diff --git a/charts/datadog/templates/_helpers.tpl b/charts/datadog/templates/_helpers.tpl index d8f743ee0..5622b42e6 100644 --- a/charts/datadog/templates/_helpers.tpl +++ b/charts/datadog/templates/_helpers.tpl @@ -961,7 +961,10 @@ Create RBACs for custom resources Return true if any process-related check is enabled */}} {{- define "process-checks-enabled" -}} - {{- if and (or .Values.datadog.processAgent.containerCollection .Values.datadog.processAgent.processCollection .Values.datadog.processAgent.processDiscovery (eq (include "language-detection-enabled" .) "true")) (not .Values.providers.gke.gdc) -}} + {{- if .Values.providers.gke.gdc }} + false + {{- end -}} + {{- if or .Values.datadog.processAgent.containerCollection .Values.datadog.processAgent.processCollection .Values.datadog.processAgent.processDiscovery (eq (include "language-detection-enabled" .) "true") -}} true {{- else -}} false @@ -983,14 +986,15 @@ Create RBACs for custom resources Returns true if process-related checks should run on the core agent. */}} {{- define "should-run-process-checks-on-core-agent" -}} + {{- if .Values.providers.gke.gdc -}} + false + {{- end -}} {{- if ne .Values.targetSystem "linux" -}} false {{- else if (ne (include "get-process-checks-in-core-agent-envvar" .) "") -}} {{- include "get-process-checks-in-core-agent-envvar" . -}} {{- else if and (not .Values.agents.image.doNotCheckTag) .Values.datadog.processAgent.runInCoreAgent (semverCompare ">=7.53.0-0" (include "get-agent-version" .)) -}} true - {{- else if .Values.providers.gke.gdc }} - false {{- else -}} false {{- end -}} @@ -1000,14 +1004,15 @@ Create RBACs for custom resources Returns true if the process-agent container should be created. */}} {{- define "should-enable-process-agent" -}} + {{- if .Values.providers.gke.gdc -}} + false + {{- end -}} {{- if or .Values.datadog.networkMonitoring.enabled .Values.datadog.serviceMonitoring.enabled -}} true {{- else if and (not .Values.agents.image.doNotCheckTag) (eq (include "should-enable-k8s-resource-monitoring" .) "true") (semverCompare "<=7.51.0-0" (include "get-agent-version" .)) -}} true {{- else if (eq (include "should-run-process-checks-on-core-agent" .) "true") -}} false - {{- else if .Values.providers.gke.gdc }} - false {{- else -}} {{- include "process-checks-enabled" . -}} {{- end -}} diff --git a/template.yaml b/template.yaml new file mode 100644 index 000000000..e7ef90ae2 --- /dev/null +++ b/template.yaml @@ -0,0 +1,521 @@ +--- +# Source: datadog/templates/daemonset.yaml +apiVersion: apps/v1 +kind: DaemonSet +metadata: + name: datadog + namespace: system + labels: + helm.sh/chart: 'datadog-3.78.0' + app.kubernetes.io/name: "datadog" + app.kubernetes.io/instance: "datadog" + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/version: "7" + app.kubernetes.io/component: agent + +spec: + revisionHistoryLimit: 10 + selector: + matchLabels: + app: datadog + template: + metadata: + labels: + app.kubernetes.io/name: "datadog" + app.kubernetes.io/instance: "datadog" + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/component: agent + admission.datadoghq.com/enabled: "false" + app: datadog + + name: datadog + annotations: + checksum/clusteragent_token: 3a5278796ed08063bd1da0e97f08cc16bb3bd3a0ee73fc51a3b23d940a853976 + checksum/api_key: fd213c757088a1f4752772505883aa679ff511a8c8abb187d2ae952ba3171238 + checksum/install_info: 8e66003a020dd0b648cc0ee91a46e96257f348938a3e1a58fd54ea6f86adbd5e + checksum/autoconf-config: 74234e98afe7498fb5daf1f36ac2d78acc339464f950703b8c019892f982b90b + checksum/confd-config: 44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a + checksum/checksd-config: 44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a + spec: + + securityContext: + runAsUser: 0 + hostPID: true + containers: + - name: agent + image: "gcr.io/datadoghq/agent:7.58.0" + imagePullPolicy: IfNotPresent + command: ["agent", "run"] + + resources: + {} + ports: + - containerPort: 8125 + name: dogstatsdport + protocol: UDP + env: + - name: DD_API_KEY + valueFrom: + secretKeyRef: + name: "datadog" + key: api-key + - name: DD_REMOTE_CONFIGURATION_ENABLED + value: "true" + - name: DD_AUTH_TOKEN_FILE_PATH + value: /etc/datadog-agent/auth/token + + - name: KUBERNETES + value: "yes" + - name: DD_LANGUAGE_DETECTION_ENABLED + value: "false" + - name: DD_LANGUAGE_DETECTION_REPORTING_ENABLED + value: "false" + - name: DD_KUBERNETES_KUBELET_HOST + valueFrom: + fieldRef: + fieldPath: status.hostIP + - name: DD_OTLP_CONFIG_LOGS_ENABLED + value: "false" + + + + - name: DD_PROCESS_CONFIG_PROCESS_COLLECTION_ENABLED + value: "true" + - name: DD_PROCESS_CONFIG_CONTAINER_COLLECTION_ENABLED + value: "true" + - name: DD_PROCESS_AGENT_DISCOVERY_ENABLED + value: "true" + - name: DD_STRIP_PROCESS_ARGS + value: "false" + - name: DD_PROCESS_CONFIG_RUN_IN_CORE_AGENT_ENABLED + value: "false" + - name: DD_LOG_LEVEL + value: "INFO" + - name: DD_DOGSTATSD_PORT + value: "8125" + - name: DD_DOGSTATSD_NON_LOCAL_TRAFFIC + value: "true" + - name: DD_DOGSTATSD_TAG_CARDINALITY + value: "low" + - name: DD_CLUSTER_AGENT_ENABLED + value: "true" + - name: DD_CLUSTER_AGENT_KUBERNETES_SERVICE_NAME + value: datadog-cluster-agent + - name: DD_CLUSTER_AGENT_AUTH_TOKEN + valueFrom: + secretKeyRef: + name: datadog-cluster-agent + key: token + - name: DD_APM_ENABLED + value: "true" + - name: DD_LOGS_ENABLED + value: "false" + - name: DD_LOGS_CONFIG_CONTAINER_COLLECT_ALL + value: "false" + - name: DD_LOGS_CONFIG_K8S_CONTAINER_USE_FILE + value: "true" + - name: DD_LOGS_CONFIG_AUTO_MULTI_LINE_DETECTION + value: "false" + - name: DD_HEALTH_PORT + value: "5555" + - name: DD_DOGSTATSD_SOCKET + value: "/var/run/datadog/dsd.socket" + - name: DD_EXTRA_CONFIG_PROVIDERS + value: "clusterchecks endpointschecks" + - name: DD_IGNORE_AUTOCONF + value: "kubernetes_state" + - name: DD_CONTAINER_LIFECYCLE_ENABLED + value: "true" + - name: DD_ORCHESTRATOR_EXPLORER_ENABLED + value: "true" + - name: DD_EXPVAR_PORT + value: "6000" + - name: DD_COMPLIANCE_CONFIG_ENABLED + value: "false" + - name: DD_CONTAINER_IMAGE_ENABLED + value: "true" + - name: DD_KUBELET_CORE_CHECK_ENABLED + value: "true" + volumeMounts: + - name: logdatadog + mountPath: /var/log/datadog + readOnly: false # Need RW to write logs + - name: installinfo + subPath: install_info + mountPath: /etc/datadog-agent/install_info + readOnly: true + - name: tmpdir + mountPath: /tmp + readOnly: false # Need RW to write to /tmp directory + + - name: os-release-file + mountPath: /host/etc/os-release + readOnly: true + - name: config + mountPath: /etc/datadog-agent + readOnly: false # Need RW to mount to config path + - name: auth-token + mountPath: /etc/datadog-agent/auth + readOnly: false # Need RW to write auth token + + - name: runtimesocketdir + mountPath: /host/var/run + mountPropagation: None + readOnly: true + + - name: dsdsocket + mountPath: /var/run/datadog + readOnly: false + - name: procdir + mountPath: /host/proc + mountPropagation: None + readOnly: true + - name: cgroups + mountPath: /host/sys/fs/cgroup + mountPropagation: None + readOnly: true + livenessProbe: + failureThreshold: 6 + httpGet: + path: /live + port: 5555 + scheme: HTTP + initialDelaySeconds: 15 + periodSeconds: 15 + successThreshold: 1 + timeoutSeconds: 5 + readinessProbe: + failureThreshold: 6 + httpGet: + path: /ready + port: 5555 + scheme: HTTP + initialDelaySeconds: 15 + periodSeconds: 15 + successThreshold: 1 + timeoutSeconds: 5 + startupProbe: + failureThreshold: 6 + httpGet: + path: /startup + port: 5555 + scheme: HTTP + initialDelaySeconds: 15 + periodSeconds: 15 + successThreshold: 1 + timeoutSeconds: 5 + - name: trace-agent + image: "gcr.io/datadoghq/agent:7.58.0" + imagePullPolicy: IfNotPresent + command: ["trace-agent", "-config=/etc/datadog-agent/datadog.yaml"] + resources: + {} + ports: + - containerPort: 8126 + name: traceport + protocol: TCP + env: + - name: DD_API_KEY + valueFrom: + secretKeyRef: + name: "datadog" + key: api-key + - name: DD_REMOTE_CONFIGURATION_ENABLED + value: "true" + - name: DD_AUTH_TOKEN_FILE_PATH + value: /etc/datadog-agent/auth/token + + - name: KUBERNETES + value: "yes" + - name: DD_LANGUAGE_DETECTION_ENABLED + value: "false" + - name: DD_LANGUAGE_DETECTION_REPORTING_ENABLED + value: "false" + - name: DD_KUBERNETES_KUBELET_HOST + valueFrom: + fieldRef: + fieldPath: status.hostIP + - name: DD_OTLP_CONFIG_LOGS_ENABLED + value: "false" + + - name: DD_CLUSTER_AGENT_ENABLED + value: "true" + - name: DD_CLUSTER_AGENT_KUBERNETES_SERVICE_NAME + value: datadog-cluster-agent + - name: DD_CLUSTER_AGENT_AUTH_TOKEN + valueFrom: + secretKeyRef: + name: datadog-cluster-agent + key: token + + - name: DD_LOG_LEVEL + value: "INFO" + - name: DD_APM_ENABLED + value: "true" + - name: DD_APM_NON_LOCAL_TRAFFIC + value: "true" + - name: DD_APM_RECEIVER_PORT + value: "8126" + - name: DD_APM_RECEIVER_SOCKET + value: "/var/run/datadog/apm.socket" + - name: DD_DOGSTATSD_SOCKET + value: "/var/run/datadog/dsd.socket" + - name: DD_INSTRUMENTATION_INSTALL_TIME + valueFrom: + configMapKeyRef: + name: datadog-kpi-telemetry-configmap + key: install_time + - name: DD_INSTRUMENTATION_INSTALL_ID + valueFrom: + configMapKeyRef: + name: datadog-kpi-telemetry-configmap + key: install_id + - name: DD_INSTRUMENTATION_INSTALL_TYPE + valueFrom: + configMapKeyRef: + name: datadog-kpi-telemetry-configmap + key: install_type + volumeMounts: + - name: config + mountPath: /etc/datadog-agent + readOnly: true + - name: logdatadog + mountPath: /var/log/datadog + readOnly: false # Need RW to write logs + - name: auth-token + mountPath: /etc/datadog-agent/auth + readOnly: true + - name: procdir + mountPath: /host/proc + mountPropagation: None + readOnly: true + - name: cgroups + mountPath: /host/sys/fs/cgroup + mountPropagation: None + readOnly: true + - name: tmpdir + mountPath: /tmp + readOnly: false # Need RW for tmp directory + - name: dsdsocket + mountPath: /var/run/datadog + readOnly: false # Need RW for UDS DSD socket + + - name: runtimesocketdir + mountPath: /host/var/run + mountPropagation: None + readOnly: true + + livenessProbe: + initialDelaySeconds: 15 + periodSeconds: 15 + tcpSocket: + port: 8126 + timeoutSeconds: 5 + - name: process-agent + image: "gcr.io/datadoghq/agent:7.58.0" + imagePullPolicy: IfNotPresent + command: ["process-agent", "--cfgpath=/etc/datadog-agent/datadog.yaml"] + resources: + {} + env: + - name: DD_API_KEY + valueFrom: + secretKeyRef: + name: "datadog" + key: api-key + - name: DD_REMOTE_CONFIGURATION_ENABLED + value: "true" + - name: DD_AUTH_TOKEN_FILE_PATH + value: /etc/datadog-agent/auth/token + + - name: KUBERNETES + value: "yes" + - name: DD_LANGUAGE_DETECTION_ENABLED + value: "false" + - name: DD_LANGUAGE_DETECTION_REPORTING_ENABLED + value: "false" + - name: DD_KUBERNETES_KUBELET_HOST + valueFrom: + fieldRef: + fieldPath: status.hostIP + - name: DD_OTLP_CONFIG_LOGS_ENABLED + value: "false" + + - name: DD_CLUSTER_AGENT_ENABLED + value: "true" + - name: DD_CLUSTER_AGENT_KUBERNETES_SERVICE_NAME + value: datadog-cluster-agent + - name: DD_CLUSTER_AGENT_AUTH_TOKEN + valueFrom: + secretKeyRef: + name: datadog-cluster-agent + key: token + + + - name: DD_PROCESS_CONFIG_PROCESS_COLLECTION_ENABLED + value: "true" + - name: DD_PROCESS_CONFIG_CONTAINER_COLLECTION_ENABLED + value: "true" + - name: DD_PROCESS_AGENT_DISCOVERY_ENABLED + value: "true" + - name: DD_STRIP_PROCESS_ARGS + value: "false" + - name: DD_PROCESS_CONFIG_RUN_IN_CORE_AGENT_ENABLED + value: "false" + - name: DD_LOG_LEVEL + value: "INFO" + - name: DD_SYSTEM_PROBE_ENABLED + value: "false" + - name: DD_DOGSTATSD_SOCKET + value: "/var/run/datadog/dsd.socket" + - name: DD_ORCHESTRATOR_EXPLORER_ENABLED + value: "true" + volumeMounts: + - name: config + mountPath: /etc/datadog-agent + readOnly: true + - name: logdatadog + mountPath: /var/log/datadog + readOnly: false # Need RW to write logs + - name: auth-token + mountPath: /etc/datadog-agent/auth + readOnly: true + - name: dsdsocket + mountPath: /var/run/datadog + readOnly: false # Need RW for UDS DSD socket + - name: tmpdir + mountPath: /tmp + readOnly: false # Need RW to write to tmp directory + + - name: os-release-file + mountPath: /host/etc/os-release + readOnly: true + + - name: runtimesocketdir + mountPath: /host/var/run + mountPropagation: None + readOnly: true + + - name: cgroups + mountPath: /host/sys/fs/cgroup + mountPropagation: None + readOnly: true + - name: passwd + mountPath: /etc/passwd + readOnly: true + - name: procdir + mountPath: /host/proc + mountPropagation: None + readOnly: true + initContainers: + - name: init-volume + image: "gcr.io/datadoghq/agent:7.58.0" + imagePullPolicy: IfNotPresent + command: ["bash", "-c"] + args: + - cp -r /etc/datadog-agent /opt + volumeMounts: + - name: config + mountPath: /opt/datadog-agent + readOnly: false # Need RW for config path + resources: + {} + - name: init-config + image: "gcr.io/datadoghq/agent:7.58.0" + imagePullPolicy: IfNotPresent + command: + - bash + - -c + args: + - for script in $(find /etc/cont-init.d/ -type f -name '*.sh' | sort) ; do bash $script ; done + volumeMounts: + - name: config + mountPath: /etc/datadog-agent + readOnly: false # Need RW for config path + - name: logdatadog + mountPath: /var/log/datadog + readOnly: false # Need RW to write logs + - name: procdir + mountPath: /host/proc + mountPropagation: None + readOnly: true + + - name: runtimesocketdir + mountPath: /host/var/run + mountPropagation: None + readOnly: true + env: + - name: DD_API_KEY + valueFrom: + secretKeyRef: + name: "datadog" + key: api-key + - name: DD_REMOTE_CONFIGURATION_ENABLED + value: "true" + - name: DD_AUTH_TOKEN_FILE_PATH + value: /etc/datadog-agent/auth/token + + - name: KUBERNETES + value: "yes" + - name: DD_LANGUAGE_DETECTION_ENABLED + value: "false" + - name: DD_LANGUAGE_DETECTION_REPORTING_ENABLED + value: "false" + - name: DD_KUBERNETES_KUBELET_HOST + valueFrom: + fieldRef: + fieldPath: status.hostIP + - name: DD_OTLP_CONFIG_LOGS_ENABLED + value: "false" + + resources: + {} + volumes: + - name: auth-token + emptyDir: {} + - name: installinfo + configMap: + name: datadog-installinfo + - name: config + emptyDir: {} + + - name: logdatadog + emptyDir: {} + - name: tmpdir + emptyDir: {} + - name: s6-run + emptyDir: {} + - hostPath: + path: /proc + name: procdir + - hostPath: + path: /sys/fs/cgroup + name: cgroups + - hostPath: + path: /etc/os-release + name: os-release-file + - hostPath: + path: /var/run/datadog/ + type: DirectoryOrCreate + name: dsdsocket + - hostPath: + path: /var/run/datadog/ + type: DirectoryOrCreate + name: apmsocket + - hostPath: + path: /etc/passwd + name: passwd + - hostPath: + path: /var/run + name: runtimesocketdir + tolerations: + affinity: + {} + serviceAccountName: "datadog" + automountServiceAccountToken: true + nodeSelector: + kubernetes.io/os: linux + updateStrategy: + rollingUpdate: + maxUnavailable: 10% + type: RollingUpdate diff --git a/test/datadog-operator/baseline/Operator_Deployment_default.yaml b/test/datadog-operator/baseline/Operator_Deployment_default.yaml index 48ea073c0..1c051983d 100644 --- a/test/datadog-operator/baseline/Operator_Deployment_default.yaml +++ b/test/datadog-operator/baseline/Operator_Deployment_default.yaml @@ -7,7 +7,7 @@ metadata: namespace: datadog-agent labels: app.kubernetes.io/name: datadog-operator - helm.sh/chart: datadog-operator-2.1.0 + helm.sh/chart: datadog-operator-2.2.0 app.kubernetes.io/instance: datadog-operator app.kubernetes.io/version: "1.9.0" app.kubernetes.io/managed-by: Helm diff --git a/test/datadog/baseline/agent-clusterchecks-deployment_default.yaml b/test/datadog/baseline/agent-clusterchecks-deployment_default.yaml index 00fc52a85..6f548e14f 100644 --- a/test/datadog/baseline/agent-clusterchecks-deployment_default.yaml +++ b/test/datadog/baseline/agent-clusterchecks-deployment_default.yaml @@ -36,7 +36,7 @@ spec: name: datadog-clusterchecks annotations: - checksum/clusteragent_token: 7efa976c3ddd33fc2ff377977f40ac10df5f1d1d33765124d029f4190c34ce5c + checksum/clusteragent_token: 97908fd5bd80584873b67b13d029a272c9a17027e735330b662f04c3d7d5050c checksum/install_info: 8e66003a020dd0b648cc0ee91a46e96257f348938a3e1a58fd54ea6f86adbd5e spec: serviceAccountName: datadog-cluster-checks diff --git a/test/datadog/baseline/cluster-agent-deployment_default.yaml b/test/datadog/baseline/cluster-agent-deployment_default.yaml index 60b5ff4f3..c16bb7e9c 100644 --- a/test/datadog/baseline/cluster-agent-deployment_default.yaml +++ b/test/datadog/baseline/cluster-agent-deployment_default.yaml @@ -36,7 +36,7 @@ spec: name: datadog-cluster-agent annotations: - checksum/clusteragent_token: a927dc2589059ac22a8567b9a9f13be5b564e116bad931f59fdb5cc7cf187b76 + checksum/clusteragent_token: b918cf7367a1e2fc52a8e0afbedc1b0c02df29a97fbfe3953d08681636531394 checksum/clusteragent-configmap: 6fea41ac9179f9a526bbb2b5c3f168fd232111ff2c4bdf1cd922c31e45038c31 checksum/api_key: 5aa9dfe916543cbcf1014dfa812cc46d36156564f56704b12c5f9e9c77afd266 checksum/application_key: 01ba4719c80b6fe911b091a7c05124b64eeece964e09c058ef8f9805daca546b diff --git a/test/datadog/baseline/cluster-agent-deployment_default_advanced_AC_injection.yaml b/test/datadog/baseline/cluster-agent-deployment_default_advanced_AC_injection.yaml index 2b3280d55..ac6931c3b 100644 --- a/test/datadog/baseline/cluster-agent-deployment_default_advanced_AC_injection.yaml +++ b/test/datadog/baseline/cluster-agent-deployment_default_advanced_AC_injection.yaml @@ -36,7 +36,7 @@ spec: name: datadog-cluster-agent annotations: - checksum/clusteragent_token: d390c9a42ef29dbf3debb9e8d7d2db5cf849f3b3aaba4059f841b11e722f50b4 + checksum/clusteragent_token: 924363303ed1027567be4435eeb245e61844b44f728badeb3073ec752e2fc356 checksum/clusteragent-configmap: 6fea41ac9179f9a526bbb2b5c3f168fd232111ff2c4bdf1cd922c31e45038c31 checksum/api_key: 5aa9dfe916543cbcf1014dfa812cc46d36156564f56704b12c5f9e9c77afd266 checksum/application_key: 01ba4719c80b6fe911b091a7c05124b64eeece964e09c058ef8f9805daca546b diff --git a/test/datadog/baseline/cluster-agent-deployment_default_minimal_AC_injection.yaml b/test/datadog/baseline/cluster-agent-deployment_default_minimal_AC_injection.yaml index 687874ee3..62ba4d846 100644 --- a/test/datadog/baseline/cluster-agent-deployment_default_minimal_AC_injection.yaml +++ b/test/datadog/baseline/cluster-agent-deployment_default_minimal_AC_injection.yaml @@ -36,7 +36,7 @@ spec: name: datadog-cluster-agent annotations: - checksum/clusteragent_token: 7c9b6064a5a3375d3a93d47d778bb84c5b82fbfcf2348419ec98f8edb0af0960 + checksum/clusteragent_token: 275e23303298a3d620063622071ec143ffcbe274a4b53416b428b5be9f271f6b checksum/clusteragent-configmap: 6fea41ac9179f9a526bbb2b5c3f168fd232111ff2c4bdf1cd922c31e45038c31 checksum/api_key: 5aa9dfe916543cbcf1014dfa812cc46d36156564f56704b12c5f9e9c77afd266 checksum/application_key: 01ba4719c80b6fe911b091a7c05124b64eeece964e09c058ef8f9805daca546b diff --git a/test/datadog/baseline/daemonset_default.yaml b/test/datadog/baseline/daemonset_default.yaml index 87d57f8bc..ce2169902 100644 --- a/test/datadog/baseline/daemonset_default.yaml +++ b/test/datadog/baseline/daemonset_default.yaml @@ -30,7 +30,7 @@ spec: name: datadog annotations: - checksum/clusteragent_token: 4a8a74c801aa18f91ab9ce4b074e6ad48234d98fd5513697eff57595f9ad030a + checksum/clusteragent_token: 01905d4e5606c62bbe2b5498c03cd61736ad85d2732cfb33d0ea31c9a5b2743d checksum/install_info: 8e66003a020dd0b648cc0ee91a46e96257f348938a3e1a58fd54ea6f86adbd5e checksum/autoconf-config: 74234e98afe7498fb5daf1f36ac2d78acc339464f950703b8c019892f982b90b checksum/confd-config: 44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a diff --git a/test/datadog/baseline/gdc_daemonset_default.yaml b/test/datadog/baseline/gdc_daemonset_default.yaml new file mode 100644 index 000000000..aa8c9621b --- /dev/null +++ b/test/datadog/baseline/gdc_daemonset_default.yaml @@ -0,0 +1,280 @@ +--- +# Source: datadog/templates/daemonset.yaml +apiVersion: apps/v1 +kind: DaemonSet +metadata: + name: datadog + namespace: datadog-agent + labels: + helm.sh/chart: 'datadog-3.78.0' + app.kubernetes.io/name: "datadog" + app.kubernetes.io/instance: "datadog" + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/version: "7" + app.kubernetes.io/component: agent + env.datadoghq.com/kind: gke-gdc +spec: + revisionHistoryLimit: 10 + selector: + matchLabels: + app: datadog + template: + metadata: + labels: + app.kubernetes.io/name: "datadog" + app.kubernetes.io/instance: "datadog" + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/component: agent + admission.datadoghq.com/enabled: "false" + app: datadog + env.datadoghq.com/kind: gke-gdc + name: datadog + annotations: + checksum/clusteragent_token: 02a7729d7892d74b95d5f3f8c5c143bae23b194a9209c06918057e7af3fea320 + checksum/install_info: 8e66003a020dd0b648cc0ee91a46e96257f348938a3e1a58fd54ea6f86adbd5e + checksum/autoconf-config: 74234e98afe7498fb5daf1f36ac2d78acc339464f950703b8c019892f982b90b + checksum/confd-config: 44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a + checksum/checksd-config: 44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a + spec: + + securityContext: + runAsUser: 0 + containers: + - name: agent + image: "gcr.io/datadoghq/agent:7.58.0" + imagePullPolicy: IfNotPresent + command: ["agent", "run"] + + resources: + {} + ports: + - containerPort: 8125 + name: dogstatsdport + protocol: UDP + env: + - name: DD_API_KEY + valueFrom: + secretKeyRef: + name: "datadog-secret" + key: api-key + - name: DD_REMOTE_CONFIGURATION_ENABLED + value: "false" + - name: DD_AUTH_TOKEN_FILE_PATH + value: /etc/datadog-agent/auth/token + + - name: KUBERNETES + value: "yes" + - name: DD_KUBELET_CLIENT_CRT + value: /certs/tls.crt + - name: DD_KUBELET_CLIENT_KEY + value: /certs/tls.key + - name: DD_LANGUAGE_DETECTION_ENABLED + value: "false" + - name: DD_LANGUAGE_DETECTION_REPORTING_ENABLED + value: "false" + - name: DD_KUBERNETES_KUBELET_HOST + valueFrom: + fieldRef: + fieldPath: status.hostIP + - name: DD_NODE_NAME + valueFrom: + fieldRef: + apiVersion: v1 + fieldPath: spec.nodeName + - name: DD_HOSTNAME + value: "$(DD_NODE_NAME)-$(DD_CLUSTER_NAME)" + - name: DD_OTLP_CONFIG_LOGS_ENABLED + value: "false" + - name: DD_PROVIDER_KIND + value: gke-gdc + + + - name: DD_LOG_LEVEL + value: "INFO" + - name: DD_DOGSTATSD_PORT + value: "8125" + - name: DD_DOGSTATSD_NON_LOCAL_TRAFFIC + value: "true" + - name: DD_DOGSTATSD_TAG_CARDINALITY + value: "low" + - name: DD_CLUSTER_AGENT_ENABLED + value: "true" + - name: DD_CLUSTER_AGENT_KUBERNETES_SERVICE_NAME + value: datadog-cluster-agent + - name: DD_CLUSTER_AGENT_AUTH_TOKEN + valueFrom: + secretKeyRef: + name: datadog-cluster-agent + key: token + - name: DD_APM_ENABLED + value: "false" + - name: DD_LOGS_ENABLED + value: "false" + - name: DD_LOGS_CONFIG_CONTAINER_COLLECT_ALL + value: "false" + - name: DD_LOGS_CONFIG_K8S_CONTAINER_USE_FILE + value: "true" + - name: DD_LOGS_CONFIG_AUTO_MULTI_LINE_DETECTION + value: "false" + - name: DD_HEALTH_PORT + value: "5555" + - name: DD_EXTRA_CONFIG_PROVIDERS + value: "clusterchecks endpointschecks" + - name: DD_IGNORE_AUTOCONF + value: "kubernetes_state" + - name: DD_CONTAINER_LIFECYCLE_ENABLED + value: "true" + - name: DD_ORCHESTRATOR_EXPLORER_ENABLED + value: "true" + - name: DD_EXPVAR_PORT + value: "6000" + - name: DD_COMPLIANCE_CONFIG_ENABLED + value: "false" + - name: DD_CONTAINER_IMAGE_ENABLED + value: "true" + - name: DD_KUBELET_CORE_CHECK_ENABLED + value: "true" + volumeMounts: + - name: logdatadog + mountPath: /var/log/datadog + readOnly: false # Need RW to write logs + - name: installinfo + subPath: install_info + mountPath: /etc/datadog-agent/install_info + readOnly: true + - name: tmpdir + mountPath: /tmp + readOnly: false # Need RW to write to /tmp directory + + - name: config + mountPath: /etc/datadog-agent + readOnly: false # Need RW to mount to config path + - name: auth-token + mountPath: /etc/datadog-agent/auth + readOnly: false # Need RW to write auth token + + + - name: kubelet-cert-volume + mountPath: /certs + livenessProbe: + failureThreshold: 6 + httpGet: + path: /live + port: 5555 + scheme: HTTP + initialDelaySeconds: 15 + periodSeconds: 15 + successThreshold: 1 + timeoutSeconds: 5 + readinessProbe: + failureThreshold: 6 + httpGet: + path: /ready + port: 5555 + scheme: HTTP + initialDelaySeconds: 15 + periodSeconds: 15 + successThreshold: 1 + timeoutSeconds: 5 + startupProbe: + failureThreshold: 6 + httpGet: + path: /startup + port: 5555 + scheme: HTTP + initialDelaySeconds: 15 + periodSeconds: 15 + successThreshold: 1 + timeoutSeconds: 5 + initContainers: + - name: init-volume + image: "gcr.io/datadoghq/agent:7.58.0" + imagePullPolicy: IfNotPresent + command: ["bash", "-c"] + args: + - cp -r /etc/datadog-agent /opt + volumeMounts: + - name: config + mountPath: /opt/datadog-agent + readOnly: false # Need RW for config path + resources: + {} + - name: init-config + image: "gcr.io/datadoghq/agent:7.58.0" + imagePullPolicy: IfNotPresent + command: + - bash + - -c + args: + - for script in $(find /etc/cont-init.d/ -type f -name '*.sh' | sort) ; do bash $script ; done + volumeMounts: + - name: config + mountPath: /etc/datadog-agent + readOnly: false # Need RW for config path + env: + - name: DD_API_KEY + valueFrom: + secretKeyRef: + name: "datadog-secret" + key: api-key + - name: DD_REMOTE_CONFIGURATION_ENABLED + value: "false" + - name: DD_AUTH_TOKEN_FILE_PATH + value: /etc/datadog-agent/auth/token + + - name: KUBERNETES + value: "yes" + - name: DD_KUBELET_CLIENT_CRT + value: /certs/tls.crt + - name: DD_KUBELET_CLIENT_KEY + value: /certs/tls.key + - name: DD_LANGUAGE_DETECTION_ENABLED + value: "false" + - name: DD_LANGUAGE_DETECTION_REPORTING_ENABLED + value: "false" + - name: DD_KUBERNETES_KUBELET_HOST + valueFrom: + fieldRef: + fieldPath: status.hostIP + - name: DD_NODE_NAME + valueFrom: + fieldRef: + apiVersion: v1 + fieldPath: spec.nodeName + - name: DD_HOSTNAME + value: "$(DD_NODE_NAME)-$(DD_CLUSTER_NAME)" + - name: DD_OTLP_CONFIG_LOGS_ENABLED + value: "false" + - name: DD_PROVIDER_KIND + value: gke-gdc + resources: + {} + volumes: + - name: auth-token + emptyDir: {} + - name: installinfo + configMap: + name: datadog-installinfo + - name: config + emptyDir: {} + + - name: logdatadog + emptyDir: {} + - name: tmpdir + emptyDir: {} + - name: s6-run + emptyDir: {} + - secret: + secretName: datadog-kubelet-cert + name: kubelet-cert-volume + tolerations: + affinity: + {} + serviceAccountName: "datadog" + automountServiceAccountToken: true + nodeSelector: + kubernetes.io/os: linux + updateStrategy: + rollingUpdate: + maxUnavailable: 10% + type: RollingUpdate \ No newline at end of file diff --git a/test/datadog/baseline/gdc_daemonset_logs_collection.yaml b/test/datadog/baseline/gdc_daemonset_logs_collection.yaml new file mode 100644 index 000000000..718556612 --- /dev/null +++ b/test/datadog/baseline/gdc_daemonset_logs_collection.yaml @@ -0,0 +1,301 @@ +--- +# Source: datadog/templates/daemonset.yaml +apiVersion: apps/v1 +kind: DaemonSet +metadata: + name: datadog + namespace: datadog-agent + labels: + helm.sh/chart: 'datadog-3.78.0' + app.kubernetes.io/name: "datadog" + app.kubernetes.io/instance: "datadog" + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/version: "7" + app.kubernetes.io/component: agent + env.datadoghq.com/kind: gke-gdc +spec: + revisionHistoryLimit: 10 + selector: + matchLabels: + app: datadog + template: + metadata: + labels: + app.kubernetes.io/name: "datadog" + app.kubernetes.io/instance: "datadog" + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/component: agent + admission.datadoghq.com/enabled: "false" + app: datadog + env.datadoghq.com/kind: gke-gdc + name: datadog + annotations: + checksum/clusteragent_token: 498fec9691fd0b37cfa390d929d0008ec155d53a534dff25c955c23461603f03 + checksum/install_info: 8e66003a020dd0b648cc0ee91a46e96257f348938a3e1a58fd54ea6f86adbd5e + checksum/autoconf-config: 74234e98afe7498fb5daf1f36ac2d78acc339464f950703b8c019892f982b90b + checksum/confd-config: 44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a + checksum/checksd-config: 44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a + spec: + + securityContext: + runAsUser: 0 + containers: + - name: agent + image: "gcr.io/datadoghq/agent:7.58.0" + imagePullPolicy: IfNotPresent + command: ["agent", "run"] + + resources: + {} + ports: + - containerPort: 8125 + name: dogstatsdport + protocol: UDP + env: + - name: DD_API_KEY + valueFrom: + secretKeyRef: + name: "datadog-secret" + key: api-key + - name: DD_REMOTE_CONFIGURATION_ENABLED + value: "false" + - name: DD_AUTH_TOKEN_FILE_PATH + value: /etc/datadog-agent/auth/token + + - name: KUBERNETES + value: "yes" + - name: DD_KUBELET_CLIENT_CRT + value: /certs/tls.crt + - name: DD_KUBELET_CLIENT_KEY + value: /certs/tls.key + - name: DD_LANGUAGE_DETECTION_ENABLED + value: "false" + - name: DD_LANGUAGE_DETECTION_REPORTING_ENABLED + value: "false" + - name: DD_KUBERNETES_KUBELET_HOST + valueFrom: + fieldRef: + fieldPath: status.hostIP + - name: DD_NODE_NAME + valueFrom: + fieldRef: + apiVersion: v1 + fieldPath: spec.nodeName + - name: DD_HOSTNAME + value: "$(DD_NODE_NAME)-$(DD_CLUSTER_NAME)" + - name: DD_OTLP_CONFIG_LOGS_ENABLED + value: "false" + - name: DD_PROVIDER_KIND + value: gke-gdc + + + - name: DD_LOG_LEVEL + value: "INFO" + - name: DD_DOGSTATSD_PORT + value: "8125" + - name: DD_DOGSTATSD_NON_LOCAL_TRAFFIC + value: "true" + - name: DD_DOGSTATSD_TAG_CARDINALITY + value: "low" + - name: DD_CLUSTER_AGENT_ENABLED + value: "true" + - name: DD_CLUSTER_AGENT_KUBERNETES_SERVICE_NAME + value: datadog-cluster-agent + - name: DD_CLUSTER_AGENT_AUTH_TOKEN + valueFrom: + secretKeyRef: + name: datadog-cluster-agent + key: token + - name: DD_APM_ENABLED + value: "false" + - name: DD_LOGS_ENABLED + value: "true" + - name: DD_LOGS_CONFIG_CONTAINER_COLLECT_ALL + value: "true" + - name: DD_LOGS_CONFIG_K8S_CONTAINER_USE_FILE + value: "true" + - name: DD_LOGS_CONFIG_AUTO_MULTI_LINE_DETECTION + value: "true" + - name: DD_HEALTH_PORT + value: "5555" + - name: DD_EXTRA_CONFIG_PROVIDERS + value: "clusterchecks endpointschecks" + - name: DD_IGNORE_AUTOCONF + value: "kubernetes_state" + - name: DD_CONTAINER_LIFECYCLE_ENABLED + value: "true" + - name: DD_ORCHESTRATOR_EXPLORER_ENABLED + value: "true" + - name: DD_EXPVAR_PORT + value: "6000" + - name: DD_COMPLIANCE_CONFIG_ENABLED + value: "false" + - name: DD_CONTAINER_IMAGE_ENABLED + value: "true" + - name: DD_KUBELET_CORE_CHECK_ENABLED + value: "true" + volumeMounts: + - name: logdatadog + mountPath: /var/log/datadog + readOnly: false # Need RW to write logs + - name: installinfo + subPath: install_info + mountPath: /etc/datadog-agent/install_info + readOnly: true + - name: tmpdir + mountPath: /tmp + readOnly: false # Need RW to write to /tmp directory + + - name: config + mountPath: /etc/datadog-agent + readOnly: false # Need RW to mount to config path + - name: auth-token + mountPath: /etc/datadog-agent/auth + readOnly: false # Need RW to write auth token + + + - name: pointerdir + mountPath: /opt/datadog-agent/run + mountPropagation: None + readOnly: false # Need RW for logs pointer + - name: logpodpath + mountPath: /var/log/pods + mountPropagation: None + readOnly: true + - name: logscontainerspath + mountPath: /var/log/containers + mountPropagation: None + readOnly: true + - name: kubelet-cert-volume + mountPath: /certs + livenessProbe: + failureThreshold: 6 + httpGet: + path: /live + port: 5555 + scheme: HTTP + initialDelaySeconds: 15 + periodSeconds: 15 + successThreshold: 1 + timeoutSeconds: 5 + readinessProbe: + failureThreshold: 6 + httpGet: + path: /ready + port: 5555 + scheme: HTTP + initialDelaySeconds: 15 + periodSeconds: 15 + successThreshold: 1 + timeoutSeconds: 5 + startupProbe: + failureThreshold: 6 + httpGet: + path: /startup + port: 5555 + scheme: HTTP + initialDelaySeconds: 15 + periodSeconds: 15 + successThreshold: 1 + timeoutSeconds: 5 + initContainers: + - name: init-volume + image: "gcr.io/datadoghq/agent:7.58.0" + imagePullPolicy: IfNotPresent + command: ["bash", "-c"] + args: + - cp -r /etc/datadog-agent /opt + volumeMounts: + - name: config + mountPath: /opt/datadog-agent + readOnly: false # Need RW for config path + resources: + {} + - name: init-config + image: "gcr.io/datadoghq/agent:7.58.0" + imagePullPolicy: IfNotPresent + command: + - bash + - -c + args: + - for script in $(find /etc/cont-init.d/ -type f -name '*.sh' | sort) ; do bash $script ; done + volumeMounts: + - name: config + mountPath: /etc/datadog-agent + readOnly: false # Need RW for config path + env: + - name: DD_API_KEY + valueFrom: + secretKeyRef: + name: "datadog-secret" + key: api-key + - name: DD_REMOTE_CONFIGURATION_ENABLED + value: "false" + - name: DD_AUTH_TOKEN_FILE_PATH + value: /etc/datadog-agent/auth/token + + - name: KUBERNETES + value: "yes" + - name: DD_KUBELET_CLIENT_CRT + value: /certs/tls.crt + - name: DD_KUBELET_CLIENT_KEY + value: /certs/tls.key + - name: DD_LANGUAGE_DETECTION_ENABLED + value: "false" + - name: DD_LANGUAGE_DETECTION_REPORTING_ENABLED + value: "false" + - name: DD_KUBERNETES_KUBELET_HOST + valueFrom: + fieldRef: + fieldPath: status.hostIP + - name: DD_NODE_NAME + valueFrom: + fieldRef: + apiVersion: v1 + fieldPath: spec.nodeName + - name: DD_HOSTNAME + value: "$(DD_NODE_NAME)-$(DD_CLUSTER_NAME)" + - name: DD_OTLP_CONFIG_LOGS_ENABLED + value: "false" + - name: DD_PROVIDER_KIND + value: gke-gdc + resources: + {} + volumes: + - name: auth-token + emptyDir: {} + - name: installinfo + configMap: + name: datadog-installinfo + - name: config + emptyDir: {} + + - name: logdatadog + emptyDir: {} + - name: tmpdir + emptyDir: {} + - name: s6-run + emptyDir: {} + - hostPath: + path: /var/datadog/logs + name: pointerdir + - hostPath: + path: /var/log/pods + name: logpodpath + - hostPath: + path: /var/log/containers + name: logscontainerspath + - secret: + secretName: datadog-kubelet-cert + name: kubelet-cert-volume + tolerations: + affinity: + {} + serviceAccountName: "datadog" + automountServiceAccountToken: true + nodeSelector: + kubernetes.io/os: linux + updateStrategy: + rollingUpdate: + maxUnavailable: 10% + type: RollingUpdate \ No newline at end of file diff --git a/test/datadog/baseline/other_default.yaml b/test/datadog/baseline/other_default.yaml index c96ddd7f5..486e05479 100644 --- a/test/datadog/baseline/other_default.yaml +++ b/test/datadog/baseline/other_default.yaml @@ -99,7 +99,7 @@ metadata: app.kubernetes.io/version: "7" type: Opaque data: - token: "TnlnSHRsTXpxUkFtN0tEVGtSZEVvanh2bWFmNG5ydEs=" + token: "WmoxVDdWb2xUSnZON3J5ejFLenptdkMwWFE4VEliY1Y=" --- # Source: datadog/templates/cluster-agent-confd-configmap.yaml apiVersion: v1 @@ -191,8 +191,8 @@ metadata: app.kubernetes.io/version: "7" data: install_type: k8s_manual - install_id: "01fc96f2-1345-4d2c-a7f3-052fbe71e3dc" - install_time: "1730498377" + install_id: "c54ea8fe-f73a-4eb0-9481-615351ad524e" + install_time: "1731358148" --- # Source: datadog/templates/cluster-agent-rbac.yaml apiVersion: "rbac.authorization.k8s.io/v1" @@ -824,7 +824,7 @@ spec: name: datadog annotations: - checksum/clusteragent_token: 7452f44c9c0c4dd0218a1ebe0f124f83cb7df2985ba704ba507910212ec6dbf8 + checksum/clusteragent_token: bdefcc7d8d859027136cc90e767b8e8d78fac016f81d05204c04c2733ef14104 checksum/install_info: 8e66003a020dd0b648cc0ee91a46e96257f348938a3e1a58fd54ea6f86adbd5e checksum/autoconf-config: 74234e98afe7498fb5daf1f36ac2d78acc339464f950703b8c019892f982b90b checksum/confd-config: 44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a @@ -1351,7 +1351,7 @@ spec: name: datadog-clusterchecks annotations: - checksum/clusteragent_token: 453c30f5e539cb034a3d38f5d735a6ca5df8594bf52010d8cff233efc89fb544 + checksum/clusteragent_token: 0b5dbb555b4a8ba9d8391e26b519aa3e5b7efc07543c2fa96f1ab430638880a6 checksum/install_info: 8e66003a020dd0b648cc0ee91a46e96257f348938a3e1a58fd54ea6f86adbd5e spec: serviceAccountName: datadog-cluster-checks @@ -1543,7 +1543,7 @@ spec: name: datadog-cluster-agent annotations: - checksum/clusteragent_token: afefc7bc0324ab935909d2d605cba76470834c32c9c77e1a21ffd53ff6be67b7 + checksum/clusteragent_token: f307ff702ac0458e3348fb60bcc9d098be8dec40df4411d106bf6d1882af55bc checksum/clusteragent-configmap: 18b94379f076d60b9b9aaa9bd8ebbc2fdc70563de1beae32de2018cacf2a237e checksum/install_info: 8e66003a020dd0b648cc0ee91a46e96257f348938a3e1a58fd54ea6f86adbd5e spec: diff --git a/test/datadog/baseline_test.go b/test/datadog/baseline_test.go index 8118d5128..baf66fe53 100644 --- a/test/datadog/baseline_test.go +++ b/test/datadog/baseline_test.go @@ -113,6 +113,42 @@ func Test_baseline_manifests(t *testing.T) { baselineManifestPath: "./baseline/other_default.yaml", assertions: verifyUntypedResources, }, + { + name: "GDC DaemonSet default", + command: common.HelmCommand{ + ReleaseName: "datadog", + ChartPath: "../../charts/datadog", + ShowOnly: []string{"templates/daemonset.yaml"}, + Values: []string{"../../charts/datadog/values.yaml"}, + Overrides: map[string]string{ + "datadog.apiKeyExistingSecret": "datadog-secret", + "datadog.appKeyExistingSecret": "datadog-secret", + "providers.gke.gdc": "true", + }, + }, + baselineManifestPath: "./baseline/gdc_daemonset_default.yaml", + assertions: verifyDaemonset, + }, + { + name: "GDC DaemonSet logs collection enabled", + command: common.HelmCommand{ + ReleaseName: "datadog", + ChartPath: "../../charts/datadog", + ShowOnly: []string{"templates/daemonset.yaml"}, + Values: []string{"../../charts/datadog/values.yaml"}, + Overrides: map[string]string{ + "datadog.apiKeyExistingSecret": "datadog-secret", + "datadog.appKeyExistingSecret": "datadog-secret", + "datadog.logs.enabled": "true", + "datadog.logs.containerCollectAll": "true", + "datadog.logs.containerCollectUsingFiles": "true", + "datadog.logs.autoMultiLineDetection": "true", + "providers.gke.gdc": "true", + }, + }, + baselineManifestPath: "./baseline/gdc_daemonset_logs_collection.yaml", + assertions: verifyDaemonset, + }, } for _, tt := range tests { diff --git a/test/datadog/gdc_test.go b/test/datadog/gdc_test.go index 27fcab2ce..b8b2ecf98 100644 --- a/test/datadog/gdc_test.go +++ b/test/datadog/gdc_test.go @@ -29,12 +29,14 @@ func Test_gdcConfigs(t *testing.T) { ShowOnly: []string{"templates/daemonset.yaml"}, Values: []string{"../../charts/datadog/values.yaml"}, Overrides: map[string]string{ - "datadog.apiKeyExistingSecret": "datadog-secret", - "datadog.appKeyExistingSecret": "datadog-secret", - "datadog.clusterName": "test-gdce", - "datadog.logs.enabled": "true", - "agents.image.doNotCheckTag": "true", - "providers.gke.gdc": "true", + "datadog.apiKeyExistingSecret": "datadog-secret", + "datadog.appKeyExistingSecret": "datadog-secret", + "datadog.logs.enabled": "true", + "agents.image.doNotCheckTag": "true", + "datadog.logs.containerCollectAll": "true", + "datadog.logs.containerCollectUsingFiles": "true", + "datadog.logs.autoMultiLineDetection": "true", + "providers.gke.gdc": "true", }, }, assertions: verifyDaemonsetGDCMinimal,