49cf6dbf2acbc92d4b2979115 + checksum/clusteragent_token: 4a9ef7efc38cb1ca3eebf80fe91e7447283866158f242d3e1f6f4fcde674bf0e + checksum/clusteragent-configmap: 57883159e63d717c5682a2f7f362dc07a0ded67378a893d77f99fa5d429b4a8a + checksum/api_key: 08203c81db295de2f7423eec8a95130b34c45870d3d63f36ce185a82b5c8f05b checksum/application_key: 01ba4719c80b6fe911b091a7c05124b64eeece964e09c058ef8f9805daca546b - checksum/install_info: 113a50d660d16d7edc1f9242b70b5dde0f3f6f12ce82ce794a8dc01e2863e6a5 + checksum/install_info: c4085619f73a106a92bfd597fcc33dc3860f5a5e984bf75fc16adcda43b15f70 spec: serviceAccountName: datadog-cluster-agent automountServiceAccountToken: true initContainers: - name: init-volume - image: "gcr.io/datadoghq/cluster-agent:7.59.0" + image: "gcr.io/datadoghq/cluster-agent:7.61.0" imagePullPolicy: IfNotPresent command: - cp @@ -59,7 +59,7 @@ spec: mountPath: /opt/datadog-agent containers: - name: cluster-agent - image: "gcr.io/datadoghq/cluster-agent:7.59.0" + image: "gcr.io/datadoghq/cluster-agent:7.61.0" imagePullPolicy: IfNotPresent resources: {} @@ -78,6 +78,10 @@ spec: valueFrom: fieldRef: fieldPath: metadata.name + - name: DD_CLUSTER_AGENT_SERVICE_ACCOUNT_NAME + valueFrom: + fieldRef: + fieldPath: spec.serviceAccountName - name: DD_HEALTH_PORT value: "5556" - name: DD_API_KEY @@ -95,6 +99,10 @@ spec: value: "false" - name: DD_ADMISSION_CONTROLLER_ENABLED value: "true" + - name: DD_ADMISSION_CONTROLLER_VALIDATION_ENABLED + value: "true" + - name: DD_ADMISSION_CONTROLLER_MUTATION_ENABLED + value: "true" - name: DD_ADMISSION_CONTROLLER_WEBHOOK_NAME value: "datadog-webhook" - name: DD_ADMISSION_CONTROLLER_MUTATE_UNLABELLED @@ -122,7 +130,7 @@ spec: - name: DD_ADMISSION_CONTROLLER_AGENT_SIDECAR_IMAGE_NAME value: agent - name: DD_ADMISSION_CONTROLLER_AGENT_SIDECAR_IMAGE_TAG - value: 7.59.0 + value: 7.61.0 - name: DD_REMOTE_CONFIGURATION_ENABLED value: "false" - name: DD_CLUSTER_CHECKS_ENABLED @@ -143,6 +151,8 @@ spec: value: datadogtoken - name: DD_COLLECT_KUBERNETES_EVENTS value: "true" + - name: DD_KUBERNETES_USE_ENDPOINT_SLICES + value: "false" - name: DD_KUBERNETES_EVENTS_SOURCE_DETECTION_ENABLED value: "false" - name: DD_CLUSTER_AGENT_KUBERNETES_SERVICE_NAME diff --git a/test/datadog/baseline/daemonset_default.yaml b/test/datadog/baseline/daemonset_default.yaml index 15abb4696..b664d3644 100644 --- a/test/datadog/baseline/daemonset_default.yaml +++ b/test/datadog/baseline/daemonset_default.yaml @@ -6,7 +6,7 @@ metadata: name: datadog namespace: datadog-agent labels: - helm.sh/chart: 'datadog-3.79.0' + helm.sh/chart: 'datadog-3.88.0' app.kubernetes.io/name: "datadog" app.kubernetes.io/instance: "datadog" app.kubernetes.io/managed-by: Helm @@ -30,8 +30,8 @@ spec: name: datadog annotations: - checksum/clusteragent_token: 36d1e9094d3cb200659405983a1c3aa58982bd20ea30a71974a01965e0df5ddf - checksum/install_info: 113a50d660d16d7edc1f9242b70b5dde0f3f6f12ce82ce794a8dc01e2863e6a5 + checksum/clusteragent_token: c456fcb1ef3669e17f99562f9daff2c69a0b63a382b597db38525e2169dff3da + checksum/install_info: c4085619f73a106a92bfd597fcc33dc3860f5a5e984bf75fc16adcda43b15f70 checksum/autoconf-config: 74234e98afe7498fb5daf1f36ac2d78acc339464f950703b8c019892f982b90b checksum/confd-config: 44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a checksum/checksd-config: 44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a @@ -42,7 +42,7 @@ spec: hostPID: true containers: - name: agent - image: "gcr.io/datadoghq/agent:7.59.0" + image: "gcr.io/datadoghq/agent:7.61.0" imagePullPolicy: IfNotPresent command: ["agent", "run"] @@ -87,7 +87,7 @@ spec: - name: DD_STRIP_PROCESS_ARGS value: "false" - name: DD_PROCESS_CONFIG_RUN_IN_CORE_AGENT_ENABLED - value: "false" + value: "true" - name: DD_LOG_LEVEL value: "INFO" - name: DD_DOGSTATSD_PORT @@ -173,6 +173,9 @@ spec: mountPath: /host/sys/fs/cgroup mountPropagation: None readOnly: true + - name: passwd + mountPath: /etc/passwd + readOnly: true livenessProbe: failureThreshold: 6 httpGet: @@ -204,7 +207,7 @@ spec: successThreshold: 1 timeoutSeconds: 5 - name: trace-agent - image: "gcr.io/datadoghq/agent:7.59.0" + image: "gcr.io/datadoghq/agent:7.61.0" imagePullPolicy: IfNotPresent command: ["trace-agent", "-config=/etc/datadog-agent/datadog.yaml"] resources: @@ -310,105 +313,9 @@ spec: tcpSocket: port: 8126 timeoutSeconds: 5 - - name: process-agent - image: "gcr.io/datadoghq/agent:7.59.0" - imagePullPolicy: IfNotPresent - command: ["process-agent", "--cfgpath=/etc/datadog-agent/datadog.yaml"] - resources: - {} - env: - - name: DD_API_KEY - valueFrom: - secretKeyRef: - name: "datadog-secret" - key: api-key - - name: DD_REMOTE_CONFIGURATION_ENABLED - value: "true" - - name: DD_AUTH_TOKEN_FILE_PATH - value: /etc/datadog-agent/auth/token - - - name: KUBERNETES - value: "yes" - - name: DD_LANGUAGE_DETECTION_ENABLED - value: "false" - - name: DD_LANGUAGE_DETECTION_REPORTING_ENABLED - value: "false" - - name: DD_KUBERNETES_KUBELET_HOST - valueFrom: - fieldRef: - fieldPath: status.hostIP - - name: DD_OTLP_CONFIG_LOGS_ENABLED - value: "false" - - - name: DD_CLUSTER_AGENT_ENABLED - value: "true" - - name: DD_CLUSTER_AGENT_KUBERNETES_SERVICE_NAME - value: datadog-cluster-agent - - name: DD_CLUSTER_AGENT_AUTH_TOKEN - valueFrom: - secretKeyRef: - name: datadog-cluster-agent - key: token - - - - name: DD_PROCESS_CONFIG_PROCESS_COLLECTION_ENABLED - value: "false" - - name: DD_PROCESS_CONFIG_CONTAINER_COLLECTION_ENABLED - value: "true" - - name: DD_PROCESS_AGENT_DISCOVERY_ENABLED - value: "true" - - name: DD_STRIP_PROCESS_ARGS - value: "false" - - name: DD_PROCESS_CONFIG_RUN_IN_CORE_AGENT_ENABLED - value: "false" - - name: DD_LOG_LEVEL - value: "INFO" - - name: DD_SYSTEM_PROBE_ENABLED - value: "false" - - name: DD_DOGSTATSD_SOCKET - value: "/var/run/datadog/dsd.socket" - - name: DD_ORCHESTRATOR_EXPLORER_ENABLED - value: "true" - volumeMounts: - - name: config - mountPath: /etc/datadog-agent - readOnly: true - - name: logdatadog - mountPath: /var/log/datadog - readOnly: false # Need RW to write logs - - name: auth-token - mountPath: /etc/datadog-agent/auth - readOnly: true - - name: dsdsocket - mountPath: /var/run/datadog - readOnly: false # Need RW for UDS DSD socket - - name: tmpdir - mountPath: /tmp - readOnly: false # Need RW to write to tmp directory - - - name: os-release-file - mountPath: /host/etc/os-release - readOnly: true - - - name: runtimesocketdir - mountPath: /host/var/run - mountPropagation: None - readOnly: true - - - name: cgroups - mountPath: /host/sys/fs/cgroup - mountPropagation: None - readOnly: true - - name: passwd - mountPath: /etc/passwd - readOnly: true - - name: procdir - mountPath: /host/proc - mountPropagation: None - readOnly: true initContainers: - name: init-volume - image: "gcr.io/datadoghq/agent:7.59.0" + image: "gcr.io/datadoghq/agent:7.61.0" imagePullPolicy: IfNotPresent command: ["bash", "-c"] args: @@ -420,7 +327,7 @@ spec: resources: {} - name: init-config - image: "gcr.io/datadoghq/agent:7.59.0" + image: "gcr.io/datadoghq/agent:7.61.0" imagePullPolicy: IfNotPresent command: - bash diff --git a/test/datadog/baseline/gdc_daemonset_default.yaml b/test/datadog/baseline/gdc_daemonset_default.yaml index 829e5c79f..c8612e188 100644 --- a/test/datadog/baseline/gdc_daemonset_default.yaml +++ b/test/datadog/baseline/gdc_daemonset_default.yaml @@ -6,7 +6,7 @@ metadata: name: datadog namespace: datadog-agent labels: - helm.sh/chart: 'datadog-3.79.0' + helm.sh/chart: 'datadog-3.88.0' app.kubernetes.io/name: "datadog" app.kubernetes.io/instance: "datadog" app.kubernetes.io/managed-by: Helm @@ -30,8 +30,8 @@ spec: env.datadoghq.com/kind: gke-gdc name: datadog annotations: - checksum/clusteragent_token: ac6f3df32a82b47f1cec6be0a9dce0cc1978c1f64fd5b75177734090bacf54da - checksum/install_info: 113a50d660d16d7edc1f9242b70b5dde0f3f6f12ce82ce794a8dc01e2863e6a5 + checksum/clusteragent_token: bea41cde459ee76a26104fde88acde58e9cddfd64e19dde2f473bd471617a9bf + checksum/install_info: c4085619f73a106a92bfd597fcc33dc3860f5a5e984bf75fc16adcda43b15f70 checksum/autoconf-config: 74234e98afe7498fb5daf1f36ac2d78acc339464f950703b8c019892f982b90b checksum/confd-config: 44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a checksum/checksd-config: 44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a @@ -41,7 +41,7 @@ spec: runAsUser: 0 containers: - name: agent - image: "gcr.io/datadoghq/agent:7.59.0" + image: "gcr.io/datadoghq/agent:7.61.0" imagePullPolicy: IfNotPresent command: ["agent", "run"] @@ -188,7 +188,7 @@ spec: timeoutSeconds: 5 initContainers: - name: init-volume - image: "gcr.io/datadoghq/agent:7.59.0" + image: "gcr.io/datadoghq/agent:7.61.0" imagePullPolicy: IfNotPresent command: ["bash", "-c"] args: @@ -200,7 +200,7 @@ spec: resources: {} - name: init-config - image: "gcr.io/datadoghq/agent:7.59.0" + image: "gcr.io/datadoghq/agent:7.61.0" imagePullPolicy: IfNotPresent command: - bash diff --git a/test/datadog/baseline/gdc_daemonset_logs_collection.yaml b/test/datadog/baseline/gdc_daemonset_logs_collection.yaml index 46d33c986..1a809c125 100644 --- a/test/datadog/baseline/gdc_daemonset_logs_collection.yaml +++ b/test/datadog/baseline/gdc_daemonset_logs_collection.yaml @@ -6,7 +6,7 @@ metadata: name: datadog namespace: datadog-agent labels: - helm.sh/chart: 'datadog-3.79.0' + helm.sh/chart: 'datadog-3.88.0' app.kubernetes.io/name: "datadog" app.kubernetes.io/instance: "datadog" app.kubernetes.io/managed-by: Helm @@ -30,8 +30,8 @@ spec: env.datadoghq.com/kind: gke-gdc name: datadog annotations: - checksum/clusteragent_token: 009553ab18468f5e3c937f34ded921a712214a78b4cbd82f8233e4512e20390d - checksum/install_info: 113a50d660d16d7edc1f9242b70b5dde0f3f6f12ce82ce794a8dc01e2863e6a5 + checksum/clusteragent_token: b876b950a97ece20cb3ec3849c48e7b38822786a117db182b10fcef4fd038fcb + checksum/install_info: c4085619f73a106a92bfd597fcc33dc3860f5a5e984bf75fc16adcda43b15f70 checksum/autoconf-config: 74234e98afe7498fb5daf1f36ac2d78acc339464f950703b8c019892f982b90b checksum/confd-config: 44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a checksum/checksd-config: 44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a @@ -41,7 +41,7 @@ spec: runAsUser: 0 containers: - name: agent - image: "gcr.io/datadoghq/agent:7.59.0" + image: "gcr.io/datadoghq/agent:7.61.0" imagePullPolicy: IfNotPresent command: ["agent", "run"] @@ -200,7 +200,7 @@ spec: timeoutSeconds: 5 initContainers: - name: init-volume - image: "gcr.io/datadoghq/agent:7.59.0" + image: "gcr.io/datadoghq/agent:7.61.0" imagePullPolicy: IfNotPresent command: ["bash", "-c"] args: @@ -212,7 +212,7 @@ spec: resources: {} - name: init-config - image: "gcr.io/datadoghq/agent:7.59.0" + image: "gcr.io/datadoghq/agent:7.61.0" imagePullPolicy: IfNotPresent command: - bash diff --git a/test/datadog/baseline/other_default.yaml b/test/datadog/baseline/other_default.yaml index b203ba643..f6b4161bc 100644 --- a/test/datadog/baseline/other_default.yaml +++ b/test/datadog/baseline/other_default.yaml @@ -6,7 +6,7 @@ metadata: name: datadog-clusterchecks namespace: datadog-agent labels: - helm.sh/chart: 'datadog-3.79.0' + helm.sh/chart: 'datadog-3.88.0' app.kubernetes.io/name: "datadog" app.kubernetes.io/instance: "datadog" app.kubernetes.io/managed-by: Helm @@ -24,7 +24,7 @@ metadata: name: datadog-cluster-agent namespace: datadog-agent labels: - helm.sh/chart: 'datadog-3.79.0' + helm.sh/chart: 'datadog-3.88.0' app.kubernetes.io/name: "datadog" app.kubernetes.io/instance: "datadog" app.kubernetes.io/managed-by: Helm @@ -41,13 +41,13 @@ kind: ServiceAccount automountServiceAccountToken: true metadata: labels: - helm.sh/chart: 'datadog-3.79.0' + helm.sh/chart: 'datadog-3.88.0' app.kubernetes.io/name: "datadog" app.kubernetes.io/instance: "datadog" app.kubernetes.io/managed-by: Helm app.kubernetes.io/version: "7" app: "datadog" - chart: "datadog-3.79.0" + chart: "datadog-3.88.0" heritage: "Helm" release: "datadog" name: datadog-cluster-checks @@ -60,10 +60,10 @@ automountServiceAccountToken: true metadata: labels: app: "datadog" - chart: "datadog-3.79.0" + chart: "datadog-3.88.0" heritage: "Helm" release: "datadog" - helm.sh/chart: 'datadog-3.79.0' + helm.sh/chart: 'datadog-3.88.0' app.kubernetes.io/name: "datadog" app.kubernetes.io/instance: "datadog" app.kubernetes.io/managed-by: Helm @@ -79,7 +79,7 @@ metadata: name: datadog namespace: datadog-agent labels: - helm.sh/chart: 'datadog-3.79.0' + helm.sh/chart: 'datadog-3.88.0' app.kubernetes.io/name: "datadog" app.kubernetes.io/instance: "datadog" app.kubernetes.io/managed-by: Helm @@ -92,14 +92,14 @@ metadata: name: datadog-cluster-agent namespace: datadog-agent labels: - helm.sh/chart: 'datadog-3.79.0' + helm.sh/chart: 'datadog-3.88.0' app.kubernetes.io/name: "datadog" app.kubernetes.io/instance: "datadog" app.kubernetes.io/managed-by: Helm app.kubernetes.io/version: "7" type: Opaque data: - token: "VUhXVVpZMDVTb1Bnd2VxODM1bTRDcU43SFc0UEhTSng=" + token: "T0UwV1F3NzlTTjlVaDJzekhrSGdZczc1VnQzYThTMnY=" --- # Source: datadog/templates/cluster-agent-confd-configmap.yaml apiVersion: v1 @@ -108,7 +108,7 @@ metadata: name: datadog-cluster-agent-confd namespace: datadog-agent labels: - helm.sh/chart: 'datadog-3.79.0' + helm.sh/chart: 'datadog-3.88.0' app.kubernetes.io/name: "datadog" app.kubernetes.io/instance: "datadog" app.kubernetes.io/managed-by: Helm @@ -162,20 +162,20 @@ metadata: name: datadog-installinfo namespace: datadog-agent labels: - helm.sh/chart: 'datadog-3.79.0' + helm.sh/chart: 'datadog-3.88.0' app.kubernetes.io/name: "datadog" app.kubernetes.io/instance: "datadog" app.kubernetes.io/managed-by: Helm app.kubernetes.io/version: "7" annotations: - checksum/install_info: 113a50d660d16d7edc1f9242b70b5dde0f3f6f12ce82ce794a8dc01e2863e6a5 + checksum/install_info: c4085619f73a106a92bfd597fcc33dc3860f5a5e984bf75fc16adcda43b15f70 data: install_info: | --- install_method: tool: helm tool_version: Helm - installer_version: datadog-3.79.0 + installer_version: datadog-3.88.0 --- # Source: datadog/templates/kpi-telemetry-configmap.yaml apiVersion: v1 @@ -184,22 +184,22 @@ metadata: name: datadog-kpi-telemetry-configmap namespace: datadog-agent labels: - helm.sh/chart: 'datadog-3.79.0' + helm.sh/chart: 'datadog-3.88.0' app.kubernetes.io/name: "datadog" app.kubernetes.io/instance: "datadog" app.kubernetes.io/managed-by: Helm app.kubernetes.io/version: "7" data: install_type: k8s_manual - install_id: "3111252e-d253-4641-b8b3-30b9c6be6466" - install_time: "1731360232" + install_id: "3e55a44e-ebf1-4c36-9d60-8d5a88c2c279" + install_time: "1736806509" --- # Source: datadog/templates/cluster-agent-rbac.yaml apiVersion: "rbac.authorization.k8s.io/v1" kind: ClusterRole metadata: labels: - helm.sh/chart: 'datadog-3.79.0' + helm.sh/chart: 'datadog-3.88.0' app.kubernetes.io/name: "datadog" app.kubernetes.io/instance: "datadog" app.kubernetes.io/managed-by: Helm @@ -229,6 +229,14 @@ rules: - list - watch - create +- apiGroups: + - "discovery.k8s.io" + resources: + - endpointslices + verbs: + - get + - list + - watch - apiGroups: ["quota.openshift.io"] resources: - clusterresourcequotas @@ -388,7 +396,7 @@ rules: - mutatingwebhookconfigurations resourceNames: - "datadog-webhook" - verbs: ["get", "list", "watch", "update"] + verbs: ["get", "list", "watch", "update", "delete"] - apiGroups: - admissionregistration.k8s.io resources: @@ -416,7 +424,7 @@ apiVersion: "rbac.authorization.k8s.io/v1" kind: ClusterRole metadata: labels: - helm.sh/chart: 'datadog-3.79.0' + helm.sh/chart: 'datadog-3.88.0' app.kubernetes.io/name: "datadog" app.kubernetes.io/instance: "datadog" app.kubernetes.io/managed-by: Helm @@ -512,7 +520,7 @@ kind: ClusterRole metadata: name: datadog labels: - helm.sh/chart: 'datadog-3.79.0' + helm.sh/chart: 'datadog-3.88.0' app.kubernetes.io/name: "datadog" app.kubernetes.io/instance: "datadog" app.kubernetes.io/managed-by: Helm @@ -560,7 +568,7 @@ apiVersion: "rbac.authorization.k8s.io/v1" kind: ClusterRoleBinding metadata: labels: - helm.sh/chart: 'datadog-3.79.0' + helm.sh/chart: 'datadog-3.88.0' app.kubernetes.io/name: "datadog" app.kubernetes.io/instance: "datadog" app.kubernetes.io/managed-by: Helm @@ -580,7 +588,7 @@ apiVersion: "rbac.authorization.k8s.io/v1" kind: ClusterRoleBinding metadata: labels: - helm.sh/chart: 'datadog-3.79.0' + helm.sh/chart: 'datadog-3.88.0' app.kubernetes.io/name: "datadog" app.kubernetes.io/instance: "datadog" app.kubernetes.io/managed-by: Helm @@ -600,7 +608,7 @@ apiVersion: "rbac.authorization.k8s.io/v1" kind: ClusterRoleBinding metadata: labels: - helm.sh/chart: 'datadog-3.79.0' + helm.sh/chart: 'datadog-3.88.0' app.kubernetes.io/name: "datadog" app.kubernetes.io/instance: "datadog" app.kubernetes.io/managed-by: Helm @@ -621,7 +629,7 @@ kind: ClusterRoleBinding metadata: name: datadog labels: - helm.sh/chart: 'datadog-3.79.0' + helm.sh/chart: 'datadog-3.88.0' app.kubernetes.io/name: "datadog" app.kubernetes.io/instance: "datadog" app.kubernetes.io/managed-by: Helm @@ -640,7 +648,7 @@ apiVersion: "rbac.authorization.k8s.io/v1" kind: Role metadata: labels: - helm.sh/chart: 'datadog-3.79.0' + helm.sh/chart: 'datadog-3.88.0' app.kubernetes.io/name: "datadog" app.kubernetes.io/instance: "datadog" app.kubernetes.io/managed-by: Helm @@ -657,7 +665,7 @@ apiVersion: "rbac.authorization.k8s.io/v1" kind: Role metadata: labels: - helm.sh/chart: 'datadog-3.79.0' + helm.sh/chart: 'datadog-3.88.0' app.kubernetes.io/name: "datadog" app.kubernetes.io/instance: "datadog" app.kubernetes.io/managed-by: Helm @@ -679,7 +687,7 @@ apiVersion: "rbac.authorization.k8s.io/v1" kind: RoleBinding metadata: labels: - helm.sh/chart: 'datadog-3.79.0' + helm.sh/chart: 'datadog-3.88.0' app.kubernetes.io/name: "datadog" app.kubernetes.io/instance: "datadog" app.kubernetes.io/managed-by: Helm @@ -700,7 +708,7 @@ apiVersion: "rbac.authorization.k8s.io/v1" kind: RoleBinding metadata: labels: - helm.sh/chart: 'datadog-3.79.0' + helm.sh/chart: 'datadog-3.88.0' app.kubernetes.io/name: "datadog" app.kubernetes.io/instance: "datadog" app.kubernetes.io/managed-by: Helm @@ -723,7 +731,7 @@ metadata: name: datadog-cluster-agent namespace: datadog-agent labels: - helm.sh/chart: 'datadog-3.79.0' + helm.sh/chart: 'datadog-3.88.0' app.kubernetes.io/name: "datadog" app.kubernetes.io/instance: "datadog" app.kubernetes.io/managed-by: Helm @@ -745,10 +753,10 @@ metadata: namespace: datadog-agent labels: app: "datadog" - chart: "datadog-3.79.0" + chart: "datadog-3.88.0" release: "datadog" heritage: "Helm" - helm.sh/chart: 'datadog-3.79.0' + helm.sh/chart: 'datadog-3.88.0' app.kubernetes.io/name: "datadog" app.kubernetes.io/instance: "datadog" app.kubernetes.io/managed-by: Helm @@ -771,10 +779,10 @@ metadata: namespace: datadog-agent labels: app: "datadog" - chart: "datadog-3.79.0" + chart: "datadog-3.88.0" release: "datadog" heritage: "Helm" - helm.sh/chart: 'datadog-3.79.0' + helm.sh/chart: 'datadog-3.88.0' app.kubernetes.io/name: "datadog" app.kubernetes.io/instance: "datadog" app.kubernetes.io/managed-by: Helm @@ -800,7 +808,7 @@ metadata: name: datadog namespace: datadog-agent labels: - helm.sh/chart: 'datadog-3.79.0' + helm.sh/chart: 'datadog-3.88.0' app.kubernetes.io/name: "datadog" app.kubernetes.io/instance: "datadog" app.kubernetes.io/managed-by: Helm @@ -824,8 +832,8 @@ spec: name: datadog annotations: - checksum/clusteragent_token: f00581a69706d733ac0c8e932c003a67a287dff70bc15af0030fff5a1e66e0cd - checksum/install_info: 113a50d660d16d7edc1f9242b70b5dde0f3f6f12ce82ce794a8dc01e2863e6a5 + checksum/clusteragent_token: 8b856ec67f8792fa8141d5d88a721a5155de2227792a4c61fd221b5c6689df5d + checksum/install_info: c4085619f73a106a92bfd597fcc33dc3860f5a5e984bf75fc16adcda43b15f70 checksum/autoconf-config: 74234e98afe7498fb5daf1f36ac2d78acc339464f950703b8c019892f982b90b checksum/confd-config: 44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a checksum/checksd-config: 44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a @@ -836,7 +844,7 @@ spec: hostPID: true containers: - name: agent - image: "gcr.io/datadoghq/agent:7.59.0" + image: "gcr.io/datadoghq/agent:7.61.0" imagePullPolicy: IfNotPresent command: ["agent", "run"] @@ -881,7 +889,7 @@ spec: - name: DD_STRIP_PROCESS_ARGS value: "false" - name: DD_PROCESS_CONFIG_RUN_IN_CORE_AGENT_ENABLED - value: "false" + value: "true" - name: DD_LOG_LEVEL value: "INFO" - name: DD_DOGSTATSD_PORT @@ -968,6 +976,9 @@ spec: mountPath: /host/sys/fs/cgroup mountPropagation: None readOnly: true + - name: passwd + mountPath: /etc/passwd + readOnly: true livenessProbe: failureThreshold: 6 httpGet: @@ -999,7 +1010,7 @@ spec: successThreshold: 1 timeoutSeconds: 5 - name: trace-agent - image: "gcr.io/datadoghq/agent:7.59.0" + image: "gcr.io/datadoghq/agent:7.61.0" imagePullPolicy: IfNotPresent command: ["trace-agent", "-config=/etc/datadog-agent/datadog.yaml"] resources: @@ -1105,105 +1116,9 @@ spec: tcpSocket: port: 8126 timeoutSeconds: 5 - - name: process-agent - image: "gcr.io/datadoghq/agent:7.59.0" - imagePullPolicy: IfNotPresent - command: ["process-agent", "--cfgpath=/etc/datadog-agent/datadog.yaml"] - resources: - {} - env: - - name: DD_API_KEY - valueFrom: - secretKeyRef: - name: "datadog-secret" - key: api-key - - name: DD_REMOTE_CONFIGURATION_ENABLED - value: "true" - - name: DD_AUTH_TOKEN_FILE_PATH - value: /etc/datadog-agent/auth/token - - - name: KUBERNETES - value: "yes" - - name: DD_LANGUAGE_DETECTION_ENABLED - value: "false" - - name: DD_LANGUAGE_DETECTION_REPORTING_ENABLED - value: "false" - - name: DD_KUBERNETES_KUBELET_HOST - valueFrom: - fieldRef: - fieldPath: status.hostIP - - name: DD_OTLP_CONFIG_LOGS_ENABLED - value: "false" - - - name: DD_CLUSTER_AGENT_ENABLED - value: "true" - - name: DD_CLUSTER_AGENT_KUBERNETES_SERVICE_NAME - value: datadog-cluster-agent - - name: DD_CLUSTER_AGENT_AUTH_TOKEN - valueFrom: - secretKeyRef: - name: datadog-cluster-agent - key: token - - - - name: DD_PROCESS_CONFIG_PROCESS_COLLECTION_ENABLED - value: "false" - - name: DD_PROCESS_CONFIG_CONTAINER_COLLECTION_ENABLED - value: "true" - - name: DD_PROCESS_AGENT_DISCOVERY_ENABLED - value: "true" - - name: DD_STRIP_PROCESS_ARGS - value: "false" - - name: DD_PROCESS_CONFIG_RUN_IN_CORE_AGENT_ENABLED - value: "false" - - name: DD_LOG_LEVEL - value: "INFO" - - name: DD_SYSTEM_PROBE_ENABLED - value: "false" - - name: DD_DOGSTATSD_SOCKET - value: "/var/run/datadog/dsd.socket" - - name: DD_ORCHESTRATOR_EXPLORER_ENABLED - value: "true" - volumeMounts: - - name: config - mountPath: /etc/datadog-agent - readOnly: true - - name: logdatadog - mountPath: /var/log/datadog - readOnly: false # Need RW to write logs - - name: auth-token - mountPath: /etc/datadog-agent/auth - readOnly: true - - name: dsdsocket - mountPath: /var/run/datadog - readOnly: false # Need RW for UDS DSD socket - - name: tmpdir - mountPath: /tmp - readOnly: false # Need RW to write to tmp directory - - - name: os-release-file - mountPath: /host/etc/os-release - readOnly: true - - - name: runtimesocketdir - mountPath: /host/var/run - mountPropagation: None - readOnly: true - - - name: cgroups - mountPath: /host/sys/fs/cgroup - mountPropagation: None - readOnly: true - - name: passwd - mountPath: /etc/passwd - readOnly: true - - name: procdir - mountPath: /host/proc - mountPropagation: None - readOnly: true initContainers: - name: init-volume - image: "gcr.io/datadoghq/agent:7.59.0" + image: "gcr.io/datadoghq/agent:7.61.0" imagePullPolicy: IfNotPresent command: ["bash", "-c"] args: @@ -1215,7 +1130,7 @@ spec: resources: {} - name: init-config - image: "gcr.io/datadoghq/agent:7.59.0" + image: "gcr.io/datadoghq/agent:7.61.0" imagePullPolicy: IfNotPresent command: - bash @@ -1321,7 +1236,7 @@ metadata: name: datadog-clusterchecks namespace: datadog-agent labels: - helm.sh/chart: 'datadog-3.79.0' + helm.sh/chart: 'datadog-3.88.0' app.kubernetes.io/name: "datadog" app.kubernetes.io/instance: "datadog" app.kubernetes.io/managed-by: Helm @@ -1351,8 +1266,8 @@ spec: name: datadog-clusterchecks annotations: - checksum/clusteragent_token: 0f3c4653bf6f20423353df3b2c09b545f377c8943c78e038a764c08ee01e7cec - checksum/install_info: 113a50d660d16d7edc1f9242b70b5dde0f3f6f12ce82ce794a8dc01e2863e6a5 + checksum/clusteragent_token: 3653c2cfb1aae823a7f36aedc8380741670bfb9f18758132cb208d45d1cd0b6b + checksum/install_info: c4085619f73a106a92bfd597fcc33dc3860f5a5e984bf75fc16adcda43b15f70 spec: serviceAccountName: datadog-cluster-checks automountServiceAccountToken: true @@ -1360,7 +1275,7 @@ spec: [] initContainers: - name: init-volume - image: "gcr.io/datadoghq/agent:7.59.0" + image: "gcr.io/datadoghq/agent:7.61.0" imagePullPolicy: IfNotPresent command: ["bash", "-c"] args: @@ -1372,7 +1287,7 @@ spec: resources: {} - name: init-config - image: "gcr.io/datadoghq/agent:7.59.0" + image: "gcr.io/datadoghq/agent:7.61.0" imagePullPolicy: IfNotPresent command: ["bash", "-c"] args: @@ -1385,7 +1300,7 @@ spec: {} containers: - name: agent - image: "gcr.io/datadoghq/agent:7.59.0" + image: "gcr.io/datadoghq/agent:7.61.0" command: ["bash", "-c"] args: - find /etc/datadog-agent/conf.d/ -name "*.yaml.default" -type f -delete && touch /etc/datadog-agent/datadog.yaml && exec agent run @@ -1513,7 +1428,7 @@ metadata: name: datadog-cluster-agent namespace: datadog-agent labels: - helm.sh/chart: 'datadog-3.79.0' + helm.sh/chart: 'datadog-3.88.0' app.kubernetes.io/name: "datadog" app.kubernetes.io/instance: "datadog" app.kubernetes.io/managed-by: Helm @@ -1543,15 +1458,15 @@ spec: name: datadog-cluster-agent annotations: - checksum/clusteragent_token: dc1e3efaa7c41119e5e666c61d458d5dd5b608c3f5be3e7044f14e087aadeca2 - checksum/clusteragent-configmap: 01caadfa4eb3983f3938c37d3a44a51e3ca2969b2d5ffff36f24d025f3246067 - checksum/install_info: 113a50d660d16d7edc1f9242b70b5dde0f3f6f12ce82ce794a8dc01e2863e6a5 + checksum/clusteragent_token: 42324d7b2e100268673aa3a6b356ff7b191a437d121680f69bd6f00761336c22 + checksum/clusteragent-configmap: c0fbaef09d8f108962e862318211303e8039aed3e6e95697fc23cb2c3894e5ea + checksum/install_info: c4085619f73a106a92bfd597fcc33dc3860f5a5e984bf75fc16adcda43b15f70 spec: serviceAccountName: datadog-cluster-agent automountServiceAccountToken: true initContainers: - name: init-volume - image: "gcr.io/datadoghq/cluster-agent:7.59.0" + image: "gcr.io/datadoghq/cluster-agent:7.61.0" imagePullPolicy: IfNotPresent command: - cp @@ -1564,7 +1479,7 @@ spec: mountPath: /opt/datadog-agent containers: - name: cluster-agent - image: "gcr.io/datadoghq/cluster-agent:7.59.0" + image: "gcr.io/datadoghq/cluster-agent:7.61.0" imagePullPolicy: IfNotPresent resources: {} @@ -1583,6 +1498,10 @@ spec: valueFrom: fieldRef: fieldPath: metadata.name + - name: DD_CLUSTER_AGENT_SERVICE_ACCOUNT_NAME + valueFrom: + fieldRef: + fieldPath: spec.serviceAccountName - name: DD_HEALTH_PORT value: "5556" - name: DD_API_KEY @@ -1600,6 +1519,10 @@ spec: value: "false" - name: DD_ADMISSION_CONTROLLER_ENABLED value: "true" + - name: DD_ADMISSION_CONTROLLER_VALIDATION_ENABLED + value: "true" + - name: DD_ADMISSION_CONTROLLER_MUTATION_ENABLED + value: "true" - name: DD_ADMISSION_CONTROLLER_WEBHOOK_NAME value: "datadog-webhook" - name: DD_ADMISSION_CONTROLLER_MUTATE_UNLABELLED @@ -1640,6 +1563,8 @@ spec: value: datadogtoken - name: DD_COLLECT_KUBERNETES_EVENTS value: "true" + - name: DD_KUBERNETES_USE_ENDPOINT_SLICES + value: "false" - name: DD_KUBERNETES_EVENTS_SOURCE_DETECTION_ENABLED value: "false" - name: DD_CLUSTER_AGENT_KUBERNETES_SERVICE_NAME From e1eb9cce7385081a5e432877a59879cc4873694e Mon Sep 17 00:00:00 2001 From: Bruce Guenter Date: Tue, 14 Jan 2025 11:13:31 -0600 Subject: [PATCH 206/209] [observability-pipelines-worker] 2.2.3 release (#1669) --- charts/observability-pipelines-worker/CHANGELOG.md | 4 ++++ charts/observability-pipelines-worker/Chart.yaml | 4 ++-- charts/observability-pipelines-worker/README.md | 4 ++-- charts/observability-pipelines-worker/values.yaml | 2 +- 4 files changed, 9 insertions(+), 5 deletions(-) diff --git a/charts/observability-pipelines-worker/CHANGELOG.md b/charts/observability-pipelines-worker/CHANGELOG.md index 8343fb4c1..67f6ead8f 100644 --- a/charts/observability-pipelines-worker/CHANGELOG.md +++ b/charts/observability-pipelines-worker/CHANGELOG.md @@ -1,5 +1,9 @@ # Changelog +## 2.2.3 + +* Official image `2.2.3` + ## 2.2.2 * Official image `2.2.2` diff --git a/charts/observability-pipelines-worker/Chart.yaml b/charts/observability-pipelines-worker/Chart.yaml index 5029e59d3..68e606a8f 100644 --- a/charts/observability-pipelines-worker/Chart.yaml +++ b/charts/observability-pipelines-worker/Chart.yaml @@ -1,6 +1,6 @@ apiVersion: v2 name: observability-pipelines-worker -version: "2.2.2" +version: "2.2.3" description: Observability Pipelines Worker type: application keywords: @@ -13,7 +13,7 @@ icon: https://datadog-live.imgix.net/img/dd_logo_70x75.png maintainers: - name: Datadog email: support@datadoghq.com -appVersion: "2.2.2" +appVersion: "2.2.3" annotations: artifacthub.io/links: | - name: Chart Source diff --git a/charts/observability-pipelines-worker/README.md b/charts/observability-pipelines-worker/README.md index 45a1b3c03..c269a1d37 100644 --- a/charts/observability-pipelines-worker/README.md +++ b/charts/observability-pipelines-worker/README.md @@ -1,6 +1,6 @@ # Observability Pipelines Worker -![Version: 2.2.2](https://img.shields.io/badge/Version-2.2.2-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 2.2.2](https://img.shields.io/badge/AppVersion-2.2.2-informational?style=flat-square) +![Version: 2.2.3](https://img.shields.io/badge/Version-2.2.3-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 2.2.3](https://img.shields.io/badge/AppVersion-2.2.3-informational?style=flat-square) ## How to use Datadog Helm repository @@ -110,7 +110,7 @@ The command removes all the Kubernetes components associated with the chart and | image.pullPolicy | string | `"IfNotPresent"` | Specify the [pullPolicy](https://kubernetes.io/docs/concepts/containers/images/#image-pull-policy). | | image.pullSecrets | list | `[]` | Specify the [imagePullSecrets](https://kubernetes.io/docs/concepts/containers/images/#specifying-imagepullsecrets-on-a-pod). | | image.repository | string | `"gcr.io/datadoghq"` | Specify the image repository to use. | -| image.tag | string | `"2.2.2"` | Specify the image tag to use. | +| image.tag | string | `"2.2.3"` | Specify the image tag to use. | | ingress.annotations | object | `{}` | Specify annotations for the Ingress. | | ingress.className | string | `""` | Specify the [ingressClassName](https://kubernetes.io/blog/2020/04/02/improvements-to-the-ingress-api-in-kubernetes-1.18/#specifying-the-class-of-an-ingress), requires Kubernetes >= 1.18. | | ingress.enabled | bool | `false` | If **true**, create an Ingress resource. | diff --git a/charts/observability-pipelines-worker/values.yaml b/charts/observability-pipelines-worker/values.yaml index 12db3e3ea..965f7c6f0 100644 --- a/charts/observability-pipelines-worker/values.yaml +++ b/charts/observability-pipelines-worker/values.yaml @@ -42,7 +42,7 @@ image: # image.name -- Specify the image name to use (relative to `image.repository`). name: observability-pipelines-worker # image.tag -- Specify the image tag to use. - tag: 2.2.2 + tag: 2.2.3 # image.digest -- (string) Specify the image digest to use; takes precedence over `image.tag`. digest: ## Currently, we offer images at: From 6c0d4b1a04263964d195ddc51da1df488f7240f9 Mon Sep 17 00:00:00 2001 From: Fanny Jiang Date: Wed, 15 Jan 2025 15:04:12 -0500 Subject: [PATCH 207/209] Disable SBOM monitoring features for GKE Autopilot (#1666) * Disable SBOM monitoring features for GKE Autopilot * simplify if cond * fix os-release-file volume --- charts/datadog/CHANGELOG.md | 4 ++++ charts/datadog/Chart.yaml | 2 +- charts/datadog/README.md | 2 +- charts/datadog/templates/NOTES.txt | 16 +++++++++++++++- charts/datadog/templates/_container-agent.yaml | 6 +++--- .../templates/_daemonset-volumes-linux.yaml | 4 ++-- charts/datadog/templates/_helpers.tpl | 13 ++++++++++++- 7 files changed, 38 insertions(+), 9 deletions(-) diff --git a/charts/datadog/CHANGELOG.md b/charts/datadog/CHANGELOG.md index 61c6024e5..f68abe996 100644 --- a/charts/datadog/CHANGELOG.md +++ b/charts/datadog/CHANGELOG.md @@ -1,5 +1,9 @@ # Datadog changelog +## 3.88.1 + +* Disable SBOM monitoring features for GKE Autopilot, as they are not supported + ## 3.88.0 * Set default `Agent` and `Cluster-Agent` version to `7.61.0`. diff --git a/charts/datadog/Chart.yaml b/charts/datadog/Chart.yaml index 63952f8db..efb7731a7 100644 --- a/charts/datadog/Chart.yaml +++ b/charts/datadog/Chart.yaml @@ -1,7 +1,7 @@ --- apiVersion: v1 name: datadog -version: 3.88.0 +version: 3.88.1 appVersion: "7" description: Datadog Agent keywords: diff --git a/charts/datadog/README.md b/charts/datadog/README.md index b2cefd2fc..7a23574f9 100644 --- a/charts/datadog/README.md +++ b/charts/datadog/README.md @@ -1,6 +1,6 @@ # Datadog -![Version: 3.88.0](https://img.shields.io/badge/Version-3.88.0-informational?style=flat-square) ![AppVersion: 7](https://img.shields.io/badge/AppVersion-7-informational?style=flat-square) +![Version: 3.88.1](https://img.shields.io/badge/Version-3.88.1-informational?style=flat-square) ![AppVersion: 7](https://img.shields.io/badge/AppVersion-7-informational?style=flat-square) [Datadog](https://www.datadoghq.com/) is a hosted infrastructure monitoring platform. This chart adds the Datadog Agent to all nodes in your cluster via a DaemonSet. It also optionally depends on the [kube-state-metrics chart](https://github.com/prometheus-community/helm-charts/tree/main/charts/kube-state-metrics). For more information about monitoring Kubernetes with Datadog, please refer to the [Datadog documentation website](https://docs.datadoghq.com/agent/basic_agent_usage/kubernetes/). diff --git a/charts/datadog/templates/NOTES.txt b/charts/datadog/templates/NOTES.txt index 031e571b2..692d62f9b 100644 --- a/charts/datadog/templates/NOTES.txt +++ b/charts/datadog/templates/NOTES.txt @@ -424,6 +424,20 @@ The option is overriden to avoid mounting volumes that are not allowed which wou {{- end }} +{{- if or .Values.providers.gke.autopilot .Values.providers.gke.gdc }} + +{{- if or .Values.datadog.sbom.containerImage.enabled .Values.datadog.sbom.host.enabled }} + +####################################################################################### +#### WARNING: SBOM Monitoring is not supported on GKE Autopilot #### +####################################################################################### + +On GKE Autopilot environments, SBOM Monitoring is not supported. The options 'datadog.sbom.containerImage.enabled' and 'datadog.sbom.host.enabled' must be set to 'false'. + +{{- end }} + +{{- end }} + {{- if and (.Values.datadog.dogstatsd.useSocketVolume) (eq .Values.targetSystem "windows") }} ################################################################################### @@ -534,7 +548,7 @@ More information about this change: https://github.com/DataDog/helm-charts/pull/ {{- end }} -{{- if and (eq .Values.targetSystem "linux") (eq .Values.datadog.osReleasePath "") (eq (include "should-add-host-path-for-os-release-paths" .) "false") .Values.datadog.sbom.host.enabled }} +{{- if and (eq .Values.targetSystem "linux") (eq .Values.datadog.osReleasePath "") (eq (include "should-add-host-path-for-os-release-paths" .) "false") (eq (include "should-enable-sbom-host-fs-collection" .) "true") }} ################################################################# #### ERROR: Configuration notice #### ################################################################# diff --git a/charts/datadog/templates/_container-agent.yaml b/charts/datadog/templates/_container-agent.yaml index 151e1cebd..b356b010c 100644 --- a/charts/datadog/templates/_container-agent.yaml +++ b/charts/datadog/templates/_container-agent.yaml @@ -170,7 +170,7 @@ - name: DD_CONTAINER_IMAGE_ENABLED value: "true" {{- end }} - {{- if or .Values.datadog.sbom.host.enabled (eq (include "should-enable-sbom-container-image-collection" .) "true") }} + {{- if or (eq (include "should-enable-sbom-host-fs-collection" .) "true") (eq (include "should-enable-sbom-container-image-collection" .) "true") }} - name: DD_SBOM_ENABLED value: "true" {{- if eq (include "should-enable-sbom-container-image-collection" .) "true" }} @@ -188,7 +188,7 @@ {{- end }} {{- end }} {{- end }} - {{- if .Values.datadog.sbom.host.enabled }} + {{- if eq (include "should-enable-sbom-host-fs-collection" .) "true" }} - name: DD_SBOM_HOST_ENABLED value: "true" - name: HOST_ROOT @@ -292,7 +292,7 @@ mountPath: /host/var/lib/docker readOnly: true {{- end }} - {{- if .Values.datadog.sbom.host.enabled }} + {{- if eq (include "should-enable-sbom-host-fs-collection" .) "true" }} - name: host-apk-dir mountPath: /host/var/lib/apk readOnly: true diff --git a/charts/datadog/templates/_daemonset-volumes-linux.yaml b/charts/datadog/templates/_daemonset-volumes-linux.yaml index 4a2251f65..d4ec7904f 100644 --- a/charts/datadog/templates/_daemonset-volumes-linux.yaml +++ b/charts/datadog/templates/_daemonset-volumes-linux.yaml @@ -22,7 +22,7 @@ path: {{ .Values.datadog.systemProbe.osReleasePath | default .Values.datadog.osReleasePath }} name: os-release-file {{- end }} -{{- if and (eq (include "should-add-host-path-for-os-release-paths" .) "true") (or (eq (include "should-enable-system-probe" .) "true") .Values.datadog.sbom.host.enabled) }} +{{- if and (eq (include "should-add-host-path-for-os-release-paths" .) "true") (or (eq (include "should-enable-system-probe" .) "true") (eq (include "should-enable-sbom-host-fs-collection" .) "true")) }} - hostPath: path: /etc/redhat-release name: etc-redhat-release @@ -161,7 +161,7 @@ path: /var/lib/docker name: host-docker-dir {{- end }} -{{- if .Values.datadog.sbom.host.enabled }} +{{- if eq (include "should-enable-sbom-host-fs-collection" .) "true" }} - hostPath: path: /var/lib/apk name: host-apk-dir diff --git a/charts/datadog/templates/_helpers.tpl b/charts/datadog/templates/_helpers.tpl index 1d8b6819d..e372dd9a5 100644 --- a/charts/datadog/templates/_helpers.tpl +++ b/charts/datadog/templates/_helpers.tpl @@ -954,7 +954,7 @@ Create RBACs for custom resources Return true if SBOM collection for container image is enabled */}} {{- define "should-enable-sbom-container-image-collection" -}} - {{- if .Values.datadog.sbom.containerImage.enabled -}} + {{- if and (.Values.datadog.sbom.containerImage.enabled) (not (or .Values.providers.gke.autopilot .Values.providers.gke.gdc)) -}} {{- if not (eq (include "should-enable-container-image-collection" .) "true") -}} {{- fail "Container runtime support has to be enabled for SBOM collection to work. Please enable it using `datadog.containerRuntimeSupport.enabled`." -}} {{- end -}} @@ -964,6 +964,17 @@ Create RBACs for custom resources {{- end -}} {{- end -}} +{{/* + Return true if SBOM collection for host filesystems is enabled +*/}} +{{- define "should-enable-sbom-host-fs-collection" -}} + {{- if and (.Values.datadog.sbom.host.enabled) (not (or .Values.providers.gke.autopilot .Values.providers.gke.gdc)) -}} + true + {{- else -}} + false + {{- end -}} +{{- end -}} + {{/* Return true if language detection feature is enabled */}} From ef80e815573b343d22bbf905b2ee650e4475e94c Mon Sep 17 00:00:00 2001 From: kylemurphycambia <48843826+kylemurphycambia@users.noreply.github.com> Date: Mon, 20 Jan 2025 01:28:50 -0800 Subject: [PATCH 208/209] [synthetics-private-location] Add service account annotations (#1658) --- charts/synthetics-private-location/CHANGELOG.md | 4 ++++ charts/synthetics-private-location/Chart.yaml | 2 +- charts/synthetics-private-location/README.md | 3 ++- .../templates/service_account.yaml | 4 ++++ charts/synthetics-private-location/values.yaml | 2 ++ 5 files changed, 13 insertions(+), 2 deletions(-) diff --git a/charts/synthetics-private-location/CHANGELOG.md b/charts/synthetics-private-location/CHANGELOG.md index c63b178cd..6e417352f 100644 --- a/charts/synthetics-private-location/CHANGELOG.md +++ b/charts/synthetics-private-location/CHANGELOG.md @@ -1,5 +1,9 @@ # Datadog changelog +## 0.17.6 + +* Add optional annotations for service account. + ## 0.17.5 * Update private location image version to `1.54.0`. diff --git a/charts/synthetics-private-location/Chart.yaml b/charts/synthetics-private-location/Chart.yaml index bea5e9485..7d230dc66 100644 --- a/charts/synthetics-private-location/Chart.yaml +++ b/charts/synthetics-private-location/Chart.yaml @@ -1,6 +1,6 @@ apiVersion: v2 name: synthetics-private-location -version: 0.17.5 +version: 0.17.6 appVersion: 1.54.0 description: Datadog Synthetics Private Location keywords: diff --git a/charts/synthetics-private-location/README.md b/charts/synthetics-private-location/README.md index 7826f5972..ca6824c55 100644 --- a/charts/synthetics-private-location/README.md +++ b/charts/synthetics-private-location/README.md @@ -1,6 +1,6 @@ # Datadog Synthetics Private Location -![Version: 0.17.5](https://img.shields.io/badge/Version-0.17.5-informational?style=flat-square) ![AppVersion: 1.54.0](https://img.shields.io/badge/AppVersion-1.54.0-informational?style=flat-square) +![Version: 0.17.6](https://img.shields.io/badge/Version-0.17.6-informational?style=flat-square) ![AppVersion: 1.54.0](https://img.shields.io/badge/AppVersion-1.54.0-informational?style=flat-square) [Datadog](https://www.datadoghq.com/) is a hosted infrastructure monitoring platform. This chart adds a Datadog Synthetics Private Location Deployment. For more information about synthetics monitoring with Datadog, please refer to the [Datadog documentation website](https://docs.datadoghq.com/synthetics/private_locations/?tab=helmchart). @@ -53,6 +53,7 @@ helm install datadog/synthetics-private-location --set-file confi | replicaCount | int | `1` | Number of instances of Datadog Synthetics Private Location | | resources | object | `{}` | Set resources requests/limits for Datadog Synthetics Private Location PODs | | securityContext | object | `{}` | Security context to set to the Datadog Synthetics Private Location container | +| serviceAccount.annotations | object | `{}` | Annotations for the service account | | serviceAccount.create | bool | `true` | Specifies whether a service account should be created | | serviceAccount.name | string | `""` | The name of the service account to use. If not set name is generated using the fullname template | | tolerations | list | `[]` | Allows to schedule Datadog Synthetics Private Location on tainted nodes | diff --git a/charts/synthetics-private-location/templates/service_account.yaml b/charts/synthetics-private-location/templates/service_account.yaml index e4b556b71..0f6caa868 100644 --- a/charts/synthetics-private-location/templates/service_account.yaml +++ b/charts/synthetics-private-location/templates/service_account.yaml @@ -5,4 +5,8 @@ metadata: name: {{ template "synthetics-private-location.serviceAccountName" . }} labels: {{ include "synthetics-private-location.labels" . | indent 4 }} + {{- with .Values.serviceAccount.annotations }} + annotations: + {{- toYaml . | nindent 4 }} + {{- end }} {{- end -}} diff --git a/charts/synthetics-private-location/values.yaml b/charts/synthetics-private-location/values.yaml index fa6a5c5df..c92dfd539 100644 --- a/charts/synthetics-private-location/values.yaml +++ b/charts/synthetics-private-location/values.yaml @@ -34,6 +34,8 @@ serviceAccount: create: true # serviceAccount.name -- The name of the service account to use. If not set name is generated using the fullname template name: "" + # serviceAccount.annotations -- Annotations for the service account + annotations: {} # Create a ConfigMap containing the PEM files of your custom CA Root certificate # Then add it as an extra volume mounted on /etc/datadog/certs/ From e6e28bc8bf3c66c2f78c4daf163f3d29d0dafe66 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Timoth=C3=A9e=20Bavelier?= <97530782+tbavelier@users.noreply.github.com> Date: Tue, 21 Jan 2025 15:45:26 +0100 Subject: [PATCH 209/209] do not run process check in core agent on autopilot (#1674) * do not run process check in core agent on autopilot * fix templating to exit early if condition is satisfied --- charts/datadog/CHANGELOG.md | 4 ++++ charts/datadog/Chart.yaml | 2 +- charts/datadog/README.md | 2 +- charts/datadog/templates/_helpers.tpl | 5 ++--- 4 files changed, 8 insertions(+), 5 deletions(-) diff --git a/charts/datadog/CHANGELOG.md b/charts/datadog/CHANGELOG.md index f68abe996..8fc60105d 100644 --- a/charts/datadog/CHANGELOG.md +++ b/charts/datadog/CHANGELOG.md @@ -1,5 +1,9 @@ # Datadog changelog +## 3.88.2 + +* Disable running process check in core Agent by default feature for GKE Autopilot, as it is not supported. + ## 3.88.1 * Disable SBOM monitoring features for GKE Autopilot, as they are not supported diff --git a/charts/datadog/Chart.yaml b/charts/datadog/Chart.yaml index efb7731a7..41fa76a22 100644 --- a/charts/datadog/Chart.yaml +++ b/charts/datadog/Chart.yaml @@ -1,7 +1,7 @@ --- apiVersion: v1 name: datadog -version: 3.88.1 +version: 3.88.2 appVersion: "7" description: Datadog Agent keywords: diff --git a/charts/datadog/README.md b/charts/datadog/README.md index 7a23574f9..ebdd00a88 100644 --- a/charts/datadog/README.md +++ b/charts/datadog/README.md @@ -1,6 +1,6 @@ # Datadog -![Version: 3.88.1](https://img.shields.io/badge/Version-3.88.1-informational?style=flat-square) ![AppVersion: 7](https://img.shields.io/badge/AppVersion-7-informational?style=flat-square) +![Version: 3.88.2](https://img.shields.io/badge/Version-3.88.2-informational?style=flat-square) ![AppVersion: 7](https://img.shields.io/badge/AppVersion-7-informational?style=flat-square) [Datadog](https://www.datadoghq.com/) is a hosted infrastructure monitoring platform. This chart adds the Datadog Agent to all nodes in your cluster via a DaemonSet. It also optionally depends on the [kube-state-metrics chart](https://github.com/prometheus-community/helm-charts/tree/main/charts/kube-state-metrics). For more information about monitoring Kubernetes with Datadog, please refer to the [Datadog documentation website](https://docs.datadoghq.com/agent/basic_agent_usage/kubernetes/). diff --git a/charts/datadog/templates/_helpers.tpl b/charts/datadog/templates/_helpers.tpl index e372dd9a5..0cebfd456 100644 --- a/charts/datadog/templates/_helpers.tpl +++ b/charts/datadog/templates/_helpers.tpl @@ -1015,10 +1015,9 @@ Create RBACs for custom resources Returns true if process-related checks should run on the core agent. */}} {{- define "should-run-process-checks-on-core-agent" -}} - {{- if .Values.providers.gke.gdc -}} + {{- if or .Values.providers.gke.gdc .Values.providers.gke.autopilot -}} false - {{- end -}} - {{- if ne .Values.targetSystem "linux" -}} + {{- else if ne .Values.targetSystem "linux" -}} false {{- else if (ne (include "get-process-checks-in-core-agent-envvar" .) "") -}} {{- include "get-process-checks-in-core-agent-envvar" . -}}