From 5314de1e4038179b4b9a590dfafc085e1fc4acd0 Mon Sep 17 00:00:00 2001 From: Sylvain Baubeau Date: Mon, 27 Jan 2025 10:43:14 +0100 Subject: [PATCH 01/45] Add support for SBOMs on CRI-O (#1662) * Mount cri-o directory to access image layers * Bump datadog chart --- charts/datadog/CHANGELOG.md | 4 ++++ charts/datadog/Chart.yaml | 2 +- charts/datadog/README.md | 2 +- charts/datadog/templates/_container-agent.yaml | 3 +++ charts/datadog/templates/_daemonset-volumes-linux.yaml | 3 +++ 5 files changed, 12 insertions(+), 2 deletions(-) diff --git a/charts/datadog/CHANGELOG.md b/charts/datadog/CHANGELOG.md index 8fc60105d..a4d8e7261 100644 --- a/charts/datadog/CHANGELOG.md +++ b/charts/datadog/CHANGELOG.md @@ -1,5 +1,9 @@ # Datadog changelog +## 3.88.3 + +* Mount /var/lib/containers to generate SBOMs for CRI-O. + ## 3.88.2 * Disable running process check in core Agent by default feature for GKE Autopilot, as it is not supported. diff --git a/charts/datadog/Chart.yaml b/charts/datadog/Chart.yaml index 41fa76a22..78206b997 100644 --- a/charts/datadog/Chart.yaml +++ b/charts/datadog/Chart.yaml @@ -1,7 +1,7 @@ --- apiVersion: v1 name: datadog -version: 3.88.2 +version: 3.88.3 appVersion: "7" description: Datadog Agent keywords: diff --git a/charts/datadog/README.md b/charts/datadog/README.md index ebdd00a88..6718610e5 100644 --- a/charts/datadog/README.md +++ b/charts/datadog/README.md @@ -1,6 +1,6 @@ # Datadog -![Version: 3.88.2](https://img.shields.io/badge/Version-3.88.2-informational?style=flat-square) ![AppVersion: 7](https://img.shields.io/badge/AppVersion-7-informational?style=flat-square) +![Version: 3.88.3](https://img.shields.io/badge/Version-3.88.3-informational?style=flat-square) ![AppVersion: 7](https://img.shields.io/badge/AppVersion-7-informational?style=flat-square) [Datadog](https://www.datadoghq.com/) is a hosted infrastructure monitoring platform. This chart adds the Datadog Agent to all nodes in your cluster via a DaemonSet. It also optionally depends on the [kube-state-metrics chart](https://github.com/prometheus-community/helm-charts/tree/main/charts/kube-state-metrics). For more information about monitoring Kubernetes with Datadog, please refer to the [Datadog documentation website](https://docs.datadoghq.com/agent/basic_agent_usage/kubernetes/). diff --git a/charts/datadog/templates/_container-agent.yaml b/charts/datadog/templates/_container-agent.yaml index b356b010c..0dba5f33c 100644 --- a/charts/datadog/templates/_container-agent.yaml +++ b/charts/datadog/templates/_container-agent.yaml @@ -291,6 +291,9 @@ - name: host-docker-dir mountPath: /host/var/lib/docker readOnly: true + - name: host-crio-dir + mountPath: /host/var/lib/containers + readOnly: true {{- end }} {{- if eq (include "should-enable-sbom-host-fs-collection" .) "true" }} - name: host-apk-dir diff --git a/charts/datadog/templates/_daemonset-volumes-linux.yaml b/charts/datadog/templates/_daemonset-volumes-linux.yaml index d4ec7904f..136e2c6af 100644 --- a/charts/datadog/templates/_daemonset-volumes-linux.yaml +++ b/charts/datadog/templates/_daemonset-volumes-linux.yaml @@ -160,6 +160,9 @@ - hostPath: path: /var/lib/docker name: host-docker-dir +- hostPath: + path: /var/lib/containers + name: host-crio-dir {{- end }} {{- if eq (include "should-enable-sbom-host-fs-collection" .) "true" }} - hostPath: From d4ac802066b9d99d72be5faaff99c339c999bba9 Mon Sep 17 00:00:00 2001 From: aquiladayc <56868556+aquiladayc@users.noreply.github.com> Date: Wed, 29 Jan 2025 04:13:45 +0900 Subject: [PATCH 02/45] Add apiserver additionalconfig for cluster agent (#1655) * add clusterAgent.apiserverCheck.additionalConfigs * fix values.yaml * fix values.yaml * add clusterAgent.kubernetesApiserverCheck.disableUseComponentStatus instead of additionalConfig * update readme * update readme and blank default value * Update charts/datadog/values.yaml Co-authored-by: khewonc <39867936+khewonc@users.noreply.github.com> * Update charts/datadog/templates/_kubernetes_apiserver_config.yaml Co-authored-by: khewonc <39867936+khewonc@users.noreply.github.com> * Update charts/datadog/values.yaml Co-authored-by: khewonc <39867936+khewonc@users.noreply.github.com> * update helper tpl * update helper tpl * update deployment * Update charts/datadog/values.yaml Co-authored-by: Cedric Lamoriniere * Update charts/datadog/templates/_helpers.tpl Co-authored-by: khewonc <39867936+khewonc@users.noreply.github.com> * Update charts/datadog/templates/_kubernetes_apiserver_config.yaml Co-authored-by: khewonc <39867936+khewonc@users.noreply.github.com> * Update charts/datadog/templates/cluster-agent-deployment.yaml Co-authored-by: khewonc <39867936+khewonc@users.noreply.github.com> * update readme * Update charts/datadog/values.yaml Co-authored-by: Cedric Lamoriniere * update readme and update version * Remove newline Mistakenly added newline when merging main --------- Co-authored-by: khewonc <39867936+khewonc@users.noreply.github.com> Co-authored-by: Cedric Lamoriniere --- charts/datadog/CHANGELOG.md | 4 ++++ charts/datadog/Chart.yaml | 2 +- charts/datadog/README.md | 3 ++- charts/datadog/templates/_helpers.tpl | 13 ++++++++++++- .../templates/_kubernetes_apiserver_config.yaml | 10 ++++++++-- .../datadog/templates/cluster-agent-deployment.yaml | 2 +- charts/datadog/values.yaml | 5 +++++ 7 files changed, 33 insertions(+), 6 deletions(-) diff --git a/charts/datadog/CHANGELOG.md b/charts/datadog/CHANGELOG.md index a4d8e7261..7f424302f 100644 --- a/charts/datadog/CHANGELOG.md +++ b/charts/datadog/CHANGELOG.md @@ -1,5 +1,9 @@ # Datadog changelog +## 3.89.0 + +* Add `clusterAgent.kubernetesApiserverCheck.disableUseComponentStatus` to disable `use_component_status` option for kubernetes_apiserver check. + ## 3.88.3 * Mount /var/lib/containers to generate SBOMs for CRI-O. diff --git a/charts/datadog/Chart.yaml b/charts/datadog/Chart.yaml index 78206b997..ab25da7a9 100644 --- a/charts/datadog/Chart.yaml +++ b/charts/datadog/Chart.yaml @@ -1,7 +1,7 @@ --- apiVersion: v1 name: datadog -version: 3.88.3 +version: 3.89.0 appVersion: "7" description: Datadog Agent keywords: diff --git a/charts/datadog/README.md b/charts/datadog/README.md index 6718610e5..20dc1e3b7 100644 --- a/charts/datadog/README.md +++ b/charts/datadog/README.md @@ -1,6 +1,6 @@ # Datadog -![Version: 3.88.3](https://img.shields.io/badge/Version-3.88.3-informational?style=flat-square) ![AppVersion: 7](https://img.shields.io/badge/AppVersion-7-informational?style=flat-square) +![Version: 3.89.0](https://img.shields.io/badge/Version-3.89.0-informational?style=flat-square) ![AppVersion: 7](https://img.shields.io/badge/AppVersion-7-informational?style=flat-square) [Datadog](https://www.datadoghq.com/) is a hosted infrastructure monitoring platform. This chart adds the Datadog Agent to all nodes in your cluster via a DaemonSet. It also optionally depends on the [kube-state-metrics chart](https://github.com/prometheus-community/helm-charts/tree/main/charts/kube-state-metrics). For more information about monitoring Kubernetes with Datadog, please refer to the [Datadog documentation website](https://docs.datadoghq.com/agent/basic_agent_usage/kubernetes/). @@ -608,6 +608,7 @@ helm install \ | clusterAgent.image.pullSecrets | list | `[]` | Cluster Agent repository pullSecret (ex: specify docker registry credentials) | | clusterAgent.image.repository | string | `nil` | Override default registry + image.name for Cluster Agent | | clusterAgent.image.tag | string | `"7.61.0"` | Cluster Agent image tag to use | +| clusterAgent.kubernetesApiserverCheck.disableUseComponentStatus | bool | `false` | Set this to true to disable use_component_status for the kube_apiserver integration. | | clusterAgent.livenessProbe | object | Every 15s / 6 KO / 1 OK | Override default Cluster Agent liveness probe settings | | clusterAgent.metricsProvider.aggregator | string | `"avg"` | Define the aggregator the cluster agent will use to process the metrics. The options are (avg, min, max, sum) | | clusterAgent.metricsProvider.createReaderRbac | bool | `true` | Create `external-metrics-reader` RBAC automatically (to allow HPA to read data from Cluster Agent) | diff --git a/charts/datadog/templates/_helpers.tpl b/charts/datadog/templates/_helpers.tpl index 0cebfd456..04f5e5492 100644 --- a/charts/datadog/templates/_helpers.tpl +++ b/charts/datadog/templates/_helpers.tpl @@ -699,7 +699,18 @@ Return Kubelet volumeMount Return true if the Cluster Agent needs a confd configmap */}} {{- define "need-cluster-agent-confd" -}} -{{- if (or (.Values.clusterAgent.confd) (.Values.datadog.kubeStateMetricsCore.enabled) (.Values.clusterAgent.advancedConfd) (.Values.datadog.helmCheck.enabled)) -}} +{{- if (or (.Values.clusterAgent.confd) (.Values.datadog.kubeStateMetricsCore.enabled) (.Values.clusterAgent.advancedConfd) (.Values.datadog.helmCheck.enabled) (.Values.datadog.collectEvents) (.Values.clusterAgent.kubernetesApiserverCheck.disableUseComponentStatus)) -}} +true +{{- else -}} +false +{{- end -}} +{{- end -}} + +{{/* +Return true if kubernetes_apiserver check should be configured +*/}} +{{- define "need-kubernetes-apiserver-check-config" -}} +{{- if or (.Values.datadog.collectEvents) (.Values.clusterAgent.kubernetesApiserverCheck.disableUseComponentStatus) -}} true {{- else -}} false diff --git a/charts/datadog/templates/_kubernetes_apiserver_config.yaml b/charts/datadog/templates/_kubernetes_apiserver_config.yaml index 208e21594..b1849c6d0 100644 --- a/charts/datadog/templates/_kubernetes_apiserver_config.yaml +++ b/charts/datadog/templates/_kubernetes_apiserver_config.yaml @@ -1,13 +1,19 @@ {{- define "kubernetes_apiserver-config" -}} -{{- if .Values.datadog.collectEvents -}} +{{- if eq (include "need-kubernetes-apiserver-check-config" .) "true" }} kubernetes_apiserver.yaml: |- init_config: instances: - - filtering_enabled: {{ .Values.datadog.kubernetesEvents.filteringEnabled }} + - +{{- if .Values.datadog.collectEvents }} + filtering_enabled: {{ .Values.datadog.kubernetesEvents.filteringEnabled }} unbundle_events: {{ .Values.datadog.kubernetesEvents.unbundleEvents }} {{- if .Values.datadog.kubernetesEvents.unbundleEvents }} collected_event_types: {{ .Values.datadog.kubernetesEvents.collectedEventTypes | toYaml | nindent 8 }} {{- end -}} +{{- end }} +{{- if .Values.clusterAgent.kubernetesApiserverCheck.disableUseComponentStatus }} + use_component_status: false +{{- end }} {{- end -}} {{- end -}} diff --git a/charts/datadog/templates/cluster-agent-deployment.yaml b/charts/datadog/templates/cluster-agent-deployment.yaml index 08925e9b0..de82b3615 100644 --- a/charts/datadog/templates/cluster-agent-deployment.yaml +++ b/charts/datadog/templates/cluster-agent-deployment.yaml @@ -486,7 +486,7 @@ spec: - key: helm.yaml path: helm.yaml {{- end }} -{{- if .Values.datadog.collectEvents }} +{{- if eq (include "need-kubernetes-apiserver-check-config" .) "true" }} - key: kubernetes_apiserver.yaml path: kubernetes_apiserver.yaml {{- end }} diff --git a/charts/datadog/values.yaml b/charts/datadog/values.yaml index c42ff51cd..c87513dbd 100644 --- a/charts/datadog/values.yaml +++ b/charts/datadog/values.yaml @@ -1310,6 +1310,11 @@ clusterAgent: # username: datadog # password: + ## clusterAgent.kubernetesApiserverCheck -- correspond to options for configuring the kube_apiserver integration. + kubernetesApiserverCheck: + # clusterAgent.kubernetesApiserverCheck.disableUseComponentStatus -- Set this to true to disable use_component_status for the kube_apiserver integration. + disableUseComponentStatus: false + # clusterAgent.resources -- Datadog cluster-agent resource requests and limits. resources: {} # requests: From b29686a7d1306225f85268b553c55b8db5991d4d Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Josu=C3=A9=20AGBEKODO?= <70853334+20agbekodo@users.noreply.github.com> Date: Thu, 30 Jan 2025 15:12:18 +0100 Subject: [PATCH 03/45] [observability-pipelines-worker] 2.3.0 release (#1678) --- charts/observability-pipelines-worker/CHANGELOG.md | 4 ++++ charts/observability-pipelines-worker/Chart.yaml | 4 ++-- charts/observability-pipelines-worker/README.md | 4 ++-- charts/observability-pipelines-worker/values.yaml | 2 +- 4 files changed, 9 insertions(+), 5 deletions(-) diff --git a/charts/observability-pipelines-worker/CHANGELOG.md b/charts/observability-pipelines-worker/CHANGELOG.md index 67f6ead8f..29a623fc6 100644 --- a/charts/observability-pipelines-worker/CHANGELOG.md +++ b/charts/observability-pipelines-worker/CHANGELOG.md @@ -1,5 +1,9 @@ # Changelog +## 2.3.0 + +* Official image `2.3.0` + ## 2.2.3 * Official image `2.2.3` diff --git a/charts/observability-pipelines-worker/Chart.yaml b/charts/observability-pipelines-worker/Chart.yaml index 68e606a8f..367c868c8 100644 --- a/charts/observability-pipelines-worker/Chart.yaml +++ b/charts/observability-pipelines-worker/Chart.yaml @@ -1,6 +1,6 @@ apiVersion: v2 name: observability-pipelines-worker -version: "2.2.3" +version: "2.3.0" description: Observability Pipelines Worker type: application keywords: @@ -13,7 +13,7 @@ icon: https://datadog-live.imgix.net/img/dd_logo_70x75.png maintainers: - name: Datadog email: support@datadoghq.com -appVersion: "2.2.3" +appVersion: "2.3.0" annotations: artifacthub.io/links: | - name: Chart Source diff --git a/charts/observability-pipelines-worker/README.md b/charts/observability-pipelines-worker/README.md index c269a1d37..4054396a4 100644 --- a/charts/observability-pipelines-worker/README.md +++ b/charts/observability-pipelines-worker/README.md @@ -1,6 +1,6 @@ # Observability Pipelines Worker -![Version: 2.2.3](https://img.shields.io/badge/Version-2.2.3-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 2.2.3](https://img.shields.io/badge/AppVersion-2.2.3-informational?style=flat-square) +![Version: 2.3.0](https://img.shields.io/badge/Version-2.3.0-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 2.3.0](https://img.shields.io/badge/AppVersion-2.3.0-informational?style=flat-square) ## How to use Datadog Helm repository @@ -110,7 +110,7 @@ The command removes all the Kubernetes components associated with the chart and | image.pullPolicy | string | `"IfNotPresent"` | Specify the [pullPolicy](https://kubernetes.io/docs/concepts/containers/images/#image-pull-policy). | | image.pullSecrets | list | `[]` | Specify the [imagePullSecrets](https://kubernetes.io/docs/concepts/containers/images/#specifying-imagepullsecrets-on-a-pod). | | image.repository | string | `"gcr.io/datadoghq"` | Specify the image repository to use. | -| image.tag | string | `"2.2.3"` | Specify the image tag to use. | +| image.tag | string | `"2.3.0"` | Specify the image tag to use. | | ingress.annotations | object | `{}` | Specify annotations for the Ingress. | | ingress.className | string | `""` | Specify the [ingressClassName](https://kubernetes.io/blog/2020/04/02/improvements-to-the-ingress-api-in-kubernetes-1.18/#specifying-the-class-of-an-ingress), requires Kubernetes >= 1.18. | | ingress.enabled | bool | `false` | If **true**, create an Ingress resource. | diff --git a/charts/observability-pipelines-worker/values.yaml b/charts/observability-pipelines-worker/values.yaml index 965f7c6f0..81e3f6f1e 100644 --- a/charts/observability-pipelines-worker/values.yaml +++ b/charts/observability-pipelines-worker/values.yaml @@ -42,7 +42,7 @@ image: # image.name -- Specify the image name to use (relative to `image.repository`). name: observability-pipelines-worker # image.tag -- Specify the image tag to use. - tag: 2.2.3 + tag: 2.3.0 # image.digest -- (string) Specify the image digest to use; takes precedence over `image.tag`. digest: ## Currently, we offer images at: From 43810e609440728dee3caa9ed09674748a1decad Mon Sep 17 00:00:00 2001 From: Ethan Wood-Thomas Date: Thu, 30 Jan 2025 11:43:15 -0500 Subject: [PATCH 04/45] Bumped agent version to 7.62 (#1676) --- charts/datadog/CHANGELOG.md | 4 + charts/datadog/Chart.yaml | 2 +- charts/datadog/README.md | 8 +- charts/datadog/values.yaml | 6 +- ...gent-clusterchecks-deployment_default.yaml | 12 +- .../cluster-agent-deployment_default.yaml | 14 +-- ...loyment_default_advanced_AC_injection.yaml | 14 +-- ...ployment_default_minimal_AC_injection.yaml | 16 +-- test/datadog/baseline/daemonset_default.yaml | 14 +-- .../baseline/gdc_daemonset_default.yaml | 12 +- .../gdc_daemonset_logs_collection.yaml | 12 +- test/datadog/baseline/other_default.yaml | 106 +++++++++--------- 12 files changed, 113 insertions(+), 107 deletions(-) diff --git a/charts/datadog/CHANGELOG.md b/charts/datadog/CHANGELOG.md index 7f424302f..d75cfe9fe 100644 --- a/charts/datadog/CHANGELOG.md +++ b/charts/datadog/CHANGELOG.md @@ -1,5 +1,9 @@ # Datadog changelog +## 3.90.0 + +* Set default `Agent` and `Cluster-Agent` version to `7.62.0`. + ## 3.89.0 * Add `clusterAgent.kubernetesApiserverCheck.disableUseComponentStatus` to disable `use_component_status` option for kubernetes_apiserver check. diff --git a/charts/datadog/Chart.yaml b/charts/datadog/Chart.yaml index ab25da7a9..b635bf643 100644 --- a/charts/datadog/Chart.yaml +++ b/charts/datadog/Chart.yaml @@ -1,7 +1,7 @@ --- apiVersion: v1 name: datadog -version: 3.89.0 +version: 3.90.0 appVersion: "7" description: Datadog Agent keywords: diff --git a/charts/datadog/README.md b/charts/datadog/README.md index 20dc1e3b7..d57854a2f 100644 --- a/charts/datadog/README.md +++ b/charts/datadog/README.md @@ -1,6 +1,6 @@ # Datadog -![Version: 3.89.0](https://img.shields.io/badge/Version-3.89.0-informational?style=flat-square) ![AppVersion: 7](https://img.shields.io/badge/AppVersion-7-informational?style=flat-square) +![Version: 3.90.0](https://img.shields.io/badge/Version-3.90.0-informational?style=flat-square) ![AppVersion: 7](https://img.shields.io/badge/AppVersion-7-informational?style=flat-square) [Datadog](https://www.datadoghq.com/) is a hosted infrastructure monitoring platform. This chart adds the Datadog Agent to all nodes in your cluster via a DaemonSet. It also optionally depends on the [kube-state-metrics chart](https://github.com/prometheus-community/helm-charts/tree/main/charts/kube-state-metrics). For more information about monitoring Kubernetes with Datadog, please refer to the [Datadog documentation website](https://docs.datadoghq.com/agent/basic_agent_usage/kubernetes/). @@ -525,7 +525,7 @@ helm install \ | agents.image.pullPolicy | string | `"IfNotPresent"` | Datadog Agent image pull policy | | agents.image.pullSecrets | list | `[]` | Datadog Agent repository pullSecret (ex: specify docker registry credentials) | | agents.image.repository | string | `nil` | Override default registry + image.name for Agent | -| agents.image.tag | string | `"7.61.0"` | Define the Agent version to use | +| agents.image.tag | string | `"7.62.0"` | Define the Agent version to use | | agents.image.tagSuffix | string | `""` | Suffix to append to Agent tag | | agents.localService.forceLocalServiceEnabled | bool | `false` | Force the creation of the internal traffic policy service to target the agent running on the local node. By default, the internal traffic service is created only on Kubernetes 1.22+ where the feature became beta and enabled by default. This option allows to force the creation of the internal traffic service on kubernetes 1.21 where the feature was alpha and required a feature gate to be explicitly enabled. | | agents.localService.overrideName | string | `""` | Name of the internal traffic service to target the agent running on the local node | @@ -607,7 +607,7 @@ helm install \ | clusterAgent.image.pullPolicy | string | `"IfNotPresent"` | Cluster Agent image pullPolicy | | clusterAgent.image.pullSecrets | list | `[]` | Cluster Agent repository pullSecret (ex: specify docker registry credentials) | | clusterAgent.image.repository | string | `nil` | Override default registry + image.name for Cluster Agent | -| clusterAgent.image.tag | string | `"7.61.0"` | Cluster Agent image tag to use | +| clusterAgent.image.tag | string | `"7.62.0"` | Cluster Agent image tag to use | | clusterAgent.kubernetesApiserverCheck.disableUseComponentStatus | bool | `false` | Set this to true to disable use_component_status for the kube_apiserver integration. | | clusterAgent.livenessProbe | object | Every 15s / 6 KO / 1 OK | Override default Cluster Agent liveness probe settings | | clusterAgent.metricsProvider.aggregator | string | `"avg"` | Define the aggregator the cluster agent will use to process the metrics. The options are (avg, min, max, sum) | @@ -662,7 +662,7 @@ helm install \ | clusterChecksRunner.image.pullPolicy | string | `"IfNotPresent"` | Datadog Agent image pull policy | | clusterChecksRunner.image.pullSecrets | list | `[]` | Datadog Agent repository pullSecret (ex: specify docker registry credentials) | | clusterChecksRunner.image.repository | string | `nil` | Override default registry + image.name for Cluster Check Runners | -| clusterChecksRunner.image.tag | string | `"7.61.0"` | Define the Agent version to use | +| clusterChecksRunner.image.tag | string | `"7.62.0"` | Define the Agent version to use | | clusterChecksRunner.image.tagSuffix | string | `""` | Suffix to append to Agent tag | | clusterChecksRunner.livenessProbe | object | Every 15s / 6 KO / 1 OK | Override default agent liveness probe settings | | clusterChecksRunner.networkPolicy.create | bool | `false` | If true, create a NetworkPolicy for the cluster checks runners. DEPRECATED. Use datadog.networkPolicy.create instead | diff --git a/charts/datadog/values.yaml b/charts/datadog/values.yaml index c87513dbd..432b1618c 100644 --- a/charts/datadog/values.yaml +++ b/charts/datadog/values.yaml @@ -1029,7 +1029,7 @@ clusterAgent: name: cluster-agent # clusterAgent.image.tag -- Cluster Agent image tag to use - tag: 7.61.0 + tag: 7.62.0 # clusterAgent.image.digest -- Cluster Agent image digest to use, takes precedence over tag if specified digest: "" @@ -1550,7 +1550,7 @@ agents: name: agent # agents.image.tag -- Define the Agent version to use - tag: 7.61.0 + tag: 7.62.0 # agents.image.digest -- Define Agent image digest to use, takes precedence over tag if specified digest: "" @@ -2056,7 +2056,7 @@ clusterChecksRunner: name: agent # clusterChecksRunner.image.tag -- Define the Agent version to use - tag: 7.61.0 + tag: 7.62.0 # clusterChecksRunner.image.digest -- Define Agent image digest to use, takes precedence over tag if specified digest: "" diff --git a/test/datadog/baseline/agent-clusterchecks-deployment_default.yaml b/test/datadog/baseline/agent-clusterchecks-deployment_default.yaml index d14249794..abe1ae407 100644 --- a/test/datadog/baseline/agent-clusterchecks-deployment_default.yaml +++ b/test/datadog/baseline/agent-clusterchecks-deployment_default.yaml @@ -6,7 +6,7 @@ metadata: name: datadog-clusterchecks namespace: datadog-agent labels: - helm.sh/chart: 'datadog-3.88.0' + helm.sh/chart: 'datadog-3.90.0' app.kubernetes.io/name: "datadog" app.kubernetes.io/instance: "datadog" app.kubernetes.io/managed-by: Helm @@ -36,8 +36,8 @@ spec: name: datadog-clusterchecks annotations: - checksum/clusteragent_token: 37a2772ca63263767c6e7068e0045e49adbc15740749bda902e911cd80f1b43a - checksum/install_info: c4085619f73a106a92bfd597fcc33dc3860f5a5e984bf75fc16adcda43b15f70 + checksum/clusteragent_token: a4c4f992728ab92c056e58623747a4937611a96e617e9369bbbd09486a83aaa4 + checksum/install_info: 3b9b3e85592ca511f47e6f39152d86a2c22f1ecc6fe577f4a9f78fa7e78097a4 spec: serviceAccountName: datadog-cluster-checks automountServiceAccountToken: true @@ -45,7 +45,7 @@ spec: [] initContainers: - name: init-volume - image: "gcr.io/datadoghq/agent:7.61.0" + image: "gcr.io/datadoghq/agent:7.62.0" imagePullPolicy: IfNotPresent command: ["bash", "-c"] args: @@ -57,7 +57,7 @@ spec: resources: {} - name: init-config - image: "gcr.io/datadoghq/agent:7.61.0" + image: "gcr.io/datadoghq/agent:7.62.0" imagePullPolicy: IfNotPresent command: ["bash", "-c"] args: @@ -70,7 +70,7 @@ spec: {} containers: - name: agent - image: "gcr.io/datadoghq/agent:7.61.0" + image: "gcr.io/datadoghq/agent:7.62.0" command: ["bash", "-c"] args: - find /etc/datadog-agent/conf.d/ -name "*.yaml.default" -type f -delete && touch /etc/datadog-agent/datadog.yaml && exec agent run diff --git a/test/datadog/baseline/cluster-agent-deployment_default.yaml b/test/datadog/baseline/cluster-agent-deployment_default.yaml index 54b4028fb..15cb6fc5e 100644 --- a/test/datadog/baseline/cluster-agent-deployment_default.yaml +++ b/test/datadog/baseline/cluster-agent-deployment_default.yaml @@ -6,7 +6,7 @@ metadata: name: datadog-cluster-agent namespace: datadog-agent labels: - helm.sh/chart: 'datadog-3.88.0' + helm.sh/chart: 'datadog-3.90.0' app.kubernetes.io/name: "datadog" app.kubernetes.io/instance: "datadog" app.kubernetes.io/managed-by: Helm @@ -36,17 +36,17 @@ spec: name: datadog-cluster-agent annotations: - checksum/clusteragent_token: 406b54942cb117c07edbdf779143465270e695ae181ac7cb1510d7f51938bcba - checksum/clusteragent-configmap: 57883159e63d717c5682a2f7f362dc07a0ded67378a893d77f99fa5d429b4a8a - checksum/api_key: 08203c81db295de2f7423eec8a95130b34c45870d3d63f36ce185a82b5c8f05b + checksum/clusteragent_token: 7de9189e8b09b0220e39687e09632b5f9c164bab572826f08c467143a74f5fdd + checksum/clusteragent-configmap: b80db4e65821dd6bcd24691a57341dbf840b5ac2c7e635060f0e8ae83f6597c1 + checksum/api_key: e8756335f64a19cdbc31bf5c1e01c7cc4fa57310bf1a1739384243a8adada70c checksum/application_key: 01ba4719c80b6fe911b091a7c05124b64eeece964e09c058ef8f9805daca546b - checksum/install_info: c4085619f73a106a92bfd597fcc33dc3860f5a5e984bf75fc16adcda43b15f70 + checksum/install_info: 3b9b3e85592ca511f47e6f39152d86a2c22f1ecc6fe577f4a9f78fa7e78097a4 spec: serviceAccountName: datadog-cluster-agent automountServiceAccountToken: true initContainers: - name: init-volume - image: "gcr.io/datadoghq/cluster-agent:7.61.0" + image: "gcr.io/datadoghq/cluster-agent:7.62.0" imagePullPolicy: IfNotPresent command: - cp @@ -59,7 +59,7 @@ spec: mountPath: /opt/datadog-agent containers: - name: cluster-agent - image: "gcr.io/datadoghq/cluster-agent:7.61.0" + image: "gcr.io/datadoghq/cluster-agent:7.62.0" imagePullPolicy: IfNotPresent resources: {} diff --git a/test/datadog/baseline/cluster-agent-deployment_default_advanced_AC_injection.yaml b/test/datadog/baseline/cluster-agent-deployment_default_advanced_AC_injection.yaml index e16a33377..2cd55ca38 100644 --- a/test/datadog/baseline/cluster-agent-deployment_default_advanced_AC_injection.yaml +++ b/test/datadog/baseline/cluster-agent-deployment_default_advanced_AC_injection.yaml @@ -6,7 +6,7 @@ metadata: name: datadog-cluster-agent namespace: datadog-agent labels: - helm.sh/chart: 'datadog-3.88.0' + helm.sh/chart: 'datadog-3.90.0' app.kubernetes.io/name: "datadog" app.kubernetes.io/instance: "datadog" app.kubernetes.io/managed-by: Helm @@ -36,17 +36,17 @@ spec: name: datadog-cluster-agent annotations: - checksum/clusteragent_token: 795ee1c256c20770693733bfa713d5614c1eea95d15e8141b6fa8a4894f81557 - checksum/clusteragent-configmap: 57883159e63d717c5682a2f7f362dc07a0ded67378a893d77f99fa5d429b4a8a - checksum/api_key: 08203c81db295de2f7423eec8a95130b34c45870d3d63f36ce185a82b5c8f05b + checksum/clusteragent_token: 2e89c377e0aaca3b109a0e88bfd037558ed48fb189b5fa93fce66965c2f5775a + checksum/clusteragent-configmap: b80db4e65821dd6bcd24691a57341dbf840b5ac2c7e635060f0e8ae83f6597c1 + checksum/api_key: e8756335f64a19cdbc31bf5c1e01c7cc4fa57310bf1a1739384243a8adada70c checksum/application_key: 01ba4719c80b6fe911b091a7c05124b64eeece964e09c058ef8f9805daca546b - checksum/install_info: c4085619f73a106a92bfd597fcc33dc3860f5a5e984bf75fc16adcda43b15f70 + checksum/install_info: 3b9b3e85592ca511f47e6f39152d86a2c22f1ecc6fe577f4a9f78fa7e78097a4 spec: serviceAccountName: datadog-cluster-agent automountServiceAccountToken: true initContainers: - name: init-volume - image: "gcr.io/datadoghq/cluster-agent:7.61.0" + image: "gcr.io/datadoghq/cluster-agent:7.62.0" imagePullPolicy: IfNotPresent command: - cp @@ -59,7 +59,7 @@ spec: mountPath: /opt/datadog-agent containers: - name: cluster-agent - image: "gcr.io/datadoghq/cluster-agent:7.61.0" + image: "gcr.io/datadoghq/cluster-agent:7.62.0" imagePullPolicy: IfNotPresent resources: {} diff --git a/test/datadog/baseline/cluster-agent-deployment_default_minimal_AC_injection.yaml b/test/datadog/baseline/cluster-agent-deployment_default_minimal_AC_injection.yaml index 90137e113..a77939d62 100644 --- a/test/datadog/baseline/cluster-agent-deployment_default_minimal_AC_injection.yaml +++ b/test/datadog/baseline/cluster-agent-deployment_default_minimal_AC_injection.yaml @@ -6,7 +6,7 @@ metadata: name: datadog-cluster-agent namespace: datadog-agent labels: - helm.sh/chart: 'datadog-3.88.0' + helm.sh/chart: 'datadog-3.90.0' app.kubernetes.io/name: "datadog" app.kubernetes.io/instance: "datadog" app.kubernetes.io/managed-by: Helm @@ -36,17 +36,17 @@ spec: name: datadog-cluster-agent annotations: - checksum/clusteragent_token: 4a9ef7efc38cb1ca3eebf80fe91e7447283866158f242d3e1f6f4fcde674bf0e - checksum/clusteragent-configmap: 57883159e63d717c5682a2f7f362dc07a0ded67378a893d77f99fa5d429b4a8a - checksum/api_key: 08203c81db295de2f7423eec8a95130b34c45870d3d63f36ce185a82b5c8f05b + checksum/clusteragent_token: 006359294812b6f3dc99795439e6d9bb00899277b38234560d155ef214fbc747 + checksum/clusteragent-configmap: b80db4e65821dd6bcd24691a57341dbf840b5ac2c7e635060f0e8ae83f6597c1 + checksum/api_key: e8756335f64a19cdbc31bf5c1e01c7cc4fa57310bf1a1739384243a8adada70c checksum/application_key: 01ba4719c80b6fe911b091a7c05124b64eeece964e09c058ef8f9805daca546b - checksum/install_info: c4085619f73a106a92bfd597fcc33dc3860f5a5e984bf75fc16adcda43b15f70 + checksum/install_info: 3b9b3e85592ca511f47e6f39152d86a2c22f1ecc6fe577f4a9f78fa7e78097a4 spec: serviceAccountName: datadog-cluster-agent automountServiceAccountToken: true initContainers: - name: init-volume - image: "gcr.io/datadoghq/cluster-agent:7.61.0" + image: "gcr.io/datadoghq/cluster-agent:7.62.0" imagePullPolicy: IfNotPresent command: - cp @@ -59,7 +59,7 @@ spec: mountPath: /opt/datadog-agent containers: - name: cluster-agent - image: "gcr.io/datadoghq/cluster-agent:7.61.0" + image: "gcr.io/datadoghq/cluster-agent:7.62.0" imagePullPolicy: IfNotPresent resources: {} @@ -130,7 +130,7 @@ spec: - name: DD_ADMISSION_CONTROLLER_AGENT_SIDECAR_IMAGE_NAME value: agent - name: DD_ADMISSION_CONTROLLER_AGENT_SIDECAR_IMAGE_TAG - value: 7.61.0 + value: 7.62.0 - name: DD_REMOTE_CONFIGURATION_ENABLED value: "false" - name: DD_CLUSTER_CHECKS_ENABLED diff --git a/test/datadog/baseline/daemonset_default.yaml b/test/datadog/baseline/daemonset_default.yaml index b664d3644..d294b0a54 100644 --- a/test/datadog/baseline/daemonset_default.yaml +++ b/test/datadog/baseline/daemonset_default.yaml @@ -6,7 +6,7 @@ metadata: name: datadog namespace: datadog-agent labels: - helm.sh/chart: 'datadog-3.88.0' + helm.sh/chart: 'datadog-3.90.0' app.kubernetes.io/name: "datadog" app.kubernetes.io/instance: "datadog" app.kubernetes.io/managed-by: Helm @@ -30,8 +30,8 @@ spec: name: datadog annotations: - checksum/clusteragent_token: c456fcb1ef3669e17f99562f9daff2c69a0b63a382b597db38525e2169dff3da - checksum/install_info: c4085619f73a106a92bfd597fcc33dc3860f5a5e984bf75fc16adcda43b15f70 + checksum/clusteragent_token: 351b04e4fed6ccebd0bbcc94d9597d17a4f942803b871b62b7471aba15906d92 + checksum/install_info: 3b9b3e85592ca511f47e6f39152d86a2c22f1ecc6fe577f4a9f78fa7e78097a4 checksum/autoconf-config: 74234e98afe7498fb5daf1f36ac2d78acc339464f950703b8c019892f982b90b checksum/confd-config: 44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a checksum/checksd-config: 44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a @@ -42,7 +42,7 @@ spec: hostPID: true containers: - name: agent - image: "gcr.io/datadoghq/agent:7.61.0" + image: "gcr.io/datadoghq/agent:7.62.0" imagePullPolicy: IfNotPresent command: ["agent", "run"] @@ -207,7 +207,7 @@ spec: successThreshold: 1 timeoutSeconds: 5 - name: trace-agent - image: "gcr.io/datadoghq/agent:7.61.0" + image: "gcr.io/datadoghq/agent:7.62.0" imagePullPolicy: IfNotPresent command: ["trace-agent", "-config=/etc/datadog-agent/datadog.yaml"] resources: @@ -315,7 +315,7 @@ spec: timeoutSeconds: 5 initContainers: - name: init-volume - image: "gcr.io/datadoghq/agent:7.61.0" + image: "gcr.io/datadoghq/agent:7.62.0" imagePullPolicy: IfNotPresent command: ["bash", "-c"] args: @@ -327,7 +327,7 @@ spec: resources: {} - name: init-config - image: "gcr.io/datadoghq/agent:7.61.0" + image: "gcr.io/datadoghq/agent:7.62.0" imagePullPolicy: IfNotPresent command: - bash diff --git a/test/datadog/baseline/gdc_daemonset_default.yaml b/test/datadog/baseline/gdc_daemonset_default.yaml index c8612e188..006f7ade0 100644 --- a/test/datadog/baseline/gdc_daemonset_default.yaml +++ b/test/datadog/baseline/gdc_daemonset_default.yaml @@ -6,7 +6,7 @@ metadata: name: datadog namespace: datadog-agent labels: - helm.sh/chart: 'datadog-3.88.0' + helm.sh/chart: 'datadog-3.90.0' app.kubernetes.io/name: "datadog" app.kubernetes.io/instance: "datadog" app.kubernetes.io/managed-by: Helm @@ -30,8 +30,8 @@ spec: env.datadoghq.com/kind: gke-gdc name: datadog annotations: - checksum/clusteragent_token: bea41cde459ee76a26104fde88acde58e9cddfd64e19dde2f473bd471617a9bf - checksum/install_info: c4085619f73a106a92bfd597fcc33dc3860f5a5e984bf75fc16adcda43b15f70 + checksum/clusteragent_token: 3d5fd35905ec50a6449e5638ce3be034cd42366fea54acf133e59796c3856519 + checksum/install_info: 3b9b3e85592ca511f47e6f39152d86a2c22f1ecc6fe577f4a9f78fa7e78097a4 checksum/autoconf-config: 74234e98afe7498fb5daf1f36ac2d78acc339464f950703b8c019892f982b90b checksum/confd-config: 44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a checksum/checksd-config: 44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a @@ -41,7 +41,7 @@ spec: runAsUser: 0 containers: - name: agent - image: "gcr.io/datadoghq/agent:7.61.0" + image: "gcr.io/datadoghq/agent:7.62.0" imagePullPolicy: IfNotPresent command: ["agent", "run"] @@ -188,7 +188,7 @@ spec: timeoutSeconds: 5 initContainers: - name: init-volume - image: "gcr.io/datadoghq/agent:7.61.0" + image: "gcr.io/datadoghq/agent:7.62.0" imagePullPolicy: IfNotPresent command: ["bash", "-c"] args: @@ -200,7 +200,7 @@ spec: resources: {} - name: init-config - image: "gcr.io/datadoghq/agent:7.61.0" + image: "gcr.io/datadoghq/agent:7.62.0" imagePullPolicy: IfNotPresent command: - bash diff --git a/test/datadog/baseline/gdc_daemonset_logs_collection.yaml b/test/datadog/baseline/gdc_daemonset_logs_collection.yaml index 1a809c125..bdeb3e9f4 100644 --- a/test/datadog/baseline/gdc_daemonset_logs_collection.yaml +++ b/test/datadog/baseline/gdc_daemonset_logs_collection.yaml @@ -6,7 +6,7 @@ metadata: name: datadog namespace: datadog-agent labels: - helm.sh/chart: 'datadog-3.88.0' + helm.sh/chart: 'datadog-3.90.0' app.kubernetes.io/name: "datadog" app.kubernetes.io/instance: "datadog" app.kubernetes.io/managed-by: Helm @@ -30,8 +30,8 @@ spec: env.datadoghq.com/kind: gke-gdc name: datadog annotations: - checksum/clusteragent_token: b876b950a97ece20cb3ec3849c48e7b38822786a117db182b10fcef4fd038fcb - checksum/install_info: c4085619f73a106a92bfd597fcc33dc3860f5a5e984bf75fc16adcda43b15f70 + checksum/clusteragent_token: caefc771c2e1314a0eee328c4c68866708132961c27fac0f0e8cfcb229735ea8 + checksum/install_info: 3b9b3e85592ca511f47e6f39152d86a2c22f1ecc6fe577f4a9f78fa7e78097a4 checksum/autoconf-config: 74234e98afe7498fb5daf1f36ac2d78acc339464f950703b8c019892f982b90b checksum/confd-config: 44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a checksum/checksd-config: 44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a @@ -41,7 +41,7 @@ spec: runAsUser: 0 containers: - name: agent - image: "gcr.io/datadoghq/agent:7.61.0" + image: "gcr.io/datadoghq/agent:7.62.0" imagePullPolicy: IfNotPresent command: ["agent", "run"] @@ -200,7 +200,7 @@ spec: timeoutSeconds: 5 initContainers: - name: init-volume - image: "gcr.io/datadoghq/agent:7.61.0" + image: "gcr.io/datadoghq/agent:7.62.0" imagePullPolicy: IfNotPresent command: ["bash", "-c"] args: @@ -212,7 +212,7 @@ spec: resources: {} - name: init-config - image: "gcr.io/datadoghq/agent:7.61.0" + image: "gcr.io/datadoghq/agent:7.62.0" imagePullPolicy: IfNotPresent command: - bash diff --git a/test/datadog/baseline/other_default.yaml b/test/datadog/baseline/other_default.yaml index f6b4161bc..bd005c500 100644 --- a/test/datadog/baseline/other_default.yaml +++ b/test/datadog/baseline/other_default.yaml @@ -6,7 +6,7 @@ metadata: name: datadog-clusterchecks namespace: datadog-agent labels: - helm.sh/chart: 'datadog-3.88.0' + helm.sh/chart: 'datadog-3.90.0' app.kubernetes.io/name: "datadog" app.kubernetes.io/instance: "datadog" app.kubernetes.io/managed-by: Helm @@ -24,7 +24,7 @@ metadata: name: datadog-cluster-agent namespace: datadog-agent labels: - helm.sh/chart: 'datadog-3.88.0' + helm.sh/chart: 'datadog-3.90.0' app.kubernetes.io/name: "datadog" app.kubernetes.io/instance: "datadog" app.kubernetes.io/managed-by: Helm @@ -41,13 +41,13 @@ kind: ServiceAccount automountServiceAccountToken: true metadata: labels: - helm.sh/chart: 'datadog-3.88.0' + helm.sh/chart: 'datadog-3.90.0' app.kubernetes.io/name: "datadog" app.kubernetes.io/instance: "datadog" app.kubernetes.io/managed-by: Helm app.kubernetes.io/version: "7" app: "datadog" - chart: "datadog-3.88.0" + chart: "datadog-3.90.0" heritage: "Helm" release: "datadog" name: datadog-cluster-checks @@ -60,10 +60,10 @@ automountServiceAccountToken: true metadata: labels: app: "datadog" - chart: "datadog-3.88.0" + chart: "datadog-3.90.0" heritage: "Helm" release: "datadog" - helm.sh/chart: 'datadog-3.88.0' + helm.sh/chart: 'datadog-3.90.0' app.kubernetes.io/name: "datadog" app.kubernetes.io/instance: "datadog" app.kubernetes.io/managed-by: Helm @@ -79,7 +79,7 @@ metadata: name: datadog namespace: datadog-agent labels: - helm.sh/chart: 'datadog-3.88.0' + helm.sh/chart: 'datadog-3.90.0' app.kubernetes.io/name: "datadog" app.kubernetes.io/instance: "datadog" app.kubernetes.io/managed-by: Helm @@ -92,14 +92,14 @@ metadata: name: datadog-cluster-agent namespace: datadog-agent labels: - helm.sh/chart: 'datadog-3.88.0' + helm.sh/chart: 'datadog-3.90.0' app.kubernetes.io/name: "datadog" app.kubernetes.io/instance: "datadog" app.kubernetes.io/managed-by: Helm app.kubernetes.io/version: "7" type: Opaque data: - token: "T0UwV1F3NzlTTjlVaDJzekhrSGdZczc1VnQzYThTMnY=" + token: "Y0FLVW5ESkVueHNsNXpMRzZRUjhya2FNdW9YczlJSWM=" --- # Source: datadog/templates/cluster-agent-confd-configmap.yaml apiVersion: v1 @@ -108,7 +108,7 @@ metadata: name: datadog-cluster-agent-confd namespace: datadog-agent labels: - helm.sh/chart: 'datadog-3.88.0' + helm.sh/chart: 'datadog-3.90.0' app.kubernetes.io/name: "datadog" app.kubernetes.io/instance: "datadog" app.kubernetes.io/managed-by: Helm @@ -149,10 +149,12 @@ data: {} annotations_as_tags: {} + kubernetes_apiserver.yaml: |- init_config: instances: - - filtering_enabled: false + - + filtering_enabled: false unbundle_events: false --- # Source: datadog/templates/install_info-configmap.yaml @@ -162,20 +164,20 @@ metadata: name: datadog-installinfo namespace: datadog-agent labels: - helm.sh/chart: 'datadog-3.88.0' + helm.sh/chart: 'datadog-3.90.0' app.kubernetes.io/name: "datadog" app.kubernetes.io/instance: "datadog" app.kubernetes.io/managed-by: Helm app.kubernetes.io/version: "7" annotations: - checksum/install_info: c4085619f73a106a92bfd597fcc33dc3860f5a5e984bf75fc16adcda43b15f70 + checksum/install_info: 3b9b3e85592ca511f47e6f39152d86a2c22f1ecc6fe577f4a9f78fa7e78097a4 data: install_info: | --- install_method: tool: helm tool_version: Helm - installer_version: datadog-3.88.0 + installer_version: datadog-3.90.0 --- # Source: datadog/templates/kpi-telemetry-configmap.yaml apiVersion: v1 @@ -184,22 +186,22 @@ metadata: name: datadog-kpi-telemetry-configmap namespace: datadog-agent labels: - helm.sh/chart: 'datadog-3.88.0' + helm.sh/chart: 'datadog-3.90.0' app.kubernetes.io/name: "datadog" app.kubernetes.io/instance: "datadog" app.kubernetes.io/managed-by: Helm app.kubernetes.io/version: "7" data: install_type: k8s_manual - install_id: "3e55a44e-ebf1-4c36-9d60-8d5a88c2c279" - install_time: "1736806509" + install_id: "81af13e2-1761-4f89-83ca-0cb251475700" + install_time: "1738187603" --- # Source: datadog/templates/cluster-agent-rbac.yaml apiVersion: "rbac.authorization.k8s.io/v1" kind: ClusterRole metadata: labels: - helm.sh/chart: 'datadog-3.88.0' + helm.sh/chart: 'datadog-3.90.0' app.kubernetes.io/name: "datadog" app.kubernetes.io/instance: "datadog" app.kubernetes.io/managed-by: Helm @@ -424,7 +426,7 @@ apiVersion: "rbac.authorization.k8s.io/v1" kind: ClusterRole metadata: labels: - helm.sh/chart: 'datadog-3.88.0' + helm.sh/chart: 'datadog-3.90.0' app.kubernetes.io/name: "datadog" app.kubernetes.io/instance: "datadog" app.kubernetes.io/managed-by: Helm @@ -520,7 +522,7 @@ kind: ClusterRole metadata: name: datadog labels: - helm.sh/chart: 'datadog-3.88.0' + helm.sh/chart: 'datadog-3.90.0' app.kubernetes.io/name: "datadog" app.kubernetes.io/instance: "datadog" app.kubernetes.io/managed-by: Helm @@ -568,7 +570,7 @@ apiVersion: "rbac.authorization.k8s.io/v1" kind: ClusterRoleBinding metadata: labels: - helm.sh/chart: 'datadog-3.88.0' + helm.sh/chart: 'datadog-3.90.0' app.kubernetes.io/name: "datadog" app.kubernetes.io/instance: "datadog" app.kubernetes.io/managed-by: Helm @@ -588,7 +590,7 @@ apiVersion: "rbac.authorization.k8s.io/v1" kind: ClusterRoleBinding metadata: labels: - helm.sh/chart: 'datadog-3.88.0' + helm.sh/chart: 'datadog-3.90.0' app.kubernetes.io/name: "datadog" app.kubernetes.io/instance: "datadog" app.kubernetes.io/managed-by: Helm @@ -608,7 +610,7 @@ apiVersion: "rbac.authorization.k8s.io/v1" kind: ClusterRoleBinding metadata: labels: - helm.sh/chart: 'datadog-3.88.0' + helm.sh/chart: 'datadog-3.90.0' app.kubernetes.io/name: "datadog" app.kubernetes.io/instance: "datadog" app.kubernetes.io/managed-by: Helm @@ -629,7 +631,7 @@ kind: ClusterRoleBinding metadata: name: datadog labels: - helm.sh/chart: 'datadog-3.88.0' + helm.sh/chart: 'datadog-3.90.0' app.kubernetes.io/name: "datadog" app.kubernetes.io/instance: "datadog" app.kubernetes.io/managed-by: Helm @@ -648,7 +650,7 @@ apiVersion: "rbac.authorization.k8s.io/v1" kind: Role metadata: labels: - helm.sh/chart: 'datadog-3.88.0' + helm.sh/chart: 'datadog-3.90.0' app.kubernetes.io/name: "datadog" app.kubernetes.io/instance: "datadog" app.kubernetes.io/managed-by: Helm @@ -665,7 +667,7 @@ apiVersion: "rbac.authorization.k8s.io/v1" kind: Role metadata: labels: - helm.sh/chart: 'datadog-3.88.0' + helm.sh/chart: 'datadog-3.90.0' app.kubernetes.io/name: "datadog" app.kubernetes.io/instance: "datadog" app.kubernetes.io/managed-by: Helm @@ -687,7 +689,7 @@ apiVersion: "rbac.authorization.k8s.io/v1" kind: RoleBinding metadata: labels: - helm.sh/chart: 'datadog-3.88.0' + helm.sh/chart: 'datadog-3.90.0' app.kubernetes.io/name: "datadog" app.kubernetes.io/instance: "datadog" app.kubernetes.io/managed-by: Helm @@ -708,7 +710,7 @@ apiVersion: "rbac.authorization.k8s.io/v1" kind: RoleBinding metadata: labels: - helm.sh/chart: 'datadog-3.88.0' + helm.sh/chart: 'datadog-3.90.0' app.kubernetes.io/name: "datadog" app.kubernetes.io/instance: "datadog" app.kubernetes.io/managed-by: Helm @@ -731,7 +733,7 @@ metadata: name: datadog-cluster-agent namespace: datadog-agent labels: - helm.sh/chart: 'datadog-3.88.0' + helm.sh/chart: 'datadog-3.90.0' app.kubernetes.io/name: "datadog" app.kubernetes.io/instance: "datadog" app.kubernetes.io/managed-by: Helm @@ -753,10 +755,10 @@ metadata: namespace: datadog-agent labels: app: "datadog" - chart: "datadog-3.88.0" + chart: "datadog-3.90.0" release: "datadog" heritage: "Helm" - helm.sh/chart: 'datadog-3.88.0' + helm.sh/chart: 'datadog-3.90.0' app.kubernetes.io/name: "datadog" app.kubernetes.io/instance: "datadog" app.kubernetes.io/managed-by: Helm @@ -779,10 +781,10 @@ metadata: namespace: datadog-agent labels: app: "datadog" - chart: "datadog-3.88.0" + chart: "datadog-3.90.0" release: "datadog" heritage: "Helm" - helm.sh/chart: 'datadog-3.88.0' + helm.sh/chart: 'datadog-3.90.0' app.kubernetes.io/name: "datadog" app.kubernetes.io/instance: "datadog" app.kubernetes.io/managed-by: Helm @@ -808,7 +810,7 @@ metadata: name: datadog namespace: datadog-agent labels: - helm.sh/chart: 'datadog-3.88.0' + helm.sh/chart: 'datadog-3.90.0' app.kubernetes.io/name: "datadog" app.kubernetes.io/instance: "datadog" app.kubernetes.io/managed-by: Helm @@ -832,8 +834,8 @@ spec: name: datadog annotations: - checksum/clusteragent_token: 8b856ec67f8792fa8141d5d88a721a5155de2227792a4c61fd221b5c6689df5d - checksum/install_info: c4085619f73a106a92bfd597fcc33dc3860f5a5e984bf75fc16adcda43b15f70 + checksum/clusteragent_token: 99c09e761bcd02e5cfc999d9f6577ab543906f1bac9985c76e83a4b67d022ac3 + checksum/install_info: 3b9b3e85592ca511f47e6f39152d86a2c22f1ecc6fe577f4a9f78fa7e78097a4 checksum/autoconf-config: 74234e98afe7498fb5daf1f36ac2d78acc339464f950703b8c019892f982b90b checksum/confd-config: 44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a checksum/checksd-config: 44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a @@ -844,7 +846,7 @@ spec: hostPID: true containers: - name: agent - image: "gcr.io/datadoghq/agent:7.61.0" + image: "gcr.io/datadoghq/agent:7.62.0" imagePullPolicy: IfNotPresent command: ["agent", "run"] @@ -1010,7 +1012,7 @@ spec: successThreshold: 1 timeoutSeconds: 5 - name: trace-agent - image: "gcr.io/datadoghq/agent:7.61.0" + image: "gcr.io/datadoghq/agent:7.62.0" imagePullPolicy: IfNotPresent command: ["trace-agent", "-config=/etc/datadog-agent/datadog.yaml"] resources: @@ -1118,7 +1120,7 @@ spec: timeoutSeconds: 5 initContainers: - name: init-volume - image: "gcr.io/datadoghq/agent:7.61.0" + image: "gcr.io/datadoghq/agent:7.62.0" imagePullPolicy: IfNotPresent command: ["bash", "-c"] args: @@ -1130,7 +1132,7 @@ spec: resources: {} - name: init-config - image: "gcr.io/datadoghq/agent:7.61.0" + image: "gcr.io/datadoghq/agent:7.62.0" imagePullPolicy: IfNotPresent command: - bash @@ -1236,7 +1238,7 @@ metadata: name: datadog-clusterchecks namespace: datadog-agent labels: - helm.sh/chart: 'datadog-3.88.0' + helm.sh/chart: 'datadog-3.90.0' app.kubernetes.io/name: "datadog" app.kubernetes.io/instance: "datadog" app.kubernetes.io/managed-by: Helm @@ -1266,8 +1268,8 @@ spec: name: datadog-clusterchecks annotations: - checksum/clusteragent_token: 3653c2cfb1aae823a7f36aedc8380741670bfb9f18758132cb208d45d1cd0b6b - checksum/install_info: c4085619f73a106a92bfd597fcc33dc3860f5a5e984bf75fc16adcda43b15f70 + checksum/clusteragent_token: 8207380bd594e838447f7ef88f040c264a0dd18d192e26f6a545851d7627b3f2 + checksum/install_info: 3b9b3e85592ca511f47e6f39152d86a2c22f1ecc6fe577f4a9f78fa7e78097a4 spec: serviceAccountName: datadog-cluster-checks automountServiceAccountToken: true @@ -1275,7 +1277,7 @@ spec: [] initContainers: - name: init-volume - image: "gcr.io/datadoghq/agent:7.61.0" + image: "gcr.io/datadoghq/agent:7.62.0" imagePullPolicy: IfNotPresent command: ["bash", "-c"] args: @@ -1287,7 +1289,7 @@ spec: resources: {} - name: init-config - image: "gcr.io/datadoghq/agent:7.61.0" + image: "gcr.io/datadoghq/agent:7.62.0" imagePullPolicy: IfNotPresent command: ["bash", "-c"] args: @@ -1300,7 +1302,7 @@ spec: {} containers: - name: agent - image: "gcr.io/datadoghq/agent:7.61.0" + image: "gcr.io/datadoghq/agent:7.62.0" command: ["bash", "-c"] args: - find /etc/datadog-agent/conf.d/ -name "*.yaml.default" -type f -delete && touch /etc/datadog-agent/datadog.yaml && exec agent run @@ -1428,7 +1430,7 @@ metadata: name: datadog-cluster-agent namespace: datadog-agent labels: - helm.sh/chart: 'datadog-3.88.0' + helm.sh/chart: 'datadog-3.90.0' app.kubernetes.io/name: "datadog" app.kubernetes.io/instance: "datadog" app.kubernetes.io/managed-by: Helm @@ -1458,15 +1460,15 @@ spec: name: datadog-cluster-agent annotations: - checksum/clusteragent_token: 42324d7b2e100268673aa3a6b356ff7b191a437d121680f69bd6f00761336c22 - checksum/clusteragent-configmap: c0fbaef09d8f108962e862318211303e8039aed3e6e95697fc23cb2c3894e5ea - checksum/install_info: c4085619f73a106a92bfd597fcc33dc3860f5a5e984bf75fc16adcda43b15f70 + checksum/clusteragent_token: e21734ecb51b8a82bf30e8dc9c0a6f2486e38fae8d136d3e74acad205152adb2 + checksum/clusteragent-configmap: 84fd9626779d2b7fc64dc85cfbfa1cea1edb062f6e8cdba7dcf88d4637b73fa5 + checksum/install_info: 3b9b3e85592ca511f47e6f39152d86a2c22f1ecc6fe577f4a9f78fa7e78097a4 spec: serviceAccountName: datadog-cluster-agent automountServiceAccountToken: true initContainers: - name: init-volume - image: "gcr.io/datadoghq/cluster-agent:7.61.0" + image: "gcr.io/datadoghq/cluster-agent:7.62.0" imagePullPolicy: IfNotPresent command: - cp @@ -1479,7 +1481,7 @@ spec: mountPath: /opt/datadog-agent containers: - name: cluster-agent - image: "gcr.io/datadoghq/cluster-agent:7.61.0" + image: "gcr.io/datadoghq/cluster-agent:7.62.0" imagePullPolicy: IfNotPresent resources: {} From 0b87ebc6e9674c7cbfaaf440a51274536b8da679 Mon Sep 17 00:00:00 2001 From: Justin Lesko Date: Tue, 4 Feb 2025 13:41:56 -0500 Subject: [PATCH 05/45] [CONTINT-4500] [helm] Add EKS Clusterrole Rule for EKS control plane metrics (#1686) * Add rule to clusterrole so the node agent can query the EKS control plane API * Update README to reflect the new chart version --- charts/datadog/CHANGELOG.md | 4 ++++ charts/datadog/Chart.yaml | 2 +- charts/datadog/README.md | 2 +- charts/datadog/templates/rbac.yaml | 7 +++++++ 4 files changed, 13 insertions(+), 2 deletions(-) diff --git a/charts/datadog/CHANGELOG.md b/charts/datadog/CHANGELOG.md index d75cfe9fe..73d44e324 100644 --- a/charts/datadog/CHANGELOG.md +++ b/charts/datadog/CHANGELOG.md @@ -1,5 +1,9 @@ # Datadog changelog +## 3.90.1 + +* Add rule to clusterrole to allow the node agent to query the EKS control plane metrics API + ## 3.90.0 * Set default `Agent` and `Cluster-Agent` version to `7.62.0`. diff --git a/charts/datadog/Chart.yaml b/charts/datadog/Chart.yaml index b635bf643..1a8613e44 100644 --- a/charts/datadog/Chart.yaml +++ b/charts/datadog/Chart.yaml @@ -1,7 +1,7 @@ --- apiVersion: v1 name: datadog -version: 3.90.0 +version: 3.90.1 appVersion: "7" description: Datadog Agent keywords: diff --git a/charts/datadog/README.md b/charts/datadog/README.md index d57854a2f..1f3c7e954 100644 --- a/charts/datadog/README.md +++ b/charts/datadog/README.md @@ -1,6 +1,6 @@ # Datadog -![Version: 3.90.0](https://img.shields.io/badge/Version-3.90.0-informational?style=flat-square) ![AppVersion: 7](https://img.shields.io/badge/AppVersion-7-informational?style=flat-square) +![Version: 3.90.1](https://img.shields.io/badge/Version-3.90.1-informational?style=flat-square) ![AppVersion: 7](https://img.shields.io/badge/AppVersion-7-informational?style=flat-square) [Datadog](https://www.datadoghq.com/) is a hosted infrastructure monitoring platform. This chart adds the Datadog Agent to all nodes in your cluster via a DaemonSet. It also optionally depends on the [kube-state-metrics chart](https://github.com/prometheus-community/helm-charts/tree/main/charts/kube-state-metrics). For more information about monitoring Kubernetes with Datadog, please refer to the [Datadog documentation website](https://docs.datadoghq.com/agent/basic_agent_usage/kubernetes/). diff --git a/charts/datadog/templates/rbac.yaml b/charts/datadog/templates/rbac.yaml index 2d555d52f..919808f88 100644 --- a/charts/datadog/templates/rbac.yaml +++ b/charts/datadog/templates/rbac.yaml @@ -129,6 +129,13 @@ rules: resources: ["secrets"] verbs: ["get"] {{- end }} +- apiGroups: # EKS kube_scheduler and kube_controller_manager control plane metrics + - "metrics.eks.amazonaws.com" + resources: + - kcm/metrics + - ksh/metrics + verbs: + - get --- apiVersion: {{ template "rbac.apiVersion" . }} kind: ClusterRoleBinding From d63ae70e68837d07ed5aa0e54902eaacacbac5d1 Mon Sep 17 00:00:00 2001 From: Christoph Hamsen <37963496+xopham@users.noreply.github.com> Date: Wed, 5 Feb 2025 15:24:40 +0100 Subject: [PATCH 06/45] Pin actions by hash (#1688) --- .github/workflows/ci.yaml | 26 +++++++++---------- .../go-test-private-action-runner.yaml | 6 ++--- .github/workflows/go-test.yaml | 10 +++---- .github/workflows/pr-labeler.yaml | 2 +- .github/workflows/release.yaml | 4 +-- 5 files changed, 24 insertions(+), 24 deletions(-) diff --git a/.github/workflows/ci.yaml b/.github/workflows/ci.yaml index 1276ef2ed..f7e423043 100644 --- a/.github/workflows/ci.yaml +++ b/.github/workflows/ci.yaml @@ -17,18 +17,18 @@ jobs: charts: ${{ steps.list-changed.outputs.changed }} steps: - name: Checkout - uses: actions/checkout@v4 + uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 with: fetch-depth: 0 - name: Set up Helm - uses: azure/setup-helm@v3.5 + uses: azure/setup-helm@5119fcb9089d432beecbf79bb2c7915207344b78 # v3.5.0 with: version: v3.6.3 - - uses: actions/setup-python@v4 + - uses: actions/setup-python@65d7f2d534ac1bc67fcd62888c5f4f3d2cb2b236 # v4.7.1 with: python-version: 3.12 - name: Set up chart-testing - uses: helm/chart-testing-action@v2.6.1 + uses: helm/chart-testing-action@e6669bcd63d7cb57cb4380c33043eebe5d111992 # v2.6.1 - name: Run chart-testing (list-changed) id: list-changed env: @@ -52,14 +52,14 @@ jobs: - changed steps: - name: Checkout - uses: actions/checkout@v4 + uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 with: fetch-depth: 0 - - uses: actions/setup-python@v4 + - uses: actions/setup-python@65d7f2d534ac1bc67fcd62888c5f4f3d2cb2b236 # v4.7.1 with: python-version: 3.12 - name: Set up chart-testing - uses: helm/chart-testing-action@v2.6.1 + uses: helm/chart-testing-action@e6669bcd63d7cb57cb4380c33043eebe5d111992 # v2.6.1 - name: Run chart-testing (lint) run: ct lint --config .github/ct.yaml @@ -69,7 +69,7 @@ jobs: - changed steps: - name: Checkout - uses: actions/checkout@v4 + uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 with: fetch-depth: 0 - name: Run helm-docs @@ -100,7 +100,7 @@ jobs: - v1.31.1 steps: - name: Checkout - uses: actions/checkout@v4 + uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 with: fetch-depth: 0 - name: Add datadog helm repo @@ -145,20 +145,20 @@ jobs: kind: v0.22.0 steps: - name: Checkout - uses: actions/checkout@v4 + uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 with: fetch-depth: 0 - name: Create kind ${{ matrix.versions.k8s }} cluster with kind version ${{ matrix.versions.kind }} - uses: helm/kind-action@v1.10.0 + uses: helm/kind-action@0025e74a8c7512023d06dc019c617aa3cf561fde # v1.10.0 with: version: ${{ matrix.versions.kind }} node_image: kindest/node:${{ matrix.versions.k8s}} config: .github/kind_config.yaml - - uses: actions/setup-python@v4 + - uses: actions/setup-python@65d7f2d534ac1bc67fcd62888c5f4f3d2cb2b236 # v4.7.1 with: python-version: 3.12 - name: Set up chart-testing - uses: helm/chart-testing-action@v2.6.1 + uses: helm/chart-testing-action@e6669bcd63d7cb57cb4380c33043eebe5d111992 # v2.6.1 - name: Run chart-testing (install) run: ct install --config .github/ct.yaml diff --git a/.github/workflows/go-test-private-action-runner.yaml b/.github/workflows/go-test-private-action-runner.yaml index dc26fd575..06b1639af 100644 --- a/.github/workflows/go-test-private-action-runner.yaml +++ b/.github/workflows/go-test-private-action-runner.yaml @@ -22,18 +22,18 @@ jobs: runs-on: ubuntu-latest steps: - name: Set up Go - uses: actions/setup-go@v1 + uses: actions/setup-go@0caeaed6fd66a828038c2da3c0f662a42862658f # v1.1.3 with: go-version: 1.21 id: go - name: Set up Helm - uses: azure/setup-helm@v3.5 + uses: azure/setup-helm@5119fcb9089d432beecbf79bb2c7915207344b78 # v3.5.0 with: version: v3.10.1 - name: Add Datadog Helm repo run: helm repo add datadog https://helm.datadoghq.com && helm repo update - name: Check out code into the Go module directory - uses: actions/checkout@v1 + uses: actions/checkout@50fbc622fc4ef5163becd7fab6573eac35f8462e # v1.2.0 - name: run Go tests run: | helm dependency build ./charts/private-action-runner diff --git a/.github/workflows/go-test.yaml b/.github/workflows/go-test.yaml index 739a20b1b..20192dd45 100644 --- a/.github/workflows/go-test.yaml +++ b/.github/workflows/go-test.yaml @@ -22,18 +22,18 @@ jobs: runs-on: ubuntu-latest steps: - name: Set up Go - uses: actions/setup-go@v1 + uses: actions/setup-go@0caeaed6fd66a828038c2da3c0f662a42862658f # v1.1.3 with: go-version: 1.21 id: go - name: Set up Helm - uses: azure/setup-helm@v4.2.0 + uses: azure/setup-helm@fe7b79cd5ee1e45176fcad797de68ecaf3ca4814 # v4.2.0 with: version: v3.14.0 - name: Add Datadog Helm repo run: helm repo add datadog https://helm.datadoghq.com && helm repo update - name: Check out code into the Go module directory - uses: actions/checkout@v1 + uses: actions/checkout@50fbc622fc4ef5163becd7fab6573eac35f8462e # v1.2.0 - name: run Go tests run: | helm dependency build ./charts/datadog-operator @@ -70,11 +70,11 @@ jobs: kind: v0.22.0 steps: - name: Checkout - uses: actions/checkout@v4 + uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 with: fetch-depth: 0 - name: Create K8s ${{ matrix.versions.k8s }} cluster with kind version ${{ matrix.versions.kind }} - uses: helm/kind-action@v1.10.0 + uses: helm/kind-action@0025e74a8c7512023d06dc019c617aa3cf561fde # v1.10.0 with: version: ${{ matrix.versions.kind }} node_image: kindest/node:${{ matrix.versions.k8s }} diff --git a/.github/workflows/pr-labeler.yaml b/.github/workflows/pr-labeler.yaml index ff711a73d..c8a50951a 100644 --- a/.github/workflows/pr-labeler.yaml +++ b/.github/workflows/pr-labeler.yaml @@ -17,7 +17,7 @@ jobs: pull-requests: write timeout-minutes: 5 steps: - - uses: actions/labeler@v5 + - uses: actions/labeler@8558fd74291d67161a8a78ce36a881fa63b766a9 # v5.0.0 with: repo-token: "${{ secrets.GITHUB_TOKEN }}" configuration-path: .github/workflows/labeler/labels.yaml diff --git a/.github/workflows/release.yaml b/.github/workflows/release.yaml index e33b3d11f..e9ba1d964 100644 --- a/.github/workflows/release.yaml +++ b/.github/workflows/release.yaml @@ -17,7 +17,7 @@ jobs: contents: write steps: - name: Checkout - uses: actions/checkout@v3 + uses: actions/checkout@f43a0e5ff2bd294095638e18286ca9a3d1956744 # v3.6.0 with: fetch-depth: 0 - name: Configure Git @@ -29,7 +29,7 @@ jobs: helm repo add datadog https://helm.datadoghq.com helm repo add kube-state-metrics https://prometheus-community.github.io/helm-charts - name: Run chart-releaser - uses: helm/chart-releaser-action@v1.5.0 + uses: helm/chart-releaser-action@be16258da8010256c6e82849661221415f031968 # v1.5.0 env: CR_TOKEN: '${{ secrets.GITHUB_TOKEN }}' CR_SKIP_EXISTING: true # Ignore chart changes when version was not updated (documentation) From 2b1aea4696dc938404c8e754b3a3d193a5af1f4d Mon Sep 17 00:00:00 2001 From: Justin Lesko Date: Wed, 5 Feb 2025 16:22:33 -0500 Subject: [PATCH 07/45] Add EKS rule to clusterrole so operator can grant them to the agent or checks runner (#1687) Co-authored-by: levan-m <116471169+levan-m@users.noreply.github.com> --- charts/datadog-operator/Chart.yaml | 2 +- charts/datadog-operator/README.md | 2 +- charts/datadog-operator/templates/clusterrole.yaml | 7 +++++++ 3 files changed, 9 insertions(+), 2 deletions(-) diff --git a/charts/datadog-operator/Chart.yaml b/charts/datadog-operator/Chart.yaml index 23065c712..83165c1ae 100644 --- a/charts/datadog-operator/Chart.yaml +++ b/charts/datadog-operator/Chart.yaml @@ -1,6 +1,6 @@ apiVersion: v2 name: datadog-operator -version: 2.5.1 +version: 2.5.2 appVersion: 1.11.1 description: Datadog Operator keywords: diff --git a/charts/datadog-operator/README.md b/charts/datadog-operator/README.md index 2e67681f0..c0ed7224d 100644 --- a/charts/datadog-operator/README.md +++ b/charts/datadog-operator/README.md @@ -1,6 +1,6 @@ # Datadog Operator -![Version: 2.5.1](https://img.shields.io/badge/Version-2.5.1-informational?style=flat-square) ![AppVersion: 1.11.1](https://img.shields.io/badge/AppVersion-1.11.1-informational?style=flat-square) +![Version: 2.5.2](https://img.shields.io/badge/Version-2.5.2-informational?style=flat-square) ![AppVersion: 1.11.1](https://img.shields.io/badge/AppVersion-1.11.1-informational?style=flat-square) ## Values diff --git a/charts/datadog-operator/templates/clusterrole.yaml b/charts/datadog-operator/templates/clusterrole.yaml index 79c245eb6..1ac37f56e 100644 --- a/charts/datadog-operator/templates/clusterrole.yaml +++ b/charts/datadog-operator/templates/clusterrole.yaml @@ -347,6 +347,13 @@ rules: verbs: - list - watch +- apiGroups: # EKS kube_scheduler and kube_controller_manager control plane metrics + - "metrics.eks.amazonaws.com" + resources: + - kcm/metrics + - ksh/metrics + verbs: + - get {{- if .Values.datadogAgentProfile.enabled }} - apiGroups: - "" From f7282b24dadac157da13a0df34020630aeea1d4a Mon Sep 17 00:00:00 2001 From: Mackenzie <63265430+mackjmr@users.noreply.github.com> Date: Thu, 6 Feb 2025 17:48:08 +0100 Subject: [PATCH 08/45] Add DD_AGENT_IPC_* env vars (#1661) * Add DD_AGENT_IPC_* env vars This PR adds DD_AGENT_IPC_PORT and DD_AGENT_IPC_CONFIG_REFRESH_INTERVAL env vars in otel agent and core agent. It does not override them if they are added by the user. This is necessary for the otel-agent to pull the api key from core config in the case where backend secrets are used. * only add env vars to core agent if otel agent is enabled * update version * add test * move found logic to helpers * Don't consider user set env varts * fix test * update chart --- charts/datadog/CHANGELOG.md | 4 + charts/datadog/Chart.yaml | 2 +- charts/datadog/README.md | 2 +- .../datadog/templates/_container-agent.yaml | 6 ++ .../templates/_container-otel-agent.yaml | 8 +- charts/datadog/templates/_helpers.tpl | 2 - test/datadog/otel_agent_test.go | 75 +++++++++++++++++++ 7 files changed, 93 insertions(+), 6 deletions(-) create mode 100644 test/datadog/otel_agent_test.go diff --git a/charts/datadog/CHANGELOG.md b/charts/datadog/CHANGELOG.md index 73d44e324..b5e00d940 100644 --- a/charts/datadog/CHANGELOG.md +++ b/charts/datadog/CHANGELOG.md @@ -1,5 +1,9 @@ # Datadog changelog +## 3.90.2 + +* Adds env vars `DD_AGENT_IPC_PORT` and `DD_AGENT_IPC_CONFIG_REFRESH_INTERVAL` when Otel Agent is enabled and adds flag `--sync-delay=30s` to otel agent. + ## 3.90.1 * Add rule to clusterrole to allow the node agent to query the EKS control plane metrics API diff --git a/charts/datadog/Chart.yaml b/charts/datadog/Chart.yaml index 1a8613e44..fc22fccd3 100644 --- a/charts/datadog/Chart.yaml +++ b/charts/datadog/Chart.yaml @@ -1,7 +1,7 @@ --- apiVersion: v1 name: datadog -version: 3.90.1 +version: 3.90.2 appVersion: "7" description: Datadog Agent keywords: diff --git a/charts/datadog/README.md b/charts/datadog/README.md index 1f3c7e954..3a29aa8a9 100644 --- a/charts/datadog/README.md +++ b/charts/datadog/README.md @@ -1,6 +1,6 @@ # Datadog -![Version: 3.90.1](https://img.shields.io/badge/Version-3.90.1-informational?style=flat-square) ![AppVersion: 7](https://img.shields.io/badge/AppVersion-7-informational?style=flat-square) +![Version: 3.90.2](https://img.shields.io/badge/Version-3.90.2-informational?style=flat-square) ![AppVersion: 7](https://img.shields.io/badge/AppVersion-7-informational?style=flat-square) [Datadog](https://www.datadoghq.com/) is a hosted infrastructure monitoring platform. This chart adds the Datadog Agent to all nodes in your cluster via a DaemonSet. It also optionally depends on the [kube-state-metrics chart](https://github.com/prometheus-community/helm-charts/tree/main/charts/kube-state-metrics). For more information about monitoring Kubernetes with Datadog, please refer to the [Datadog documentation website](https://docs.datadoghq.com/agent/basic_agent_usage/kubernetes/). diff --git a/charts/datadog/templates/_container-agent.yaml b/charts/datadog/templates/_container-agent.yaml index 0dba5f33c..1bda81b9d 100644 --- a/charts/datadog/templates/_container-agent.yaml +++ b/charts/datadog/templates/_container-agent.yaml @@ -59,6 +59,12 @@ {{- include "containers-common-env" . | nindent 4 }} {{- include "fips-envvar" . | nindent 4 }} {{- include "processes-common-envs" . | nindent 4 }} + {{- if eq (include "should-enable-otel-agent" .) "true" }} + - name: DD_AGENT_IPC_PORT + value: "5009" + - name: DD_AGENT_IPC_CONFIG_REFRESH_INTERVAL + value: "60" + {{- end }} {{- if .Values.datadog.logLevel }} - name: DD_LOG_LEVEL diff --git a/charts/datadog/templates/_container-otel-agent.yaml b/charts/datadog/templates/_container-otel-agent.yaml index 193748157..67793f402 100644 --- a/charts/datadog/templates/_container-otel-agent.yaml +++ b/charts/datadog/templates/_container-otel-agent.yaml @@ -3,10 +3,10 @@ image: "{{ include "image-path" (dict "root" .Values "image" .Values.agents.image) }}" imagePullPolicy: {{ .Values.agents.image.pullPolicy }} {{- if eq .Values.targetSystem "linux" }} - command: ["otel-agent", "--config={{ template "datadog.otelconfPath" . }}/otel-config.yaml", "--core-config={{ template "datadog.confPath" . }}/datadog.yaml"] + command: ["otel-agent", "--config={{ template "datadog.otelconfPath" . }}/otel-config.yaml", "--core-config={{ template "datadog.confPath" . }}/datadog.yaml", "--sync-delay=30s"] {{- end -}} {{- if eq .Values.targetSystem "windows" }} - command: ["otel-agent", "-foreground", "-config={{ template "datadog.otelconfPath" . }}/otel-config.yaml", "--core-config={{ template "datadog.confPath" . }}/datadog.yaml"] + command: ["otel-agent", "-foreground", "-config={{ template "datadog.otelconfPath" . }}/otel-config.yaml", "--core-config={{ template "datadog.confPath" . }}/datadog.yaml", "--sync-delay=30s"] {{- end -}} {{ include "generate-security-context" (dict "securityContext" .Values.agents.containers.otelAgent.securityContext "targetSystem" .Values.targetSystem "seccomp" "" "kubeversion" .Capabilities.KubeVersion.Version) | indent 2 }} resources: @@ -32,6 +32,10 @@ env: {{- include "containers-common-env" . | nindent 4 }} {{- include "containers-cluster-agent-env" . | nindent 4 }} + - name: DD_AGENT_IPC_PORT + value: "5009" + - name: DD_AGENT_IPC_CONFIG_REFRESH_INTERVAL + value: "60" {{- include "fips-envvar" . | nindent 4 }} - name: DD_LOG_LEVEL value: {{ .Values.agents.containers.otelAgent.logLevel | default .Values.datadog.logLevel | quote }} diff --git a/charts/datadog/templates/_helpers.tpl b/charts/datadog/templates/_helpers.tpl index 04f5e5492..2d0074988 100644 --- a/charts/datadog/templates/_helpers.tpl +++ b/charts/datadog/templates/_helpers.tpl @@ -117,8 +117,6 @@ false {{- end -}} {{- end -}} - - {{/* Return secret name to be used based on provided values. */}} diff --git a/test/datadog/otel_agent_test.go b/test/datadog/otel_agent_test.go new file mode 100644 index 000000000..a14b8368e --- /dev/null +++ b/test/datadog/otel_agent_test.go @@ -0,0 +1,75 @@ +package datadog + +import ( + "testing" + + "github.com/stretchr/testify/assert" + appsv1 "k8s.io/api/apps/v1" + + "github.com/DataDog/helm-charts/test/common" +) + +const ( + DDAgentIpcPort = "DD_AGENT_IPC_PORT" + DDAgentIpcConfigRefreshInterval = "DD_AGENT_IPC_CONFIG_REFRESH_INTERVAL" +) + +type ExpectedIpcEnv struct { + ipcPort string + ipcConfigRefreshInterval string +} + +func Test_otelAgentConfigs(t *testing.T) { + tests := []struct { + name string + command common.HelmCommand + assertions func(t *testing.T, manifest string, expectedIpcEnv ExpectedIpcEnv) + expectedIpcEnv ExpectedIpcEnv + }{ + { + name: "no ipc provided", + command: common.HelmCommand{ + ReleaseName: "datadog", + ChartPath: "../../charts/datadog", + ShowOnly: []string{"templates/daemonset.yaml"}, + Values: []string{"../../charts/datadog/values.yaml"}, + Overrides: map[string]string{ + "datadog.apiKeyExistingSecret": "datadog-secret", + "datadog.appKeyExistingSecret": "datadog-secret", + "datadog.otelCollector.enabled": "true", + }, + }, + expectedIpcEnv: ExpectedIpcEnv{ + ipcPort: "5009", + ipcConfigRefreshInterval: "60", + }, + assertions: verifyOtelAgentEnvVars, + }, + } + + for _, tt := range tests { + t.Run(tt.name, func(t *testing.T) { + manifest, err := common.RenderChart(t, tt.command) + assert.Nil(t, err, "couldn't render template") + tt.assertions(t, manifest, tt.expectedIpcEnv) + }) + } +} + +func verifyOtelAgentEnvVars(t *testing.T, manifest string, expectedIpcEnv ExpectedIpcEnv) { + var deployment appsv1.DaemonSet + common.Unmarshal(t, manifest, &deployment) + // otel agent + otelAgentContainer, ok := getContainer(t, deployment.Spec.Template.Spec.Containers, "otel-agent") + assert.True(t, ok) + coreEnvs := getEnvVarMap(otelAgentContainer.Env) + assert.Equal(t, expectedIpcEnv.ipcPort, coreEnvs[DDAgentIpcPort]) + assert.Equal(t, expectedIpcEnv.ipcConfigRefreshInterval, coreEnvs[DDAgentIpcConfigRefreshInterval]) + + // core agent + coreAgentContainer, ok := getContainer(t, deployment.Spec.Template.Spec.Containers, "agent") + assert.True(t, ok) + coreEnvs = getEnvVarMap(coreAgentContainer.Env) + assert.Equal(t, expectedIpcEnv.ipcPort, coreEnvs[DDAgentIpcPort]) + assert.Equal(t, expectedIpcEnv.ipcConfigRefreshInterval, coreEnvs[DDAgentIpcConfigRefreshInterval]) +} From c65f22450ed666129286c2123d0de864d3b26a90 Mon Sep 17 00:00:00 2001 From: Sarah Wang Date: Thu, 6 Feb 2025 15:57:59 -0500 Subject: [PATCH 09/45] [datadog-crds] Update CRDs from Operator v1.12.0 (#1690) * [datadog-crds] update crds from operator v1.12.0 * update test baselines * Update charts/datadog-crds/CHANGELOG.md Co-authored-by: levan-m <116471169+levan-m@users.noreply.github.com> --------- Co-authored-by: levan-m <116471169+levan-m@users.noreply.github.com> --- charts/datadog-crds/CHANGELOG.md | 4 + charts/datadog-crds/Chart.yaml | 2 +- charts/datadog-crds/README.md | 2 +- ...datadoghq.com_datadogagentprofiles_v1.yaml | 6 + .../datadoghq.com_datadogagents_v1.yaml | 138 ++++++++++++++++++ ...atadoghq.com_datadogpodautoscalers_v1.yaml | 16 ++ crds/datadoghq.com_datadogagentprofiles.yaml | 6 + crds/datadoghq.com_datadogagents.yaml | 138 ++++++++++++++++++ crds/datadoghq.com_datadogpodautoscalers.yaml | 16 ++ ...gent-clusterchecks-deployment_default.yaml | 6 +- .../cluster-agent-deployment_default.yaml | 10 +- ...loyment_default_advanced_AC_injection.yaml | 10 +- ...ployment_default_minimal_AC_injection.yaml | 10 +- test/datadog/baseline/daemonset_default.yaml | 6 +- .../baseline/gdc_daemonset_default.yaml | 6 +- .../gdc_daemonset_logs_collection.yaml | 6 +- test/datadog/baseline/other_default.yaml | 91 ++++++------ 17 files changed, 402 insertions(+), 71 deletions(-) diff --git a/charts/datadog-crds/CHANGELOG.md b/charts/datadog-crds/CHANGELOG.md index b55387c05..2fbdcae06 100644 --- a/charts/datadog-crds/CHANGELOG.md +++ b/charts/datadog-crds/CHANGELOG.md @@ -1,5 +1,9 @@ # Changelog +# 2.4.0 + +* Update CRDs from Datadog Operator v1.12.0 tag. + # 2.3.0 * Update CRDs from Datadog Operator v1.11.0 tag. diff --git a/charts/datadog-crds/Chart.yaml b/charts/datadog-crds/Chart.yaml index 3402f3d30..1e0c31b5d 100644 --- a/charts/datadog-crds/Chart.yaml +++ b/charts/datadog-crds/Chart.yaml @@ -1,7 +1,7 @@ apiVersion: v1 name: datadog-crds description: Datadog Kubernetes CRDs chart -version: 2.3.0 +version: 2.4.0 appVersion: "1" keywords: - monitoring diff --git a/charts/datadog-crds/README.md b/charts/datadog-crds/README.md index 3da17dcde..06e25173f 100644 --- a/charts/datadog-crds/README.md +++ b/charts/datadog-crds/README.md @@ -1,6 +1,6 @@ # Datadog CRDs -![Version: 2.3.0](https://img.shields.io/badge/Version-2.3.0-informational?style=flat-square) ![AppVersion: 1](https://img.shields.io/badge/AppVersion-1-informational?style=flat-square) +![Version: 2.4.0](https://img.shields.io/badge/Version-2.4.0-informational?style=flat-square) ![AppVersion: 1](https://img.shields.io/badge/AppVersion-1-informational?style=flat-square) This chart was designed to allow other "datadog" charts to share `CustomResourceDefinitions` such as the `DatadogMetric`. diff --git a/charts/datadog-crds/templates/datadoghq.com_datadogagentprofiles_v1.yaml b/charts/datadog-crds/templates/datadoghq.com_datadogagentprofiles_v1.yaml index e16b1bdcf..465d9b42f 100644 --- a/charts/datadog-crds/templates/datadoghq.com_datadogagentprofiles_v1.yaml +++ b/charts/datadog-crds/templates/datadoghq.com_datadogagentprofiles_v1.yaml @@ -260,6 +260,12 @@ spec: If not specified, the pod priority will be default or zero if there is no default. type: string + runtimeClassName: + description: |- + If specified, indicates the pod's RuntimeClass kubelet should use to run the pod. + If the named RuntimeClass does not exist, or the CRI cannot run the corresponding handler, the pod enters the Failed terminal phase. + If no runtimeClassName is specified, the default RuntimeHandler is used, which is equivalent to the behavior when the RuntimeClass feature is disabled. + type: string updateStrategy: description: |- The deployment strategy to use to replace existing pods with new ones. diff --git a/charts/datadog-crds/templates/datadoghq.com_datadogagents_v1.yaml b/charts/datadog-crds/templates/datadoghq.com_datadogagents_v1.yaml index af1e555c1..8036de9ab 100644 --- a/charts/datadog-crds/templates/datadoghq.com_datadogagents_v1.yaml +++ b/charts/datadog-crds/templates/datadoghq.com_datadogagents_v1.yaml @@ -261,6 +261,11 @@ spec: type: boolean failurePolicy: type: string + kubernetesAdmissionEvents: + properties: + enabled: + type: boolean + type: object mutateUnlabelled: type: boolean mutation: @@ -708,6 +713,69 @@ spec: scrubContainers: type: boolean type: object + otelCollector: + properties: + conf: + properties: + configData: + type: string + configMap: + properties: + items: + items: + properties: + key: + type: string + mode: + format: int32 + type: integer + path: + type: string + required: + - key + - path + type: object + type: array + x-kubernetes-list-map-keys: + - key + x-kubernetes-list-type: map + name: + type: string + type: object + type: object + coreConfig: + properties: + enabled: + type: boolean + extensionTimeout: + type: integer + extensionURL: + type: string + type: object + enabled: + type: boolean + ports: + items: + properties: + containerPort: + format: int32 + type: integer + hostIP: + type: string + hostPort: + format: int32 + type: integer + name: + type: string + protocol: + default: TCP + type: string + required: + - containerPort + type: object + type: array + x-kubernetes-list-type: atomic + type: object otlp: properties: receiver: @@ -2444,6 +2512,8 @@ spec: replicas: format: int32 type: integer + runtimeClassName: + type: string securityContext: properties: appArmorProfile: @@ -3741,6 +3811,11 @@ spec: type: boolean failurePolicy: type: string + kubernetesAdmissionEvents: + properties: + enabled: + type: boolean + type: object mutateUnlabelled: type: boolean mutation: @@ -4188,6 +4263,69 @@ spec: scrubContainers: type: boolean type: object + otelCollector: + properties: + conf: + properties: + configData: + type: string + configMap: + properties: + items: + items: + properties: + key: + type: string + mode: + format: int32 + type: integer + path: + type: string + required: + - key + - path + type: object + type: array + x-kubernetes-list-map-keys: + - key + x-kubernetes-list-type: map + name: + type: string + type: object + type: object + coreConfig: + properties: + enabled: + type: boolean + extensionTimeout: + type: integer + extensionURL: + type: string + type: object + enabled: + type: boolean + ports: + items: + properties: + containerPort: + format: int32 + type: integer + hostIP: + type: string + hostPort: + format: int32 + type: integer + name: + type: string + protocol: + default: TCP + type: string + required: + - containerPort + type: object + type: array + x-kubernetes-list-type: atomic + type: object otlp: properties: receiver: diff --git a/charts/datadog-crds/templates/datadoghq.com_datadogpodautoscalers_v1.yaml b/charts/datadog-crds/templates/datadoghq.com_datadogpodautoscalers_v1.yaml index 7ef853b56..355798a05 100644 --- a/charts/datadog-crds/templates/datadoghq.com_datadogpodautoscalers_v1.yaml +++ b/charts/datadog-crds/templates/datadoghq.com_datadogpodautoscalers_v1.yaml @@ -231,6 +231,14 @@ spec: type: object type: array x-kubernetes-list-type: atomic + stabilizationWindowSeconds: + description: |- + StabilizationWindowSeconds is the number of seconds the controller should lookback at previous recommendations + before deciding to apply a new one. Defaults to 0. + format: int32 + maximum: 1800 + minimum: 0 + type: integer strategy: description: |- Strategy is used to specify which policy should be used. @@ -297,6 +305,14 @@ spec: type: object type: array x-kubernetes-list-type: atomic + stabilizationWindowSeconds: + description: |- + StabilizationWindowSeconds is the number of seconds the controller should lookback at previous recommendations + before deciding to apply a new one. Defaults to 0. + format: int32 + maximum: 1800 + minimum: 0 + type: integer strategy: description: |- Strategy is used to specify which policy should be used. diff --git a/crds/datadoghq.com_datadogagentprofiles.yaml b/crds/datadoghq.com_datadogagentprofiles.yaml index 5c4ed60b7..d0e4501c5 100644 --- a/crds/datadoghq.com_datadogagentprofiles.yaml +++ b/crds/datadoghq.com_datadogagentprofiles.yaml @@ -254,6 +254,12 @@ spec: If not specified, the pod priority will be default or zero if there is no default. type: string + runtimeClassName: + description: |- + If specified, indicates the pod's RuntimeClass kubelet should use to run the pod. + If the named RuntimeClass does not exist, or the CRI cannot run the corresponding handler, the pod enters the Failed terminal phase. + If no runtimeClassName is specified, the default RuntimeHandler is used, which is equivalent to the behavior when the RuntimeClass feature is disabled. + type: string updateStrategy: description: |- The deployment strategy to use to replace existing pods with new ones. diff --git a/crds/datadoghq.com_datadogagents.yaml b/crds/datadoghq.com_datadogagents.yaml index cd982f6df..05deca222 100644 --- a/crds/datadoghq.com_datadogagents.yaml +++ b/crds/datadoghq.com_datadogagents.yaml @@ -255,6 +255,11 @@ spec: type: boolean failurePolicy: type: string + kubernetesAdmissionEvents: + properties: + enabled: + type: boolean + type: object mutateUnlabelled: type: boolean mutation: @@ -702,6 +707,69 @@ spec: scrubContainers: type: boolean type: object + otelCollector: + properties: + conf: + properties: + configData: + type: string + configMap: + properties: + items: + items: + properties: + key: + type: string + mode: + format: int32 + type: integer + path: + type: string + required: + - key + - path + type: object + type: array + x-kubernetes-list-map-keys: + - key + x-kubernetes-list-type: map + name: + type: string + type: object + type: object + coreConfig: + properties: + enabled: + type: boolean + extensionTimeout: + type: integer + extensionURL: + type: string + type: object + enabled: + type: boolean + ports: + items: + properties: + containerPort: + format: int32 + type: integer + hostIP: + type: string + hostPort: + format: int32 + type: integer + name: + type: string + protocol: + default: TCP + type: string + required: + - containerPort + type: object + type: array + x-kubernetes-list-type: atomic + type: object otlp: properties: receiver: @@ -2438,6 +2506,8 @@ spec: replicas: format: int32 type: integer + runtimeClassName: + type: string securityContext: properties: appArmorProfile: @@ -3735,6 +3805,11 @@ spec: type: boolean failurePolicy: type: string + kubernetesAdmissionEvents: + properties: + enabled: + type: boolean + type: object mutateUnlabelled: type: boolean mutation: @@ -4182,6 +4257,69 @@ spec: scrubContainers: type: boolean type: object + otelCollector: + properties: + conf: + properties: + configData: + type: string + configMap: + properties: + items: + items: + properties: + key: + type: string + mode: + format: int32 + type: integer + path: + type: string + required: + - key + - path + type: object + type: array + x-kubernetes-list-map-keys: + - key + x-kubernetes-list-type: map + name: + type: string + type: object + type: object + coreConfig: + properties: + enabled: + type: boolean + extensionTimeout: + type: integer + extensionURL: + type: string + type: object + enabled: + type: boolean + ports: + items: + properties: + containerPort: + format: int32 + type: integer + hostIP: + type: string + hostPort: + format: int32 + type: integer + name: + type: string + protocol: + default: TCP + type: string + required: + - containerPort + type: object + type: array + x-kubernetes-list-type: atomic + type: object otlp: properties: receiver: diff --git a/crds/datadoghq.com_datadogpodautoscalers.yaml b/crds/datadoghq.com_datadogpodautoscalers.yaml index 148d84206..5a30875db 100644 --- a/crds/datadoghq.com_datadogpodautoscalers.yaml +++ b/crds/datadoghq.com_datadogpodautoscalers.yaml @@ -225,6 +225,14 @@ spec: type: object type: array x-kubernetes-list-type: atomic + stabilizationWindowSeconds: + description: |- + StabilizationWindowSeconds is the number of seconds the controller should lookback at previous recommendations + before deciding to apply a new one. Defaults to 0. + format: int32 + maximum: 1800 + minimum: 0 + type: integer strategy: description: |- Strategy is used to specify which policy should be used. @@ -291,6 +299,14 @@ spec: type: object type: array x-kubernetes-list-type: atomic + stabilizationWindowSeconds: + description: |- + StabilizationWindowSeconds is the number of seconds the controller should lookback at previous recommendations + before deciding to apply a new one. Defaults to 0. + format: int32 + maximum: 1800 + minimum: 0 + type: integer strategy: description: |- Strategy is used to specify which policy should be used. diff --git a/test/datadog/baseline/agent-clusterchecks-deployment_default.yaml b/test/datadog/baseline/agent-clusterchecks-deployment_default.yaml index abe1ae407..9a56dca89 100644 --- a/test/datadog/baseline/agent-clusterchecks-deployment_default.yaml +++ b/test/datadog/baseline/agent-clusterchecks-deployment_default.yaml @@ -6,7 +6,7 @@ metadata: name: datadog-clusterchecks namespace: datadog-agent labels: - helm.sh/chart: 'datadog-3.90.0' + helm.sh/chart: 'datadog-3.90.1' app.kubernetes.io/name: "datadog" app.kubernetes.io/instance: "datadog" app.kubernetes.io/managed-by: Helm @@ -36,8 +36,8 @@ spec: name: datadog-clusterchecks annotations: - checksum/clusteragent_token: a4c4f992728ab92c056e58623747a4937611a96e617e9369bbbd09486a83aaa4 - checksum/install_info: 3b9b3e85592ca511f47e6f39152d86a2c22f1ecc6fe577f4a9f78fa7e78097a4 + checksum/clusteragent_token: 82707f47b0bfc55fc39a2740339e31da8b81064a3a1af2eb7ad07b8cefca2060 + checksum/install_info: 9723455d5ab3318a8d2a46e64a29d03b3142738df48c8a9ccac656513fd33065 spec: serviceAccountName: datadog-cluster-checks automountServiceAccountToken: true diff --git a/test/datadog/baseline/cluster-agent-deployment_default.yaml b/test/datadog/baseline/cluster-agent-deployment_default.yaml index 15cb6fc5e..22e861306 100644 --- a/test/datadog/baseline/cluster-agent-deployment_default.yaml +++ b/test/datadog/baseline/cluster-agent-deployment_default.yaml @@ -6,7 +6,7 @@ metadata: name: datadog-cluster-agent namespace: datadog-agent labels: - helm.sh/chart: 'datadog-3.90.0' + helm.sh/chart: 'datadog-3.90.1' app.kubernetes.io/name: "datadog" app.kubernetes.io/instance: "datadog" app.kubernetes.io/managed-by: Helm @@ -36,11 +36,11 @@ spec: name: datadog-cluster-agent annotations: - checksum/clusteragent_token: 7de9189e8b09b0220e39687e09632b5f9c164bab572826f08c467143a74f5fdd - checksum/clusteragent-configmap: b80db4e65821dd6bcd24691a57341dbf840b5ac2c7e635060f0e8ae83f6597c1 - checksum/api_key: e8756335f64a19cdbc31bf5c1e01c7cc4fa57310bf1a1739384243a8adada70c + checksum/clusteragent_token: 2a79fd54ee54b48b65cf8755fb30c0a8709de2d17d4498be14a4f81d7e62c7e6 + checksum/clusteragent-configmap: abfb71847d6ccb5c229cccfd8379d84bcc99108fbea76f413e0b3d80396e8e6b + checksum/api_key: 729a3b093f470188d114eb0722e0b462aaf964f2d2658fcde4c0ef405ca03123 checksum/application_key: 01ba4719c80b6fe911b091a7c05124b64eeece964e09c058ef8f9805daca546b - checksum/install_info: 3b9b3e85592ca511f47e6f39152d86a2c22f1ecc6fe577f4a9f78fa7e78097a4 + checksum/install_info: 9723455d5ab3318a8d2a46e64a29d03b3142738df48c8a9ccac656513fd33065 spec: serviceAccountName: datadog-cluster-agent automountServiceAccountToken: true diff --git a/test/datadog/baseline/cluster-agent-deployment_default_advanced_AC_injection.yaml b/test/datadog/baseline/cluster-agent-deployment_default_advanced_AC_injection.yaml index 2cd55ca38..f16eaa183 100644 --- a/test/datadog/baseline/cluster-agent-deployment_default_advanced_AC_injection.yaml +++ b/test/datadog/baseline/cluster-agent-deployment_default_advanced_AC_injection.yaml @@ -6,7 +6,7 @@ metadata: name: datadog-cluster-agent namespace: datadog-agent labels: - helm.sh/chart: 'datadog-3.90.0' + helm.sh/chart: 'datadog-3.90.1' app.kubernetes.io/name: "datadog" app.kubernetes.io/instance: "datadog" app.kubernetes.io/managed-by: Helm @@ -36,11 +36,11 @@ spec: name: datadog-cluster-agent annotations: - checksum/clusteragent_token: 2e89c377e0aaca3b109a0e88bfd037558ed48fb189b5fa93fce66965c2f5775a - checksum/clusteragent-configmap: b80db4e65821dd6bcd24691a57341dbf840b5ac2c7e635060f0e8ae83f6597c1 - checksum/api_key: e8756335f64a19cdbc31bf5c1e01c7cc4fa57310bf1a1739384243a8adada70c + checksum/clusteragent_token: da73eb12114a230565e36abba3c29649d8fd0c8dd4fa0940ef4ef23512120e52 + checksum/clusteragent-configmap: abfb71847d6ccb5c229cccfd8379d84bcc99108fbea76f413e0b3d80396e8e6b + checksum/api_key: 729a3b093f470188d114eb0722e0b462aaf964f2d2658fcde4c0ef405ca03123 checksum/application_key: 01ba4719c80b6fe911b091a7c05124b64eeece964e09c058ef8f9805daca546b - checksum/install_info: 3b9b3e85592ca511f47e6f39152d86a2c22f1ecc6fe577f4a9f78fa7e78097a4 + checksum/install_info: 9723455d5ab3318a8d2a46e64a29d03b3142738df48c8a9ccac656513fd33065 spec: serviceAccountName: datadog-cluster-agent automountServiceAccountToken: true diff --git a/test/datadog/baseline/cluster-agent-deployment_default_minimal_AC_injection.yaml b/test/datadog/baseline/cluster-agent-deployment_default_minimal_AC_injection.yaml index a77939d62..57e2fff9a 100644 --- a/test/datadog/baseline/cluster-agent-deployment_default_minimal_AC_injection.yaml +++ b/test/datadog/baseline/cluster-agent-deployment_default_minimal_AC_injection.yaml @@ -6,7 +6,7 @@ metadata: name: datadog-cluster-agent namespace: datadog-agent labels: - helm.sh/chart: 'datadog-3.90.0' + helm.sh/chart: 'datadog-3.90.1' app.kubernetes.io/name: "datadog" app.kubernetes.io/instance: "datadog" app.kubernetes.io/managed-by: Helm @@ -36,11 +36,11 @@ spec: name: datadog-cluster-agent annotations: - checksum/clusteragent_token: 006359294812b6f3dc99795439e6d9bb00899277b38234560d155ef214fbc747 - checksum/clusteragent-configmap: b80db4e65821dd6bcd24691a57341dbf840b5ac2c7e635060f0e8ae83f6597c1 - checksum/api_key: e8756335f64a19cdbc31bf5c1e01c7cc4fa57310bf1a1739384243a8adada70c + checksum/clusteragent_token: 041ef1801306228d46d7eec4638bca9ce06c2ed5d1a158f9d03fae036e5a5661 + checksum/clusteragent-configmap: abfb71847d6ccb5c229cccfd8379d84bcc99108fbea76f413e0b3d80396e8e6b + checksum/api_key: 729a3b093f470188d114eb0722e0b462aaf964f2d2658fcde4c0ef405ca03123 checksum/application_key: 01ba4719c80b6fe911b091a7c05124b64eeece964e09c058ef8f9805daca546b - checksum/install_info: 3b9b3e85592ca511f47e6f39152d86a2c22f1ecc6fe577f4a9f78fa7e78097a4 + checksum/install_info: 9723455d5ab3318a8d2a46e64a29d03b3142738df48c8a9ccac656513fd33065 spec: serviceAccountName: datadog-cluster-agent automountServiceAccountToken: true diff --git a/test/datadog/baseline/daemonset_default.yaml b/test/datadog/baseline/daemonset_default.yaml index d294b0a54..871d35989 100644 --- a/test/datadog/baseline/daemonset_default.yaml +++ b/test/datadog/baseline/daemonset_default.yaml @@ -6,7 +6,7 @@ metadata: name: datadog namespace: datadog-agent labels: - helm.sh/chart: 'datadog-3.90.0' + helm.sh/chart: 'datadog-3.90.1' app.kubernetes.io/name: "datadog" app.kubernetes.io/instance: "datadog" app.kubernetes.io/managed-by: Helm @@ -30,8 +30,8 @@ spec: name: datadog annotations: - checksum/clusteragent_token: 351b04e4fed6ccebd0bbcc94d9597d17a4f942803b871b62b7471aba15906d92 - checksum/install_info: 3b9b3e85592ca511f47e6f39152d86a2c22f1ecc6fe577f4a9f78fa7e78097a4 + checksum/clusteragent_token: 174aed95311830aaf174696e8c52c338f13193ff6b513fa2407bccf3de9cf236 + checksum/install_info: 9723455d5ab3318a8d2a46e64a29d03b3142738df48c8a9ccac656513fd33065 checksum/autoconf-config: 74234e98afe7498fb5daf1f36ac2d78acc339464f950703b8c019892f982b90b checksum/confd-config: 44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a checksum/checksd-config: 44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a diff --git a/test/datadog/baseline/gdc_daemonset_default.yaml b/test/datadog/baseline/gdc_daemonset_default.yaml index 006f7ade0..5ae4bc007 100644 --- a/test/datadog/baseline/gdc_daemonset_default.yaml +++ b/test/datadog/baseline/gdc_daemonset_default.yaml @@ -6,7 +6,7 @@ metadata: name: datadog namespace: datadog-agent labels: - helm.sh/chart: 'datadog-3.90.0' + helm.sh/chart: 'datadog-3.90.1' app.kubernetes.io/name: "datadog" app.kubernetes.io/instance: "datadog" app.kubernetes.io/managed-by: Helm @@ -30,8 +30,8 @@ spec: env.datadoghq.com/kind: gke-gdc name: datadog annotations: - checksum/clusteragent_token: 3d5fd35905ec50a6449e5638ce3be034cd42366fea54acf133e59796c3856519 - checksum/install_info: 3b9b3e85592ca511f47e6f39152d86a2c22f1ecc6fe577f4a9f78fa7e78097a4 + checksum/clusteragent_token: 7fc9f30808ea0383822036c8c312145acf9d5ffbce9dfd4e4fa2c58ee6885cee + checksum/install_info: 9723455d5ab3318a8d2a46e64a29d03b3142738df48c8a9ccac656513fd33065 checksum/autoconf-config: 74234e98afe7498fb5daf1f36ac2d78acc339464f950703b8c019892f982b90b checksum/confd-config: 44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a checksum/checksd-config: 44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a diff --git a/test/datadog/baseline/gdc_daemonset_logs_collection.yaml b/test/datadog/baseline/gdc_daemonset_logs_collection.yaml index bdeb3e9f4..579867388 100644 --- a/test/datadog/baseline/gdc_daemonset_logs_collection.yaml +++ b/test/datadog/baseline/gdc_daemonset_logs_collection.yaml @@ -6,7 +6,7 @@ metadata: name: datadog namespace: datadog-agent labels: - helm.sh/chart: 'datadog-3.90.0' + helm.sh/chart: 'datadog-3.90.1' app.kubernetes.io/name: "datadog" app.kubernetes.io/instance: "datadog" app.kubernetes.io/managed-by: Helm @@ -30,8 +30,8 @@ spec: env.datadoghq.com/kind: gke-gdc name: datadog annotations: - checksum/clusteragent_token: caefc771c2e1314a0eee328c4c68866708132961c27fac0f0e8cfcb229735ea8 - checksum/install_info: 3b9b3e85592ca511f47e6f39152d86a2c22f1ecc6fe577f4a9f78fa7e78097a4 + checksum/clusteragent_token: 5251a960464770e4370d189d056f28e10e31380da0f2313f0c2448897e2624ec + checksum/install_info: 9723455d5ab3318a8d2a46e64a29d03b3142738df48c8a9ccac656513fd33065 checksum/autoconf-config: 74234e98afe7498fb5daf1f36ac2d78acc339464f950703b8c019892f982b90b checksum/confd-config: 44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a checksum/checksd-config: 44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a diff --git a/test/datadog/baseline/other_default.yaml b/test/datadog/baseline/other_default.yaml index bd005c500..f90244294 100644 --- a/test/datadog/baseline/other_default.yaml +++ b/test/datadog/baseline/other_default.yaml @@ -6,7 +6,7 @@ metadata: name: datadog-clusterchecks namespace: datadog-agent labels: - helm.sh/chart: 'datadog-3.90.0' + helm.sh/chart: 'datadog-3.90.1' app.kubernetes.io/name: "datadog" app.kubernetes.io/instance: "datadog" app.kubernetes.io/managed-by: Helm @@ -24,7 +24,7 @@ metadata: name: datadog-cluster-agent namespace: datadog-agent labels: - helm.sh/chart: 'datadog-3.90.0' + helm.sh/chart: 'datadog-3.90.1' app.kubernetes.io/name: "datadog" app.kubernetes.io/instance: "datadog" app.kubernetes.io/managed-by: Helm @@ -41,13 +41,13 @@ kind: ServiceAccount automountServiceAccountToken: true metadata: labels: - helm.sh/chart: 'datadog-3.90.0' + helm.sh/chart: 'datadog-3.90.1' app.kubernetes.io/name: "datadog" app.kubernetes.io/instance: "datadog" app.kubernetes.io/managed-by: Helm app.kubernetes.io/version: "7" app: "datadog" - chart: "datadog-3.90.0" + chart: "datadog-3.90.1" heritage: "Helm" release: "datadog" name: datadog-cluster-checks @@ -60,10 +60,10 @@ automountServiceAccountToken: true metadata: labels: app: "datadog" - chart: "datadog-3.90.0" + chart: "datadog-3.90.1" heritage: "Helm" release: "datadog" - helm.sh/chart: 'datadog-3.90.0' + helm.sh/chart: 'datadog-3.90.1' app.kubernetes.io/name: "datadog" app.kubernetes.io/instance: "datadog" app.kubernetes.io/managed-by: Helm @@ -79,7 +79,7 @@ metadata: name: datadog namespace: datadog-agent labels: - helm.sh/chart: 'datadog-3.90.0' + helm.sh/chart: 'datadog-3.90.1' app.kubernetes.io/name: "datadog" app.kubernetes.io/instance: "datadog" app.kubernetes.io/managed-by: Helm @@ -92,14 +92,14 @@ metadata: name: datadog-cluster-agent namespace: datadog-agent labels: - helm.sh/chart: 'datadog-3.90.0' + helm.sh/chart: 'datadog-3.90.1' app.kubernetes.io/name: "datadog" app.kubernetes.io/instance: "datadog" app.kubernetes.io/managed-by: Helm app.kubernetes.io/version: "7" type: Opaque data: - token: "Y0FLVW5ESkVueHNsNXpMRzZRUjhya2FNdW9YczlJSWM=" + token: "akJERTVsWGplWTZEZXdPMFVLalFlS2FSZVhaWTlvU1E=" --- # Source: datadog/templates/cluster-agent-confd-configmap.yaml apiVersion: v1 @@ -108,7 +108,7 @@ metadata: name: datadog-cluster-agent-confd namespace: datadog-agent labels: - helm.sh/chart: 'datadog-3.90.0' + helm.sh/chart: 'datadog-3.90.1' app.kubernetes.io/name: "datadog" app.kubernetes.io/instance: "datadog" app.kubernetes.io/managed-by: Helm @@ -164,20 +164,20 @@ metadata: name: datadog-installinfo namespace: datadog-agent labels: - helm.sh/chart: 'datadog-3.90.0' + helm.sh/chart: 'datadog-3.90.1' app.kubernetes.io/name: "datadog" app.kubernetes.io/instance: "datadog" app.kubernetes.io/managed-by: Helm app.kubernetes.io/version: "7" annotations: - checksum/install_info: 3b9b3e85592ca511f47e6f39152d86a2c22f1ecc6fe577f4a9f78fa7e78097a4 + checksum/install_info: 9723455d5ab3318a8d2a46e64a29d03b3142738df48c8a9ccac656513fd33065 data: install_info: | --- install_method: tool: helm tool_version: Helm - installer_version: datadog-3.90.0 + installer_version: datadog-3.90.1 --- # Source: datadog/templates/kpi-telemetry-configmap.yaml apiVersion: v1 @@ -186,22 +186,22 @@ metadata: name: datadog-kpi-telemetry-configmap namespace: datadog-agent labels: - helm.sh/chart: 'datadog-3.90.0' + helm.sh/chart: 'datadog-3.90.1' app.kubernetes.io/name: "datadog" app.kubernetes.io/instance: "datadog" app.kubernetes.io/managed-by: Helm app.kubernetes.io/version: "7" data: install_type: k8s_manual - install_id: "81af13e2-1761-4f89-83ca-0cb251475700" - install_time: "1738187603" + install_id: "2481de20-14d7-4ee6-9a7a-c2ef5ed1a195" + install_time: "1738785665" --- # Source: datadog/templates/cluster-agent-rbac.yaml apiVersion: "rbac.authorization.k8s.io/v1" kind: ClusterRole metadata: labels: - helm.sh/chart: 'datadog-3.90.0' + helm.sh/chart: 'datadog-3.90.1' app.kubernetes.io/name: "datadog" app.kubernetes.io/instance: "datadog" app.kubernetes.io/managed-by: Helm @@ -426,7 +426,7 @@ apiVersion: "rbac.authorization.k8s.io/v1" kind: ClusterRole metadata: labels: - helm.sh/chart: 'datadog-3.90.0' + helm.sh/chart: 'datadog-3.90.1' app.kubernetes.io/name: "datadog" app.kubernetes.io/instance: "datadog" app.kubernetes.io/managed-by: Helm @@ -522,7 +522,7 @@ kind: ClusterRole metadata: name: datadog labels: - helm.sh/chart: 'datadog-3.90.0' + helm.sh/chart: 'datadog-3.90.1' app.kubernetes.io/name: "datadog" app.kubernetes.io/instance: "datadog" app.kubernetes.io/managed-by: Helm @@ -564,13 +564,20 @@ rules: - leases verbs: - get +- apiGroups: # EKS kube_scheduler and kube_controller_manager control plane metrics + - "metrics.eks.amazonaws.com" + resources: + - kcm/metrics + - ksh/metrics + verbs: + - get --- # Source: datadog/templates/agent-clusterchecks-rbac.yaml apiVersion: "rbac.authorization.k8s.io/v1" kind: ClusterRoleBinding metadata: labels: - helm.sh/chart: 'datadog-3.90.0' + helm.sh/chart: 'datadog-3.90.1' app.kubernetes.io/name: "datadog" app.kubernetes.io/instance: "datadog" app.kubernetes.io/managed-by: Helm @@ -590,7 +597,7 @@ apiVersion: "rbac.authorization.k8s.io/v1" kind: ClusterRoleBinding metadata: labels: - helm.sh/chart: 'datadog-3.90.0' + helm.sh/chart: 'datadog-3.90.1' app.kubernetes.io/name: "datadog" app.kubernetes.io/instance: "datadog" app.kubernetes.io/managed-by: Helm @@ -610,7 +617,7 @@ apiVersion: "rbac.authorization.k8s.io/v1" kind: ClusterRoleBinding metadata: labels: - helm.sh/chart: 'datadog-3.90.0' + helm.sh/chart: 'datadog-3.90.1' app.kubernetes.io/name: "datadog" app.kubernetes.io/instance: "datadog" app.kubernetes.io/managed-by: Helm @@ -631,7 +638,7 @@ kind: ClusterRoleBinding metadata: name: datadog labels: - helm.sh/chart: 'datadog-3.90.0' + helm.sh/chart: 'datadog-3.90.1' app.kubernetes.io/name: "datadog" app.kubernetes.io/instance: "datadog" app.kubernetes.io/managed-by: Helm @@ -650,7 +657,7 @@ apiVersion: "rbac.authorization.k8s.io/v1" kind: Role metadata: labels: - helm.sh/chart: 'datadog-3.90.0' + helm.sh/chart: 'datadog-3.90.1' app.kubernetes.io/name: "datadog" app.kubernetes.io/instance: "datadog" app.kubernetes.io/managed-by: Helm @@ -667,7 +674,7 @@ apiVersion: "rbac.authorization.k8s.io/v1" kind: Role metadata: labels: - helm.sh/chart: 'datadog-3.90.0' + helm.sh/chart: 'datadog-3.90.1' app.kubernetes.io/name: "datadog" app.kubernetes.io/instance: "datadog" app.kubernetes.io/managed-by: Helm @@ -689,7 +696,7 @@ apiVersion: "rbac.authorization.k8s.io/v1" kind: RoleBinding metadata: labels: - helm.sh/chart: 'datadog-3.90.0' + helm.sh/chart: 'datadog-3.90.1' app.kubernetes.io/name: "datadog" app.kubernetes.io/instance: "datadog" app.kubernetes.io/managed-by: Helm @@ -710,7 +717,7 @@ apiVersion: "rbac.authorization.k8s.io/v1" kind: RoleBinding metadata: labels: - helm.sh/chart: 'datadog-3.90.0' + helm.sh/chart: 'datadog-3.90.1' app.kubernetes.io/name: "datadog" app.kubernetes.io/instance: "datadog" app.kubernetes.io/managed-by: Helm @@ -733,7 +740,7 @@ metadata: name: datadog-cluster-agent namespace: datadog-agent labels: - helm.sh/chart: 'datadog-3.90.0' + helm.sh/chart: 'datadog-3.90.1' app.kubernetes.io/name: "datadog" app.kubernetes.io/instance: "datadog" app.kubernetes.io/managed-by: Helm @@ -755,10 +762,10 @@ metadata: namespace: datadog-agent labels: app: "datadog" - chart: "datadog-3.90.0" + chart: "datadog-3.90.1" release: "datadog" heritage: "Helm" - helm.sh/chart: 'datadog-3.90.0' + helm.sh/chart: 'datadog-3.90.1' app.kubernetes.io/name: "datadog" app.kubernetes.io/instance: "datadog" app.kubernetes.io/managed-by: Helm @@ -781,10 +788,10 @@ metadata: namespace: datadog-agent labels: app: "datadog" - chart: "datadog-3.90.0" + chart: "datadog-3.90.1" release: "datadog" heritage: "Helm" - helm.sh/chart: 'datadog-3.90.0' + helm.sh/chart: 'datadog-3.90.1' app.kubernetes.io/name: "datadog" app.kubernetes.io/instance: "datadog" app.kubernetes.io/managed-by: Helm @@ -810,7 +817,7 @@ metadata: name: datadog namespace: datadog-agent labels: - helm.sh/chart: 'datadog-3.90.0' + helm.sh/chart: 'datadog-3.90.1' app.kubernetes.io/name: "datadog" app.kubernetes.io/instance: "datadog" app.kubernetes.io/managed-by: Helm @@ -834,8 +841,8 @@ spec: name: datadog annotations: - checksum/clusteragent_token: 99c09e761bcd02e5cfc999d9f6577ab543906f1bac9985c76e83a4b67d022ac3 - checksum/install_info: 3b9b3e85592ca511f47e6f39152d86a2c22f1ecc6fe577f4a9f78fa7e78097a4 + checksum/clusteragent_token: 2f5e57327770b567fc1dafc71318aa2f3c850df1ef4977ec5fe26197b8834136 + checksum/install_info: 9723455d5ab3318a8d2a46e64a29d03b3142738df48c8a9ccac656513fd33065 checksum/autoconf-config: 74234e98afe7498fb5daf1f36ac2d78acc339464f950703b8c019892f982b90b checksum/confd-config: 44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a checksum/checksd-config: 44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a @@ -1238,7 +1245,7 @@ metadata: name: datadog-clusterchecks namespace: datadog-agent labels: - helm.sh/chart: 'datadog-3.90.0' + helm.sh/chart: 'datadog-3.90.1' app.kubernetes.io/name: "datadog" app.kubernetes.io/instance: "datadog" app.kubernetes.io/managed-by: Helm @@ -1268,8 +1275,8 @@ spec: name: datadog-clusterchecks annotations: - checksum/clusteragent_token: 8207380bd594e838447f7ef88f040c264a0dd18d192e26f6a545851d7627b3f2 - checksum/install_info: 3b9b3e85592ca511f47e6f39152d86a2c22f1ecc6fe577f4a9f78fa7e78097a4 + checksum/clusteragent_token: 1b27814030c156af6fcafca3ca9274edebf20699c821e892d77c4c7d740a2f5b + checksum/install_info: 9723455d5ab3318a8d2a46e64a29d03b3142738df48c8a9ccac656513fd33065 spec: serviceAccountName: datadog-cluster-checks automountServiceAccountToken: true @@ -1430,7 +1437,7 @@ metadata: name: datadog-cluster-agent namespace: datadog-agent labels: - helm.sh/chart: 'datadog-3.90.0' + helm.sh/chart: 'datadog-3.90.1' app.kubernetes.io/name: "datadog" app.kubernetes.io/instance: "datadog" app.kubernetes.io/managed-by: Helm @@ -1460,9 +1467,9 @@ spec: name: datadog-cluster-agent annotations: - checksum/clusteragent_token: e21734ecb51b8a82bf30e8dc9c0a6f2486e38fae8d136d3e74acad205152adb2 - checksum/clusteragent-configmap: 84fd9626779d2b7fc64dc85cfbfa1cea1edb062f6e8cdba7dcf88d4637b73fa5 - checksum/install_info: 3b9b3e85592ca511f47e6f39152d86a2c22f1ecc6fe577f4a9f78fa7e78097a4 + checksum/clusteragent_token: 1176d3833b7a6e7565e239de5bb77df64ee32f35d85f852534db02422215ba35 + checksum/clusteragent-configmap: 9f0ae9132099384f08acb30e2ef9005327efa60bf64fe70444720d4b538bbf21 + checksum/install_info: 9723455d5ab3318a8d2a46e64a29d03b3142738df48c8a9ccac656513fd33065 spec: serviceAccountName: datadog-cluster-agent automountServiceAccountToken: true From 169597fc2a5cc5d25be648b30effbf2f3546a3e2 Mon Sep 17 00:00:00 2001 From: Sarah Wang Date: Fri, 7 Feb 2025 14:21:59 -0500 Subject: [PATCH 10/45] [datadog-crds] add DatadogGenericResources CRD (#1694) * [datadog-crds] add DatadogGenericResources CRD * run make update-test-baselines * update clusteragent token for baseline test --- charts/datadog-crds/CHANGELOG.md | 4 + charts/datadog-crds/Chart.yaml | 2 +- charts/datadog-crds/README.md | 3 +- ...adoghq.com_datadoggenericresources_v1.yaml | 164 ++++++++++++++++++ charts/datadog-crds/update-crds.sh | 1 + charts/datadog-crds/values.yaml | 2 + ...datadoghq.com_datadoggenericresources.yaml | 157 +++++++++++++++++ .../baseline/Operator_Deployment_default.yaml | 2 +- ...gent-clusterchecks-deployment_default.yaml | 6 +- .../cluster-agent-deployment_default.yaml | 10 +- ...loyment_default_advanced_AC_injection.yaml | 10 +- ...ployment_default_minimal_AC_injection.yaml | 10 +- test/datadog/baseline/daemonset_default.yaml | 6 +- .../baseline/gdc_daemonset_default.yaml | 6 +- .../gdc_daemonset_logs_collection.yaml | 6 +- test/datadog/baseline/other_default.yaml | 84 ++++----- 16 files changed, 401 insertions(+), 72 deletions(-) create mode 100644 charts/datadog-crds/templates/datadoghq.com_datadoggenericresources_v1.yaml create mode 100644 crds/datadoghq.com_datadoggenericresources.yaml diff --git a/charts/datadog-crds/CHANGELOG.md b/charts/datadog-crds/CHANGELOG.md index 2fbdcae06..6e8e7a860 100644 --- a/charts/datadog-crds/CHANGELOG.md +++ b/charts/datadog-crds/CHANGELOG.md @@ -1,5 +1,9 @@ # Changelog +# 2.4.1 + +* Add DatadogGenericResources CRD. + # 2.4.0 * Update CRDs from Datadog Operator v1.12.0 tag. diff --git a/charts/datadog-crds/Chart.yaml b/charts/datadog-crds/Chart.yaml index 1e0c31b5d..415d50bdd 100644 --- a/charts/datadog-crds/Chart.yaml +++ b/charts/datadog-crds/Chart.yaml @@ -1,7 +1,7 @@ apiVersion: v1 name: datadog-crds description: Datadog Kubernetes CRDs chart -version: 2.4.0 +version: 2.4.1 appVersion: "1" keywords: - monitoring diff --git a/charts/datadog-crds/README.md b/charts/datadog-crds/README.md index 06e25173f..b109ff020 100644 --- a/charts/datadog-crds/README.md +++ b/charts/datadog-crds/README.md @@ -1,6 +1,6 @@ # Datadog CRDs -![Version: 2.4.0](https://img.shields.io/badge/Version-2.4.0-informational?style=flat-square) ![AppVersion: 1](https://img.shields.io/badge/AppVersion-1-informational?style=flat-square) +![Version: 2.4.1](https://img.shields.io/badge/Version-2.4.1-informational?style=flat-square) ![AppVersion: 1](https://img.shields.io/badge/AppVersion-1-informational?style=flat-square) This chart was designed to allow other "datadog" charts to share `CustomResourceDefinitions` such as the `DatadogMetric`. @@ -25,6 +25,7 @@ But the recommended Kubernetes versions are `1.16+`. | crds.datadogAgentProfiles | bool | `false` | Set to true to deploy the DatadogAgentProfiles CRD | | crds.datadogAgents | bool | `false` | Set to true to deploy the DatadogAgents CRD | | crds.datadogDashboards | bool | `false` | Set to true to deploy the DatadogDashboards CRD | +| crds.datadogGenericResources | bool | `false` | Set to true to deploy the DatadogGenericResources CRD | | crds.datadogMetrics | bool | `false` | Set to true to deploy the DatadogMetrics CRD | | crds.datadogMonitors | bool | `false` | Set to true to deploy the DatadogMonitors CRD | | crds.datadogPodAutoscalers | bool | `false` | Set to true to deploy the DatadogPodAutoscalers CRD | diff --git a/charts/datadog-crds/templates/datadoghq.com_datadoggenericresources_v1.yaml b/charts/datadog-crds/templates/datadoghq.com_datadoggenericresources_v1.yaml new file mode 100644 index 000000000..e02cb7a43 --- /dev/null +++ b/charts/datadog-crds/templates/datadoghq.com_datadoggenericresources_v1.yaml @@ -0,0 +1,164 @@ +{{- if and .Values.crds.datadogGenericResources (semverCompare ">1.21-0" .Capabilities.KubeVersion.GitVersion ) }} +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.16.3 + name: datadoggenericresources.datadoghq.com + labels: + helm.sh/chart: '{{ include "datadog-crds.chart" . }}' + app.kubernetes.io/managed-by: '{{ .Release.Service }}' + app.kubernetes.io/name: '{{ include "datadog-crds.name" . }}' + app.kubernetes.io/instance: '{{ .Release.Name }}' +spec: + group: datadoghq.com + names: + kind: DatadogGenericResource + listKind: DatadogGenericResourceList + plural: datadoggenericresources + shortNames: + - ddgr + singular: datadoggenericresource + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .status.id + name: id + type: string + - jsonPath: .status.syncStatus + name: sync status + type: string + - jsonPath: .metadata.creationTimestamp + name: age + type: date + name: v1alpha1 + schema: + openAPIV3Schema: + description: DatadogGenericResource is the Schema for the DatadogGenericResources API + properties: + apiVersion: + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + type: string + kind: + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + metadata: + type: object + spec: + description: DatadogGenericResourceSpec defines the desired state of DatadogGenericResource + properties: + jsonSpec: + description: JsonSpec is the specification of the API object + type: string + type: + description: Type is the type of the API object + enum: + - notebook + - synthetics_api_test + - synthetics_browser_test + type: string + required: + - jsonSpec + - type + type: object + status: + description: DatadogGenericResourceStatus defines the observed state of DatadogGenericResource + properties: + conditions: + description: Conditions represents the latest available observations of the state of a DatadogGenericResource. + items: + description: Condition contains details for one aspect of the current state of this API Resource. + properties: + lastTransitionTime: + description: |- + lastTransitionTime is the last time the condition transitioned from one status to another. + This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable. + format: date-time + type: string + message: + description: |- + message is a human readable message indicating details about the transition. + This may be an empty string. + maxLength: 32768 + type: string + observedGeneration: + description: |- + observedGeneration represents the .metadata.generation that the condition was set based upon. + For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date + with respect to the current state of the instance. + format: int64 + minimum: 0 + type: integer + reason: + description: |- + reason contains a programmatic identifier indicating the reason for the condition's last transition. + Producers of specific condition types may define expected values and meanings for this field, + and whether the values are considered a guaranteed API. + The value should be a CamelCase string. + This field may not be empty. + maxLength: 1024 + minLength: 1 + pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$ + type: string + status: + description: status of the condition, one of True, False, Unknown. + enum: + - "True" + - "False" + - Unknown + type: string + type: + description: type of condition in CamelCase or in foo.example.com/CamelCase. + maxLength: 316 + pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ + type: string + required: + - lastTransitionTime + - message + - reason + - status + - type + type: object + type: array + x-kubernetes-list-map-keys: + - type + x-kubernetes-list-type: map + created: + description: Created is the time the object was created. + format: date-time + type: string + creator: + description: Creator is the identity of the creator. + type: string + currentHash: + description: |- + CurrentHash tracks the hash of the current DatadogGenericResourceSpec to know + if the JsonSpec has changed and needs an update. + type: string + id: + description: Id is the object unique identifier generated in Datadog. + type: string + lastForceSyncTime: + description: LastForceSyncTime is the last time the API object was last force synced with the custom resource + format: date-time + type: string + syncStatus: + description: SyncStatus shows the health of syncing the object state to Datadog. + type: string + type: object + type: object + served: true + storage: true + subresources: + status: {} +{{- end }} diff --git a/charts/datadog-crds/update-crds.sh b/charts/datadog-crds/update-crds.sh index 457b77afd..12b858d3f 100755 --- a/charts/datadog-crds/update-crds.sh +++ b/charts/datadog-crds/update-crds.sh @@ -60,3 +60,4 @@ download_crd "$DATADOG_OPERATOR_REPO" "$DATADOG_OPERATOR_TAG" datadogslos datado download_crd "$DATADOG_OPERATOR_REPO" "$DATADOG_OPERATOR_TAG" datadogagentprofiles datadogAgentProfiles v1 download_crd "$DATADOG_OPERATOR_REPO" "$DATADOG_OPERATOR_TAG" datadogpodautoscalers datadogPodAutoscalers v1 download_crd "$DATADOG_OPERATOR_REPO" "$DATADOG_OPERATOR_TAG" datadogdashboards datadogDashboards v1 +download_crd "$DATADOG_OPERATOR_REPO" "$DATADOG_OPERATOR_TAG" datadoggenericresources datadogGenericResources v1 diff --git a/charts/datadog-crds/values.yaml b/charts/datadog-crds/values.yaml index 2b89e21f0..b532e25f1 100644 --- a/charts/datadog-crds/values.yaml +++ b/charts/datadog-crds/values.yaml @@ -17,6 +17,8 @@ crds: datadogPodAutoscalers: false # crds.datadogDashboards -- Set to true to deploy the DatadogDashboards CRD datadogDashboards: false + # crds.datadogGenericResources -- Set to true to deploy the DatadogGenericResources CRD + datadogGenericResources: false # nameOverride -- Override name of app nameOverride: "" diff --git a/crds/datadoghq.com_datadoggenericresources.yaml b/crds/datadoghq.com_datadoggenericresources.yaml new file mode 100644 index 000000000..2e0ff0a11 --- /dev/null +++ b/crds/datadoghq.com_datadoggenericresources.yaml @@ -0,0 +1,157 @@ +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.16.3 + name: datadoggenericresources.datadoghq.com +spec: + group: datadoghq.com + names: + kind: DatadogGenericResource + listKind: DatadogGenericResourceList + plural: datadoggenericresources + shortNames: + - ddgr + singular: datadoggenericresource + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .status.id + name: id + type: string + - jsonPath: .status.syncStatus + name: sync status + type: string + - jsonPath: .metadata.creationTimestamp + name: age + type: date + name: v1alpha1 + schema: + openAPIV3Schema: + description: DatadogGenericResource is the Schema for the DatadogGenericResources API + properties: + apiVersion: + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + type: string + kind: + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + metadata: + type: object + spec: + description: DatadogGenericResourceSpec defines the desired state of DatadogGenericResource + properties: + jsonSpec: + description: JsonSpec is the specification of the API object + type: string + type: + description: Type is the type of the API object + enum: + - notebook + - synthetics_api_test + - synthetics_browser_test + type: string + required: + - jsonSpec + - type + type: object + status: + description: DatadogGenericResourceStatus defines the observed state of DatadogGenericResource + properties: + conditions: + description: Conditions represents the latest available observations of the state of a DatadogGenericResource. + items: + description: Condition contains details for one aspect of the current state of this API Resource. + properties: + lastTransitionTime: + description: |- + lastTransitionTime is the last time the condition transitioned from one status to another. + This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable. + format: date-time + type: string + message: + description: |- + message is a human readable message indicating details about the transition. + This may be an empty string. + maxLength: 32768 + type: string + observedGeneration: + description: |- + observedGeneration represents the .metadata.generation that the condition was set based upon. + For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date + with respect to the current state of the instance. + format: int64 + minimum: 0 + type: integer + reason: + description: |- + reason contains a programmatic identifier indicating the reason for the condition's last transition. + Producers of specific condition types may define expected values and meanings for this field, + and whether the values are considered a guaranteed API. + The value should be a CamelCase string. + This field may not be empty. + maxLength: 1024 + minLength: 1 + pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$ + type: string + status: + description: status of the condition, one of True, False, Unknown. + enum: + - "True" + - "False" + - Unknown + type: string + type: + description: type of condition in CamelCase or in foo.example.com/CamelCase. + maxLength: 316 + pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ + type: string + required: + - lastTransitionTime + - message + - reason + - status + - type + type: object + type: array + x-kubernetes-list-map-keys: + - type + x-kubernetes-list-type: map + created: + description: Created is the time the object was created. + format: date-time + type: string + creator: + description: Creator is the identity of the creator. + type: string + currentHash: + description: |- + CurrentHash tracks the hash of the current DatadogGenericResourceSpec to know + if the JsonSpec has changed and needs an update. + type: string + id: + description: Id is the object unique identifier generated in Datadog. + type: string + lastForceSyncTime: + description: LastForceSyncTime is the last time the API object was last force synced with the custom resource + format: date-time + type: string + syncStatus: + description: SyncStatus shows the health of syncing the object state to Datadog. + type: string + type: object + type: object + served: true + storage: true + subresources: + status: {} diff --git a/test/datadog-operator/baseline/Operator_Deployment_default.yaml b/test/datadog-operator/baseline/Operator_Deployment_default.yaml index a1e2c5a8e..b373cd360 100644 --- a/test/datadog-operator/baseline/Operator_Deployment_default.yaml +++ b/test/datadog-operator/baseline/Operator_Deployment_default.yaml @@ -7,7 +7,7 @@ metadata: namespace: datadog-agent labels: app.kubernetes.io/name: datadog-operator - helm.sh/chart: datadog-operator-2.5.1 + helm.sh/chart: datadog-operator-2.5.2 app.kubernetes.io/instance: datadog-operator app.kubernetes.io/version: "1.11.1" app.kubernetes.io/managed-by: Helm diff --git a/test/datadog/baseline/agent-clusterchecks-deployment_default.yaml b/test/datadog/baseline/agent-clusterchecks-deployment_default.yaml index 9a56dca89..f421d6f46 100644 --- a/test/datadog/baseline/agent-clusterchecks-deployment_default.yaml +++ b/test/datadog/baseline/agent-clusterchecks-deployment_default.yaml @@ -6,7 +6,7 @@ metadata: name: datadog-clusterchecks namespace: datadog-agent labels: - helm.sh/chart: 'datadog-3.90.1' + helm.sh/chart: 'datadog-3.90.2' app.kubernetes.io/name: "datadog" app.kubernetes.io/instance: "datadog" app.kubernetes.io/managed-by: Helm @@ -36,8 +36,8 @@ spec: name: datadog-clusterchecks annotations: - checksum/clusteragent_token: 82707f47b0bfc55fc39a2740339e31da8b81064a3a1af2eb7ad07b8cefca2060 - checksum/install_info: 9723455d5ab3318a8d2a46e64a29d03b3142738df48c8a9ccac656513fd33065 + checksum/clusteragent_token: 394df2a714d93c44949d7e7af42bb700e71308f40a965692b4e883443c31a1e1 + checksum/install_info: 8259f0118cc24f897cb93f1c9bc5e8758de1ba559ec3ed571df7ad67c9d31a24 spec: serviceAccountName: datadog-cluster-checks automountServiceAccountToken: true diff --git a/test/datadog/baseline/cluster-agent-deployment_default.yaml b/test/datadog/baseline/cluster-agent-deployment_default.yaml index 22e861306..372905f24 100644 --- a/test/datadog/baseline/cluster-agent-deployment_default.yaml +++ b/test/datadog/baseline/cluster-agent-deployment_default.yaml @@ -6,7 +6,7 @@ metadata: name: datadog-cluster-agent namespace: datadog-agent labels: - helm.sh/chart: 'datadog-3.90.1' + helm.sh/chart: 'datadog-3.90.2' app.kubernetes.io/name: "datadog" app.kubernetes.io/instance: "datadog" app.kubernetes.io/managed-by: Helm @@ -36,11 +36,11 @@ spec: name: datadog-cluster-agent annotations: - checksum/clusteragent_token: 2a79fd54ee54b48b65cf8755fb30c0a8709de2d17d4498be14a4f81d7e62c7e6 - checksum/clusteragent-configmap: abfb71847d6ccb5c229cccfd8379d84bcc99108fbea76f413e0b3d80396e8e6b - checksum/api_key: 729a3b093f470188d114eb0722e0b462aaf964f2d2658fcde4c0ef405ca03123 + checksum/clusteragent_token: e0c4e91dfb160d295654179552a2736fd59d331036ee62125156748843b613b3 + checksum/clusteragent-configmap: 63ca8b61b95408ae798632fed914c711a7a3492cadf4caf2d7d3981ca9f091c2 + checksum/api_key: 0b1dc9b6f97901330e2dfcb5dd8e06eeab960aa872f18b04e9aec5dd64030c9b checksum/application_key: 01ba4719c80b6fe911b091a7c05124b64eeece964e09c058ef8f9805daca546b - checksum/install_info: 9723455d5ab3318a8d2a46e64a29d03b3142738df48c8a9ccac656513fd33065 + checksum/install_info: 8259f0118cc24f897cb93f1c9bc5e8758de1ba559ec3ed571df7ad67c9d31a24 spec: serviceAccountName: datadog-cluster-agent automountServiceAccountToken: true diff --git a/test/datadog/baseline/cluster-agent-deployment_default_advanced_AC_injection.yaml b/test/datadog/baseline/cluster-agent-deployment_default_advanced_AC_injection.yaml index f16eaa183..92a21dc8e 100644 --- a/test/datadog/baseline/cluster-agent-deployment_default_advanced_AC_injection.yaml +++ b/test/datadog/baseline/cluster-agent-deployment_default_advanced_AC_injection.yaml @@ -6,7 +6,7 @@ metadata: name: datadog-cluster-agent namespace: datadog-agent labels: - helm.sh/chart: 'datadog-3.90.1' + helm.sh/chart: 'datadog-3.90.2' app.kubernetes.io/name: "datadog" app.kubernetes.io/instance: "datadog" app.kubernetes.io/managed-by: Helm @@ -36,11 +36,11 @@ spec: name: datadog-cluster-agent annotations: - checksum/clusteragent_token: da73eb12114a230565e36abba3c29649d8fd0c8dd4fa0940ef4ef23512120e52 - checksum/clusteragent-configmap: abfb71847d6ccb5c229cccfd8379d84bcc99108fbea76f413e0b3d80396e8e6b - checksum/api_key: 729a3b093f470188d114eb0722e0b462aaf964f2d2658fcde4c0ef405ca03123 + checksum/clusteragent_token: d6c63a0df284f4d85997d84e0da07ac7a76e8cf4402aa6355b55cfd96b210f23 + checksum/clusteragent-configmap: 63ca8b61b95408ae798632fed914c711a7a3492cadf4caf2d7d3981ca9f091c2 + checksum/api_key: 0b1dc9b6f97901330e2dfcb5dd8e06eeab960aa872f18b04e9aec5dd64030c9b checksum/application_key: 01ba4719c80b6fe911b091a7c05124b64eeece964e09c058ef8f9805daca546b - checksum/install_info: 9723455d5ab3318a8d2a46e64a29d03b3142738df48c8a9ccac656513fd33065 + checksum/install_info: 8259f0118cc24f897cb93f1c9bc5e8758de1ba559ec3ed571df7ad67c9d31a24 spec: serviceAccountName: datadog-cluster-agent automountServiceAccountToken: true diff --git a/test/datadog/baseline/cluster-agent-deployment_default_minimal_AC_injection.yaml b/test/datadog/baseline/cluster-agent-deployment_default_minimal_AC_injection.yaml index 57e2fff9a..dc1945ff7 100644 --- a/test/datadog/baseline/cluster-agent-deployment_default_minimal_AC_injection.yaml +++ b/test/datadog/baseline/cluster-agent-deployment_default_minimal_AC_injection.yaml @@ -6,7 +6,7 @@ metadata: name: datadog-cluster-agent namespace: datadog-agent labels: - helm.sh/chart: 'datadog-3.90.1' + helm.sh/chart: 'datadog-3.90.2' app.kubernetes.io/name: "datadog" app.kubernetes.io/instance: "datadog" app.kubernetes.io/managed-by: Helm @@ -36,11 +36,11 @@ spec: name: datadog-cluster-agent annotations: - checksum/clusteragent_token: 041ef1801306228d46d7eec4638bca9ce06c2ed5d1a158f9d03fae036e5a5661 - checksum/clusteragent-configmap: abfb71847d6ccb5c229cccfd8379d84bcc99108fbea76f413e0b3d80396e8e6b - checksum/api_key: 729a3b093f470188d114eb0722e0b462aaf964f2d2658fcde4c0ef405ca03123 + checksum/clusteragent_token: d55d3311edfc5f652f0fe73d2131312641abcd9e521e11fbcb9b3b62daed9217 + checksum/clusteragent-configmap: 63ca8b61b95408ae798632fed914c711a7a3492cadf4caf2d7d3981ca9f091c2 + checksum/api_key: 0b1dc9b6f97901330e2dfcb5dd8e06eeab960aa872f18b04e9aec5dd64030c9b checksum/application_key: 01ba4719c80b6fe911b091a7c05124b64eeece964e09c058ef8f9805daca546b - checksum/install_info: 9723455d5ab3318a8d2a46e64a29d03b3142738df48c8a9ccac656513fd33065 + checksum/install_info: 8259f0118cc24f897cb93f1c9bc5e8758de1ba559ec3ed571df7ad67c9d31a24 spec: serviceAccountName: datadog-cluster-agent automountServiceAccountToken: true diff --git a/test/datadog/baseline/daemonset_default.yaml b/test/datadog/baseline/daemonset_default.yaml index 871d35989..cc59fed14 100644 --- a/test/datadog/baseline/daemonset_default.yaml +++ b/test/datadog/baseline/daemonset_default.yaml @@ -6,7 +6,7 @@ metadata: name: datadog namespace: datadog-agent labels: - helm.sh/chart: 'datadog-3.90.1' + helm.sh/chart: 'datadog-3.90.2' app.kubernetes.io/name: "datadog" app.kubernetes.io/instance: "datadog" app.kubernetes.io/managed-by: Helm @@ -30,8 +30,8 @@ spec: name: datadog annotations: - checksum/clusteragent_token: 174aed95311830aaf174696e8c52c338f13193ff6b513fa2407bccf3de9cf236 - checksum/install_info: 9723455d5ab3318a8d2a46e64a29d03b3142738df48c8a9ccac656513fd33065 + checksum/clusteragent_token: a4cd0b2eccf03f28de831e4664477e73354ae56f0dedfcec33e85f0e2b0da008 + checksum/install_info: 8259f0118cc24f897cb93f1c9bc5e8758de1ba559ec3ed571df7ad67c9d31a24 checksum/autoconf-config: 74234e98afe7498fb5daf1f36ac2d78acc339464f950703b8c019892f982b90b checksum/confd-config: 44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a checksum/checksd-config: 44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a diff --git a/test/datadog/baseline/gdc_daemonset_default.yaml b/test/datadog/baseline/gdc_daemonset_default.yaml index 5ae4bc007..6c0b89e28 100644 --- a/test/datadog/baseline/gdc_daemonset_default.yaml +++ b/test/datadog/baseline/gdc_daemonset_default.yaml @@ -6,7 +6,7 @@ metadata: name: datadog namespace: datadog-agent labels: - helm.sh/chart: 'datadog-3.90.1' + helm.sh/chart: 'datadog-3.90.2' app.kubernetes.io/name: "datadog" app.kubernetes.io/instance: "datadog" app.kubernetes.io/managed-by: Helm @@ -30,8 +30,8 @@ spec: env.datadoghq.com/kind: gke-gdc name: datadog annotations: - checksum/clusteragent_token: 7fc9f30808ea0383822036c8c312145acf9d5ffbce9dfd4e4fa2c58ee6885cee - checksum/install_info: 9723455d5ab3318a8d2a46e64a29d03b3142738df48c8a9ccac656513fd33065 + checksum/clusteragent_token: 7024d7bbb843ff1e8f222957eb1366a7e2e4cade071aeac406df417976aa5d65 + checksum/install_info: 8259f0118cc24f897cb93f1c9bc5e8758de1ba559ec3ed571df7ad67c9d31a24 checksum/autoconf-config: 74234e98afe7498fb5daf1f36ac2d78acc339464f950703b8c019892f982b90b checksum/confd-config: 44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a checksum/checksd-config: 44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a diff --git a/test/datadog/baseline/gdc_daemonset_logs_collection.yaml b/test/datadog/baseline/gdc_daemonset_logs_collection.yaml index 579867388..e00c5e9ed 100644 --- a/test/datadog/baseline/gdc_daemonset_logs_collection.yaml +++ b/test/datadog/baseline/gdc_daemonset_logs_collection.yaml @@ -6,7 +6,7 @@ metadata: name: datadog namespace: datadog-agent labels: - helm.sh/chart: 'datadog-3.90.1' + helm.sh/chart: 'datadog-3.90.2' app.kubernetes.io/name: "datadog" app.kubernetes.io/instance: "datadog" app.kubernetes.io/managed-by: Helm @@ -30,8 +30,8 @@ spec: env.datadoghq.com/kind: gke-gdc name: datadog annotations: - checksum/clusteragent_token: 5251a960464770e4370d189d056f28e10e31380da0f2313f0c2448897e2624ec - checksum/install_info: 9723455d5ab3318a8d2a46e64a29d03b3142738df48c8a9ccac656513fd33065 + checksum/clusteragent_token: bedf4b98bef468ea34a4e0b4d6d8794d096157170b4f2941744ad406708bc97e + checksum/install_info: 8259f0118cc24f897cb93f1c9bc5e8758de1ba559ec3ed571df7ad67c9d31a24 checksum/autoconf-config: 74234e98afe7498fb5daf1f36ac2d78acc339464f950703b8c019892f982b90b checksum/confd-config: 44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a checksum/checksd-config: 44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a diff --git a/test/datadog/baseline/other_default.yaml b/test/datadog/baseline/other_default.yaml index f90244294..b443c38b8 100644 --- a/test/datadog/baseline/other_default.yaml +++ b/test/datadog/baseline/other_default.yaml @@ -6,7 +6,7 @@ metadata: name: datadog-clusterchecks namespace: datadog-agent labels: - helm.sh/chart: 'datadog-3.90.1' + helm.sh/chart: 'datadog-3.90.2' app.kubernetes.io/name: "datadog" app.kubernetes.io/instance: "datadog" app.kubernetes.io/managed-by: Helm @@ -24,7 +24,7 @@ metadata: name: datadog-cluster-agent namespace: datadog-agent labels: - helm.sh/chart: 'datadog-3.90.1' + helm.sh/chart: 'datadog-3.90.2' app.kubernetes.io/name: "datadog" app.kubernetes.io/instance: "datadog" app.kubernetes.io/managed-by: Helm @@ -41,13 +41,13 @@ kind: ServiceAccount automountServiceAccountToken: true metadata: labels: - helm.sh/chart: 'datadog-3.90.1' + helm.sh/chart: 'datadog-3.90.2' app.kubernetes.io/name: "datadog" app.kubernetes.io/instance: "datadog" app.kubernetes.io/managed-by: Helm app.kubernetes.io/version: "7" app: "datadog" - chart: "datadog-3.90.1" + chart: "datadog-3.90.2" heritage: "Helm" release: "datadog" name: datadog-cluster-checks @@ -60,10 +60,10 @@ automountServiceAccountToken: true metadata: labels: app: "datadog" - chart: "datadog-3.90.1" + chart: "datadog-3.90.2" heritage: "Helm" release: "datadog" - helm.sh/chart: 'datadog-3.90.1' + helm.sh/chart: 'datadog-3.90.2' app.kubernetes.io/name: "datadog" app.kubernetes.io/instance: "datadog" app.kubernetes.io/managed-by: Helm @@ -79,7 +79,7 @@ metadata: name: datadog namespace: datadog-agent labels: - helm.sh/chart: 'datadog-3.90.1' + helm.sh/chart: 'datadog-3.90.2' app.kubernetes.io/name: "datadog" app.kubernetes.io/instance: "datadog" app.kubernetes.io/managed-by: Helm @@ -92,14 +92,14 @@ metadata: name: datadog-cluster-agent namespace: datadog-agent labels: - helm.sh/chart: 'datadog-3.90.1' + helm.sh/chart: 'datadog-3.90.2' app.kubernetes.io/name: "datadog" app.kubernetes.io/instance: "datadog" app.kubernetes.io/managed-by: Helm app.kubernetes.io/version: "7" type: Opaque data: - token: "akJERTVsWGplWTZEZXdPMFVLalFlS2FSZVhaWTlvU1E=" + token: "U0JzMkhyYkIxRFBvck8wTG1QNzRDV1JZNGl3ZU5uNWk=" --- # Source: datadog/templates/cluster-agent-confd-configmap.yaml apiVersion: v1 @@ -108,7 +108,7 @@ metadata: name: datadog-cluster-agent-confd namespace: datadog-agent labels: - helm.sh/chart: 'datadog-3.90.1' + helm.sh/chart: 'datadog-3.90.2' app.kubernetes.io/name: "datadog" app.kubernetes.io/instance: "datadog" app.kubernetes.io/managed-by: Helm @@ -164,20 +164,20 @@ metadata: name: datadog-installinfo namespace: datadog-agent labels: - helm.sh/chart: 'datadog-3.90.1' + helm.sh/chart: 'datadog-3.90.2' app.kubernetes.io/name: "datadog" app.kubernetes.io/instance: "datadog" app.kubernetes.io/managed-by: Helm app.kubernetes.io/version: "7" annotations: - checksum/install_info: 9723455d5ab3318a8d2a46e64a29d03b3142738df48c8a9ccac656513fd33065 + checksum/install_info: 8259f0118cc24f897cb93f1c9bc5e8758de1ba559ec3ed571df7ad67c9d31a24 data: install_info: | --- install_method: tool: helm tool_version: Helm - installer_version: datadog-3.90.1 + installer_version: datadog-3.90.2 --- # Source: datadog/templates/kpi-telemetry-configmap.yaml apiVersion: v1 @@ -186,22 +186,22 @@ metadata: name: datadog-kpi-telemetry-configmap namespace: datadog-agent labels: - helm.sh/chart: 'datadog-3.90.1' + helm.sh/chart: 'datadog-3.90.2' app.kubernetes.io/name: "datadog" app.kubernetes.io/instance: "datadog" app.kubernetes.io/managed-by: Helm app.kubernetes.io/version: "7" data: install_type: k8s_manual - install_id: "2481de20-14d7-4ee6-9a7a-c2ef5ed1a195" - install_time: "1738785665" + install_id: "5c5bd57c-0417-48c1-b534-8cb328f6b262" + install_time: "1738953116" --- # Source: datadog/templates/cluster-agent-rbac.yaml apiVersion: "rbac.authorization.k8s.io/v1" kind: ClusterRole metadata: labels: - helm.sh/chart: 'datadog-3.90.1' + helm.sh/chart: 'datadog-3.90.2' app.kubernetes.io/name: "datadog" app.kubernetes.io/instance: "datadog" app.kubernetes.io/managed-by: Helm @@ -426,7 +426,7 @@ apiVersion: "rbac.authorization.k8s.io/v1" kind: ClusterRole metadata: labels: - helm.sh/chart: 'datadog-3.90.1' + helm.sh/chart: 'datadog-3.90.2' app.kubernetes.io/name: "datadog" app.kubernetes.io/instance: "datadog" app.kubernetes.io/managed-by: Helm @@ -522,7 +522,7 @@ kind: ClusterRole metadata: name: datadog labels: - helm.sh/chart: 'datadog-3.90.1' + helm.sh/chart: 'datadog-3.90.2' app.kubernetes.io/name: "datadog" app.kubernetes.io/instance: "datadog" app.kubernetes.io/managed-by: Helm @@ -577,7 +577,7 @@ apiVersion: "rbac.authorization.k8s.io/v1" kind: ClusterRoleBinding metadata: labels: - helm.sh/chart: 'datadog-3.90.1' + helm.sh/chart: 'datadog-3.90.2' app.kubernetes.io/name: "datadog" app.kubernetes.io/instance: "datadog" app.kubernetes.io/managed-by: Helm @@ -597,7 +597,7 @@ apiVersion: "rbac.authorization.k8s.io/v1" kind: ClusterRoleBinding metadata: labels: - helm.sh/chart: 'datadog-3.90.1' + helm.sh/chart: 'datadog-3.90.2' app.kubernetes.io/name: "datadog" app.kubernetes.io/instance: "datadog" app.kubernetes.io/managed-by: Helm @@ -617,7 +617,7 @@ apiVersion: "rbac.authorization.k8s.io/v1" kind: ClusterRoleBinding metadata: labels: - helm.sh/chart: 'datadog-3.90.1' + helm.sh/chart: 'datadog-3.90.2' app.kubernetes.io/name: "datadog" app.kubernetes.io/instance: "datadog" app.kubernetes.io/managed-by: Helm @@ -638,7 +638,7 @@ kind: ClusterRoleBinding metadata: name: datadog labels: - helm.sh/chart: 'datadog-3.90.1' + helm.sh/chart: 'datadog-3.90.2' app.kubernetes.io/name: "datadog" app.kubernetes.io/instance: "datadog" app.kubernetes.io/managed-by: Helm @@ -657,7 +657,7 @@ apiVersion: "rbac.authorization.k8s.io/v1" kind: Role metadata: labels: - helm.sh/chart: 'datadog-3.90.1' + helm.sh/chart: 'datadog-3.90.2' app.kubernetes.io/name: "datadog" app.kubernetes.io/instance: "datadog" app.kubernetes.io/managed-by: Helm @@ -674,7 +674,7 @@ apiVersion: "rbac.authorization.k8s.io/v1" kind: Role metadata: labels: - helm.sh/chart: 'datadog-3.90.1' + helm.sh/chart: 'datadog-3.90.2' app.kubernetes.io/name: "datadog" app.kubernetes.io/instance: "datadog" app.kubernetes.io/managed-by: Helm @@ -696,7 +696,7 @@ apiVersion: "rbac.authorization.k8s.io/v1" kind: RoleBinding metadata: labels: - helm.sh/chart: 'datadog-3.90.1' + helm.sh/chart: 'datadog-3.90.2' app.kubernetes.io/name: "datadog" app.kubernetes.io/instance: "datadog" app.kubernetes.io/managed-by: Helm @@ -717,7 +717,7 @@ apiVersion: "rbac.authorization.k8s.io/v1" kind: RoleBinding metadata: labels: - helm.sh/chart: 'datadog-3.90.1' + helm.sh/chart: 'datadog-3.90.2' app.kubernetes.io/name: "datadog" app.kubernetes.io/instance: "datadog" app.kubernetes.io/managed-by: Helm @@ -740,7 +740,7 @@ metadata: name: datadog-cluster-agent namespace: datadog-agent labels: - helm.sh/chart: 'datadog-3.90.1' + helm.sh/chart: 'datadog-3.90.2' app.kubernetes.io/name: "datadog" app.kubernetes.io/instance: "datadog" app.kubernetes.io/managed-by: Helm @@ -762,10 +762,10 @@ metadata: namespace: datadog-agent labels: app: "datadog" - chart: "datadog-3.90.1" + chart: "datadog-3.90.2" release: "datadog" heritage: "Helm" - helm.sh/chart: 'datadog-3.90.1' + helm.sh/chart: 'datadog-3.90.2' app.kubernetes.io/name: "datadog" app.kubernetes.io/instance: "datadog" app.kubernetes.io/managed-by: Helm @@ -788,10 +788,10 @@ metadata: namespace: datadog-agent labels: app: "datadog" - chart: "datadog-3.90.1" + chart: "datadog-3.90.2" release: "datadog" heritage: "Helm" - helm.sh/chart: 'datadog-3.90.1' + helm.sh/chart: 'datadog-3.90.2' app.kubernetes.io/name: "datadog" app.kubernetes.io/instance: "datadog" app.kubernetes.io/managed-by: Helm @@ -817,7 +817,7 @@ metadata: name: datadog namespace: datadog-agent labels: - helm.sh/chart: 'datadog-3.90.1' + helm.sh/chart: 'datadog-3.90.2' app.kubernetes.io/name: "datadog" app.kubernetes.io/instance: "datadog" app.kubernetes.io/managed-by: Helm @@ -841,8 +841,8 @@ spec: name: datadog annotations: - checksum/clusteragent_token: 2f5e57327770b567fc1dafc71318aa2f3c850df1ef4977ec5fe26197b8834136 - checksum/install_info: 9723455d5ab3318a8d2a46e64a29d03b3142738df48c8a9ccac656513fd33065 + checksum/clusteragent_token: 57839c61024e0fb56fbc9cf5bf891294305790e426e1d37d8a07c66e429dd6ff + checksum/install_info: 8259f0118cc24f897cb93f1c9bc5e8758de1ba559ec3ed571df7ad67c9d31a24 checksum/autoconf-config: 74234e98afe7498fb5daf1f36ac2d78acc339464f950703b8c019892f982b90b checksum/confd-config: 44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a checksum/checksd-config: 44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a @@ -1245,7 +1245,7 @@ metadata: name: datadog-clusterchecks namespace: datadog-agent labels: - helm.sh/chart: 'datadog-3.90.1' + helm.sh/chart: 'datadog-3.90.2' app.kubernetes.io/name: "datadog" app.kubernetes.io/instance: "datadog" app.kubernetes.io/managed-by: Helm @@ -1275,8 +1275,8 @@ spec: name: datadog-clusterchecks annotations: - checksum/clusteragent_token: 1b27814030c156af6fcafca3ca9274edebf20699c821e892d77c4c7d740a2f5b - checksum/install_info: 9723455d5ab3318a8d2a46e64a29d03b3142738df48c8a9ccac656513fd33065 + checksum/clusteragent_token: 02cf46203805767658d4eb2e04fe2bc4f920b2ef88de243386c6edb94b2b9245 + checksum/install_info: 8259f0118cc24f897cb93f1c9bc5e8758de1ba559ec3ed571df7ad67c9d31a24 spec: serviceAccountName: datadog-cluster-checks automountServiceAccountToken: true @@ -1437,7 +1437,7 @@ metadata: name: datadog-cluster-agent namespace: datadog-agent labels: - helm.sh/chart: 'datadog-3.90.1' + helm.sh/chart: 'datadog-3.90.2' app.kubernetes.io/name: "datadog" app.kubernetes.io/instance: "datadog" app.kubernetes.io/managed-by: Helm @@ -1467,9 +1467,9 @@ spec: name: datadog-cluster-agent annotations: - checksum/clusteragent_token: 1176d3833b7a6e7565e239de5bb77df64ee32f35d85f852534db02422215ba35 - checksum/clusteragent-configmap: 9f0ae9132099384f08acb30e2ef9005327efa60bf64fe70444720d4b538bbf21 - checksum/install_info: 9723455d5ab3318a8d2a46e64a29d03b3142738df48c8a9ccac656513fd33065 + checksum/clusteragent_token: b1896a49dde5621ec92bf9c838646851815d6b4a4c065ee35b756ed3ec9bfdd7 + checksum/clusteragent-configmap: 18570665d455b75e30f7ad1a42673e45d231713be79b4bb27ef3b30162cbb996 + checksum/install_info: 8259f0118cc24f897cb93f1c9bc5e8758de1ba559ec3ed571df7ad67c9d31a24 spec: serviceAccountName: datadog-cluster-agent automountServiceAccountToken: true From 6885b61a2989a80d70df37eaf4cc6442edc3126b Mon Sep 17 00:00:00 2001 From: Sarah Wang Date: Fri, 7 Feb 2025 17:29:53 -0500 Subject: [PATCH 11/45] [datadog-operator] Update Operator version to 1.12.0 (#1692) * update datadog operator version to 1.12.0 * update datadog-crds chart version * add DatadogGenericResource configuration * update readme to include datadogGenericResource flags * nit --- charts/datadog-operator/CHANGELOG.md | 5 + charts/datadog-operator/Chart.lock | 6 +- charts/datadog-operator/Chart.yaml | 6 +- charts/datadog-operator/README.md | 6 +- .../datadog-operator/templates/_helpers.tpl | 2 +- .../templates/clusterrole.yaml | 3 + .../templates/deployment.yaml | 3 + charts/datadog-operator/values.yaml | 7 +- .../baseline/DatadogAgent_CRD_default.yaml | 140 +++++++++++++++++- .../baseline/Operator_Deployment_default.yaml | 7 +- .../operator_deployment_test.go | 2 +- 11 files changed, 172 insertions(+), 15 deletions(-) diff --git a/charts/datadog-operator/CHANGELOG.md b/charts/datadog-operator/CHANGELOG.md index a7ed55f0a..a65ae2b42 100644 --- a/charts/datadog-operator/CHANGELOG.md +++ b/charts/datadog-operator/CHANGELOG.md @@ -1,5 +1,10 @@ # Changelog +## 2.6.0 + +* Update Datadog Operator version to 1.12.0. +* Add DatadogGenericResource configuration. + ## 2.5.1 * Expose CRD-specific namespace watch configuration added in Operator 1.8.0 release. diff --git a/charts/datadog-operator/Chart.lock b/charts/datadog-operator/Chart.lock index e5aa3049e..5aad792c5 100644 --- a/charts/datadog-operator/Chart.lock +++ b/charts/datadog-operator/Chart.lock @@ -1,6 +1,6 @@ dependencies: - name: datadog-crds repository: https://helm.datadoghq.com - version: 2.3.0 -digest: sha256:67db7e15aa50bde3e2e62273b71402d2e4302c71f13201c3646ee5865e236106 -generated: "2024-12-18T14:19:32.327237+01:00" + version: 2.4.1 +digest: sha256:aad0385741a8458b9061a7117318d93f834e3314e5f794411b4001a534a9d6ee +generated: "2025-02-07T14:26:48.62608-05:00" diff --git a/charts/datadog-operator/Chart.yaml b/charts/datadog-operator/Chart.yaml index 83165c1ae..2e61e04bc 100644 --- a/charts/datadog-operator/Chart.yaml +++ b/charts/datadog-operator/Chart.yaml @@ -1,7 +1,7 @@ apiVersion: v2 name: datadog-operator -version: 2.5.2 -appVersion: 1.11.1 +version: 2.6.0 +appVersion: 1.12.0 description: Datadog Operator keywords: - monitoring @@ -17,7 +17,7 @@ maintainers: email: support@datadoghq.com dependencies: - name: datadog-crds - version: "=2.3.0" + version: "=2.4.1" alias: datadogCRDs repository: https://helm.datadoghq.com condition: installCRDs diff --git a/charts/datadog-operator/README.md b/charts/datadog-operator/README.md index c0ed7224d..bcd9a4fcf 100644 --- a/charts/datadog-operator/README.md +++ b/charts/datadog-operator/README.md @@ -1,6 +1,6 @@ # Datadog Operator -![Version: 2.5.2](https://img.shields.io/badge/Version-2.5.2-informational?style=flat-square) ![AppVersion: 1.11.1](https://img.shields.io/badge/AppVersion-1.11.1-informational?style=flat-square) +![Version: 2.6.0](https://img.shields.io/badge/Version-2.6.0-informational?style=flat-square) ![AppVersion: 1.12.0](https://img.shields.io/badge/AppVersion-1.12.0-informational?style=flat-square) ## Values @@ -19,11 +19,13 @@ | datadogAgentProfile.enabled | bool | `false` | If true, enables DatadogAgentProfile controller (beta). Requires v1.5.0+ | | datadogCRDs.crds.datadogAgents | bool | `true` | Set to true to deploy the DatadogAgents CRD | | datadogCRDs.crds.datadogDashboards | bool | `false` | Set to true to deploy the DatadogDashboard CRD | +| datadogCRDs.crds.datadogGenericResources | bool | `false` | Set to true to deploy the DatadogGenericResource CRD | | datadogCRDs.crds.datadogMetrics | bool | `true` | Set to true to deploy the DatadogMetrics CRD | | datadogCRDs.crds.datadogMonitors | bool | `true` | Set to true to deploy the DatadogMonitors CRD | | datadogCRDs.crds.datadogPodAutoscalers | bool | `true` | Set to true to deploy the DatadogPodAutoscalers CRD | | datadogCRDs.crds.datadogSLOs | bool | `false` | Set to true to deploy the DatadogSLO CRD | | datadogDashboard.enabled | bool | `false` | Enables the Datadog Dashboard controller | +| datadogGenericResource.enabled | bool | `false` | Enables the Datadog Generic Resource controller | | datadogMonitor.enabled | bool | `false` | Enables the Datadog Monitor controller | | datadogSLO.enabled | bool | `false` | Enables the Datadog SLO controller | | dd_url | string | `nil` | The host of the Datadog intake server to send Agent data to, only set this option if you need the Agent to send data to a custom URL | @@ -33,7 +35,7 @@ | image.doNotCheckTag | bool | `false` | Permit skipping operator image tag compatibility with the chart. | | image.pullPolicy | string | `"IfNotPresent"` | Define the pullPolicy for Datadog Operator image | | image.repository | string | `"gcr.io/datadoghq/operator"` | Repository to use for Datadog Operator image | -| image.tag | string | `"1.11.1"` | Define the Datadog Operator version to use | +| image.tag | string | `"1.12.0"` | Define the Datadog Operator version to use | | imagePullSecrets | list | `[]` | Datadog Operator repository pullSecret (ex: specify docker registry credentials) | | installCRDs | bool | `true` | Set to true to deploy the Datadog's CRDs | | introspection.enabled | bool | `false` | If true, enables introspection feature (beta). Requires v1.4.0+ | diff --git a/charts/datadog-operator/templates/_helpers.tpl b/charts/datadog-operator/templates/_helpers.tpl index 50dc92353..31e8e5f7d 100644 --- a/charts/datadog-operator/templates/_helpers.tpl +++ b/charts/datadog-operator/templates/_helpers.tpl @@ -85,6 +85,6 @@ Check operator image tag version. {{- if not .Values.image.doNotCheckTag -}} {{- .Values.image.tag -}} {{- else -}} -{{ "1.11.1" }} +{{ "1.12.0" }} {{- end -}} {{- end -}} diff --git a/charts/datadog-operator/templates/clusterrole.yaml b/charts/datadog-operator/templates/clusterrole.yaml index 1ac37f56e..dc69c7b8d 100644 --- a/charts/datadog-operator/templates/clusterrole.yaml +++ b/charts/datadog-operator/templates/clusterrole.yaml @@ -226,6 +226,8 @@ rules: resources: - datadogagents - datadogagents/finalizers + - datadoggenericresources + - datadoggenericresources/finalizers - datadogmonitors - datadogmonitors/finalizers - datadogslos @@ -243,6 +245,7 @@ rules: - datadoghq.com resources: - datadogagents/status + - datadoggenericresources/status - datadogmonitors/status - datadogslos/status verbs: diff --git a/charts/datadog-operator/templates/deployment.yaml b/charts/datadog-operator/templates/deployment.yaml index 6532eb07c..8a616fa7b 100644 --- a/charts/datadog-operator/templates/deployment.yaml +++ b/charts/datadog-operator/templates/deployment.yaml @@ -148,6 +148,9 @@ spec: {{- if (semverCompare ">=1.9.0-0" $version) }} - "-datadogDashboardEnabled={{ .Values.datadogDashboard.enabled }}" {{- end }} + {{- if (semverCompare ">=1.12.0" $version) }} + - "-datadogGenericResourceEnabled={{ .Values.datadogGenericResource.enabled }}" + {{- end }} {{- if (semverCompare ">=1.7.0" $version) }} - "-remoteConfigEnabled={{ .Values.remoteConfiguration.enabled }}" {{- end }} diff --git a/charts/datadog-operator/values.yaml b/charts/datadog-operator/values.yaml index d2c1be14e..aaaa32e2f 100644 --- a/charts/datadog-operator/values.yaml +++ b/charts/datadog-operator/values.yaml @@ -47,7 +47,7 @@ image: # image.repository -- Repository to use for Datadog Operator image repository: gcr.io/datadoghq/operator # image.tag -- Define the Datadog Operator version to use - tag: 1.11.1 + tag: 1.12.0 # image.pullPolicy -- Define the pullPolicy for Datadog Operator image pullPolicy: IfNotPresent # image.doNotCheckTag -- Permit skipping operator image tag compatibility with the chart. @@ -87,6 +87,9 @@ datadogAgent: datadogDashboard: # datadogDashboard.enabled -- Enables the Datadog Dashboard controller enabled: false +datadogGenericResource: + # datadogGenericResource.enabled -- Enables the Datadog Generic Resource controller + enabled: false datadogMonitor: # datadogMonitor.enabled -- Enables the Datadog Monitor controller enabled: false @@ -147,6 +150,8 @@ datadogCRDs: datadogSLOs: false # datadogCRDs.crds.datadogDashboards -- Set to true to deploy the DatadogDashboard CRD datadogDashboards: false + # datadogCRDs.crds.datadogGenericResources -- Set to true to deploy the DatadogGenericResource CRD + datadogGenericResources: false # podAnnotations -- Allows setting additional annotations for Datadog Operator PODs podAnnotations: {} diff --git a/test/datadog-operator/baseline/DatadogAgent_CRD_default.yaml b/test/datadog-operator/baseline/DatadogAgent_CRD_default.yaml index 0a364f99e..2dc1035de 100644 --- a/test/datadog-operator/baseline/DatadogAgent_CRD_default.yaml +++ b/test/datadog-operator/baseline/DatadogAgent_CRD_default.yaml @@ -7,7 +7,7 @@ metadata: controller-gen.kubebuilder.io/version: v0.16.3 name: datadogagents.datadoghq.com labels: - helm.sh/chart: 'datadogCRDs-2.3.0' + helm.sh/chart: 'datadogCRDs-2.4.1' app.kubernetes.io/managed-by: 'Helm' app.kubernetes.io/name: 'datadogCRDs' app.kubernetes.io/instance: 'datadog-operator' @@ -261,6 +261,11 @@ spec: type: boolean failurePolicy: type: string + kubernetesAdmissionEvents: + properties: + enabled: + type: boolean + type: object mutateUnlabelled: type: boolean mutation: @@ -708,6 +713,69 @@ spec: scrubContainers: type: boolean type: object + otelCollector: + properties: + conf: + properties: + configData: + type: string + configMap: + properties: + items: + items: + properties: + key: + type: string + mode: + format: int32 + type: integer + path: + type: string + required: + - key + - path + type: object + type: array + x-kubernetes-list-map-keys: + - key + x-kubernetes-list-type: map + name: + type: string + type: object + type: object + coreConfig: + properties: + enabled: + type: boolean + extensionTimeout: + type: integer + extensionURL: + type: string + type: object + enabled: + type: boolean + ports: + items: + properties: + containerPort: + format: int32 + type: integer + hostIP: + type: string + hostPort: + format: int32 + type: integer + name: + type: string + protocol: + default: TCP + type: string + required: + - containerPort + type: object + type: array + x-kubernetes-list-type: atomic + type: object otlp: properties: receiver: @@ -2444,6 +2512,8 @@ spec: replicas: format: int32 type: integer + runtimeClassName: + type: string securityContext: properties: appArmorProfile: @@ -3741,6 +3811,11 @@ spec: type: boolean failurePolicy: type: string + kubernetesAdmissionEvents: + properties: + enabled: + type: boolean + type: object mutateUnlabelled: type: boolean mutation: @@ -4188,6 +4263,69 @@ spec: scrubContainers: type: boolean type: object + otelCollector: + properties: + conf: + properties: + configData: + type: string + configMap: + properties: + items: + items: + properties: + key: + type: string + mode: + format: int32 + type: integer + path: + type: string + required: + - key + - path + type: object + type: array + x-kubernetes-list-map-keys: + - key + x-kubernetes-list-type: map + name: + type: string + type: object + type: object + coreConfig: + properties: + enabled: + type: boolean + extensionTimeout: + type: integer + extensionURL: + type: string + type: object + enabled: + type: boolean + ports: + items: + properties: + containerPort: + format: int32 + type: integer + hostIP: + type: string + hostPort: + format: int32 + type: integer + name: + type: string + protocol: + default: TCP + type: string + required: + - containerPort + type: object + type: array + x-kubernetes-list-type: atomic + type: object otlp: properties: receiver: diff --git a/test/datadog-operator/baseline/Operator_Deployment_default.yaml b/test/datadog-operator/baseline/Operator_Deployment_default.yaml index b373cd360..84be9b411 100644 --- a/test/datadog-operator/baseline/Operator_Deployment_default.yaml +++ b/test/datadog-operator/baseline/Operator_Deployment_default.yaml @@ -7,9 +7,9 @@ metadata: namespace: datadog-agent labels: app.kubernetes.io/name: datadog-operator - helm.sh/chart: datadog-operator-2.5.2 + helm.sh/chart: datadog-operator-2.6.0 app.kubernetes.io/instance: datadog-operator - app.kubernetes.io/version: "1.11.1" + app.kubernetes.io/version: "1.12.0" app.kubernetes.io/managed-by: Helm spec: replicas: 1 @@ -35,7 +35,7 @@ spec: serviceAccountName: datadog-operator containers: - name: datadog-operator - image: "gcr.io/datadoghq/operator:1.11.1" + image: "gcr.io/datadoghq/operator:1.12.0" imagePullPolicy: IfNotPresent env: - name: WATCH_NAMESPACE @@ -60,6 +60,7 @@ spec: - "-datadogAgentEnabled=true" - "-datadogSLOEnabled=false" - "-datadogDashboardEnabled=false" + - "-datadogGenericResourceEnabled=false" - "-remoteConfigEnabled=false" ports: - name: metrics diff --git a/test/datadog-operator/operator_deployment_test.go b/test/datadog-operator/operator_deployment_test.go index 9c6ffa94c..233c544fc 100644 --- a/test/datadog-operator/operator_deployment_test.go +++ b/test/datadog-operator/operator_deployment_test.go @@ -121,7 +121,7 @@ func verifyDeployment(t *testing.T, manifest string) { assert.Equal(t, 1, len(deployment.Spec.Template.Spec.Containers)) operatorContainer := deployment.Spec.Template.Spec.Containers[0] assert.Equal(t, v1.PullPolicy("IfNotPresent"), operatorContainer.ImagePullPolicy) - assert.Equal(t, "gcr.io/datadoghq/operator:1.11.1", operatorContainer.Image) + assert.Equal(t, "gcr.io/datadoghq/operator:1.12.0", operatorContainer.Image) assert.NotContains(t, operatorContainer.Args, "-webhookEnabled=false") assert.NotContains(t, operatorContainer.Args, "-webhookEnabled=true") } From 6754d6bf45c7534b31a1d7a6e58bf69325a96872 Mon Sep 17 00:00:00 2001 From: Gabriel Plassard <138318954+dd-gplassard@users.noreply.github.com> Date: Mon, 10 Feb 2025 16:14:35 +0100 Subject: [PATCH 12/45] [PAR] Add gitlab credentials example (#1695) * Add gitlab credentials example * bump version --- charts/private-action-runner/CHANGELOG.md | 4 ++++ charts/private-action-runner/Chart.yaml | 2 +- charts/private-action-runner/README.md | 2 +- charts/private-action-runner/README.md.gotmpl | 2 +- .../private-action-runner/examples/values.yaml | 16 ++++++++++++++++ 5 files changed, 23 insertions(+), 3 deletions(-) diff --git a/charts/private-action-runner/CHANGELOG.md b/charts/private-action-runner/CHANGELOG.md index 0307f7a95..aafcf4187 100644 --- a/charts/private-action-runner/CHANGELOG.md +++ b/charts/private-action-runner/CHANGELOG.md @@ -1,5 +1,9 @@ # Datadog changelog +## 0.15.5 + +* Add gitlab credentials file example + ## 0.15.4 * Update private action image version to `v0.1.10-beta` diff --git a/charts/private-action-runner/Chart.yaml b/charts/private-action-runner/Chart.yaml index e0a6d1dc4..592c07f9e 100644 --- a/charts/private-action-runner/Chart.yaml +++ b/charts/private-action-runner/Chart.yaml @@ -3,7 +3,7 @@ name: private-action-runner description: A Helm chart to deploy the private action runner type: application -version: 0.15.4 +version: 0.15.5 appVersion: "1.22.0" keywords: - app builder diff --git a/charts/private-action-runner/README.md b/charts/private-action-runner/README.md index e95c90477..eff38fbaa 100644 --- a/charts/private-action-runner/README.md +++ b/charts/private-action-runner/README.md @@ -1,6 +1,6 @@ # Datadog Private Action Runner -![Version: 0.15.4](https://img.shields.io/badge/Version-0.15.4-informational?style=flat-square) ![AppVersion: v0.1.10-beta](https://img.shields.io/badge/AppVersion-v0.1.6--beta-informational?style=flat-square) +![Version: 0.15.5](https://img.shields.io/badge/Version-0.15.4-informational?style=flat-square) ![AppVersion: v0.1.10-beta](https://img.shields.io/badge/AppVersion-v0.1.6--beta-informational?style=flat-square) This Helm Chart deploys the Datadog Private Action runner inside a Kubernetes cluster. It allows you to use private actions from the Datadog Workflow and Datadog App Builder products. When deploying this chart, you can give permissions to the runner in order to be able to run Kubernetes actions. diff --git a/charts/private-action-runner/README.md.gotmpl b/charts/private-action-runner/README.md.gotmpl index be874474a..fadc705ac 100644 --- a/charts/private-action-runner/README.md.gotmpl +++ b/charts/private-action-runner/README.md.gotmpl @@ -1,6 +1,6 @@ # Datadog Private Action Runner -![Version: 0.15.4](https://img.shields.io/badge/Version-0.15.4-informational?style=flat-square) ![AppVersion: v0.1.10-beta](https://img.shields.io/badge/AppVersion-v0.1.6--beta-informational?style=flat-square) +![Version: 0.15.5](https://img.shields.io/badge/Version-0.15.4-informational?style=flat-square) ![AppVersion: v0.1.10-beta](https://img.shields.io/badge/AppVersion-v0.1.6--beta-informational?style=flat-square) This Helm Chart deploys the Datadog Private Action runner inside a Kubernetes cluster. It allows you to use private actions from the Datadog Workflow and Datadog App Builder products. When deploying this chart, you can give permissions to the runner in order to be able to run Kubernetes actions. diff --git a/charts/private-action-runner/examples/values.yaml b/charts/private-action-runner/examples/values.yaml index 7d2106f39..a523409f3 100644 --- a/charts/private-action-runner/examples/values.yaml +++ b/charts/private-action-runner/examples/values.yaml @@ -172,3 +172,19 @@ credentialFiles: } ] } + - fileName: "gitlab_creds.json" + data: | + { + "auth_type": "Token Auth", + "credentials": [ + { + "tokenName": "baseURL", + "tokenValue": "GITLAB_BASE_URL" + }, + { + "tokenName": "gitlabApiToken", + "tokenValue": "GITLAB_API_TOKEN" + } + ] + } + From ffcf8f4aaa0b04401a802d512711f4eefdd81a14 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Timoth=C3=A9e=20Bavelier?= <97530782+tbavelier@users.noreply.github.com> Date: Tue, 11 Feb 2025 14:52:48 +0100 Subject: [PATCH 13/45] default to gcr on us3 when autopilot (#1699) * default to gcr on us3 when autopilot * nit * Update charts/datadog/CHANGELOG.md Co-authored-by: Celene --------- Co-authored-by: Celene --- charts/datadog/CHANGELOG.md | 4 ++++ charts/datadog/Chart.yaml | 2 +- charts/datadog/README.md | 2 +- charts/datadog/templates/_helpers.tpl | 2 +- charts/datadog/values.yaml | 2 ++ 5 files changed, 9 insertions(+), 3 deletions(-) diff --git a/charts/datadog/CHANGELOG.md b/charts/datadog/CHANGELOG.md index b5e00d940..31c524c92 100644 --- a/charts/datadog/CHANGELOG.md +++ b/charts/datadog/CHANGELOG.md @@ -1,5 +1,9 @@ # Datadog changelog +## 3.90.3 + +* Defaults `registry` to `gcr.io/datadoghq` when setting `datadog.site: us3.datadoghq.com` and deploying on GKE Autopilot (`providers.gke.autopilot: true`). + ## 3.90.2 * Adds env vars `DD_AGENT_IPC_PORT` and `DD_AGENT_IPC_CONFIG_REFRESH_INTERVAL` when Otel Agent is enabled and adds flag `--sync-delay=30s` to otel agent. diff --git a/charts/datadog/Chart.yaml b/charts/datadog/Chart.yaml index fc22fccd3..62a573977 100644 --- a/charts/datadog/Chart.yaml +++ b/charts/datadog/Chart.yaml @@ -1,7 +1,7 @@ --- apiVersion: v1 name: datadog -version: 3.90.2 +version: 3.90.3 appVersion: "7" description: Datadog Agent keywords: diff --git a/charts/datadog/README.md b/charts/datadog/README.md index 3a29aa8a9..d7b0271a2 100644 --- a/charts/datadog/README.md +++ b/charts/datadog/README.md @@ -1,6 +1,6 @@ # Datadog -![Version: 3.90.2](https://img.shields.io/badge/Version-3.90.2-informational?style=flat-square) ![AppVersion: 7](https://img.shields.io/badge/AppVersion-7-informational?style=flat-square) +![Version: 3.90.3](https://img.shields.io/badge/Version-3.90.3-informational?style=flat-square) ![AppVersion: 7](https://img.shields.io/badge/AppVersion-7-informational?style=flat-square) [Datadog](https://www.datadoghq.com/) is a hosted infrastructure monitoring platform. This chart adds the Datadog Agent to all nodes in your cluster via a DaemonSet. It also optionally depends on the [kube-state-metrics chart](https://github.com/prometheus-community/helm-charts/tree/main/charts/kube-state-metrics). For more information about monitoring Kubernetes with Datadog, please refer to the [Datadog documentation website](https://docs.datadoghq.com/agent/basic_agent_usage/kubernetes/). diff --git a/charts/datadog/templates/_helpers.tpl b/charts/datadog/templates/_helpers.tpl index 2d0074988..7d07df3cd 100644 --- a/charts/datadog/templates/_helpers.tpl +++ b/charts/datadog/templates/_helpers.tpl @@ -295,7 +295,7 @@ eu.gcr.io/datadoghq public.ecr.aws/datadog {{- else if eq .datadog.site "ap1.datadoghq.com" -}} asia.gcr.io/datadoghq -{{- else if eq .datadog.site "us3.datadoghq.com" -}} +{{- else if and (eq .datadog.site "us3.datadoghq.com") (not .providers.gke.autopilot) -}} datadoghq.azurecr.io {{- else -}} gcr.io/datadoghq diff --git a/charts/datadog/values.yaml b/charts/datadog/values.yaml index 432b1618c..174cc922b 100644 --- a/charts/datadog/values.yaml +++ b/charts/datadog/values.yaml @@ -27,6 +27,8 @@ commonLabels: {} ## Azure - use datadoghq.azurecr.io ## AWS - use public.ecr.aws/datadog ## DockerHub - use docker.io/datadog +## If you are on GKE Autopilot, you must use a gcr.io variant registry. + registry: # gcr.io/datadoghq datadog: From 0827d4f6aa8d9a00b9595f0668a9f1f4ac9a5bb9 Mon Sep 17 00:00:00 2001 From: Sarah Wang Date: Tue, 11 Feb 2025 17:44:03 -0500 Subject: [PATCH 14/45] update datadog operator version to 1.12.1 (#1700) --- charts/datadog-operator/CHANGELOG.md | 4 ++++ charts/datadog-operator/Chart.yaml | 4 ++-- charts/datadog-operator/README.md | 4 ++-- charts/datadog-operator/templates/_helpers.tpl | 2 +- charts/datadog-operator/values.yaml | 2 +- .../baseline/Operator_Deployment_default.yaml | 6 +++--- test/datadog-operator/operator_deployment_test.go | 2 +- 7 files changed, 14 insertions(+), 10 deletions(-) diff --git a/charts/datadog-operator/CHANGELOG.md b/charts/datadog-operator/CHANGELOG.md index a65ae2b42..75ed1131a 100644 --- a/charts/datadog-operator/CHANGELOG.md +++ b/charts/datadog-operator/CHANGELOG.md @@ -1,5 +1,9 @@ # Changelog +## 2.7.0 + +* Update Datadog Operator version to 1.12.1. + ## 2.6.0 * Update Datadog Operator version to 1.12.0. diff --git a/charts/datadog-operator/Chart.yaml b/charts/datadog-operator/Chart.yaml index 2e61e04bc..64cb814c7 100644 --- a/charts/datadog-operator/Chart.yaml +++ b/charts/datadog-operator/Chart.yaml @@ -1,7 +1,7 @@ apiVersion: v2 name: datadog-operator -version: 2.6.0 -appVersion: 1.12.0 +version: 2.7.0 +appVersion: 1.12.1 description: Datadog Operator keywords: - monitoring diff --git a/charts/datadog-operator/README.md b/charts/datadog-operator/README.md index bcd9a4fcf..cd369d95b 100644 --- a/charts/datadog-operator/README.md +++ b/charts/datadog-operator/README.md @@ -1,6 +1,6 @@ # Datadog Operator -![Version: 2.6.0](https://img.shields.io/badge/Version-2.6.0-informational?style=flat-square) ![AppVersion: 1.12.0](https://img.shields.io/badge/AppVersion-1.12.0-informational?style=flat-square) +![Version: 2.7.0](https://img.shields.io/badge/Version-2.7.0-informational?style=flat-square) ![AppVersion: 1.12.1](https://img.shields.io/badge/AppVersion-1.12.1-informational?style=flat-square) ## Values @@ -35,7 +35,7 @@ | image.doNotCheckTag | bool | `false` | Permit skipping operator image tag compatibility with the chart. | | image.pullPolicy | string | `"IfNotPresent"` | Define the pullPolicy for Datadog Operator image | | image.repository | string | `"gcr.io/datadoghq/operator"` | Repository to use for Datadog Operator image | -| image.tag | string | `"1.12.0"` | Define the Datadog Operator version to use | +| image.tag | string | `"1.12.1"` | Define the Datadog Operator version to use | | imagePullSecrets | list | `[]` | Datadog Operator repository pullSecret (ex: specify docker registry credentials) | | installCRDs | bool | `true` | Set to true to deploy the Datadog's CRDs | | introspection.enabled | bool | `false` | If true, enables introspection feature (beta). Requires v1.4.0+ | diff --git a/charts/datadog-operator/templates/_helpers.tpl b/charts/datadog-operator/templates/_helpers.tpl index 31e8e5f7d..f17953f81 100644 --- a/charts/datadog-operator/templates/_helpers.tpl +++ b/charts/datadog-operator/templates/_helpers.tpl @@ -85,6 +85,6 @@ Check operator image tag version. {{- if not .Values.image.doNotCheckTag -}} {{- .Values.image.tag -}} {{- else -}} -{{ "1.12.0" }} +{{ "1.12.1" }} {{- end -}} {{- end -}} diff --git a/charts/datadog-operator/values.yaml b/charts/datadog-operator/values.yaml index aaaa32e2f..74f1dddec 100644 --- a/charts/datadog-operator/values.yaml +++ b/charts/datadog-operator/values.yaml @@ -47,7 +47,7 @@ image: # image.repository -- Repository to use for Datadog Operator image repository: gcr.io/datadoghq/operator # image.tag -- Define the Datadog Operator version to use - tag: 1.12.0 + tag: 1.12.1 # image.pullPolicy -- Define the pullPolicy for Datadog Operator image pullPolicy: IfNotPresent # image.doNotCheckTag -- Permit skipping operator image tag compatibility with the chart. diff --git a/test/datadog-operator/baseline/Operator_Deployment_default.yaml b/test/datadog-operator/baseline/Operator_Deployment_default.yaml index 84be9b411..cdf0174c5 100644 --- a/test/datadog-operator/baseline/Operator_Deployment_default.yaml +++ b/test/datadog-operator/baseline/Operator_Deployment_default.yaml @@ -7,9 +7,9 @@ metadata: namespace: datadog-agent labels: app.kubernetes.io/name: datadog-operator - helm.sh/chart: datadog-operator-2.6.0 + helm.sh/chart: datadog-operator-2.7.0 app.kubernetes.io/instance: datadog-operator - app.kubernetes.io/version: "1.12.0" + app.kubernetes.io/version: "1.12.1" app.kubernetes.io/managed-by: Helm spec: replicas: 1 @@ -35,7 +35,7 @@ spec: serviceAccountName: datadog-operator containers: - name: datadog-operator - image: "gcr.io/datadoghq/operator:1.12.0" + image: "gcr.io/datadoghq/operator:1.12.1" imagePullPolicy: IfNotPresent env: - name: WATCH_NAMESPACE diff --git a/test/datadog-operator/operator_deployment_test.go b/test/datadog-operator/operator_deployment_test.go index 233c544fc..230d07a07 100644 --- a/test/datadog-operator/operator_deployment_test.go +++ b/test/datadog-operator/operator_deployment_test.go @@ -121,7 +121,7 @@ func verifyDeployment(t *testing.T, manifest string) { assert.Equal(t, 1, len(deployment.Spec.Template.Spec.Containers)) operatorContainer := deployment.Spec.Template.Spec.Containers[0] assert.Equal(t, v1.PullPolicy("IfNotPresent"), operatorContainer.ImagePullPolicy) - assert.Equal(t, "gcr.io/datadoghq/operator:1.12.0", operatorContainer.Image) + assert.Equal(t, "gcr.io/datadoghq/operator:1.12.1", operatorContainer.Image) assert.NotContains(t, operatorContainer.Args, "-webhookEnabled=false") assert.NotContains(t, operatorContainer.Args, "-webhookEnabled=true") } From ad6417245191521861690a0b5355a416fd3e04fd Mon Sep 17 00:00:00 2001 From: Oliver Li Date: Wed, 12 Feb 2025 13:53:04 -0500 Subject: [PATCH 15/45] Update private action image version to `v0.1.11-beta` (#1701) * Update private action image version to `v0.1.11-beta` * actually bump the chart version --- charts/private-action-runner/CHANGELOG.md | 4 ++++ charts/private-action-runner/Chart.yaml | 2 +- charts/private-action-runner/README.md | 4 ++-- charts/private-action-runner/README.md.gotmpl | 2 +- charts/private-action-runner/values.yaml | 2 +- test/private-action-runner/__snapshot__/default.yaml | 2 +- .../__snapshot__/enable-kubernetes-actions.yaml | 2 +- 7 files changed, 11 insertions(+), 7 deletions(-) diff --git a/charts/private-action-runner/CHANGELOG.md b/charts/private-action-runner/CHANGELOG.md index aafcf4187..97db34964 100644 --- a/charts/private-action-runner/CHANGELOG.md +++ b/charts/private-action-runner/CHANGELOG.md @@ -1,5 +1,9 @@ # Datadog changelog +## 0.15.6 + +* Update private action image version to `v0.1.11-beta` + ## 0.15.5 * Add gitlab credentials file example diff --git a/charts/private-action-runner/Chart.yaml b/charts/private-action-runner/Chart.yaml index 592c07f9e..114b8c4ed 100644 --- a/charts/private-action-runner/Chart.yaml +++ b/charts/private-action-runner/Chart.yaml @@ -3,7 +3,7 @@ name: private-action-runner description: A Helm chart to deploy the private action runner type: application -version: 0.15.5 +version: 0.15.6 appVersion: "1.22.0" keywords: - app builder diff --git a/charts/private-action-runner/README.md b/charts/private-action-runner/README.md index eff38fbaa..3d15b5d3f 100644 --- a/charts/private-action-runner/README.md +++ b/charts/private-action-runner/README.md @@ -1,6 +1,6 @@ # Datadog Private Action Runner -![Version: 0.15.5](https://img.shields.io/badge/Version-0.15.4-informational?style=flat-square) ![AppVersion: v0.1.10-beta](https://img.shields.io/badge/AppVersion-v0.1.6--beta-informational?style=flat-square) +![Version: 0.15.6](https://img.shields.io/badge/Version-0.15.6-informational?style=flat-square) ![AppVersion: v0.1.11-beta](https://img.shields.io/badge/AppVersion-v0.1.11--beta-informational?style=flat-square) This Helm Chart deploys the Datadog Private Action runner inside a Kubernetes cluster. It allows you to use private actions from the Datadog Workflow and Datadog App Builder products. When deploying this chart, you can give permissions to the runner in order to be able to run Kubernetes actions. @@ -42,7 +42,7 @@ helm repo update | Key | Type | Default | Description | |-----|------|---------|-------------| -| common.image | object | `{"repository":"gcr.io/datadoghq/private-action-runner","tag":"v0.1.10-beta"}` | Current Datadog Private Action Runner image | +| common.image | object | `{"repository":"gcr.io/datadoghq/private-action-runner","tag":"v0.1.11-beta"}` | Current Datadog Private Action Runner image | | credentialFiles | list | `[]` | List of credential files to be used by the Datadog Private Action Runner | | runners[0].config | object | `{"actionsAllowlist":[],"ddBaseURL":"https://app.datadoghq.com","modes":["workflowAutomation","appBuilder"],"port":9016,"privateKey":"CHANGE_ME_PRIVATE_KEY_FROM_CONFIG","urn":"CHANGE_ME_URN_FROM_CONFIG"}` | Configuration for the Datadog Private Action Runner | | runners[0].config.actionsAllowlist | list | `[]` | List of actions that the Datadog Private Action Runner is allowed to execute | diff --git a/charts/private-action-runner/README.md.gotmpl b/charts/private-action-runner/README.md.gotmpl index fadc705ac..4d1cc066f 100644 --- a/charts/private-action-runner/README.md.gotmpl +++ b/charts/private-action-runner/README.md.gotmpl @@ -1,6 +1,6 @@ # Datadog Private Action Runner -![Version: 0.15.5](https://img.shields.io/badge/Version-0.15.4-informational?style=flat-square) ![AppVersion: v0.1.10-beta](https://img.shields.io/badge/AppVersion-v0.1.6--beta-informational?style=flat-square) +![Version: 0.15.6](https://img.shields.io/badge/Version-0.15.6-informational?style=flat-square) ![AppVersion: v0.1.11-beta](https://img.shields.io/badge/AppVersion-v0.1.11--beta-informational?style=flat-square) This Helm Chart deploys the Datadog Private Action runner inside a Kubernetes cluster. It allows you to use private actions from the Datadog Workflow and Datadog App Builder products. When deploying this chart, you can give permissions to the runner in order to be able to run Kubernetes actions. diff --git a/charts/private-action-runner/values.yaml b/charts/private-action-runner/values.yaml index 5fefaa9cf..a30c21851 100644 --- a/charts/private-action-runner/values.yaml +++ b/charts/private-action-runner/values.yaml @@ -6,7 +6,7 @@ common: # -- Current Datadog Private Action Runner image image: repository: gcr.io/datadoghq/private-action-runner - tag: v0.1.10-beta + tag: v0.1.11-beta runners: # runners[0].name -- Name of the Datadog Private Action Runner diff --git a/test/private-action-runner/__snapshot__/default.yaml b/test/private-action-runner/__snapshot__/default.yaml index a6842ac84..97496712e 100644 --- a/test/private-action-runner/__snapshot__/default.yaml +++ b/test/private-action-runner/__snapshot__/default.yaml @@ -100,7 +100,7 @@ spec: value: nodeless containers: - name: runner - image: "gcr.io/datadoghq/private-action-runner:v0.1.10-beta" + image: "gcr.io/datadoghq/private-action-runner:v0.1.11-beta" imagePullPolicy: IfNotPresent ports: - name: http diff --git a/test/private-action-runner/__snapshot__/enable-kubernetes-actions.yaml b/test/private-action-runner/__snapshot__/enable-kubernetes-actions.yaml index 0f68c4cc1..0243594a4 100644 --- a/test/private-action-runner/__snapshot__/enable-kubernetes-actions.yaml +++ b/test/private-action-runner/__snapshot__/enable-kubernetes-actions.yaml @@ -144,7 +144,7 @@ spec: value: nodeless containers: - name: runner - image: "gcr.io/datadoghq/private-action-runner:v0.1.10-beta" + image: "gcr.io/datadoghq/private-action-runner:v0.1.11-beta" imagePullPolicy: IfNotPresent ports: - name: http From a1a226e58fb9ddf210c05cd4e8e0aec526a506e9 Mon Sep 17 00:00:00 2001 From: Jake Scaltreto Date: Thu, 13 Feb 2025 10:17:27 -0500 Subject: [PATCH 16/45] fix(datadog): RBAC for resources labels/annotations as tags (#1685) Co-authored-by: Gabriel Dos Santos <91925154+gabedos@users.noreply.github.com> --- charts/datadog/CHANGELOG.md | 6 +++++- charts/datadog/Chart.yaml | 2 +- charts/datadog/README.md | 2 +- charts/datadog/templates/cluster-agent-rbac.yaml | 13 ++++++------- 4 files changed, 13 insertions(+), 10 deletions(-) diff --git a/charts/datadog/CHANGELOG.md b/charts/datadog/CHANGELOG.md index 31c524c92..f354ac8e3 100644 --- a/charts/datadog/CHANGELOG.md +++ b/charts/datadog/CHANGELOG.md @@ -1,5 +1,9 @@ # Datadog changelog +## 3.90.4 + +* Fix RBAC rendering and map merge when `datadog.kubernetesResourcesAnnotationsAsTags` and/or `datadog.kubernetesResourcesLabelsAsTags` are used. + ## 3.90.3 * Defaults `registry` to `gcr.io/datadoghq` when setting `datadog.site: us3.datadoghq.com` and deploying on GKE Autopilot (`providers.gke.autopilot: true`). @@ -46,7 +50,7 @@ ## 3.87.0 -* Launch `otel-agent` with the `--core-config` switch pointing to the main agent configuration. Note that this affects the OTel Agent beta images, early beta image releases with version tag `<7.59.0-v.1.2.0` will experience issues and should remain on older helm chart versions for their deployments. For regular users not deploying the `otel-agent` beta images, this should be a NOOP. +* Launch `otel-agent` with the `--core-config` switch pointing to the main agent configuration. Note that this affects the OTel Agent beta images, early beta image releases with version tag `<7.59.0-v.1.2.0` will experience issues and should remain on older helm chart versions for their deployments. For regular users not deploying the `otel-agent` beta images, this should be a NOOP. ## 3.86.0 diff --git a/charts/datadog/Chart.yaml b/charts/datadog/Chart.yaml index 62a573977..a5420f8d6 100644 --- a/charts/datadog/Chart.yaml +++ b/charts/datadog/Chart.yaml @@ -1,7 +1,7 @@ --- apiVersion: v1 name: datadog -version: 3.90.3 +version: 3.90.4 appVersion: "7" description: Datadog Agent keywords: diff --git a/charts/datadog/README.md b/charts/datadog/README.md index d7b0271a2..491597d00 100644 --- a/charts/datadog/README.md +++ b/charts/datadog/README.md @@ -1,6 +1,6 @@ # Datadog -![Version: 3.90.3](https://img.shields.io/badge/Version-3.90.3-informational?style=flat-square) ![AppVersion: 7](https://img.shields.io/badge/AppVersion-7-informational?style=flat-square) +![Version: 3.90.4](https://img.shields.io/badge/Version-3.90.4-informational?style=flat-square) ![AppVersion: 7](https://img.shields.io/badge/AppVersion-7-informational?style=flat-square) [Datadog](https://www.datadoghq.com/) is a hosted infrastructure monitoring platform. This chart adds the Datadog Agent to all nodes in your cluster via a DaemonSet. It also optionally depends on the [kube-state-metrics chart](https://github.com/prometheus-community/helm-charts/tree/main/charts/kube-state-metrics). For more information about monitoring Kubernetes with Datadog, please refer to the [Datadog documentation website](https://docs.datadoghq.com/agent/basic_agent_usage/kubernetes/). diff --git a/charts/datadog/templates/cluster-agent-rbac.yaml b/charts/datadog/templates/cluster-agent-rbac.yaml index 8bf355ebb..9f0cdd917 100644 --- a/charts/datadog/templates/cluster-agent-rbac.yaml +++ b/charts/datadog/templates/cluster-agent-rbac.yaml @@ -515,14 +515,13 @@ metadata: namespace: {{ .Release.Namespace }} {{- $groupedResources := dict }} -{{- $mergedResources := merge (default dict .Values.datadog.kubernetesResourcesAnnotationsAsTags) (default dict .Values.datadog.kubernetesResourcesLabelsAsTags)}} +{{- $mergedResources := mergeOverwrite dict (default dict .Values.datadog.kubernetesResourcesAnnotationsAsTags) (default dict .Values.datadog.kubernetesResourcesLabelsAsTags)}} {{- range $resource, $labels := $mergedResources }} - {{- $parts := split "." $resource }} + {{- $parts := splitList "." $resource }} {{- $apiGroup := "" }} - {{- $resourceName := $resource }} - {{- if eq (len $parts) 2 }} - {{- $apiGroup = index $parts "_1" }} - {{- $resourceName = index $parts "_0" }} + {{- $resourceName := mustFirst $parts }} + {{- if gt (len $parts) 1 }} + {{- $apiGroup = join "." (mustRest $parts) }} {{- end }} {{- $existing := index $groupedResources $apiGroup | default (list) }} {{- $groupedResources = set $groupedResources $apiGroup (append $existing $resourceName) }} @@ -559,4 +558,4 @@ subjects: - kind: ServiceAccount name: {{ template "datadog.fullname" . }}-cluster-agent namespace: {{ .Release.Namespace }} -{{- end -}} \ No newline at end of file +{{- end -}} From c7c5991c3f2f3f607ecb2609c954d34b94f151ed Mon Sep 17 00:00:00 2001 From: louis-cqrl <93274433+louis-cqrl@users.noreply.github.com> Date: Mon, 17 Feb 2025 13:21:14 +0100 Subject: [PATCH 17/45] [AGENTRUN-117] Update FIPS Proxy version to 1.1.7 (#1703) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit * Update tag version for fips image * Update charts/datadog/README.md Co-authored-by: Timothée Bavelier <97530782+tbavelier@users.noreply.github.com> --------- Co-authored-by: Timothée Bavelier <97530782+tbavelier@users.noreply.github.com> --- charts/datadog/CHANGELOG.md | 4 ++++ charts/datadog/Chart.yaml | 2 +- charts/datadog/README.md | 4 ++-- charts/datadog/values.yaml | 2 +- 4 files changed, 8 insertions(+), 4 deletions(-) diff --git a/charts/datadog/CHANGELOG.md b/charts/datadog/CHANGELOG.md index f354ac8e3..0f2ba4896 100644 --- a/charts/datadog/CHANGELOG.md +++ b/charts/datadog/CHANGELOG.md @@ -1,5 +1,9 @@ # Datadog changelog +## 3.90.5 + +* Update `fips.image.tag` to `1.1.7` updating openSSL version to 3.0.16 + ## 3.90.4 * Fix RBAC rendering and map merge when `datadog.kubernetesResourcesAnnotationsAsTags` and/or `datadog.kubernetesResourcesLabelsAsTags` are used. diff --git a/charts/datadog/Chart.yaml b/charts/datadog/Chart.yaml index a5420f8d6..ffcc41bfa 100644 --- a/charts/datadog/Chart.yaml +++ b/charts/datadog/Chart.yaml @@ -1,7 +1,7 @@ --- apiVersion: v1 name: datadog -version: 3.90.4 +version: 3.90.5 appVersion: "7" description: Datadog Agent keywords: diff --git a/charts/datadog/README.md b/charts/datadog/README.md index 491597d00..b7be655be 100644 --- a/charts/datadog/README.md +++ b/charts/datadog/README.md @@ -1,6 +1,6 @@ # Datadog -![Version: 3.90.4](https://img.shields.io/badge/Version-3.90.4-informational?style=flat-square) ![AppVersion: 7](https://img.shields.io/badge/AppVersion-7-informational?style=flat-square) +![Version: 3.90.5](https://img.shields.io/badge/Version-3.90.5-informational?style=flat-square) ![AppVersion: 7](https://img.shields.io/badge/AppVersion-7-informational?style=flat-square) [Datadog](https://www.datadoghq.com/) is a hosted infrastructure monitoring platform. This chart adds the Datadog Agent to all nodes in your cluster via a DaemonSet. It also optionally depends on the [kube-state-metrics chart](https://github.com/prometheus-community/helm-charts/tree/main/charts/kube-state-metrics). For more information about monitoring Kubernetes with Datadog, please refer to the [Datadog documentation website](https://docs.datadoghq.com/agent/basic_agent_usage/kubernetes/). @@ -885,7 +885,7 @@ helm install \ | fips.image.name | string | `"fips-proxy"` | | | fips.image.pullPolicy | string | `"IfNotPresent"` | Datadog the FIPS sidecar image pull policy | | fips.image.repository | string | `nil` | Override default registry + image.name for the FIPS sidecar container. | -| fips.image.tag | string | `"1.1.6"` | Define the FIPS sidecar container version to use. | +| fips.image.tag | string | `"1.1.7"` | Define the FIPS sidecar container version to use. | | fips.local_address | string | `"127.0.0.1"` | Set local IP address | | fips.port | int | `9803` | Specifies which port is used by the containers to communicate to the FIPS sidecar. | | fips.portRange | int | `15` | Specifies the number of ports used, defaults to 13 https://github.com/DataDog/datadog-agent/blob/7.44.x/pkg/config/config.go#L1564-L1577 | diff --git a/charts/datadog/values.yaml b/charts/datadog/values.yaml index 174cc922b..858702591 100644 --- a/charts/datadog/values.yaml +++ b/charts/datadog/values.yaml @@ -1509,7 +1509,7 @@ fips: name: fips-proxy # fips.image.tag -- Define the FIPS sidecar container version to use. - tag: 1.1.6 + tag: 1.1.7 # fips.image.pullPolicy -- Datadog the FIPS sidecar image pull policy pullPolicy: IfNotPresent From 8c6cbd4371c1841458e0e79bdf1292cace55dd4e Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Guillermo=20Juli=C3=A1n?= Date: Wed, 19 Feb 2025 12:07:12 +0100 Subject: [PATCH 18/45] Merge #1681: Support GPU monitoring * Enable GPU monitoring * Update README * Fix changelog * Mount cgroups --- charts/datadog/CHANGELOG.md | 4 ++++ charts/datadog/Chart.yaml | 2 +- charts/datadog/README.md | 5 ++++- .../datadog/templates/_container-system-probe.yaml | 12 ++++++++---- .../datadog/templates/_daemonset-volumes-linux.yaml | 7 ++++++- charts/datadog/templates/_helpers.tpl | 2 +- charts/datadog/templates/daemonset.yaml | 3 +++ charts/datadog/templates/system-probe-configmap.yaml | 3 +++ charts/datadog/values.yaml | 11 +++++++++++ 9 files changed, 41 insertions(+), 8 deletions(-) diff --git a/charts/datadog/CHANGELOG.md b/charts/datadog/CHANGELOG.md index 0f2ba4896..0d9eb781f 100644 --- a/charts/datadog/CHANGELOG.md +++ b/charts/datadog/CHANGELOG.md @@ -1,5 +1,9 @@ # Datadog changelog +## 3.91.0 + +* Add support for GPU monitoring + ## 3.90.5 * Update `fips.image.tag` to `1.1.7` updating openSSL version to 3.0.16 diff --git a/charts/datadog/Chart.yaml b/charts/datadog/Chart.yaml index ffcc41bfa..48bd90e86 100644 --- a/charts/datadog/Chart.yaml +++ b/charts/datadog/Chart.yaml @@ -1,7 +1,7 @@ --- apiVersion: v1 name: datadog -version: 3.90.5 +version: 3.91.0 appVersion: "7" description: Datadog Agent keywords: diff --git a/charts/datadog/README.md b/charts/datadog/README.md index b7be655be..eec89862a 100644 --- a/charts/datadog/README.md +++ b/charts/datadog/README.md @@ -1,6 +1,6 @@ # Datadog -![Version: 3.90.5](https://img.shields.io/badge/Version-3.90.5-informational?style=flat-square) ![AppVersion: 7](https://img.shields.io/badge/AppVersion-7-informational?style=flat-square) +![Version: 3.91.0](https://img.shields.io/badge/Version-3.91.0-informational?style=flat-square) ![AppVersion: 7](https://img.shields.io/badge/AppVersion-7-informational?style=flat-square) [Datadog](https://www.datadoghq.com/) is a hosted infrastructure monitoring platform. This chart adds the Datadog Agent to all nodes in your cluster via a DaemonSet. It also optionally depends on the [kube-state-metrics chart](https://github.com/prometheus-community/helm-charts/tree/main/charts/kube-state-metrics). For more information about monitoring Kubernetes with Datadog, please refer to the [Datadog documentation website](https://docs.datadoghq.com/agent/basic_agent_usage/kubernetes/). @@ -749,6 +749,9 @@ helm install \ | datadog.envFrom | list | `[]` | Set environment variables for all Agents directly from configMaps and/or secrets | | datadog.excludePauseContainer | bool | `true` | Exclude pause containers from Agent Autodiscovery. | | datadog.expvarPort | int | `6000` | Specify the port to expose pprof and expvar to not interfere with the agent metrics port from the cluster-agent, which defaults to 5000 | +| datadog.gpuMonitoring.configureCgroupPerms | bool | `false` | Configure cgroup permissions for GPU monitoring | +| datadog.gpuMonitoring.enabled | bool | `false` | Enable GPU monitoring | +| datadog.gpuMonitoring.runtimeClassName | string | `"nvidia"` | Runtime class name for the agent pods to get access to NVIDIA resources | | datadog.helmCheck.collectEvents | bool | `false` | Set this to true to enable event collection in the Helm Check (Requires Agent 7.36.0+ and Cluster Agent 1.20.0+) This requires datadog.HelmCheck.enabled to be set to true | | datadog.helmCheck.enabled | bool | `false` | Set this to true to enable the Helm check (Requires Agent 7.35.0+ and Cluster Agent 1.19.0+) This requires clusterAgent.enabled to be set to true | | datadog.helmCheck.valuesAsTags | object | `{}` | Collects Helm values from a release and uses them as tags (Requires Agent and Cluster Agent 7.40.0+). This requires datadog.HelmCheck.enabled to be set to true | diff --git a/charts/datadog/templates/_container-system-probe.yaml b/charts/datadog/templates/_container-system-probe.yaml index 6e3127392..8b6669b18 100644 --- a/charts/datadog/templates/_container-system-probe.yaml +++ b/charts/datadog/templates/_container-system-probe.yaml @@ -21,7 +21,7 @@ {{- include "containers-common-env" . | nindent 4 }} - name: DD_LOG_LEVEL value: {{ .Values.agents.containers.systemProbe.logLevel | default .Values.datadog.logLevel | quote }} - {{- if .Values.datadog.serviceMonitoring.enabled }} + {{- if or .Values.datadog.serviceMonitoring.enabled .Values.datadog.gpuMonitoring.enabled }} - name: HOST_ROOT value: "/host/root" {{- end }} @@ -70,14 +70,14 @@ mountPath: /host/proc mountPropagation: {{ .Values.datadog.hostVolumeMountPropagation }} readOnly: true -{{- if or .Values.datadog.serviceMonitoring.enabled .Values.datadog.networkMonitoring.enabled .Values.datadog.discovery.enabled }} +{{- if or .Values.datadog.serviceMonitoring.enabled .Values.datadog.networkMonitoring.enabled .Values.datadog.discovery.enabled .Values.datadog.gpuMonitoring.enabled }} - name: cgroups mountPath: /host/sys/fs/cgroup mountPropagation: {{ .Values.datadog.hostVolumeMountPropagation }} readOnly: true {{- end }} {{- include "linux-container-host-release-volumemounts" . | nindent 4 }} - {{- if (eq (include "should-add-host-path-for-os-release-paths" .) "true") }} + {{- if (eq (include "should-add-host-path-for-os-release-paths" .) "true") }} {{- if ne .Values.datadog.osReleasePath "/etc/redhat-release" }} - name: etc-redhat-release mountPath: /host/etc/redhat-release @@ -94,12 +94,16 @@ readOnly: true {{- end }} {{- end }} -{{- if .Values.datadog.serviceMonitoring.enabled }} +{{- if or .Values.datadog.serviceMonitoring.enabled .Values.datadog.gpuMonitoring.enabled }} - name: hostroot mountPath: /host/root mountPropagation: {{ .Values.datadog.hostVolumeMountPropagation }} readOnly: true {{- end }} +{{- if .Values.datadog.gpuMonitoring.enabled }} + - name: gpu-devices + mountPath: /var/run/nvidia-container-devices/all +{{- end }} {{- if and (eq (include "runtime-compilation-enabled" .) "true") .Values.datadog.systemProbe.enableDefaultKernelHeadersPaths }} - name: modules mountPath: /lib/modules diff --git a/charts/datadog/templates/_daemonset-volumes-linux.yaml b/charts/datadog/templates/_daemonset-volumes-linux.yaml index 136e2c6af..c4238986c 100644 --- a/charts/datadog/templates/_daemonset-volumes-linux.yaml +++ b/charts/datadog/templates/_daemonset-volumes-linux.yaml @@ -148,7 +148,7 @@ path: /etc/passwd name: passwd {{- end }} -{{- if or (and (eq (include "should-enable-system-probe" .) "true") .Values.datadog.serviceMonitoring.enabled) (and (eq (include "should-enable-security-agent" .) "true") .Values.datadog.securityAgent.compliance.enabled) }} +{{- if or (and (eq (include "should-enable-system-probe" .) "true") (or .Values.datadog.serviceMonitoring.enabled .Values.datadog.gpuMonitoring.enabled)) (and (eq (include "should-enable-security-agent" .) "true") .Values.datadog.securityAgent.compliance.enabled) }} - hostPath: path: / name: hostroot @@ -219,4 +219,9 @@ secretName: datadog-kubelet-cert name: kubelet-cert-volume {{- end }} +{{- if .Values.datadog.gpuMonitoring.enabled }} +- name: gpu-devices + hostPath: + path: /dev/null +{{- end }} {{- end -}} diff --git a/charts/datadog/templates/_helpers.tpl b/charts/datadog/templates/_helpers.tpl index 7d07df3cd..59edaf668 100644 --- a/charts/datadog/templates/_helpers.tpl +++ b/charts/datadog/templates/_helpers.tpl @@ -329,7 +329,7 @@ Return a remote image path based on `.Values` (passed as root) and `.` (any `.im Return true if a system-probe feature is enabled. */}} {{- define "system-probe-feature" -}} -{{- if or .Values.datadog.securityAgent.runtime.enabled .Values.datadog.securityAgent.runtime.fimEnabled .Values.datadog.networkMonitoring.enabled .Values.datadog.systemProbe.enableTCPQueueLength .Values.datadog.systemProbe.enableOOMKill .Values.datadog.serviceMonitoring.enabled .Values.datadog.discovery.enabled -}} +{{- if or .Values.datadog.securityAgent.runtime.enabled .Values.datadog.securityAgent.runtime.fimEnabled .Values.datadog.networkMonitoring.enabled .Values.datadog.systemProbe.enableTCPQueueLength .Values.datadog.systemProbe.enableOOMKill .Values.datadog.serviceMonitoring.enabled .Values.datadog.discovery.enabled .Values.datadog.gpuMonitoring.enabled -}} true {{- else -}} false diff --git a/charts/datadog/templates/daemonset.yaml b/charts/datadog/templates/daemonset.yaml index 45dc64663..3eb021cba 100644 --- a/charts/datadog/templates/daemonset.yaml +++ b/charts/datadog/templates/daemonset.yaml @@ -114,6 +114,9 @@ spec: {{- if or .Values.agents.priorityClassCreate .Values.agents.priorityClassName }} priorityClassName: {{ .Values.agents.priorityClassName | default (include "datadog.fullname" . ) }} {{- end }} + {{- if .Values.datadog.gpuMonitoring.enabled }} + runtimeClassName: {{ .Values.datadog.gpuMonitoring.runtimeClassName }} + {{- end }} containers: {{- include "container-agent" . | nindent 6 }} {{- if eq (include "should-enable-trace-agent" .) "true" }} diff --git a/charts/datadog/templates/system-probe-configmap.yaml b/charts/datadog/templates/system-probe-configmap.yaml index d769235d2..e74f96f23 100644 --- a/charts/datadog/templates/system-probe-configmap.yaml +++ b/charts/datadog/templates/system-probe-configmap.yaml @@ -47,6 +47,9 @@ data: discovery: enabled: {{ $.Values.datadog.discovery.enabled }} {{- end }} + gpu_monitoring: + enabled: {{ $.Values.datadog.gpuMonitoring.enabled }} + configure_cgroup_perms: {{ $.Values.datadog.gpuMonitoring.configureCgroupPerms }} runtime_security_config: enabled: {{ $.Values.datadog.securityAgent.runtime.enabled }} fim_enabled: {{ $.Values.datadog.securityAgent.runtime.fimEnabled }} diff --git a/charts/datadog/values.yaml b/charts/datadog/values.yaml index 858702591..126c59758 100644 --- a/charts/datadog/values.yaml +++ b/charts/datadog/values.yaml @@ -835,6 +835,17 @@ datadog: # datadog.discovery.enabled -- (bool) Enable Service Discovery enabled: # false + gpuMonitoring: + # datadog.gpuMonitoring.enabled -- Enable GPU monitoring + enabled: false + + # datadog.gpuMonitoring.configureCgroupPerms -- Configure cgroup permissions for GPU monitoring + configureCgroupPerms: false + + # datadog.gpuMonitoring.runtimeClassName -- Runtime class name for the agent pods to get access to NVIDIA resources + runtimeClassName: "nvidia" + + # Software Bill of Materials configuration sbom: containerImage: From 146a161db4c3c530f7e515b9a1f1e83438ba6e47 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Guillermo=20Juli=C3=A1n?= Date: Wed, 19 Feb 2025 18:46:35 +0100 Subject: [PATCH 19/45] Merge #1696: Add PodResources mount * Add PodResources socket mount * Update docs * Update chart * Update README --- charts/datadog/CHANGELOG.md | 4 ++++ charts/datadog/Chart.yaml | 2 +- charts/datadog/README.md | 3 ++- charts/datadog/templates/_container-agent.yaml | 7 ++++++- charts/datadog/templates/_daemonset-volumes-linux.yaml | 3 +++ charts/datadog/values.yaml | 4 ++++ 6 files changed, 20 insertions(+), 3 deletions(-) diff --git a/charts/datadog/CHANGELOG.md b/charts/datadog/CHANGELOG.md index 0d9eb781f..5aa63726b 100644 --- a/charts/datadog/CHANGELOG.md +++ b/charts/datadog/CHANGELOG.md @@ -1,5 +1,9 @@ # Datadog changelog +## 3.92.0 + +* Add a mount for the Kubernetes PodResources socket. + ## 3.91.0 * Add support for GPU monitoring diff --git a/charts/datadog/Chart.yaml b/charts/datadog/Chart.yaml index 48bd90e86..cda09f9ef 100644 --- a/charts/datadog/Chart.yaml +++ b/charts/datadog/Chart.yaml @@ -1,7 +1,7 @@ --- apiVersion: v1 name: datadog -version: 3.91.0 +version: 3.92.0 appVersion: "7" description: Datadog Agent keywords: diff --git a/charts/datadog/README.md b/charts/datadog/README.md index eec89862a..8d220fd8e 100644 --- a/charts/datadog/README.md +++ b/charts/datadog/README.md @@ -1,6 +1,6 @@ # Datadog -![Version: 3.91.0](https://img.shields.io/badge/Version-3.91.0-informational?style=flat-square) ![AppVersion: 7](https://img.shields.io/badge/AppVersion-7-informational?style=flat-square) +![Version: 3.92.0](https://img.shields.io/badge/Version-3.92.0-informational?style=flat-square) ![AppVersion: 7](https://img.shields.io/badge/AppVersion-7-informational?style=flat-square) [Datadog](https://www.datadoghq.com/) is a hosted infrastructure monitoring platform. This chart adds the Datadog Agent to all nodes in your cluster via a DaemonSet. It also optionally depends on the [kube-state-metrics chart](https://github.com/prometheus-community/helm-charts/tree/main/charts/kube-state-metrics). For more information about monitoring Kubernetes with Datadog, please refer to the [Datadog documentation website](https://docs.datadoghq.com/agent/basic_agent_usage/kubernetes/). @@ -775,6 +775,7 @@ helm install \ | datadog.kubelet.host | object | `{"valueFrom":{"fieldRef":{"fieldPath":"status.hostIP"}}}` | Override kubelet IP | | datadog.kubelet.hostCAPath | string | None (no mount from host) | Path (on host) where the Kubelet CA certificate is stored | | datadog.kubelet.podLogsPath | string | /var/log/pods on Linux, C:\var\log\pods on Windows | Path (on host) where the PODs logs are located | +| datadog.kubelet.podResourcesSocketDir | string | /var/lib/kubelet/pod-resources | Path (on host) where the kubelet.sock socket for the PodResources API is located | | datadog.kubelet.tlsVerify | string | true | Toggle kubelet TLS verification | | datadog.kubernetesEvents.collectedEventTypes | list | `[{"kind":"Pod","reasons":["Failed","BackOff","Unhealthy","FailedScheduling","FailedMount","FailedAttachVolume"]},{"kind":"Node","reasons":["TerminatingEvictedPod","NodeNotReady","Rebooted","HostPortConflict"]},{"kind":"CronJob","reasons":["SawCompletedJob"]}]` | Event types to be collected. This requires datadog.kubernetesEvents.unbundleEvents to be set to true. | | datadog.kubernetesEvents.filteringEnabled | bool | `false` | Enable this to only include events that match the pre-defined allowed events. (Requires Cluster Agent 7.57.0+). | diff --git a/charts/datadog/templates/_container-agent.yaml b/charts/datadog/templates/_container-agent.yaml index 1bda81b9d..215432677 100644 --- a/charts/datadog/templates/_container-agent.yaml +++ b/charts/datadog/templates/_container-agent.yaml @@ -165,7 +165,7 @@ value: {{ .Values.datadog.checksCardinality | quote }} {{- end }} - name: DD_CONTAINER_LIFECYCLE_ENABLED - value: {{ .Values.datadog.containerLifecycle.enabled | quote | default "true" }} + value: {{ .Values.datadog.containerLifecycle.enabled | quote | default "true" }} - name: DD_ORCHESTRATOR_EXPLORER_ENABLED value: {{ (include "should-enable-k8s-resource-monitoring" .) | quote }} - name: DD_EXPVAR_PORT @@ -207,6 +207,8 @@ - name: DD_OTELCOLLECTOR_ENABLED value: "true" {{- end }} + - name: DD_KUBERNETES_KUBELET_PODRESOURCES_SOCKET + value: {{ printf "%s/kubelet.sock" .Values.datadog.kubelet.podResourcesSocket | quote }} {{- include "additional-env-entries" .Values.agents.containers.agent.env | indent 4 }} {{- include "additional-env-dict-entries" .Values.agents.containers.agent.envDict | indent 4 }} volumeMounts: @@ -355,6 +357,9 @@ - name: kubelet-cert-volume mountPath: /certs {{- end }} + - name: pod-resources-socket + mountPath: {{ .Values.datadog.kubelet.podResourcesSocketDir }} + readOnly: false {{- if .Values.agents.volumeMounts }} {{ toYaml .Values.agents.volumeMounts | indent 4 }} {{- end }} diff --git a/charts/datadog/templates/_daemonset-volumes-linux.yaml b/charts/datadog/templates/_daemonset-volumes-linux.yaml index c4238986c..261220d74 100644 --- a/charts/datadog/templates/_daemonset-volumes-linux.yaml +++ b/charts/datadog/templates/_daemonset-volumes-linux.yaml @@ -219,6 +219,9 @@ secretName: datadog-kubelet-cert name: kubelet-cert-volume {{- end }} +- name: pod-resources-socket + hostPath: + path: {{ .Values.datadog.kubelet.podResourcesSocketDir }} {{- if .Values.datadog.gpuMonitoring.enabled }} - name: gpu-devices hostPath: diff --git a/charts/datadog/values.yaml b/charts/datadog/values.yaml index 126c59758..ad4adb46a 100644 --- a/charts/datadog/values.yaml +++ b/charts/datadog/values.yaml @@ -313,6 +313,10 @@ datadog: # datadog.kubelet.coreCheckEnabled -- Toggle if kubelet core check should be used instead of Python check. (Requires Agent/Cluster Agent 7.53.0+) # @default -- true coreCheckEnabled: true + # datadog.kubelet.podResourcesSocketDir -- Path (on host) where the kubelet.sock socket for the PodResources API is located + # @default -- /var/lib/kubelet/pod-resources + podResourcesSocketDir: /var/lib/kubelet/pod-resources + # datadog.expvarPort -- Specify the port to expose pprof and expvar to not interfere with the agent metrics port from the cluster-agent, which defaults to 5000 expvarPort: 6000 From 645031f3b7e709cea09dd8d8ac3e08eea0789fe9 Mon Sep 17 00:00:00 2001 From: Celene Date: Wed, 19 Feb 2025 15:37:54 -0500 Subject: [PATCH 20/45] Revert "Add PodResources mount" (#1708) * Revert "Merge #1696: Add PodResources mount" This reverts commit 146a161db4c3c530f7e515b9a1f1e83438ba6e47. * bump chart --- charts/datadog/CHANGELOG.md | 4 ++++ charts/datadog/Chart.yaml | 2 +- charts/datadog/README.md | 3 +-- charts/datadog/templates/_container-agent.yaml | 7 +------ charts/datadog/templates/_daemonset-volumes-linux.yaml | 3 --- charts/datadog/values.yaml | 4 ---- 6 files changed, 7 insertions(+), 16 deletions(-) diff --git a/charts/datadog/CHANGELOG.md b/charts/datadog/CHANGELOG.md index 5aa63726b..8023984c4 100644 --- a/charts/datadog/CHANGELOG.md +++ b/charts/datadog/CHANGELOG.md @@ -1,5 +1,9 @@ # Datadog changelog +## 3.93.0 + +* Revert "Add a mount for the Kubernetes PodResources socket." + ## 3.92.0 * Add a mount for the Kubernetes PodResources socket. diff --git a/charts/datadog/Chart.yaml b/charts/datadog/Chart.yaml index cda09f9ef..906d77f5c 100644 --- a/charts/datadog/Chart.yaml +++ b/charts/datadog/Chart.yaml @@ -1,7 +1,7 @@ --- apiVersion: v1 name: datadog -version: 3.92.0 +version: 3.93.0 appVersion: "7" description: Datadog Agent keywords: diff --git a/charts/datadog/README.md b/charts/datadog/README.md index 8d220fd8e..38f6c2722 100644 --- a/charts/datadog/README.md +++ b/charts/datadog/README.md @@ -1,6 +1,6 @@ # Datadog -![Version: 3.92.0](https://img.shields.io/badge/Version-3.92.0-informational?style=flat-square) ![AppVersion: 7](https://img.shields.io/badge/AppVersion-7-informational?style=flat-square) +![Version: 3.93.0](https://img.shields.io/badge/Version-3.93.0-informational?style=flat-square) ![AppVersion: 7](https://img.shields.io/badge/AppVersion-7-informational?style=flat-square) [Datadog](https://www.datadoghq.com/) is a hosted infrastructure monitoring platform. This chart adds the Datadog Agent to all nodes in your cluster via a DaemonSet. It also optionally depends on the [kube-state-metrics chart](https://github.com/prometheus-community/helm-charts/tree/main/charts/kube-state-metrics). For more information about monitoring Kubernetes with Datadog, please refer to the [Datadog documentation website](https://docs.datadoghq.com/agent/basic_agent_usage/kubernetes/). @@ -775,7 +775,6 @@ helm install \ | datadog.kubelet.host | object | `{"valueFrom":{"fieldRef":{"fieldPath":"status.hostIP"}}}` | Override kubelet IP | | datadog.kubelet.hostCAPath | string | None (no mount from host) | Path (on host) where the Kubelet CA certificate is stored | | datadog.kubelet.podLogsPath | string | /var/log/pods on Linux, C:\var\log\pods on Windows | Path (on host) where the PODs logs are located | -| datadog.kubelet.podResourcesSocketDir | string | /var/lib/kubelet/pod-resources | Path (on host) where the kubelet.sock socket for the PodResources API is located | | datadog.kubelet.tlsVerify | string | true | Toggle kubelet TLS verification | | datadog.kubernetesEvents.collectedEventTypes | list | `[{"kind":"Pod","reasons":["Failed","BackOff","Unhealthy","FailedScheduling","FailedMount","FailedAttachVolume"]},{"kind":"Node","reasons":["TerminatingEvictedPod","NodeNotReady","Rebooted","HostPortConflict"]},{"kind":"CronJob","reasons":["SawCompletedJob"]}]` | Event types to be collected. This requires datadog.kubernetesEvents.unbundleEvents to be set to true. | | datadog.kubernetesEvents.filteringEnabled | bool | `false` | Enable this to only include events that match the pre-defined allowed events. (Requires Cluster Agent 7.57.0+). | diff --git a/charts/datadog/templates/_container-agent.yaml b/charts/datadog/templates/_container-agent.yaml index 215432677..1bda81b9d 100644 --- a/charts/datadog/templates/_container-agent.yaml +++ b/charts/datadog/templates/_container-agent.yaml @@ -165,7 +165,7 @@ value: {{ .Values.datadog.checksCardinality | quote }} {{- end }} - name: DD_CONTAINER_LIFECYCLE_ENABLED - value: {{ .Values.datadog.containerLifecycle.enabled | quote | default "true" }} + value: {{ .Values.datadog.containerLifecycle.enabled | quote | default "true" }} - name: DD_ORCHESTRATOR_EXPLORER_ENABLED value: {{ (include "should-enable-k8s-resource-monitoring" .) | quote }} - name: DD_EXPVAR_PORT @@ -207,8 +207,6 @@ - name: DD_OTELCOLLECTOR_ENABLED value: "true" {{- end }} - - name: DD_KUBERNETES_KUBELET_PODRESOURCES_SOCKET - value: {{ printf "%s/kubelet.sock" .Values.datadog.kubelet.podResourcesSocket | quote }} {{- include "additional-env-entries" .Values.agents.containers.agent.env | indent 4 }} {{- include "additional-env-dict-entries" .Values.agents.containers.agent.envDict | indent 4 }} volumeMounts: @@ -357,9 +355,6 @@ - name: kubelet-cert-volume mountPath: /certs {{- end }} - - name: pod-resources-socket - mountPath: {{ .Values.datadog.kubelet.podResourcesSocketDir }} - readOnly: false {{- if .Values.agents.volumeMounts }} {{ toYaml .Values.agents.volumeMounts | indent 4 }} {{- end }} diff --git a/charts/datadog/templates/_daemonset-volumes-linux.yaml b/charts/datadog/templates/_daemonset-volumes-linux.yaml index 261220d74..c4238986c 100644 --- a/charts/datadog/templates/_daemonset-volumes-linux.yaml +++ b/charts/datadog/templates/_daemonset-volumes-linux.yaml @@ -219,9 +219,6 @@ secretName: datadog-kubelet-cert name: kubelet-cert-volume {{- end }} -- name: pod-resources-socket - hostPath: - path: {{ .Values.datadog.kubelet.podResourcesSocketDir }} {{- if .Values.datadog.gpuMonitoring.enabled }} - name: gpu-devices hostPath: diff --git a/charts/datadog/values.yaml b/charts/datadog/values.yaml index ad4adb46a..126c59758 100644 --- a/charts/datadog/values.yaml +++ b/charts/datadog/values.yaml @@ -313,10 +313,6 @@ datadog: # datadog.kubelet.coreCheckEnabled -- Toggle if kubelet core check should be used instead of Python check. (Requires Agent/Cluster Agent 7.53.0+) # @default -- true coreCheckEnabled: true - # datadog.kubelet.podResourcesSocketDir -- Path (on host) where the kubelet.sock socket for the PodResources API is located - # @default -- /var/lib/kubelet/pod-resources - podResourcesSocketDir: /var/lib/kubelet/pod-resources - # datadog.expvarPort -- Specify the port to expose pprof and expvar to not interfere with the agent metrics port from the cluster-agent, which defaults to 5000 expvarPort: 6000 From 9c2ac66aa3cb7e6187f816ba9a7da66afd72d512 Mon Sep 17 00:00:00 2001 From: Fanny Jiang Date: Wed, 19 Feb 2025 18:06:47 -0500 Subject: [PATCH 21/45] Merge #1706: Add service account additional labels Co-authored-by: --- charts/datadog/CHANGELOG.md | 6 ++ charts/datadog/Chart.yaml | 2 +- charts/datadog/README.md | 5 +- ...ent-with-additional-rbac-label-values.yaml | 6 ++ ...rker-with-dedicated-rbac-label-values.yaml | 21 +++++ .../templates/agent-clusterchecks-rbac.yaml | 3 + .../datadog/templates/cluster-agent-rbac.yaml | 3 + charts/datadog/templates/rbac.yaml | 3 + charts/datadog/values.yaml | 10 +++ ...gent-clusterchecks-deployment_default.yaml | 6 +- .../cluster-agent-deployment_default.yaml | 10 +-- ...loyment_default_advanced_AC_injection.yaml | 10 +-- ...ployment_default_minimal_AC_injection.yaml | 10 +-- test/datadog/baseline/daemonset_default.yaml | 6 +- .../baseline/gdc_daemonset_default.yaml | 6 +- .../gdc_daemonset_logs_collection.yaml | 6 +- test/datadog/baseline/other_default.yaml | 84 +++++++++---------- 17 files changed, 126 insertions(+), 71 deletions(-) create mode 100644 charts/datadog/ci/agent-with-additional-rbac-label-values.yaml create mode 100644 charts/datadog/ci/cluster-agent-and-worker-with-dedicated-rbac-label-values.yaml diff --git a/charts/datadog/CHANGELOG.md b/charts/datadog/CHANGELOG.md index 8023984c4..2f60e88a6 100644 --- a/charts/datadog/CHANGELOG.md +++ b/charts/datadog/CHANGELOG.md @@ -1,5 +1,11 @@ # Datadog changelog +## 3.94.0 + +* Support adding labels to the Agent service account via `agents.rbac.serviceAccountAdditionalLabels`. +* Support adding labels to the Cluster Agent service account via `clusterAgent.rbac.serviceAccountAdditionalLabels`. +* Support adding labels to the Cluster Checks Runner service account via `clusterChecksRunner.rbac.serviceAccountAdditionalLabels`. + ## 3.93.0 * Revert "Add a mount for the Kubernetes PodResources socket." diff --git a/charts/datadog/Chart.yaml b/charts/datadog/Chart.yaml index 906d77f5c..002114877 100644 --- a/charts/datadog/Chart.yaml +++ b/charts/datadog/Chart.yaml @@ -1,7 +1,7 @@ --- apiVersion: v1 name: datadog -version: 3.93.0 +version: 3.94.0 appVersion: "7" description: Datadog Agent keywords: diff --git a/charts/datadog/README.md b/charts/datadog/README.md index 38f6c2722..cf78b6cea 100644 --- a/charts/datadog/README.md +++ b/charts/datadog/README.md @@ -1,6 +1,6 @@ # Datadog -![Version: 3.93.0](https://img.shields.io/badge/Version-3.93.0-informational?style=flat-square) ![AppVersion: 7](https://img.shields.io/badge/AppVersion-7-informational?style=flat-square) +![Version: 3.94.0](https://img.shields.io/badge/Version-3.94.0-informational?style=flat-square) ![AppVersion: 7](https://img.shields.io/badge/AppVersion-7-informational?style=flat-square) [Datadog](https://www.datadoghq.com/) is a hosted infrastructure monitoring platform. This chart adds the Datadog Agent to all nodes in your cluster via a DaemonSet. It also optionally depends on the [kube-state-metrics chart](https://github.com/prometheus-community/helm-charts/tree/main/charts/kube-state-metrics). For more information about monitoring Kubernetes with Datadog, please refer to the [Datadog documentation website](https://docs.datadoghq.com/agent/basic_agent_usage/kubernetes/). @@ -550,6 +550,7 @@ helm install \ | agents.priorityPreemptionPolicyValue | string | `"PreemptLowerPriority"` | Set to "Never" to change the PriorityClass to non-preempting | | agents.rbac.automountServiceAccountToken | bool | `true` | If true, automatically mount the ServiceAccount's API credentials if agents.rbac.create is true | | agents.rbac.create | bool | `true` | If true, create & use RBAC resources | +| agents.rbac.serviceAccountAdditionalLabels | object | `{}` | Labels to add to the ServiceAccount if agents.rbac.create is true | | agents.rbac.serviceAccountAnnotations | object | `{}` | Annotations to add to the ServiceAccount if agents.rbac.create is true | | agents.rbac.serviceAccountName | string | `"default"` | Specify a preexisting ServiceAccount to use if agents.rbac.create is false | | agents.revisionHistoryLimit | int | `10` | The number of ControllerRevision to keep in this DaemonSet. | @@ -628,6 +629,7 @@ helm install \ | clusterAgent.rbac.automountServiceAccountToken | bool | `true` | If true, automatically mount the ServiceAccount's API credentials if clusterAgent.rbac.create is true | | clusterAgent.rbac.create | bool | `true` | If true, create & use RBAC resources | | clusterAgent.rbac.flareAdditionalPermissions | bool | `true` | If true, add Secrets and Configmaps get/list permissions to retrieve user Datadog Helm values from Cluster Agent namespace | +| clusterAgent.rbac.serviceAccountAdditionalLabels | object | `{}` | Labels to add to the ServiceAccount if clusterAgent.rbac.create is true | | clusterAgent.rbac.serviceAccountAnnotations | object | `{}` | Annotations to add to the ServiceAccount if clusterAgent.rbac.create is true | | clusterAgent.rbac.serviceAccountName | string | `"default"` | Specify a preexisting ServiceAccount to use if clusterAgent.rbac.create is false | | clusterAgent.readinessProbe | object | Every 15s / 6 KO / 1 OK | Override default Cluster Agent readiness probe settings | @@ -673,6 +675,7 @@ helm install \ | clusterChecksRunner.rbac.automountServiceAccountToken | bool | `true` | If true, automatically mount the ServiceAccount's API credentials if clusterChecksRunner.rbac.create is true | | clusterChecksRunner.rbac.create | bool | `true` | If true, create & use RBAC resources | | clusterChecksRunner.rbac.dedicated | bool | `false` | If true, use a dedicated RBAC resource for the cluster checks agent(s) | +| clusterChecksRunner.rbac.serviceAccountAdditionalLabels | object | `{}` | Labels to add to the ServiceAccount if clusterChecksRunner.rbac.dedicated is true | | clusterChecksRunner.rbac.serviceAccountAnnotations | object | `{}` | Annotations to add to the ServiceAccount if clusterChecksRunner.rbac.dedicated is true | | clusterChecksRunner.rbac.serviceAccountName | string | `"default"` | Specify a preexisting ServiceAccount to use if clusterChecksRunner.rbac.create is false | | clusterChecksRunner.readinessProbe | object | Every 15s / 6 KO / 1 OK | Override default agent readiness probe settings | diff --git a/charts/datadog/ci/agent-with-additional-rbac-label-values.yaml b/charts/datadog/ci/agent-with-additional-rbac-label-values.yaml new file mode 100644 index 000000000..d30828525 --- /dev/null +++ b/charts/datadog/ci/agent-with-additional-rbac-label-values.yaml @@ -0,0 +1,6 @@ +agents: + enabled: true + rbac: + enabled: true + serviceAccountAdditionalLabels: + "app.kubernetes.io/custom-label": custom-value diff --git a/charts/datadog/ci/cluster-agent-and-worker-with-dedicated-rbac-label-values.yaml b/charts/datadog/ci/cluster-agent-and-worker-with-dedicated-rbac-label-values.yaml new file mode 100644 index 000000000..571db5a6f --- /dev/null +++ b/charts/datadog/ci/cluster-agent-and-worker-with-dedicated-rbac-label-values.yaml @@ -0,0 +1,21 @@ +datadog: + apiKey: "00000000000000000000000000000000" + appKey: "0000000000000000000000000000000000000000" + kubeStateMetricsEnabled: false + clusterChecks: + enabled: true + +clusterAgent: + enabled: true + rbac: + create: true + serviceAccountAdditionalLabels: + "app.kubernetes.io/custom-label": custom-value + +clusterChecksRunner: + enabled: true + replicas: 1 + rbac: + dedicated: true + serviceAccountAdditionalLabels: + "app.kubernetes.io/custom-label": custom-value diff --git a/charts/datadog/templates/agent-clusterchecks-rbac.yaml b/charts/datadog/templates/agent-clusterchecks-rbac.yaml index fd81988d6..cf95e646e 100644 --- a/charts/datadog/templates/agent-clusterchecks-rbac.yaml +++ b/charts/datadog/templates/agent-clusterchecks-rbac.yaml @@ -24,6 +24,9 @@ metadata: chart: "{{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}" heritage: {{ .Release.Service | quote }} release: {{ .Release.Name | quote }} +{{- if .Values.clusterChecksRunner.rbac.serviceAccountAdditionalLabels -}} +{{ tpl (toYaml .Values.clusterChecksRunner.rbac.serviceAccountAdditionalLabels) . | nindent 4}} +{{- end }} name: {{ template "datadog.fullname" . }}-cluster-checks namespace: {{ .Release.Namespace }} {{- if .Values.clusterChecksRunner.rbac.serviceAccountAnnotations }} diff --git a/charts/datadog/templates/cluster-agent-rbac.yaml b/charts/datadog/templates/cluster-agent-rbac.yaml index 9f0cdd917..29ab56553 100644 --- a/charts/datadog/templates/cluster-agent-rbac.yaml +++ b/charts/datadog/templates/cluster-agent-rbac.yaml @@ -364,6 +364,9 @@ metadata: heritage: {{ .Release.Service | quote }} release: {{ .Release.Name | quote }} {{ include "datadog.labels" . | indent 4 }} +{{- if .Values.clusterAgent.rbac.serviceAccountAdditionalLabels -}} +{{ tpl (toYaml .Values.clusterAgent.rbac.serviceAccountAdditionalLabels) . | nindent 4 -}} +{{ end }} {{- if .Values.clusterAgent.rbac.serviceAccountAnnotations }} annotations: {{ tpl (toYaml .Values.clusterAgent.rbac.serviceAccountAnnotations) . | nindent 4}} {{- end }} diff --git a/charts/datadog/templates/rbac.yaml b/charts/datadog/templates/rbac.yaml index 919808f88..8cd02c53b 100644 --- a/charts/datadog/templates/rbac.yaml +++ b/charts/datadog/templates/rbac.yaml @@ -163,6 +163,9 @@ metadata: {{- end }} labels: {{ include "datadog.labels" . | indent 4 }} +{{- if .Values.agents.rbac.serviceAccountAdditionalLabels -}} +{{ tpl (toYaml .Values.agents.rbac.serviceAccountAdditionalLabels) . | nindent 4}} +{{- end }} {{- range $role := .Values.datadog.secretBackend.roles }} --- apiVersion: rbac.authorization.k8s.io/v1 diff --git a/charts/datadog/values.yaml b/charts/datadog/values.yaml index 126c59758..4e1e6d1dd 100644 --- a/charts/datadog/values.yaml +++ b/charts/datadog/values.yaml @@ -1110,6 +1110,9 @@ clusterAgent: # clusterAgent.rbac.serviceAccountAnnotations -- Annotations to add to the ServiceAccount if clusterAgent.rbac.create is true serviceAccountAnnotations: {} + # clusterAgent.rbac.serviceAccountAdditionalLabels -- Labels to add to the ServiceAccount if clusterAgent.rbac.create is true + serviceAccountAdditionalLabels: {} + # clusterAgent.rbac.automountServiceAccountToken -- If true, automatically mount the ServiceAccount's API credentials if clusterAgent.rbac.create is true automountServiceAccountToken: true @@ -1607,6 +1610,9 @@ agents: # agents.rbac.serviceAccountAnnotations -- Annotations to add to the ServiceAccount if agents.rbac.create is true serviceAccountAnnotations: {} + # agents.rbac.serviceAccountAdditionalLabels -- Labels to add to the ServiceAccount if agents.rbac.create is true + serviceAccountAdditionalLabels: {} + # agents.rbac.automountServiceAccountToken -- If true, automatically mount the ServiceAccount's API credentials if agents.rbac.create is true automountServiceAccountToken: true @@ -2107,6 +2113,10 @@ clusterChecksRunner: # clusterChecksRunner.rbac.serviceAccountAnnotations -- Annotations to add to the ServiceAccount if clusterChecksRunner.rbac.dedicated is true serviceAccountAnnotations: {} + # clusterChecksRunner.rbac.serviceAccountAdditionalLabels -- Labels to add to the ServiceAccount if clusterChecksRunner.rbac.dedicated is true + serviceAccountAdditionalLabels: {} + + # clusterChecksRunner.rbac.automountServiceAccountToken -- If true, automatically mount the ServiceAccount's API credentials if clusterChecksRunner.rbac.create is true automountServiceAccountToken: true diff --git a/test/datadog/baseline/agent-clusterchecks-deployment_default.yaml b/test/datadog/baseline/agent-clusterchecks-deployment_default.yaml index f421d6f46..2dd74a7ad 100644 --- a/test/datadog/baseline/agent-clusterchecks-deployment_default.yaml +++ b/test/datadog/baseline/agent-clusterchecks-deployment_default.yaml @@ -6,7 +6,7 @@ metadata: name: datadog-clusterchecks namespace: datadog-agent labels: - helm.sh/chart: 'datadog-3.90.2' + helm.sh/chart: 'datadog-3.94.0' app.kubernetes.io/name: "datadog" app.kubernetes.io/instance: "datadog" app.kubernetes.io/managed-by: Helm @@ -36,8 +36,8 @@ spec: name: datadog-clusterchecks annotations: - checksum/clusteragent_token: 394df2a714d93c44949d7e7af42bb700e71308f40a965692b4e883443c31a1e1 - checksum/install_info: 8259f0118cc24f897cb93f1c9bc5e8758de1ba559ec3ed571df7ad67c9d31a24 + checksum/clusteragent_token: d9b3af416ecff4819b57dfe0c64429d869712b3b36f947eb85b9311a05d79192 + checksum/install_info: f22e5b8c2c7eff515e831f89ce1cba51ae3b2b4280f08c7dbacca373c3ac097f spec: serviceAccountName: datadog-cluster-checks automountServiceAccountToken: true diff --git a/test/datadog/baseline/cluster-agent-deployment_default.yaml b/test/datadog/baseline/cluster-agent-deployment_default.yaml index 372905f24..a7d1779d2 100644 --- a/test/datadog/baseline/cluster-agent-deployment_default.yaml +++ b/test/datadog/baseline/cluster-agent-deployment_default.yaml @@ -6,7 +6,7 @@ metadata: name: datadog-cluster-agent namespace: datadog-agent labels: - helm.sh/chart: 'datadog-3.90.2' + helm.sh/chart: 'datadog-3.94.0' app.kubernetes.io/name: "datadog" app.kubernetes.io/instance: "datadog" app.kubernetes.io/managed-by: Helm @@ -36,11 +36,11 @@ spec: name: datadog-cluster-agent annotations: - checksum/clusteragent_token: e0c4e91dfb160d295654179552a2736fd59d331036ee62125156748843b613b3 - checksum/clusteragent-configmap: 63ca8b61b95408ae798632fed914c711a7a3492cadf4caf2d7d3981ca9f091c2 - checksum/api_key: 0b1dc9b6f97901330e2dfcb5dd8e06eeab960aa872f18b04e9aec5dd64030c9b + checksum/clusteragent_token: 771d105929d3021acd21a2f768baaf4bbe522635b4a4184bc0e995f59685b55d + checksum/clusteragent-configmap: 526621b6025adf66ae46fbbd8477ca9f9683c7db50f65e84d449c5d8c8a66f02 + checksum/api_key: 8122e1d841c3b3d38f070ddb0ea377f20a7c47efd4f50cc2107281eacd6b6bb0 checksum/application_key: 01ba4719c80b6fe911b091a7c05124b64eeece964e09c058ef8f9805daca546b - checksum/install_info: 8259f0118cc24f897cb93f1c9bc5e8758de1ba559ec3ed571df7ad67c9d31a24 + checksum/install_info: f22e5b8c2c7eff515e831f89ce1cba51ae3b2b4280f08c7dbacca373c3ac097f spec: serviceAccountName: datadog-cluster-agent automountServiceAccountToken: true diff --git a/test/datadog/baseline/cluster-agent-deployment_default_advanced_AC_injection.yaml b/test/datadog/baseline/cluster-agent-deployment_default_advanced_AC_injection.yaml index 92a21dc8e..1773f7869 100644 --- a/test/datadog/baseline/cluster-agent-deployment_default_advanced_AC_injection.yaml +++ b/test/datadog/baseline/cluster-agent-deployment_default_advanced_AC_injection.yaml @@ -6,7 +6,7 @@ metadata: name: datadog-cluster-agent namespace: datadog-agent labels: - helm.sh/chart: 'datadog-3.90.2' + helm.sh/chart: 'datadog-3.94.0' app.kubernetes.io/name: "datadog" app.kubernetes.io/instance: "datadog" app.kubernetes.io/managed-by: Helm @@ -36,11 +36,11 @@ spec: name: datadog-cluster-agent annotations: - checksum/clusteragent_token: d6c63a0df284f4d85997d84e0da07ac7a76e8cf4402aa6355b55cfd96b210f23 - checksum/clusteragent-configmap: 63ca8b61b95408ae798632fed914c711a7a3492cadf4caf2d7d3981ca9f091c2 - checksum/api_key: 0b1dc9b6f97901330e2dfcb5dd8e06eeab960aa872f18b04e9aec5dd64030c9b + checksum/clusteragent_token: 4eed4c4ff3c9fb2e8477919438698cb7ac0b982f10a744099dd77af952b777c2 + checksum/clusteragent-configmap: 526621b6025adf66ae46fbbd8477ca9f9683c7db50f65e84d449c5d8c8a66f02 + checksum/api_key: 8122e1d841c3b3d38f070ddb0ea377f20a7c47efd4f50cc2107281eacd6b6bb0 checksum/application_key: 01ba4719c80b6fe911b091a7c05124b64eeece964e09c058ef8f9805daca546b - checksum/install_info: 8259f0118cc24f897cb93f1c9bc5e8758de1ba559ec3ed571df7ad67c9d31a24 + checksum/install_info: f22e5b8c2c7eff515e831f89ce1cba51ae3b2b4280f08c7dbacca373c3ac097f spec: serviceAccountName: datadog-cluster-agent automountServiceAccountToken: true diff --git a/test/datadog/baseline/cluster-agent-deployment_default_minimal_AC_injection.yaml b/test/datadog/baseline/cluster-agent-deployment_default_minimal_AC_injection.yaml index dc1945ff7..fb7dfda80 100644 --- a/test/datadog/baseline/cluster-agent-deployment_default_minimal_AC_injection.yaml +++ b/test/datadog/baseline/cluster-agent-deployment_default_minimal_AC_injection.yaml @@ -6,7 +6,7 @@ metadata: name: datadog-cluster-agent namespace: datadog-agent labels: - helm.sh/chart: 'datadog-3.90.2' + helm.sh/chart: 'datadog-3.94.0' app.kubernetes.io/name: "datadog" app.kubernetes.io/instance: "datadog" app.kubernetes.io/managed-by: Helm @@ -36,11 +36,11 @@ spec: name: datadog-cluster-agent annotations: - checksum/clusteragent_token: d55d3311edfc5f652f0fe73d2131312641abcd9e521e11fbcb9b3b62daed9217 - checksum/clusteragent-configmap: 63ca8b61b95408ae798632fed914c711a7a3492cadf4caf2d7d3981ca9f091c2 - checksum/api_key: 0b1dc9b6f97901330e2dfcb5dd8e06eeab960aa872f18b04e9aec5dd64030c9b + checksum/clusteragent_token: 50ce670f2c8620a094fa935fdc1b8868a9a96c7e2e79abb0b5ac70b4e382f509 + checksum/clusteragent-configmap: 526621b6025adf66ae46fbbd8477ca9f9683c7db50f65e84d449c5d8c8a66f02 + checksum/api_key: 8122e1d841c3b3d38f070ddb0ea377f20a7c47efd4f50cc2107281eacd6b6bb0 checksum/application_key: 01ba4719c80b6fe911b091a7c05124b64eeece964e09c058ef8f9805daca546b - checksum/install_info: 8259f0118cc24f897cb93f1c9bc5e8758de1ba559ec3ed571df7ad67c9d31a24 + checksum/install_info: f22e5b8c2c7eff515e831f89ce1cba51ae3b2b4280f08c7dbacca373c3ac097f spec: serviceAccountName: datadog-cluster-agent automountServiceAccountToken: true diff --git a/test/datadog/baseline/daemonset_default.yaml b/test/datadog/baseline/daemonset_default.yaml index cc59fed14..091d217e5 100644 --- a/test/datadog/baseline/daemonset_default.yaml +++ b/test/datadog/baseline/daemonset_default.yaml @@ -6,7 +6,7 @@ metadata: name: datadog namespace: datadog-agent labels: - helm.sh/chart: 'datadog-3.90.2' + helm.sh/chart: 'datadog-3.94.0' app.kubernetes.io/name: "datadog" app.kubernetes.io/instance: "datadog" app.kubernetes.io/managed-by: Helm @@ -30,8 +30,8 @@ spec: name: datadog annotations: - checksum/clusteragent_token: a4cd0b2eccf03f28de831e4664477e73354ae56f0dedfcec33e85f0e2b0da008 - checksum/install_info: 8259f0118cc24f897cb93f1c9bc5e8758de1ba559ec3ed571df7ad67c9d31a24 + checksum/clusteragent_token: 63460e3fbf5bf6ce23a5e2e71e18ca3674fe22b92bb3c666c6b2a1ebfdae397d + checksum/install_info: f22e5b8c2c7eff515e831f89ce1cba51ae3b2b4280f08c7dbacca373c3ac097f checksum/autoconf-config: 74234e98afe7498fb5daf1f36ac2d78acc339464f950703b8c019892f982b90b checksum/confd-config: 44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a checksum/checksd-config: 44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a diff --git a/test/datadog/baseline/gdc_daemonset_default.yaml b/test/datadog/baseline/gdc_daemonset_default.yaml index 6c0b89e28..ec12b4ed0 100644 --- a/test/datadog/baseline/gdc_daemonset_default.yaml +++ b/test/datadog/baseline/gdc_daemonset_default.yaml @@ -6,7 +6,7 @@ metadata: name: datadog namespace: datadog-agent labels: - helm.sh/chart: 'datadog-3.90.2' + helm.sh/chart: 'datadog-3.94.0' app.kubernetes.io/name: "datadog" app.kubernetes.io/instance: "datadog" app.kubernetes.io/managed-by: Helm @@ -30,8 +30,8 @@ spec: env.datadoghq.com/kind: gke-gdc name: datadog annotations: - checksum/clusteragent_token: 7024d7bbb843ff1e8f222957eb1366a7e2e4cade071aeac406df417976aa5d65 - checksum/install_info: 8259f0118cc24f897cb93f1c9bc5e8758de1ba559ec3ed571df7ad67c9d31a24 + checksum/clusteragent_token: 7ea7ba292c47ff4bb9428c79db844d419821934dd23f00ab15178a294a24eea6 + checksum/install_info: f22e5b8c2c7eff515e831f89ce1cba51ae3b2b4280f08c7dbacca373c3ac097f checksum/autoconf-config: 74234e98afe7498fb5daf1f36ac2d78acc339464f950703b8c019892f982b90b checksum/confd-config: 44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a checksum/checksd-config: 44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a diff --git a/test/datadog/baseline/gdc_daemonset_logs_collection.yaml b/test/datadog/baseline/gdc_daemonset_logs_collection.yaml index e00c5e9ed..124a4583b 100644 --- a/test/datadog/baseline/gdc_daemonset_logs_collection.yaml +++ b/test/datadog/baseline/gdc_daemonset_logs_collection.yaml @@ -6,7 +6,7 @@ metadata: name: datadog namespace: datadog-agent labels: - helm.sh/chart: 'datadog-3.90.2' + helm.sh/chart: 'datadog-3.94.0' app.kubernetes.io/name: "datadog" app.kubernetes.io/instance: "datadog" app.kubernetes.io/managed-by: Helm @@ -30,8 +30,8 @@ spec: env.datadoghq.com/kind: gke-gdc name: datadog annotations: - checksum/clusteragent_token: bedf4b98bef468ea34a4e0b4d6d8794d096157170b4f2941744ad406708bc97e - checksum/install_info: 8259f0118cc24f897cb93f1c9bc5e8758de1ba559ec3ed571df7ad67c9d31a24 + checksum/clusteragent_token: ecd2ba8ac890860d56ebbef729ec7282e9c0ca9d71fc1f1b4308a5bd898ea809 + checksum/install_info: f22e5b8c2c7eff515e831f89ce1cba51ae3b2b4280f08c7dbacca373c3ac097f checksum/autoconf-config: 74234e98afe7498fb5daf1f36ac2d78acc339464f950703b8c019892f982b90b checksum/confd-config: 44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a checksum/checksd-config: 44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a diff --git a/test/datadog/baseline/other_default.yaml b/test/datadog/baseline/other_default.yaml index b443c38b8..1c65c7ee1 100644 --- a/test/datadog/baseline/other_default.yaml +++ b/test/datadog/baseline/other_default.yaml @@ -6,7 +6,7 @@ metadata: name: datadog-clusterchecks namespace: datadog-agent labels: - helm.sh/chart: 'datadog-3.90.2' + helm.sh/chart: 'datadog-3.94.0' app.kubernetes.io/name: "datadog" app.kubernetes.io/instance: "datadog" app.kubernetes.io/managed-by: Helm @@ -24,7 +24,7 @@ metadata: name: datadog-cluster-agent namespace: datadog-agent labels: - helm.sh/chart: 'datadog-3.90.2' + helm.sh/chart: 'datadog-3.94.0' app.kubernetes.io/name: "datadog" app.kubernetes.io/instance: "datadog" app.kubernetes.io/managed-by: Helm @@ -41,13 +41,13 @@ kind: ServiceAccount automountServiceAccountToken: true metadata: labels: - helm.sh/chart: 'datadog-3.90.2' + helm.sh/chart: 'datadog-3.94.0' app.kubernetes.io/name: "datadog" app.kubernetes.io/instance: "datadog" app.kubernetes.io/managed-by: Helm app.kubernetes.io/version: "7" app: "datadog" - chart: "datadog-3.90.2" + chart: "datadog-3.94.0" heritage: "Helm" release: "datadog" name: datadog-cluster-checks @@ -60,10 +60,10 @@ automountServiceAccountToken: true metadata: labels: app: "datadog" - chart: "datadog-3.90.2" + chart: "datadog-3.94.0" heritage: "Helm" release: "datadog" - helm.sh/chart: 'datadog-3.90.2' + helm.sh/chart: 'datadog-3.94.0' app.kubernetes.io/name: "datadog" app.kubernetes.io/instance: "datadog" app.kubernetes.io/managed-by: Helm @@ -79,7 +79,7 @@ metadata: name: datadog namespace: datadog-agent labels: - helm.sh/chart: 'datadog-3.90.2' + helm.sh/chart: 'datadog-3.94.0' app.kubernetes.io/name: "datadog" app.kubernetes.io/instance: "datadog" app.kubernetes.io/managed-by: Helm @@ -92,14 +92,14 @@ metadata: name: datadog-cluster-agent namespace: datadog-agent labels: - helm.sh/chart: 'datadog-3.90.2' + helm.sh/chart: 'datadog-3.94.0' app.kubernetes.io/name: "datadog" app.kubernetes.io/instance: "datadog" app.kubernetes.io/managed-by: Helm app.kubernetes.io/version: "7" type: Opaque data: - token: "U0JzMkhyYkIxRFBvck8wTG1QNzRDV1JZNGl3ZU5uNWk=" + token: "Z3RQU2hXVXl6RUIxUXRoMnQ3OVNwNk9PaDJHSXZ6TFk=" --- # Source: datadog/templates/cluster-agent-confd-configmap.yaml apiVersion: v1 @@ -108,7 +108,7 @@ metadata: name: datadog-cluster-agent-confd namespace: datadog-agent labels: - helm.sh/chart: 'datadog-3.90.2' + helm.sh/chart: 'datadog-3.94.0' app.kubernetes.io/name: "datadog" app.kubernetes.io/instance: "datadog" app.kubernetes.io/managed-by: Helm @@ -164,20 +164,20 @@ metadata: name: datadog-installinfo namespace: datadog-agent labels: - helm.sh/chart: 'datadog-3.90.2' + helm.sh/chart: 'datadog-3.94.0' app.kubernetes.io/name: "datadog" app.kubernetes.io/instance: "datadog" app.kubernetes.io/managed-by: Helm app.kubernetes.io/version: "7" annotations: - checksum/install_info: 8259f0118cc24f897cb93f1c9bc5e8758de1ba559ec3ed571df7ad67c9d31a24 + checksum/install_info: f22e5b8c2c7eff515e831f89ce1cba51ae3b2b4280f08c7dbacca373c3ac097f data: install_info: | --- install_method: tool: helm tool_version: Helm - installer_version: datadog-3.90.2 + installer_version: datadog-3.94.0 --- # Source: datadog/templates/kpi-telemetry-configmap.yaml apiVersion: v1 @@ -186,22 +186,22 @@ metadata: name: datadog-kpi-telemetry-configmap namespace: datadog-agent labels: - helm.sh/chart: 'datadog-3.90.2' + helm.sh/chart: 'datadog-3.94.0' app.kubernetes.io/name: "datadog" app.kubernetes.io/instance: "datadog" app.kubernetes.io/managed-by: Helm app.kubernetes.io/version: "7" data: install_type: k8s_manual - install_id: "5c5bd57c-0417-48c1-b534-8cb328f6b262" - install_time: "1738953116" + install_id: "7ab6981b-5b1d-4490-82ec-22b25031e1ef" + install_time: "1739998016" --- # Source: datadog/templates/cluster-agent-rbac.yaml apiVersion: "rbac.authorization.k8s.io/v1" kind: ClusterRole metadata: labels: - helm.sh/chart: 'datadog-3.90.2' + helm.sh/chart: 'datadog-3.94.0' app.kubernetes.io/name: "datadog" app.kubernetes.io/instance: "datadog" app.kubernetes.io/managed-by: Helm @@ -426,7 +426,7 @@ apiVersion: "rbac.authorization.k8s.io/v1" kind: ClusterRole metadata: labels: - helm.sh/chart: 'datadog-3.90.2' + helm.sh/chart: 'datadog-3.94.0' app.kubernetes.io/name: "datadog" app.kubernetes.io/instance: "datadog" app.kubernetes.io/managed-by: Helm @@ -522,7 +522,7 @@ kind: ClusterRole metadata: name: datadog labels: - helm.sh/chart: 'datadog-3.90.2' + helm.sh/chart: 'datadog-3.94.0' app.kubernetes.io/name: "datadog" app.kubernetes.io/instance: "datadog" app.kubernetes.io/managed-by: Helm @@ -577,7 +577,7 @@ apiVersion: "rbac.authorization.k8s.io/v1" kind: ClusterRoleBinding metadata: labels: - helm.sh/chart: 'datadog-3.90.2' + helm.sh/chart: 'datadog-3.94.0' app.kubernetes.io/name: "datadog" app.kubernetes.io/instance: "datadog" app.kubernetes.io/managed-by: Helm @@ -597,7 +597,7 @@ apiVersion: "rbac.authorization.k8s.io/v1" kind: ClusterRoleBinding metadata: labels: - helm.sh/chart: 'datadog-3.90.2' + helm.sh/chart: 'datadog-3.94.0' app.kubernetes.io/name: "datadog" app.kubernetes.io/instance: "datadog" app.kubernetes.io/managed-by: Helm @@ -617,7 +617,7 @@ apiVersion: "rbac.authorization.k8s.io/v1" kind: ClusterRoleBinding metadata: labels: - helm.sh/chart: 'datadog-3.90.2' + helm.sh/chart: 'datadog-3.94.0' app.kubernetes.io/name: "datadog" app.kubernetes.io/instance: "datadog" app.kubernetes.io/managed-by: Helm @@ -638,7 +638,7 @@ kind: ClusterRoleBinding metadata: name: datadog labels: - helm.sh/chart: 'datadog-3.90.2' + helm.sh/chart: 'datadog-3.94.0' app.kubernetes.io/name: "datadog" app.kubernetes.io/instance: "datadog" app.kubernetes.io/managed-by: Helm @@ -657,7 +657,7 @@ apiVersion: "rbac.authorization.k8s.io/v1" kind: Role metadata: labels: - helm.sh/chart: 'datadog-3.90.2' + helm.sh/chart: 'datadog-3.94.0' app.kubernetes.io/name: "datadog" app.kubernetes.io/instance: "datadog" app.kubernetes.io/managed-by: Helm @@ -674,7 +674,7 @@ apiVersion: "rbac.authorization.k8s.io/v1" kind: Role metadata: labels: - helm.sh/chart: 'datadog-3.90.2' + helm.sh/chart: 'datadog-3.94.0' app.kubernetes.io/name: "datadog" app.kubernetes.io/instance: "datadog" app.kubernetes.io/managed-by: Helm @@ -696,7 +696,7 @@ apiVersion: "rbac.authorization.k8s.io/v1" kind: RoleBinding metadata: labels: - helm.sh/chart: 'datadog-3.90.2' + helm.sh/chart: 'datadog-3.94.0' app.kubernetes.io/name: "datadog" app.kubernetes.io/instance: "datadog" app.kubernetes.io/managed-by: Helm @@ -717,7 +717,7 @@ apiVersion: "rbac.authorization.k8s.io/v1" kind: RoleBinding metadata: labels: - helm.sh/chart: 'datadog-3.90.2' + helm.sh/chart: 'datadog-3.94.0' app.kubernetes.io/name: "datadog" app.kubernetes.io/instance: "datadog" app.kubernetes.io/managed-by: Helm @@ -740,7 +740,7 @@ metadata: name: datadog-cluster-agent namespace: datadog-agent labels: - helm.sh/chart: 'datadog-3.90.2' + helm.sh/chart: 'datadog-3.94.0' app.kubernetes.io/name: "datadog" app.kubernetes.io/instance: "datadog" app.kubernetes.io/managed-by: Helm @@ -762,10 +762,10 @@ metadata: namespace: datadog-agent labels: app: "datadog" - chart: "datadog-3.90.2" + chart: "datadog-3.94.0" release: "datadog" heritage: "Helm" - helm.sh/chart: 'datadog-3.90.2' + helm.sh/chart: 'datadog-3.94.0' app.kubernetes.io/name: "datadog" app.kubernetes.io/instance: "datadog" app.kubernetes.io/managed-by: Helm @@ -788,10 +788,10 @@ metadata: namespace: datadog-agent labels: app: "datadog" - chart: "datadog-3.90.2" + chart: "datadog-3.94.0" release: "datadog" heritage: "Helm" - helm.sh/chart: 'datadog-3.90.2' + helm.sh/chart: 'datadog-3.94.0' app.kubernetes.io/name: "datadog" app.kubernetes.io/instance: "datadog" app.kubernetes.io/managed-by: Helm @@ -817,7 +817,7 @@ metadata: name: datadog namespace: datadog-agent labels: - helm.sh/chart: 'datadog-3.90.2' + helm.sh/chart: 'datadog-3.94.0' app.kubernetes.io/name: "datadog" app.kubernetes.io/instance: "datadog" app.kubernetes.io/managed-by: Helm @@ -841,8 +841,8 @@ spec: name: datadog annotations: - checksum/clusteragent_token: 57839c61024e0fb56fbc9cf5bf891294305790e426e1d37d8a07c66e429dd6ff - checksum/install_info: 8259f0118cc24f897cb93f1c9bc5e8758de1ba559ec3ed571df7ad67c9d31a24 + checksum/clusteragent_token: 76b7e48f3b6f5a69bd69caca36858256aecfe72ae9482cb3cff7176bfba8c1bb + checksum/install_info: f22e5b8c2c7eff515e831f89ce1cba51ae3b2b4280f08c7dbacca373c3ac097f checksum/autoconf-config: 74234e98afe7498fb5daf1f36ac2d78acc339464f950703b8c019892f982b90b checksum/confd-config: 44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a checksum/checksd-config: 44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a @@ -1245,7 +1245,7 @@ metadata: name: datadog-clusterchecks namespace: datadog-agent labels: - helm.sh/chart: 'datadog-3.90.2' + helm.sh/chart: 'datadog-3.94.0' app.kubernetes.io/name: "datadog" app.kubernetes.io/instance: "datadog" app.kubernetes.io/managed-by: Helm @@ -1275,8 +1275,8 @@ spec: name: datadog-clusterchecks annotations: - checksum/clusteragent_token: 02cf46203805767658d4eb2e04fe2bc4f920b2ef88de243386c6edb94b2b9245 - checksum/install_info: 8259f0118cc24f897cb93f1c9bc5e8758de1ba559ec3ed571df7ad67c9d31a24 + checksum/clusteragent_token: daa174eddd987c6413de2d94a6369e9241c95486be083fe1a97f1ec6a65e4040 + checksum/install_info: f22e5b8c2c7eff515e831f89ce1cba51ae3b2b4280f08c7dbacca373c3ac097f spec: serviceAccountName: datadog-cluster-checks automountServiceAccountToken: true @@ -1437,7 +1437,7 @@ metadata: name: datadog-cluster-agent namespace: datadog-agent labels: - helm.sh/chart: 'datadog-3.90.2' + helm.sh/chart: 'datadog-3.94.0' app.kubernetes.io/name: "datadog" app.kubernetes.io/instance: "datadog" app.kubernetes.io/managed-by: Helm @@ -1467,9 +1467,9 @@ spec: name: datadog-cluster-agent annotations: - checksum/clusteragent_token: b1896a49dde5621ec92bf9c838646851815d6b4a4c065ee35b756ed3ec9bfdd7 - checksum/clusteragent-configmap: 18570665d455b75e30f7ad1a42673e45d231713be79b4bb27ef3b30162cbb996 - checksum/install_info: 8259f0118cc24f897cb93f1c9bc5e8758de1ba559ec3ed571df7ad67c9d31a24 + checksum/clusteragent_token: d2e4a6d1ba18dde0aec744258e2bee3527c24715f206a6eb1b14e4c216f30345 + checksum/clusteragent-configmap: 3e1d28b00f05be6ed53a01f58794b605d25fcc847c2348f7ede166ee0f2ee128 + checksum/install_info: f22e5b8c2c7eff515e831f89ce1cba51ae3b2b4280f08c7dbacca373c3ac097f spec: serviceAccountName: datadog-cluster-agent automountServiceAccountToken: true From ee00f3b63ff415027bb1794c988d0d48f8a50679 Mon Sep 17 00:00:00 2001 From: mrmcpat <109171317+mrdoggopat@users.noreply.github.com> Date: Thu, 20 Feb 2025 15:04:05 -0500 Subject: [PATCH 22/45] Fix a bug where setting `datadog.containerImageCollection.enabled` to `false` does not disable image collection (#1710) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit * fix bug disabling image collection * Update charts/datadog/templates/_container-agent.yaml Co-authored-by: Celene * Update charts/datadog/CHANGELOG.md Co-authored-by: Lénaïc Huard --------- Co-authored-by: Celene Co-authored-by: Lénaïc Huard --- charts/datadog/CHANGELOG.md | 4 ++++ charts/datadog/Chart.yaml | 2 +- charts/datadog/README.md | 2 +- charts/datadog/templates/_container-agent.yaml | 4 +--- 4 files changed, 7 insertions(+), 5 deletions(-) diff --git a/charts/datadog/CHANGELOG.md b/charts/datadog/CHANGELOG.md index 2f60e88a6..1b50302da 100644 --- a/charts/datadog/CHANGELOG.md +++ b/charts/datadog/CHANGELOG.md @@ -1,5 +1,9 @@ # Datadog changelog +## 3.95.0 + +* Fix a bug where setting `datadog.containerImageCollection.enabled` to `false` does not disable image collection. + ## 3.94.0 * Support adding labels to the Agent service account via `agents.rbac.serviceAccountAdditionalLabels`. diff --git a/charts/datadog/Chart.yaml b/charts/datadog/Chart.yaml index 002114877..9842817dd 100644 --- a/charts/datadog/Chart.yaml +++ b/charts/datadog/Chart.yaml @@ -1,7 +1,7 @@ --- apiVersion: v1 name: datadog -version: 3.94.0 +version: 3.95.0 appVersion: "7" description: Datadog Agent keywords: diff --git a/charts/datadog/README.md b/charts/datadog/README.md index cf78b6cea..53a274108 100644 --- a/charts/datadog/README.md +++ b/charts/datadog/README.md @@ -1,6 +1,6 @@ # Datadog -![Version: 3.94.0](https://img.shields.io/badge/Version-3.94.0-informational?style=flat-square) ![AppVersion: 7](https://img.shields.io/badge/AppVersion-7-informational?style=flat-square) +![Version: 3.95.0](https://img.shields.io/badge/Version-3.95.0-informational?style=flat-square) ![AppVersion: 7](https://img.shields.io/badge/AppVersion-7-informational?style=flat-square) [Datadog](https://www.datadoghq.com/) is a hosted infrastructure monitoring platform. This chart adds the Datadog Agent to all nodes in your cluster via a DaemonSet. It also optionally depends on the [kube-state-metrics chart](https://github.com/prometheus-community/helm-charts/tree/main/charts/kube-state-metrics). For more information about monitoring Kubernetes with Datadog, please refer to the [Datadog documentation website](https://docs.datadoghq.com/agent/basic_agent_usage/kubernetes/). diff --git a/charts/datadog/templates/_container-agent.yaml b/charts/datadog/templates/_container-agent.yaml index 1bda81b9d..46bcd6e26 100644 --- a/charts/datadog/templates/_container-agent.yaml +++ b/charts/datadog/templates/_container-agent.yaml @@ -172,10 +172,8 @@ value: {{ .Values.datadog.expvarPort | quote }} - name: DD_COMPLIANCE_CONFIG_ENABLED value: {{ .Values.datadog.securityAgent.compliance.enabled | quote }} - {{- if eq (include "should-enable-container-image-collection" .) "true" }} - name: DD_CONTAINER_IMAGE_ENABLED - value: "true" - {{- end }} + value: {{ include "should-enable-container-image-collection" . | quote }} {{- if or (eq (include "should-enable-sbom-host-fs-collection" .) "true") (eq (include "should-enable-sbom-container-image-collection" .) "true") }} - name: DD_SBOM_ENABLED value: "true" From fd84419158968185e5451ef7679a3c0728a00d42 Mon Sep 17 00:00:00 2001 From: Vincent Boulineau <58430298+vboulineau@users.noreply.github.com> Date: Mon, 24 Feb 2025 16:04:53 +0100 Subject: [PATCH 23/45] Bump Agent version to 7.63 (#1715) --- charts/datadog/CHANGELOG.md | 4 ++++ charts/datadog/Chart.yaml | 2 +- charts/datadog/README.md | 8 ++++---- charts/datadog/values.yaml | 6 +++--- ...agent-clusterchecks-deployment_default.yaml | 6 +++--- .../cluster-agent-deployment_default.yaml | 4 ++-- ...ployment_default_advanced_AC_injection.yaml | 4 ++-- ...eployment_default_minimal_AC_injection.yaml | 6 +++--- test/datadog/baseline/daemonset_default.yaml | 8 ++++---- .../baseline/gdc_daemonset_default.yaml | 6 +++--- .../gdc_daemonset_logs_collection.yaml | 6 +++--- test/datadog/baseline/other_default.yaml | 18 +++++++++--------- 12 files changed, 41 insertions(+), 37 deletions(-) diff --git a/charts/datadog/CHANGELOG.md b/charts/datadog/CHANGELOG.md index 1b50302da..7b80b9644 100644 --- a/charts/datadog/CHANGELOG.md +++ b/charts/datadog/CHANGELOG.md @@ -1,5 +1,9 @@ # Datadog changelog +## 3.96.0 + +* Upgrade default Agent version to `7.63.0`. + ## 3.95.0 * Fix a bug where setting `datadog.containerImageCollection.enabled` to `false` does not disable image collection. diff --git a/charts/datadog/Chart.yaml b/charts/datadog/Chart.yaml index 9842817dd..7a5f5eeda 100644 --- a/charts/datadog/Chart.yaml +++ b/charts/datadog/Chart.yaml @@ -1,7 +1,7 @@ --- apiVersion: v1 name: datadog -version: 3.95.0 +version: 3.96.0 appVersion: "7" description: Datadog Agent keywords: diff --git a/charts/datadog/README.md b/charts/datadog/README.md index 53a274108..5a3df46be 100644 --- a/charts/datadog/README.md +++ b/charts/datadog/README.md @@ -1,6 +1,6 @@ # Datadog -![Version: 3.95.0](https://img.shields.io/badge/Version-3.95.0-informational?style=flat-square) ![AppVersion: 7](https://img.shields.io/badge/AppVersion-7-informational?style=flat-square) +![Version: 3.96.0](https://img.shields.io/badge/Version-3.96.0-informational?style=flat-square) ![AppVersion: 7](https://img.shields.io/badge/AppVersion-7-informational?style=flat-square) [Datadog](https://www.datadoghq.com/) is a hosted infrastructure monitoring platform. This chart adds the Datadog Agent to all nodes in your cluster via a DaemonSet. It also optionally depends on the [kube-state-metrics chart](https://github.com/prometheus-community/helm-charts/tree/main/charts/kube-state-metrics). For more information about monitoring Kubernetes with Datadog, please refer to the [Datadog documentation website](https://docs.datadoghq.com/agent/basic_agent_usage/kubernetes/). @@ -525,7 +525,7 @@ helm install \ | agents.image.pullPolicy | string | `"IfNotPresent"` | Datadog Agent image pull policy | | agents.image.pullSecrets | list | `[]` | Datadog Agent repository pullSecret (ex: specify docker registry credentials) | | agents.image.repository | string | `nil` | Override default registry + image.name for Agent | -| agents.image.tag | string | `"7.62.0"` | Define the Agent version to use | +| agents.image.tag | string | `"7.63.0"` | Define the Agent version to use | | agents.image.tagSuffix | string | `""` | Suffix to append to Agent tag | | agents.localService.forceLocalServiceEnabled | bool | `false` | Force the creation of the internal traffic policy service to target the agent running on the local node. By default, the internal traffic service is created only on Kubernetes 1.22+ where the feature became beta and enabled by default. This option allows to force the creation of the internal traffic service on kubernetes 1.21 where the feature was alpha and required a feature gate to be explicitly enabled. | | agents.localService.overrideName | string | `""` | Name of the internal traffic service to target the agent running on the local node | @@ -608,7 +608,7 @@ helm install \ | clusterAgent.image.pullPolicy | string | `"IfNotPresent"` | Cluster Agent image pullPolicy | | clusterAgent.image.pullSecrets | list | `[]` | Cluster Agent repository pullSecret (ex: specify docker registry credentials) | | clusterAgent.image.repository | string | `nil` | Override default registry + image.name for Cluster Agent | -| clusterAgent.image.tag | string | `"7.62.0"` | Cluster Agent image tag to use | +| clusterAgent.image.tag | string | `"7.63.0"` | Cluster Agent image tag to use | | clusterAgent.kubernetesApiserverCheck.disableUseComponentStatus | bool | `false` | Set this to true to disable use_component_status for the kube_apiserver integration. | | clusterAgent.livenessProbe | object | Every 15s / 6 KO / 1 OK | Override default Cluster Agent liveness probe settings | | clusterAgent.metricsProvider.aggregator | string | `"avg"` | Define the aggregator the cluster agent will use to process the metrics. The options are (avg, min, max, sum) | @@ -664,7 +664,7 @@ helm install \ | clusterChecksRunner.image.pullPolicy | string | `"IfNotPresent"` | Datadog Agent image pull policy | | clusterChecksRunner.image.pullSecrets | list | `[]` | Datadog Agent repository pullSecret (ex: specify docker registry credentials) | | clusterChecksRunner.image.repository | string | `nil` | Override default registry + image.name for Cluster Check Runners | -| clusterChecksRunner.image.tag | string | `"7.62.0"` | Define the Agent version to use | +| clusterChecksRunner.image.tag | string | `"7.63.0"` | Define the Agent version to use | | clusterChecksRunner.image.tagSuffix | string | `""` | Suffix to append to Agent tag | | clusterChecksRunner.livenessProbe | object | Every 15s / 6 KO / 1 OK | Override default agent liveness probe settings | | clusterChecksRunner.networkPolicy.create | bool | `false` | If true, create a NetworkPolicy for the cluster checks runners. DEPRECATED. Use datadog.networkPolicy.create instead | diff --git a/charts/datadog/values.yaml b/charts/datadog/values.yaml index 4e1e6d1dd..42197daa4 100644 --- a/charts/datadog/values.yaml +++ b/charts/datadog/values.yaml @@ -1042,7 +1042,7 @@ clusterAgent: name: cluster-agent # clusterAgent.image.tag -- Cluster Agent image tag to use - tag: 7.62.0 + tag: 7.63.0 # clusterAgent.image.digest -- Cluster Agent image digest to use, takes precedence over tag if specified digest: "" @@ -1566,7 +1566,7 @@ agents: name: agent # agents.image.tag -- Define the Agent version to use - tag: 7.62.0 + tag: 7.63.0 # agents.image.digest -- Define Agent image digest to use, takes precedence over tag if specified digest: "" @@ -2075,7 +2075,7 @@ clusterChecksRunner: name: agent # clusterChecksRunner.image.tag -- Define the Agent version to use - tag: 7.62.0 + tag: 7.63.0 # clusterChecksRunner.image.digest -- Define Agent image digest to use, takes precedence over tag if specified digest: "" diff --git a/test/datadog/baseline/agent-clusterchecks-deployment_default.yaml b/test/datadog/baseline/agent-clusterchecks-deployment_default.yaml index 2dd74a7ad..c99a44658 100644 --- a/test/datadog/baseline/agent-clusterchecks-deployment_default.yaml +++ b/test/datadog/baseline/agent-clusterchecks-deployment_default.yaml @@ -45,7 +45,7 @@ spec: [] initContainers: - name: init-volume - image: "gcr.io/datadoghq/agent:7.62.0" + image: "gcr.io/datadoghq/agent:7.63.0" imagePullPolicy: IfNotPresent command: ["bash", "-c"] args: @@ -57,7 +57,7 @@ spec: resources: {} - name: init-config - image: "gcr.io/datadoghq/agent:7.62.0" + image: "gcr.io/datadoghq/agent:7.63.0" imagePullPolicy: IfNotPresent command: ["bash", "-c"] args: @@ -70,7 +70,7 @@ spec: {} containers: - name: agent - image: "gcr.io/datadoghq/agent:7.62.0" + image: "gcr.io/datadoghq/agent:7.63.0" command: ["bash", "-c"] args: - find /etc/datadog-agent/conf.d/ -name "*.yaml.default" -type f -delete && touch /etc/datadog-agent/datadog.yaml && exec agent run diff --git a/test/datadog/baseline/cluster-agent-deployment_default.yaml b/test/datadog/baseline/cluster-agent-deployment_default.yaml index a7d1779d2..a37a19a0f 100644 --- a/test/datadog/baseline/cluster-agent-deployment_default.yaml +++ b/test/datadog/baseline/cluster-agent-deployment_default.yaml @@ -46,7 +46,7 @@ spec: automountServiceAccountToken: true initContainers: - name: init-volume - image: "gcr.io/datadoghq/cluster-agent:7.62.0" + image: "gcr.io/datadoghq/cluster-agent:7.63.0" imagePullPolicy: IfNotPresent command: - cp @@ -59,7 +59,7 @@ spec: mountPath: /opt/datadog-agent containers: - name: cluster-agent - image: "gcr.io/datadoghq/cluster-agent:7.62.0" + image: "gcr.io/datadoghq/cluster-agent:7.63.0" imagePullPolicy: IfNotPresent resources: {} diff --git a/test/datadog/baseline/cluster-agent-deployment_default_advanced_AC_injection.yaml b/test/datadog/baseline/cluster-agent-deployment_default_advanced_AC_injection.yaml index 1773f7869..adab2ea3a 100644 --- a/test/datadog/baseline/cluster-agent-deployment_default_advanced_AC_injection.yaml +++ b/test/datadog/baseline/cluster-agent-deployment_default_advanced_AC_injection.yaml @@ -46,7 +46,7 @@ spec: automountServiceAccountToken: true initContainers: - name: init-volume - image: "gcr.io/datadoghq/cluster-agent:7.62.0" + image: "gcr.io/datadoghq/cluster-agent:7.63.0" imagePullPolicy: IfNotPresent command: - cp @@ -59,7 +59,7 @@ spec: mountPath: /opt/datadog-agent containers: - name: cluster-agent - image: "gcr.io/datadoghq/cluster-agent:7.62.0" + image: "gcr.io/datadoghq/cluster-agent:7.63.0" imagePullPolicy: IfNotPresent resources: {} diff --git a/test/datadog/baseline/cluster-agent-deployment_default_minimal_AC_injection.yaml b/test/datadog/baseline/cluster-agent-deployment_default_minimal_AC_injection.yaml index fb7dfda80..0f62680f6 100644 --- a/test/datadog/baseline/cluster-agent-deployment_default_minimal_AC_injection.yaml +++ b/test/datadog/baseline/cluster-agent-deployment_default_minimal_AC_injection.yaml @@ -46,7 +46,7 @@ spec: automountServiceAccountToken: true initContainers: - name: init-volume - image: "gcr.io/datadoghq/cluster-agent:7.62.0" + image: "gcr.io/datadoghq/cluster-agent:7.63.0" imagePullPolicy: IfNotPresent command: - cp @@ -59,7 +59,7 @@ spec: mountPath: /opt/datadog-agent containers: - name: cluster-agent - image: "gcr.io/datadoghq/cluster-agent:7.62.0" + image: "gcr.io/datadoghq/cluster-agent:7.63.0" imagePullPolicy: IfNotPresent resources: {} @@ -130,7 +130,7 @@ spec: - name: DD_ADMISSION_CONTROLLER_AGENT_SIDECAR_IMAGE_NAME value: agent - name: DD_ADMISSION_CONTROLLER_AGENT_SIDECAR_IMAGE_TAG - value: 7.62.0 + value: 7.63.0 - name: DD_REMOTE_CONFIGURATION_ENABLED value: "false" - name: DD_CLUSTER_CHECKS_ENABLED diff --git a/test/datadog/baseline/daemonset_default.yaml b/test/datadog/baseline/daemonset_default.yaml index 091d217e5..fcb0f3e3f 100644 --- a/test/datadog/baseline/daemonset_default.yaml +++ b/test/datadog/baseline/daemonset_default.yaml @@ -42,7 +42,7 @@ spec: hostPID: true containers: - name: agent - image: "gcr.io/datadoghq/agent:7.62.0" + image: "gcr.io/datadoghq/agent:7.63.0" imagePullPolicy: IfNotPresent command: ["agent", "run"] @@ -207,7 +207,7 @@ spec: successThreshold: 1 timeoutSeconds: 5 - name: trace-agent - image: "gcr.io/datadoghq/agent:7.62.0" + image: "gcr.io/datadoghq/agent:7.63.0" imagePullPolicy: IfNotPresent command: ["trace-agent", "-config=/etc/datadog-agent/datadog.yaml"] resources: @@ -315,7 +315,7 @@ spec: timeoutSeconds: 5 initContainers: - name: init-volume - image: "gcr.io/datadoghq/agent:7.62.0" + image: "gcr.io/datadoghq/agent:7.63.0" imagePullPolicy: IfNotPresent command: ["bash", "-c"] args: @@ -327,7 +327,7 @@ spec: resources: {} - name: init-config - image: "gcr.io/datadoghq/agent:7.62.0" + image: "gcr.io/datadoghq/agent:7.63.0" imagePullPolicy: IfNotPresent command: - bash diff --git a/test/datadog/baseline/gdc_daemonset_default.yaml b/test/datadog/baseline/gdc_daemonset_default.yaml index ec12b4ed0..a6a69a261 100644 --- a/test/datadog/baseline/gdc_daemonset_default.yaml +++ b/test/datadog/baseline/gdc_daemonset_default.yaml @@ -41,7 +41,7 @@ spec: runAsUser: 0 containers: - name: agent - image: "gcr.io/datadoghq/agent:7.62.0" + image: "gcr.io/datadoghq/agent:7.63.0" imagePullPolicy: IfNotPresent command: ["agent", "run"] @@ -188,7 +188,7 @@ spec: timeoutSeconds: 5 initContainers: - name: init-volume - image: "gcr.io/datadoghq/agent:7.62.0" + image: "gcr.io/datadoghq/agent:7.63.0" imagePullPolicy: IfNotPresent command: ["bash", "-c"] args: @@ -200,7 +200,7 @@ spec: resources: {} - name: init-config - image: "gcr.io/datadoghq/agent:7.62.0" + image: "gcr.io/datadoghq/agent:7.63.0" imagePullPolicy: IfNotPresent command: - bash diff --git a/test/datadog/baseline/gdc_daemonset_logs_collection.yaml b/test/datadog/baseline/gdc_daemonset_logs_collection.yaml index 124a4583b..10f5cf884 100644 --- a/test/datadog/baseline/gdc_daemonset_logs_collection.yaml +++ b/test/datadog/baseline/gdc_daemonset_logs_collection.yaml @@ -41,7 +41,7 @@ spec: runAsUser: 0 containers: - name: agent - image: "gcr.io/datadoghq/agent:7.62.0" + image: "gcr.io/datadoghq/agent:7.63.0" imagePullPolicy: IfNotPresent command: ["agent", "run"] @@ -200,7 +200,7 @@ spec: timeoutSeconds: 5 initContainers: - name: init-volume - image: "gcr.io/datadoghq/agent:7.62.0" + image: "gcr.io/datadoghq/agent:7.63.0" imagePullPolicy: IfNotPresent command: ["bash", "-c"] args: @@ -212,7 +212,7 @@ spec: resources: {} - name: init-config - image: "gcr.io/datadoghq/agent:7.62.0" + image: "gcr.io/datadoghq/agent:7.63.0" imagePullPolicy: IfNotPresent command: - bash diff --git a/test/datadog/baseline/other_default.yaml b/test/datadog/baseline/other_default.yaml index 1c65c7ee1..7685e8bf4 100644 --- a/test/datadog/baseline/other_default.yaml +++ b/test/datadog/baseline/other_default.yaml @@ -853,7 +853,7 @@ spec: hostPID: true containers: - name: agent - image: "gcr.io/datadoghq/agent:7.62.0" + image: "gcr.io/datadoghq/agent:7.63.0" imagePullPolicy: IfNotPresent command: ["agent", "run"] @@ -1019,7 +1019,7 @@ spec: successThreshold: 1 timeoutSeconds: 5 - name: trace-agent - image: "gcr.io/datadoghq/agent:7.62.0" + image: "gcr.io/datadoghq/agent:7.63.0" imagePullPolicy: IfNotPresent command: ["trace-agent", "-config=/etc/datadog-agent/datadog.yaml"] resources: @@ -1127,7 +1127,7 @@ spec: timeoutSeconds: 5 initContainers: - name: init-volume - image: "gcr.io/datadoghq/agent:7.62.0" + image: "gcr.io/datadoghq/agent:7.63.0" imagePullPolicy: IfNotPresent command: ["bash", "-c"] args: @@ -1139,7 +1139,7 @@ spec: resources: {} - name: init-config - image: "gcr.io/datadoghq/agent:7.62.0" + image: "gcr.io/datadoghq/agent:7.63.0" imagePullPolicy: IfNotPresent command: - bash @@ -1284,7 +1284,7 @@ spec: [] initContainers: - name: init-volume - image: "gcr.io/datadoghq/agent:7.62.0" + image: "gcr.io/datadoghq/agent:7.63.0" imagePullPolicy: IfNotPresent command: ["bash", "-c"] args: @@ -1296,7 +1296,7 @@ spec: resources: {} - name: init-config - image: "gcr.io/datadoghq/agent:7.62.0" + image: "gcr.io/datadoghq/agent:7.63.0" imagePullPolicy: IfNotPresent command: ["bash", "-c"] args: @@ -1309,7 +1309,7 @@ spec: {} containers: - name: agent - image: "gcr.io/datadoghq/agent:7.62.0" + image: "gcr.io/datadoghq/agent:7.63.0" command: ["bash", "-c"] args: - find /etc/datadog-agent/conf.d/ -name "*.yaml.default" -type f -delete && touch /etc/datadog-agent/datadog.yaml && exec agent run @@ -1475,7 +1475,7 @@ spec: automountServiceAccountToken: true initContainers: - name: init-volume - image: "gcr.io/datadoghq/cluster-agent:7.62.0" + image: "gcr.io/datadoghq/cluster-agent:7.63.0" imagePullPolicy: IfNotPresent command: - cp @@ -1488,7 +1488,7 @@ spec: mountPath: /opt/datadog-agent containers: - name: cluster-agent - image: "gcr.io/datadoghq/cluster-agent:7.62.0" + image: "gcr.io/datadoghq/cluster-agent:7.63.0" imagePullPolicy: IfNotPresent resources: {} From 1c016b94963fb5f572c8e87e76703573c8ca232d Mon Sep 17 00:00:00 2001 From: Stan Rozenraukh Date: Tue, 25 Feb 2025 18:07:51 -0500 Subject: [PATCH 24/45] Update field documentation from beta to preview (#1718) * Update field documentation from beta to preview * update readme with helm-docs.sh * bump chart version * docs after v bump --- charts/datadog/Chart.yaml | 2 +- charts/datadog/README.md | 12 ++++++------ charts/datadog/values.yaml | 12 ++++++------ 3 files changed, 13 insertions(+), 13 deletions(-) diff --git a/charts/datadog/Chart.yaml b/charts/datadog/Chart.yaml index 7a5f5eeda..d89c4b098 100644 --- a/charts/datadog/Chart.yaml +++ b/charts/datadog/Chart.yaml @@ -1,7 +1,7 @@ --- apiVersion: v1 name: datadog -version: 3.96.0 +version: 3.97.0 appVersion: "7" description: Datadog Agent keywords: diff --git a/charts/datadog/README.md b/charts/datadog/README.md index 5a3df46be..427a0d598 100644 --- a/charts/datadog/README.md +++ b/charts/datadog/README.md @@ -1,6 +1,6 @@ # Datadog -![Version: 3.96.0](https://img.shields.io/badge/Version-3.96.0-informational?style=flat-square) ![AppVersion: 7](https://img.shields.io/badge/AppVersion-7-informational?style=flat-square) +![Version: 3.97.0](https://img.shields.io/badge/Version-3.97.0-informational?style=flat-square) ![AppVersion: 7](https://img.shields.io/badge/AppVersion-7-informational?style=flat-square) [Datadog](https://www.datadoghq.com/) is a hosted infrastructure monitoring platform. This chart adds the Datadog Agent to all nodes in your cluster via a DaemonSet. It also optionally depends on the [kube-state-metrics chart](https://github.com/prometheus-community/helm-charts/tree/main/charts/kube-state-metrics). For more information about monitoring Kubernetes with Datadog, please refer to the [Datadog documentation website](https://docs.datadoghq.com/agent/basic_agent_usage/kubernetes/). @@ -696,12 +696,12 @@ helm install \ | datadog.apiKeyExistingSecret | string | `nil` | Use existing Secret which stores API key instead of creating a new one. The value should be set with the `api-key` key inside the secret. | | datadog.apm.enabled | bool | `false` | Enable this to enable APM and tracing, on port 8126 DEPRECATED. Use datadog.apm.portEnabled instead | | datadog.apm.hostSocketPath | string | `"/var/run/datadog/"` | Host path to the trace-agent socket | -| datadog.apm.instrumentation.disabledNamespaces | list | `[]` | Disable injecting the Datadog APM libraries into pods in specific namespaces (beta). | -| datadog.apm.instrumentation.enabled | bool | `false` | Enable injecting the Datadog APM libraries into all pods in the cluster (beta). | -| datadog.apm.instrumentation.enabledNamespaces | list | `[]` | Enable injecting the Datadog APM libraries into pods in specific namespaces (beta). | +| datadog.apm.instrumentation.disabledNamespaces | list | `[]` | Disable injecting the Datadog APM libraries into pods in specific namespaces (preview). | +| datadog.apm.instrumentation.enabled | bool | `false` | Enable injecting the Datadog APM libraries into all pods in the cluster (preview). | +| datadog.apm.instrumentation.enabledNamespaces | list | `[]` | Enable injecting the Datadog APM libraries into pods in specific namespaces (preview). | | datadog.apm.instrumentation.injector.imageTag | string | `""` | The image tag to use for the APM Injector (preview). | -| datadog.apm.instrumentation.language_detection.enabled | bool | `true` | Run language detection to automatically detect languages of user workloads (beta). | -| datadog.apm.instrumentation.libVersions | object | `{}` | Inject specific version of tracing libraries with Single Step Instrumentation (beta). | +| datadog.apm.instrumentation.language_detection.enabled | bool | `true` | Run language detection to automatically detect languages of user workloads (preview). | +| datadog.apm.instrumentation.libVersions | object | `{}` | Inject specific version of tracing libraries with Single Step Instrumentation (preview). | | datadog.apm.instrumentation.skipKPITelemetry | bool | `false` | Disable generating Configmap for APM Instrumentation KPIs | | datadog.apm.port | int | `8126` | Override the trace Agent port | | datadog.apm.portEnabled | bool | `false` | Enable APM over TCP communication (hostPort 8126 by default) | diff --git a/charts/datadog/values.yaml b/charts/datadog/values.yaml index 42197daa4..21517fb5e 100644 --- a/charts/datadog/values.yaml +++ b/charts/datadog/values.yaml @@ -512,18 +512,18 @@ datadog: hostSocketPath: /var/run/datadog/ # APM Single Step Instrumentation - # This feature is in beta. It requires Cluster Agent 7.49+. + # This feature is in preview. It requires Cluster Agent 7.49+. instrumentation: - # datadog.apm.instrumentation.enabled -- Enable injecting the Datadog APM libraries into all pods in the cluster (beta). + # datadog.apm.instrumentation.enabled -- Enable injecting the Datadog APM libraries into all pods in the cluster (preview). enabled: false - # datadog.apm.instrumentation.enabledNamespaces -- Enable injecting the Datadog APM libraries into pods in specific namespaces (beta). + # datadog.apm.instrumentation.enabledNamespaces -- Enable injecting the Datadog APM libraries into pods in specific namespaces (preview). enabledNamespaces: [] - # datadog.apm.instrumentation.disabledNamespaces -- Disable injecting the Datadog APM libraries into pods in specific namespaces (beta). + # datadog.apm.instrumentation.disabledNamespaces -- Disable injecting the Datadog APM libraries into pods in specific namespaces (preview). disabledNamespaces: [] - # datadog.apm.instrumentation.libVersions -- Inject specific version of tracing libraries with Single Step Instrumentation (beta). + # datadog.apm.instrumentation.libVersions -- Inject specific version of tracing libraries with Single Step Instrumentation (preview). libVersions: {} # datadog.apm.instrumentation.skipKPITelemetry -- Disable generating Configmap for APM Instrumentation KPIs @@ -532,7 +532,7 @@ datadog: # Language detection currently only detects languages and adds them as annotations on deployments, but doesn't use these languages for injecting libraries to applicative pods. # It requires Agent 7.52+ and Cluster Agent 7.52+ language_detection: - # datadog.apm.instrumentation.language_detection.enabled -- Run language detection to automatically detect languages of user workloads (beta). + # datadog.apm.instrumentation.language_detection.enabled -- Run language detection to automatically detect languages of user workloads (preview). enabled: true # This feature is in preview. It requires Cluster Agent 7.57+. From 67f2ed6084fbaf264a0e4d18d4feb78d196008a6 Mon Sep 17 00:00:00 2001 From: Fanny Jiang Date: Wed, 26 Feb 2025 13:22:48 -0500 Subject: [PATCH 25/45] Add AllowlistSynchronizer for GKE Autopilot (#1709) * Add AllowlistSynchronizer for autopilot * newline * specify default allowlist version * workaround for CI tests * fix env vars workaround * remove allowlists option * update readme, test baselines * use lookup for determining autopilot and gke version * bump chart version and update baselines * fix helpers * bump chart version and update baselines --- charts/datadog/CHANGELOG.md | 9 ++ charts/datadog/Chart.yaml | 2 +- charts/datadog/README.md | 2 +- charts/datadog/templates/_helpers.tpl | 34 ++++++++ .../gke_autopilot_allowlist_synchronizer.yaml | 9 ++ ...gent-clusterchecks-deployment_default.yaml | 6 +- .../cluster-agent-deployment_default.yaml | 10 +-- ...loyment_default_advanced_AC_injection.yaml | 10 +-- ...ployment_default_minimal_AC_injection.yaml | 10 +-- test/datadog/baseline/daemonset_default.yaml | 6 +- .../baseline/gdc_daemonset_default.yaml | 6 +- .../gdc_daemonset_logs_collection.yaml | 6 +- test/datadog/baseline/other_default.yaml | 84 +++++++++---------- 13 files changed, 123 insertions(+), 71 deletions(-) create mode 100644 charts/datadog/templates/gke_autopilot_allowlist_synchronizer.yaml diff --git a/charts/datadog/CHANGELOG.md b/charts/datadog/CHANGELOG.md index 7b80b9644..2bcbcad3e 100644 --- a/charts/datadog/CHANGELOG.md +++ b/charts/datadog/CHANGELOG.md @@ -1,5 +1,14 @@ # Datadog changelog +## 3.98.0 + +* Add AllowlistSynchronizer custom resource for new GKE Autopilot WorkloadAllowlists. Requires GKE version 1.32. + 1-gke.1729000 or later. + +## 3.97.0 + +* Update apm.instrumentation documentation from beta to preview. + ## 3.96.0 * Upgrade default Agent version to `7.63.0`. diff --git a/charts/datadog/Chart.yaml b/charts/datadog/Chart.yaml index d89c4b098..a6ea9b491 100644 --- a/charts/datadog/Chart.yaml +++ b/charts/datadog/Chart.yaml @@ -1,7 +1,7 @@ --- apiVersion: v1 name: datadog -version: 3.97.0 +version: 3.98.0 appVersion: "7" description: Datadog Agent keywords: diff --git a/charts/datadog/README.md b/charts/datadog/README.md index 427a0d598..7b1e55b78 100644 --- a/charts/datadog/README.md +++ b/charts/datadog/README.md @@ -1,6 +1,6 @@ # Datadog -![Version: 3.97.0](https://img.shields.io/badge/Version-3.97.0-informational?style=flat-square) ![AppVersion: 7](https://img.shields.io/badge/AppVersion-7-informational?style=flat-square) +![Version: 3.98.0](https://img.shields.io/badge/Version-3.98.0-informational?style=flat-square) ![AppVersion: 7](https://img.shields.io/badge/AppVersion-7-informational?style=flat-square) [Datadog](https://www.datadoghq.com/) is a hosted infrastructure monitoring platform. This chart adds the Datadog Agent to all nodes in your cluster via a DaemonSet. It also optionally depends on the [kube-state-metrics chart](https://github.com/prometheus-community/helm-charts/tree/main/charts/kube-state-metrics). For more information about monitoring Kubernetes with Datadog, please refer to the [Datadog documentation website](https://docs.datadoghq.com/agent/basic_agent_usage/kubernetes/). diff --git a/charts/datadog/templates/_helpers.tpl b/charts/datadog/templates/_helpers.tpl index 59edaf668..d4c2bc0bf 100644 --- a/charts/datadog/templates/_helpers.tpl +++ b/charts/datadog/templates/_helpers.tpl @@ -49,6 +49,40 @@ false {{- end -}} {{- end -}} +{{/* +Check if target cluster is running GKE Autopilot. +*/}} +{{- define "is-autopilot" -}} +{{- $nodes := (lookup "v1" "Node" "" "").items }} +{{- if and $nodes (gt (len $nodes) 0) -}} +{{- $node := index $nodes 0 -}} +{{- if hasPrefix "gk3" $node.metadata.name -}} +true +{{- else -}} +false +{{- end -}} +{{- else -}} +false +{{- end -}} +{{- end -}} + +{{/* +Check if target cluster supports GKE Autopilot WorkloadAllowlists. +*/}} +{{- define "gke-autopilot-workloadallowlists-enabled" -}} +{{- $nodes := (lookup "v1" "Node" "" "").items }} +{{- if and $nodes (gt (len $nodes) 0) -}} +{{- $node := index $nodes 0 -}} +{{- if and (eq (include "is-autopilot" .) "true") (semverCompare ">=v1.32.1-gke.1729000" $node.status.nodeInfo.kubeletVersion) -}} +true +{{- else -}} +false +{{- end }} +{{- else -}} +false +{{- end }} +{{- end }} + {{- define "agent-has-env-ad" -}} {{- if not .Values.agents.image.doNotCheckTag -}} {{- $version := (include "get-agent-version" .) -}} diff --git a/charts/datadog/templates/gke_autopilot_allowlist_synchronizer.yaml b/charts/datadog/templates/gke_autopilot_allowlist_synchronizer.yaml new file mode 100644 index 000000000..013a84cc6 --- /dev/null +++ b/charts/datadog/templates/gke_autopilot_allowlist_synchronizer.yaml @@ -0,0 +1,9 @@ +{{- if and .Values.providers.gke.autopilot (eq (include "gke-autopilot-workloadallowlists-enabled" .) "true")}} +apiVersion: auto.gke.io/v1 +kind: AllowlistSynchronizer +metadata: + name: datadog-synchronizer +spec: + allowlistPaths: + - Datadog/datadog/datadog-datadog-daemonset-exemption-v1.0.1.yaml +{{- end }} diff --git a/test/datadog/baseline/agent-clusterchecks-deployment_default.yaml b/test/datadog/baseline/agent-clusterchecks-deployment_default.yaml index c99a44658..f384cf618 100644 --- a/test/datadog/baseline/agent-clusterchecks-deployment_default.yaml +++ b/test/datadog/baseline/agent-clusterchecks-deployment_default.yaml @@ -6,7 +6,7 @@ metadata: name: datadog-clusterchecks namespace: datadog-agent labels: - helm.sh/chart: 'datadog-3.94.0' + helm.sh/chart: 'datadog-3.98.0' app.kubernetes.io/name: "datadog" app.kubernetes.io/instance: "datadog" app.kubernetes.io/managed-by: Helm @@ -36,8 +36,8 @@ spec: name: datadog-clusterchecks annotations: - checksum/clusteragent_token: d9b3af416ecff4819b57dfe0c64429d869712b3b36f947eb85b9311a05d79192 - checksum/install_info: f22e5b8c2c7eff515e831f89ce1cba51ae3b2b4280f08c7dbacca373c3ac097f + checksum/clusteragent_token: ce75393cbdc42f29bc23068e7ebd685d85a9d00f6eab86c9030153d065d7c2bc + checksum/install_info: 5dc2ee139450be3da942ecdcd059c0481d4422714c642d6592cba7c2779ee0f4 spec: serviceAccountName: datadog-cluster-checks automountServiceAccountToken: true diff --git a/test/datadog/baseline/cluster-agent-deployment_default.yaml b/test/datadog/baseline/cluster-agent-deployment_default.yaml index a37a19a0f..92a0b2b28 100644 --- a/test/datadog/baseline/cluster-agent-deployment_default.yaml +++ b/test/datadog/baseline/cluster-agent-deployment_default.yaml @@ -6,7 +6,7 @@ metadata: name: datadog-cluster-agent namespace: datadog-agent labels: - helm.sh/chart: 'datadog-3.94.0' + helm.sh/chart: 'datadog-3.98.0' app.kubernetes.io/name: "datadog" app.kubernetes.io/instance: "datadog" app.kubernetes.io/managed-by: Helm @@ -36,11 +36,11 @@ spec: name: datadog-cluster-agent annotations: - checksum/clusteragent_token: 771d105929d3021acd21a2f768baaf4bbe522635b4a4184bc0e995f59685b55d - checksum/clusteragent-configmap: 526621b6025adf66ae46fbbd8477ca9f9683c7db50f65e84d449c5d8c8a66f02 - checksum/api_key: 8122e1d841c3b3d38f070ddb0ea377f20a7c47efd4f50cc2107281eacd6b6bb0 + checksum/clusteragent_token: 34148a29542217f2ac0f20b3b8be5eba4fb54f6cc59d7dc3c81f9098e32e80b5 + checksum/clusteragent-configmap: 23aba2cccbdf1563326d25166e91751298fdd7d6d2d545db2c9402170d19a8a8 + checksum/api_key: 0ad0c720629ae13ef081208d24bd515121f08686f472fd690fdce6e482fd6be9 checksum/application_key: 01ba4719c80b6fe911b091a7c05124b64eeece964e09c058ef8f9805daca546b - checksum/install_info: f22e5b8c2c7eff515e831f89ce1cba51ae3b2b4280f08c7dbacca373c3ac097f + checksum/install_info: 5dc2ee139450be3da942ecdcd059c0481d4422714c642d6592cba7c2779ee0f4 spec: serviceAccountName: datadog-cluster-agent automountServiceAccountToken: true diff --git a/test/datadog/baseline/cluster-agent-deployment_default_advanced_AC_injection.yaml b/test/datadog/baseline/cluster-agent-deployment_default_advanced_AC_injection.yaml index adab2ea3a..5ea559d62 100644 --- a/test/datadog/baseline/cluster-agent-deployment_default_advanced_AC_injection.yaml +++ b/test/datadog/baseline/cluster-agent-deployment_default_advanced_AC_injection.yaml @@ -6,7 +6,7 @@ metadata: name: datadog-cluster-agent namespace: datadog-agent labels: - helm.sh/chart: 'datadog-3.94.0' + helm.sh/chart: 'datadog-3.98.0' app.kubernetes.io/name: "datadog" app.kubernetes.io/instance: "datadog" app.kubernetes.io/managed-by: Helm @@ -36,11 +36,11 @@ spec: name: datadog-cluster-agent annotations: - checksum/clusteragent_token: 4eed4c4ff3c9fb2e8477919438698cb7ac0b982f10a744099dd77af952b777c2 - checksum/clusteragent-configmap: 526621b6025adf66ae46fbbd8477ca9f9683c7db50f65e84d449c5d8c8a66f02 - checksum/api_key: 8122e1d841c3b3d38f070ddb0ea377f20a7c47efd4f50cc2107281eacd6b6bb0 + checksum/clusteragent_token: f6e2f64e9a4f2f4115bef3a3abb83debde7a322cc6226606ed8e2ba84eafa597 + checksum/clusteragent-configmap: 23aba2cccbdf1563326d25166e91751298fdd7d6d2d545db2c9402170d19a8a8 + checksum/api_key: 0ad0c720629ae13ef081208d24bd515121f08686f472fd690fdce6e482fd6be9 checksum/application_key: 01ba4719c80b6fe911b091a7c05124b64eeece964e09c058ef8f9805daca546b - checksum/install_info: f22e5b8c2c7eff515e831f89ce1cba51ae3b2b4280f08c7dbacca373c3ac097f + checksum/install_info: 5dc2ee139450be3da942ecdcd059c0481d4422714c642d6592cba7c2779ee0f4 spec: serviceAccountName: datadog-cluster-agent automountServiceAccountToken: true diff --git a/test/datadog/baseline/cluster-agent-deployment_default_minimal_AC_injection.yaml b/test/datadog/baseline/cluster-agent-deployment_default_minimal_AC_injection.yaml index 0f62680f6..7c154b35c 100644 --- a/test/datadog/baseline/cluster-agent-deployment_default_minimal_AC_injection.yaml +++ b/test/datadog/baseline/cluster-agent-deployment_default_minimal_AC_injection.yaml @@ -6,7 +6,7 @@ metadata: name: datadog-cluster-agent namespace: datadog-agent labels: - helm.sh/chart: 'datadog-3.94.0' + helm.sh/chart: 'datadog-3.98.0' app.kubernetes.io/name: "datadog" app.kubernetes.io/instance: "datadog" app.kubernetes.io/managed-by: Helm @@ -36,11 +36,11 @@ spec: name: datadog-cluster-agent annotations: - checksum/clusteragent_token: 50ce670f2c8620a094fa935fdc1b8868a9a96c7e2e79abb0b5ac70b4e382f509 - checksum/clusteragent-configmap: 526621b6025adf66ae46fbbd8477ca9f9683c7db50f65e84d449c5d8c8a66f02 - checksum/api_key: 8122e1d841c3b3d38f070ddb0ea377f20a7c47efd4f50cc2107281eacd6b6bb0 + checksum/clusteragent_token: 576e732a32a1d08d77384a65ed64027db154c2a6254a456a75948b7de4278242 + checksum/clusteragent-configmap: 23aba2cccbdf1563326d25166e91751298fdd7d6d2d545db2c9402170d19a8a8 + checksum/api_key: 0ad0c720629ae13ef081208d24bd515121f08686f472fd690fdce6e482fd6be9 checksum/application_key: 01ba4719c80b6fe911b091a7c05124b64eeece964e09c058ef8f9805daca546b - checksum/install_info: f22e5b8c2c7eff515e831f89ce1cba51ae3b2b4280f08c7dbacca373c3ac097f + checksum/install_info: 5dc2ee139450be3da942ecdcd059c0481d4422714c642d6592cba7c2779ee0f4 spec: serviceAccountName: datadog-cluster-agent automountServiceAccountToken: true diff --git a/test/datadog/baseline/daemonset_default.yaml b/test/datadog/baseline/daemonset_default.yaml index fcb0f3e3f..754e635d2 100644 --- a/test/datadog/baseline/daemonset_default.yaml +++ b/test/datadog/baseline/daemonset_default.yaml @@ -6,7 +6,7 @@ metadata: name: datadog namespace: datadog-agent labels: - helm.sh/chart: 'datadog-3.94.0' + helm.sh/chart: 'datadog-3.98.0' app.kubernetes.io/name: "datadog" app.kubernetes.io/instance: "datadog" app.kubernetes.io/managed-by: Helm @@ -30,8 +30,8 @@ spec: name: datadog annotations: - checksum/clusteragent_token: 63460e3fbf5bf6ce23a5e2e71e18ca3674fe22b92bb3c666c6b2a1ebfdae397d - checksum/install_info: f22e5b8c2c7eff515e831f89ce1cba51ae3b2b4280f08c7dbacca373c3ac097f + checksum/clusteragent_token: 3be632e3858cae1c7ddb79bbe1f7e1ce4a1174cfb3bfeadc4cf97243b9ca20a5 + checksum/install_info: 5dc2ee139450be3da942ecdcd059c0481d4422714c642d6592cba7c2779ee0f4 checksum/autoconf-config: 74234e98afe7498fb5daf1f36ac2d78acc339464f950703b8c019892f982b90b checksum/confd-config: 44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a checksum/checksd-config: 44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a diff --git a/test/datadog/baseline/gdc_daemonset_default.yaml b/test/datadog/baseline/gdc_daemonset_default.yaml index a6a69a261..419642780 100644 --- a/test/datadog/baseline/gdc_daemonset_default.yaml +++ b/test/datadog/baseline/gdc_daemonset_default.yaml @@ -6,7 +6,7 @@ metadata: name: datadog namespace: datadog-agent labels: - helm.sh/chart: 'datadog-3.94.0' + helm.sh/chart: 'datadog-3.98.0' app.kubernetes.io/name: "datadog" app.kubernetes.io/instance: "datadog" app.kubernetes.io/managed-by: Helm @@ -30,8 +30,8 @@ spec: env.datadoghq.com/kind: gke-gdc name: datadog annotations: - checksum/clusteragent_token: 7ea7ba292c47ff4bb9428c79db844d419821934dd23f00ab15178a294a24eea6 - checksum/install_info: f22e5b8c2c7eff515e831f89ce1cba51ae3b2b4280f08c7dbacca373c3ac097f + checksum/clusteragent_token: 0b031290a5e81deca5e18515f7df9f20690264df092d7f181d3579b095025f4b + checksum/install_info: 5dc2ee139450be3da942ecdcd059c0481d4422714c642d6592cba7c2779ee0f4 checksum/autoconf-config: 74234e98afe7498fb5daf1f36ac2d78acc339464f950703b8c019892f982b90b checksum/confd-config: 44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a checksum/checksd-config: 44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a diff --git a/test/datadog/baseline/gdc_daemonset_logs_collection.yaml b/test/datadog/baseline/gdc_daemonset_logs_collection.yaml index 10f5cf884..083fe290a 100644 --- a/test/datadog/baseline/gdc_daemonset_logs_collection.yaml +++ b/test/datadog/baseline/gdc_daemonset_logs_collection.yaml @@ -6,7 +6,7 @@ metadata: name: datadog namespace: datadog-agent labels: - helm.sh/chart: 'datadog-3.94.0' + helm.sh/chart: 'datadog-3.98.0' app.kubernetes.io/name: "datadog" app.kubernetes.io/instance: "datadog" app.kubernetes.io/managed-by: Helm @@ -30,8 +30,8 @@ spec: env.datadoghq.com/kind: gke-gdc name: datadog annotations: - checksum/clusteragent_token: ecd2ba8ac890860d56ebbef729ec7282e9c0ca9d71fc1f1b4308a5bd898ea809 - checksum/install_info: f22e5b8c2c7eff515e831f89ce1cba51ae3b2b4280f08c7dbacca373c3ac097f + checksum/clusteragent_token: 67ca9b57ce1091cf08a3a16210f0f577f88e46f63bb06bba49d72d6f310d2156 + checksum/install_info: 5dc2ee139450be3da942ecdcd059c0481d4422714c642d6592cba7c2779ee0f4 checksum/autoconf-config: 74234e98afe7498fb5daf1f36ac2d78acc339464f950703b8c019892f982b90b checksum/confd-config: 44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a checksum/checksd-config: 44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a diff --git a/test/datadog/baseline/other_default.yaml b/test/datadog/baseline/other_default.yaml index 7685e8bf4..3ad192455 100644 --- a/test/datadog/baseline/other_default.yaml +++ b/test/datadog/baseline/other_default.yaml @@ -6,7 +6,7 @@ metadata: name: datadog-clusterchecks namespace: datadog-agent labels: - helm.sh/chart: 'datadog-3.94.0' + helm.sh/chart: 'datadog-3.98.0' app.kubernetes.io/name: "datadog" app.kubernetes.io/instance: "datadog" app.kubernetes.io/managed-by: Helm @@ -24,7 +24,7 @@ metadata: name: datadog-cluster-agent namespace: datadog-agent labels: - helm.sh/chart: 'datadog-3.94.0' + helm.sh/chart: 'datadog-3.98.0' app.kubernetes.io/name: "datadog" app.kubernetes.io/instance: "datadog" app.kubernetes.io/managed-by: Helm @@ -41,13 +41,13 @@ kind: ServiceAccount automountServiceAccountToken: true metadata: labels: - helm.sh/chart: 'datadog-3.94.0' + helm.sh/chart: 'datadog-3.98.0' app.kubernetes.io/name: "datadog" app.kubernetes.io/instance: "datadog" app.kubernetes.io/managed-by: Helm app.kubernetes.io/version: "7" app: "datadog" - chart: "datadog-3.94.0" + chart: "datadog-3.98.0" heritage: "Helm" release: "datadog" name: datadog-cluster-checks @@ -60,10 +60,10 @@ automountServiceAccountToken: true metadata: labels: app: "datadog" - chart: "datadog-3.94.0" + chart: "datadog-3.98.0" heritage: "Helm" release: "datadog" - helm.sh/chart: 'datadog-3.94.0' + helm.sh/chart: 'datadog-3.98.0' app.kubernetes.io/name: "datadog" app.kubernetes.io/instance: "datadog" app.kubernetes.io/managed-by: Helm @@ -79,7 +79,7 @@ metadata: name: datadog namespace: datadog-agent labels: - helm.sh/chart: 'datadog-3.94.0' + helm.sh/chart: 'datadog-3.98.0' app.kubernetes.io/name: "datadog" app.kubernetes.io/instance: "datadog" app.kubernetes.io/managed-by: Helm @@ -92,14 +92,14 @@ metadata: name: datadog-cluster-agent namespace: datadog-agent labels: - helm.sh/chart: 'datadog-3.94.0' + helm.sh/chart: 'datadog-3.98.0' app.kubernetes.io/name: "datadog" app.kubernetes.io/instance: "datadog" app.kubernetes.io/managed-by: Helm app.kubernetes.io/version: "7" type: Opaque data: - token: "Z3RQU2hXVXl6RUIxUXRoMnQ3OVNwNk9PaDJHSXZ6TFk=" + token: "U3FUdGNaRjdQS25YVUh4UWpDSXJnMlYxdU01YTBDRWg=" --- # Source: datadog/templates/cluster-agent-confd-configmap.yaml apiVersion: v1 @@ -108,7 +108,7 @@ metadata: name: datadog-cluster-agent-confd namespace: datadog-agent labels: - helm.sh/chart: 'datadog-3.94.0' + helm.sh/chart: 'datadog-3.98.0' app.kubernetes.io/name: "datadog" app.kubernetes.io/instance: "datadog" app.kubernetes.io/managed-by: Helm @@ -164,20 +164,20 @@ metadata: name: datadog-installinfo namespace: datadog-agent labels: - helm.sh/chart: 'datadog-3.94.0' + helm.sh/chart: 'datadog-3.98.0' app.kubernetes.io/name: "datadog" app.kubernetes.io/instance: "datadog" app.kubernetes.io/managed-by: Helm app.kubernetes.io/version: "7" annotations: - checksum/install_info: f22e5b8c2c7eff515e831f89ce1cba51ae3b2b4280f08c7dbacca373c3ac097f + checksum/install_info: 5dc2ee139450be3da942ecdcd059c0481d4422714c642d6592cba7c2779ee0f4 data: install_info: | --- install_method: tool: helm tool_version: Helm - installer_version: datadog-3.94.0 + installer_version: datadog-3.98.0 --- # Source: datadog/templates/kpi-telemetry-configmap.yaml apiVersion: v1 @@ -186,22 +186,22 @@ metadata: name: datadog-kpi-telemetry-configmap namespace: datadog-agent labels: - helm.sh/chart: 'datadog-3.94.0' + helm.sh/chart: 'datadog-3.98.0' app.kubernetes.io/name: "datadog" app.kubernetes.io/instance: "datadog" app.kubernetes.io/managed-by: Helm app.kubernetes.io/version: "7" data: install_type: k8s_manual - install_id: "7ab6981b-5b1d-4490-82ec-22b25031e1ef" - install_time: "1739998016" + install_id: "56783c40-abe4-4174-8a26-48b1117749c3" + install_time: "1740589525" --- # Source: datadog/templates/cluster-agent-rbac.yaml apiVersion: "rbac.authorization.k8s.io/v1" kind: ClusterRole metadata: labels: - helm.sh/chart: 'datadog-3.94.0' + helm.sh/chart: 'datadog-3.98.0' app.kubernetes.io/name: "datadog" app.kubernetes.io/instance: "datadog" app.kubernetes.io/managed-by: Helm @@ -426,7 +426,7 @@ apiVersion: "rbac.authorization.k8s.io/v1" kind: ClusterRole metadata: labels: - helm.sh/chart: 'datadog-3.94.0' + helm.sh/chart: 'datadog-3.98.0' app.kubernetes.io/name: "datadog" app.kubernetes.io/instance: "datadog" app.kubernetes.io/managed-by: Helm @@ -522,7 +522,7 @@ kind: ClusterRole metadata: name: datadog labels: - helm.sh/chart: 'datadog-3.94.0' + helm.sh/chart: 'datadog-3.98.0' app.kubernetes.io/name: "datadog" app.kubernetes.io/instance: "datadog" app.kubernetes.io/managed-by: Helm @@ -577,7 +577,7 @@ apiVersion: "rbac.authorization.k8s.io/v1" kind: ClusterRoleBinding metadata: labels: - helm.sh/chart: 'datadog-3.94.0' + helm.sh/chart: 'datadog-3.98.0' app.kubernetes.io/name: "datadog" app.kubernetes.io/instance: "datadog" app.kubernetes.io/managed-by: Helm @@ -597,7 +597,7 @@ apiVersion: "rbac.authorization.k8s.io/v1" kind: ClusterRoleBinding metadata: labels: - helm.sh/chart: 'datadog-3.94.0' + helm.sh/chart: 'datadog-3.98.0' app.kubernetes.io/name: "datadog" app.kubernetes.io/instance: "datadog" app.kubernetes.io/managed-by: Helm @@ -617,7 +617,7 @@ apiVersion: "rbac.authorization.k8s.io/v1" kind: ClusterRoleBinding metadata: labels: - helm.sh/chart: 'datadog-3.94.0' + helm.sh/chart: 'datadog-3.98.0' app.kubernetes.io/name: "datadog" app.kubernetes.io/instance: "datadog" app.kubernetes.io/managed-by: Helm @@ -638,7 +638,7 @@ kind: ClusterRoleBinding metadata: name: datadog labels: - helm.sh/chart: 'datadog-3.94.0' + helm.sh/chart: 'datadog-3.98.0' app.kubernetes.io/name: "datadog" app.kubernetes.io/instance: "datadog" app.kubernetes.io/managed-by: Helm @@ -657,7 +657,7 @@ apiVersion: "rbac.authorization.k8s.io/v1" kind: Role metadata: labels: - helm.sh/chart: 'datadog-3.94.0' + helm.sh/chart: 'datadog-3.98.0' app.kubernetes.io/name: "datadog" app.kubernetes.io/instance: "datadog" app.kubernetes.io/managed-by: Helm @@ -674,7 +674,7 @@ apiVersion: "rbac.authorization.k8s.io/v1" kind: Role metadata: labels: - helm.sh/chart: 'datadog-3.94.0' + helm.sh/chart: 'datadog-3.98.0' app.kubernetes.io/name: "datadog" app.kubernetes.io/instance: "datadog" app.kubernetes.io/managed-by: Helm @@ -696,7 +696,7 @@ apiVersion: "rbac.authorization.k8s.io/v1" kind: RoleBinding metadata: labels: - helm.sh/chart: 'datadog-3.94.0' + helm.sh/chart: 'datadog-3.98.0' app.kubernetes.io/name: "datadog" app.kubernetes.io/instance: "datadog" app.kubernetes.io/managed-by: Helm @@ -717,7 +717,7 @@ apiVersion: "rbac.authorization.k8s.io/v1" kind: RoleBinding metadata: labels: - helm.sh/chart: 'datadog-3.94.0' + helm.sh/chart: 'datadog-3.98.0' app.kubernetes.io/name: "datadog" app.kubernetes.io/instance: "datadog" app.kubernetes.io/managed-by: Helm @@ -740,7 +740,7 @@ metadata: name: datadog-cluster-agent namespace: datadog-agent labels: - helm.sh/chart: 'datadog-3.94.0' + helm.sh/chart: 'datadog-3.98.0' app.kubernetes.io/name: "datadog" app.kubernetes.io/instance: "datadog" app.kubernetes.io/managed-by: Helm @@ -762,10 +762,10 @@ metadata: namespace: datadog-agent labels: app: "datadog" - chart: "datadog-3.94.0" + chart: "datadog-3.98.0" release: "datadog" heritage: "Helm" - helm.sh/chart: 'datadog-3.94.0' + helm.sh/chart: 'datadog-3.98.0' app.kubernetes.io/name: "datadog" app.kubernetes.io/instance: "datadog" app.kubernetes.io/managed-by: Helm @@ -788,10 +788,10 @@ metadata: namespace: datadog-agent labels: app: "datadog" - chart: "datadog-3.94.0" + chart: "datadog-3.98.0" release: "datadog" heritage: "Helm" - helm.sh/chart: 'datadog-3.94.0' + helm.sh/chart: 'datadog-3.98.0' app.kubernetes.io/name: "datadog" app.kubernetes.io/instance: "datadog" app.kubernetes.io/managed-by: Helm @@ -817,7 +817,7 @@ metadata: name: datadog namespace: datadog-agent labels: - helm.sh/chart: 'datadog-3.94.0' + helm.sh/chart: 'datadog-3.98.0' app.kubernetes.io/name: "datadog" app.kubernetes.io/instance: "datadog" app.kubernetes.io/managed-by: Helm @@ -841,8 +841,8 @@ spec: name: datadog annotations: - checksum/clusteragent_token: 76b7e48f3b6f5a69bd69caca36858256aecfe72ae9482cb3cff7176bfba8c1bb - checksum/install_info: f22e5b8c2c7eff515e831f89ce1cba51ae3b2b4280f08c7dbacca373c3ac097f + checksum/clusteragent_token: b00bc32745e194c0e3d56bf1b877efc859958662d66bea1235dfb443734a9e2d + checksum/install_info: 5dc2ee139450be3da942ecdcd059c0481d4422714c642d6592cba7c2779ee0f4 checksum/autoconf-config: 74234e98afe7498fb5daf1f36ac2d78acc339464f950703b8c019892f982b90b checksum/confd-config: 44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a checksum/checksd-config: 44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a @@ -1245,7 +1245,7 @@ metadata: name: datadog-clusterchecks namespace: datadog-agent labels: - helm.sh/chart: 'datadog-3.94.0' + helm.sh/chart: 'datadog-3.98.0' app.kubernetes.io/name: "datadog" app.kubernetes.io/instance: "datadog" app.kubernetes.io/managed-by: Helm @@ -1275,8 +1275,8 @@ spec: name: datadog-clusterchecks annotations: - checksum/clusteragent_token: daa174eddd987c6413de2d94a6369e9241c95486be083fe1a97f1ec6a65e4040 - checksum/install_info: f22e5b8c2c7eff515e831f89ce1cba51ae3b2b4280f08c7dbacca373c3ac097f + checksum/clusteragent_token: 0f396e3493380edb5b42f1029515a5828da6fbdcfe49486411da711abf646a3c + checksum/install_info: 5dc2ee139450be3da942ecdcd059c0481d4422714c642d6592cba7c2779ee0f4 spec: serviceAccountName: datadog-cluster-checks automountServiceAccountToken: true @@ -1437,7 +1437,7 @@ metadata: name: datadog-cluster-agent namespace: datadog-agent labels: - helm.sh/chart: 'datadog-3.94.0' + helm.sh/chart: 'datadog-3.98.0' app.kubernetes.io/name: "datadog" app.kubernetes.io/instance: "datadog" app.kubernetes.io/managed-by: Helm @@ -1467,9 +1467,9 @@ spec: name: datadog-cluster-agent annotations: - checksum/clusteragent_token: d2e4a6d1ba18dde0aec744258e2bee3527c24715f206a6eb1b14e4c216f30345 - checksum/clusteragent-configmap: 3e1d28b00f05be6ed53a01f58794b605d25fcc847c2348f7ede166ee0f2ee128 - checksum/install_info: f22e5b8c2c7eff515e831f89ce1cba51ae3b2b4280f08c7dbacca373c3ac097f + checksum/clusteragent_token: f32c0e89f2c62e682e618b4c8871ac2fa441b78ff20bc66d827869fdacfb591f + checksum/clusteragent-configmap: e90679097e8b5d76c5dd87ba5d86e9928120ccebe407ba1af8a551983d0842bb + checksum/install_info: 5dc2ee139450be3da942ecdcd059c0481d4422714c642d6592cba7c2779ee0f4 spec: serviceAccountName: datadog-cluster-agent automountServiceAccountToken: true From 19ce2bcdcef0f909c6d101b4df3402422ac5819c Mon Sep 17 00:00:00 2001 From: Fanny Jiang Date: Wed, 26 Feb 2025 14:42:32 -0500 Subject: [PATCH 26/45] Add minimal GKE Autopilot unit tests (#1717) * Add minimal GKE Autopilot unit tests * Enable datadog chart unit tests in CI * add required prometheus helm repo to gh job * fix make target name * assert expected volumeMounts * fix container name --- .github/workflows/go-test-datadog.yaml | 42 ++++++++ .../{go-test.yaml => go-test-operator.yaml} | 0 Makefile | 4 + test/common/common.go | 18 ++++ test/datadog/autopilot_test.go | 102 ++++++++++++++++++ test/datadog/gdc_test.go | 8 ++ test/datadog/process_agent_test.go | 16 +-- 7 files changed, 182 insertions(+), 8 deletions(-) create mode 100644 .github/workflows/go-test-datadog.yaml rename .github/workflows/{go-test.yaml => go-test-operator.yaml} (100%) create mode 100644 test/datadog/autopilot_test.go diff --git a/.github/workflows/go-test-datadog.yaml b/.github/workflows/go-test-datadog.yaml new file mode 100644 index 000000000..990417e72 --- /dev/null +++ b/.github/workflows/go-test-datadog.yaml @@ -0,0 +1,42 @@ +name: Go Test Datadog +on: + push: + paths: + - 'test/datadog/**' + - 'charts/datadog/**' + pull_request: + paths: + - 'test/datadog/**' + - 'charts/datadog/**' + +# Permission forced by repo-level setting; only elevate on job-level +permissions: + contents: read + # packages: read + +env: + GO111MODULE: "on" + PROJECTNAME: "helm-charts" +jobs: + build: + runs-on: ubuntu-latest + steps: + - name: Set up Go + uses: actions/setup-go@0caeaed6fd66a828038c2da3c0f662a42862658f # v1.1.3 + with: + go-version: 1.21 + id: go + - name: Set up Helm + uses: azure/setup-helm@fe7b79cd5ee1e45176fcad797de68ecaf3ca4814 # v4.2.0 + with: + version: v3.14.0 + - name: Add Datadog Helm repo + run: helm repo add datadog https://helm.datadoghq.com && helm repo update + - name: Add Prometheus Community Helm repo + run: helm repo add prometheus-community https://prometheus-community.github.io/helm-charts && helm repo update + - name: Check out code into the Go module directory + uses: actions/checkout@50fbc622fc4ef5163becd7fab6573eac35f8462e # v1.2.0 + - name: run Go tests + run: | + helm dependency build ./charts/datadog + make unit-test-datadog diff --git a/.github/workflows/go-test.yaml b/.github/workflows/go-test-operator.yaml similarity index 100% rename from .github/workflows/go-test.yaml rename to .github/workflows/go-test-operator.yaml diff --git a/Makefile b/Makefile index 493319bbe..7699b0cb1 100644 --- a/Makefile +++ b/Makefile @@ -48,6 +48,10 @@ vet: unit-test: go test -C test ./... -count=1 +.PHONY: unit-test-datadog +unit-test-datadog: + go test -C test ./datadog -count=1 + .PHONY: unit-test-operator unit-test-operator: go test -C test ./datadog-operator -count=1 diff --git a/test/common/common.go b/test/common/common.go index c060ae173..e34b481b8 100644 --- a/test/common/common.go +++ b/test/common/common.go @@ -1,6 +1,7 @@ package common import ( + appsv1 "k8s.io/api/apps/v1" "os" "path/filepath" "strings" @@ -99,3 +100,20 @@ func WriteToFile(t *testing.T, filepath, content string) { err := os.WriteFile(filepath, []byte(content), 0644) require.NoError(t, err, "can't update manifest", "path", filepath) } + +func GetVolumeNames(ds appsv1.DaemonSet) []string { + volumeNames := []string{} + for _, volume := range ds.Spec.Template.Spec.Volumes { + volumeNames = append(volumeNames, volume.Name) + } + return volumeNames +} + +func Contains(str string, list []string) bool { + for _, s := range list { + if s == str { + return true + } + } + return false +} diff --git a/test/datadog/autopilot_test.go b/test/datadog/autopilot_test.go new file mode 100644 index 000000000..3a7abade6 --- /dev/null +++ b/test/datadog/autopilot_test.go @@ -0,0 +1,102 @@ +package datadog + +import ( + "fmt" + "github.com/DataDog/helm-charts/test/common" + "github.com/stretchr/testify/assert" + appsv1 "k8s.io/api/apps/v1" + corev1 "k8s.io/api/core/v1" + "testing" +) + +var allowedAutopilotHostPaths = map[string]interface{}{ + "/var/log/pods": nil, + "/var/log/containers": nil, + "/var/autopilot/addon/datadog/logs": nil, + "/var/lib/docker/containers": nil, + "/proc": nil, + "/sys/fs/cgroup": nil, + "/etc/passwd": nil, + "/var/run/containerd": nil, +} + +func Test_autopilotConfigs(t *testing.T) { + tests := []struct { + name string + command common.HelmCommand + assertions func(t *testing.T, manifest string) + }{ + { + name: "default", + command: common.HelmCommand{ + ReleaseName: "datadog", + ChartPath: "../../charts/datadog", + ShowOnly: []string{"templates/daemonset.yaml"}, + Values: []string{"../../charts/datadog/values.yaml"}, + Overrides: map[string]string{ + "datadog.apiKeyExistingSecret": "datadog-secret", + "datadog.appKeyExistingSecret": "datadog-secret", + "providers.gke.autopilot": "true", + }, + }, + assertions: verifyDaemonsetAutopilotMinimal, + }, + } + + for _, tt := range tests { + t.Run(tt.name, func(t *testing.T) { + manifest, err := common.RenderChart(t, tt.command) + assert.Nil(t, err, "couldn't render template") + tt.assertions(t, manifest) + }) + } +} + +func verifyDaemonsetAutopilotMinimal(t *testing.T, manifest string) { + var ds appsv1.DaemonSet + common.Unmarshal(t, manifest, &ds) + agentContainer := &corev1.Container{} + processAgentContainer := &corev1.Container{} + + assert.Equal(t, 2, len(ds.Spec.Template.Spec.Containers)) + + for _, container := range ds.Spec.Template.Spec.Containers { + if container.Name == "agent" { + agentContainer = &container + } else if container.Name == "process-agent" { + processAgentContainer = &container + } + } + + assert.NotNil(t, agentContainer) + assert.NotNil(t, processAgentContainer) + + var validHostPath = true + for _, volume := range ds.Spec.Template.Spec.Volumes { + if volume.HostPath != nil { + _, validHostPath = allowedAutopilotHostPaths[volume.HostPath.Path] + assert.True(t, validHostPath, fmt.Sprintf("DaemonSet has restricted hostPath mounted: %s ", volume.HostPath.Path)) + } + } + + volumeNames := common.GetVolumeNames(ds) + for _, container := range ds.Spec.Template.Spec.Containers { + for _, volumeMount := range container.VolumeMounts { + assert.True(t, common.Contains(volumeMount.Name, volumeNames), + fmt.Sprintf("Found unexpected volumeMount `%s` in container `%s`", volumeMount.Name, container.Name)) + } + } + + validPorts := true + for _, container := range ds.Spec.Template.Spec.Containers { + if container.Ports != nil { + for _, port := range container.Ports { + if port.HostPort > 0 { + validPorts = false + break + } + } + } + } + assert.True(t, validPorts, "Daemonset has restricted hostPort mounted.") +} diff --git a/test/datadog/gdc_test.go b/test/datadog/gdc_test.go index b8b2ecf98..b68ac2a4a 100644 --- a/test/datadog/gdc_test.go +++ b/test/datadog/gdc_test.go @@ -75,6 +75,14 @@ func verifyDaemonsetGDCMinimal(t *testing.T, manifest string) { } } + volumeNames := common.GetVolumeNames(ds) + for _, container := range ds.Spec.Template.Spec.Containers { + for _, volumeMount := range container.VolumeMounts { + assert.True(t, common.Contains(volumeMount.Name, volumeNames), + fmt.Sprintf("Found unexpected volumeMount `%s` in container `%s`", volumeMount.Name, container.Name)) + } + } + validPorts := true for _, container := range ds.Spec.Template.Spec.Containers { if container.Ports != nil { diff --git a/test/datadog/process_agent_test.go b/test/datadog/process_agent_test.go index 10946f82d..9f1e986d7 100644 --- a/test/datadog/process_agent_test.go +++ b/test/datadog/process_agent_test.go @@ -179,10 +179,10 @@ func Test_processAgentConfigs(t *testing.T) { ShowOnly: []string{"templates/daemonset.yaml"}, Values: []string{"../../charts/datadog/values.yaml"}, Overrides: map[string]string{ - "datadog.apiKeyExistingSecret": "datadog-secret", - "datadog.appKeyExistingSecret": "datadog-secret", - "datadog.processAgent.runInCoreAgent": "true", - "agents.image.tag": "7.52.0", + "datadog.apiKeyExistingSecret": "datadog-secret", + "datadog.appKeyExistingSecret": "datadog-secret", + "datadog.processAgent.runInCoreAgent": "true", + "agents.image.tag": "7.52.0", }, }, assertions: verifyLinuxRunInCoreAgentOld, @@ -195,10 +195,10 @@ func Test_processAgentConfigs(t *testing.T) { ShowOnly: []string{"templates/daemonset.yaml"}, Values: []string{"../../charts/datadog/values.yaml"}, Overrides: map[string]string{ - "datadog.apiKeyExistingSecret": "datadog-secret", - "datadog.appKeyExistingSecret": "datadog-secret", - "datadog.processAgent.runInCoreAgent": "true", - "agents.image.doNotCheckTag": "true", + "datadog.apiKeyExistingSecret": "datadog-secret", + "datadog.appKeyExistingSecret": "datadog-secret", + "datadog.processAgent.runInCoreAgent": "true", + "agents.image.doNotCheckTag": "true", }, }, assertions: verifyLinuxRunInCoreAgentOld, From 643aedf8cd8b400cf8f15da9cf698873e92e9064 Mon Sep 17 00:00:00 2001 From: Adel Haj Hassan <41540817+adel121@users.noreply.github.com> Date: Thu, 27 Feb 2025 15:09:27 +0100 Subject: [PATCH 27/45] [CONTP-679] Fix bug in dca rbac generation for annotations and labels as tags: use deepcopy before merging (#1719) * Fix bug in dca rbac generation for annotations and labels as tags: use deepcopy of dicts when merging * bump chart version and add changelog * update chart version everywhere --- charts/datadog/CHANGELOG.md | 32 +- charts/datadog/Chart.yaml | 2 +- charts/datadog/README.md | 2 +- .../datadog/templates/cluster-agent-rbac.yaml | 2 +- ...gent-clusterchecks-deployment_default.yaml | 266 +- .../cluster-agent-deployment_default.yaml | 406 ++- ...loyment_default_advanced_AC_injection.yaml | 434 ++-- ...ployment_default_minimal_AC_injection.yaml | 426 ++-- test/datadog/baseline/daemonset_default.yaml | 740 +++--- .../baseline/gdc_daemonset_default.yaml | 449 ++-- .../gdc_daemonset_logs_collection.yaml | 491 ++-- test/datadog/baseline/other_default.yaml | 2182 ++++++++--------- 12 files changed, 2693 insertions(+), 2739 deletions(-) diff --git a/charts/datadog/CHANGELOG.md b/charts/datadog/CHANGELOG.md index 2bcbcad3e..41e98cd3d 100644 --- a/charts/datadog/CHANGELOG.md +++ b/charts/datadog/CHANGELOG.md @@ -1,13 +1,17 @@ # Datadog changelog +## 3.98.1 + +* Fixes bug that causes `DD_KUBERNETES_ANNOTATIONS_AS_TAGS` env var to be incorrectly set to the merged value of `.Values.datadog.kubernetesResourcesLabelsAsTags` and `.Values.datadog.kubernetesResourcesAnnotationsAsTags`. + ## 3.98.0 * Add AllowlistSynchronizer custom resource for new GKE Autopilot WorkloadAllowlists. Requires GKE version 1.32. - 1-gke.1729000 or later. + 1-gke.1729000 or later. ## 3.97.0 -* Update apm.instrumentation documentation from beta to preview. +* Update apm.instrumentation documentation from beta to preview. ## 3.96.0 @@ -1564,7 +1568,7 @@ Get rid of the old GODEBUG=x509ignoreCN=0 hack that is not effective anymore in ## 2.30.3 * Add `datadog.logs.autoMultiLineDetection` parameter to setup automatic multi-line log detection - See + See [https://docs.datadoghq.com/agent/logs/advanced_log_collection/?tab=configurationfile#automatic-multi-line-aggregation](https://docs.datadoghq.com/agent/logs/advanced_log_collection/?tab=configurationfile#automatic-multi-line-aggregation) This new option requires an agent 7.32+. ## 2.30.2 @@ -2062,7 +2066,7 @@ Change OpenShift SCC priorities from 10 to 8 to avoid conflicts with OpenShift A ## 2.11.6 * Improve support for environment autodiscovery by removing explicit setting of `DOCKER_HOST` by default with Agent 7.27+. -Starting Agent 7.27, the recommended setup is to never set `datadog.dockerSocketPath` or `datadog.criSocketPath`, except if your setup is using non-standard paths. + Starting Agent 7.27, the recommended setup is to never set `datadog.dockerSocketPath` or `datadog.criSocketPath`, except if your setup is using non-standard paths. ## 2.11.5 @@ -2419,7 +2423,7 @@ Starting Agent 7.27, the recommended setup is to never set `datadog.dockerSocket ## 2.4.23 * Add `datadog.envFrom` parameter to support passing references to secrets and/or configmaps for environment -variables, instead of passing one by one. + variables, instead of passing one by one. ## 2.4.22 @@ -2440,11 +2444,11 @@ variables, instead of passing one by one. * `agents.networkPolicy.create` * `clusterAgent.networkPolicy.create` * `clusterChecksRunner.networkPolicy.create` - The NetworkPolicy managed by the Helm chart are designed to work out-of-the-box on most setups. - In particular, the agents need to connect to the datadog intakes. NetworkPolicy can be restricted - by IP but the datadog intake IP cannot be guaranteed to be stable. - The agents are also susceptible to connect to any pod, on any port, depending on the "auto-discovery" annotations - that can be dynamically added to them. + The NetworkPolicy managed by the Helm chart are designed to work out-of-the-box on most setups. + In particular, the agents need to connect to the datadog intakes. NetworkPolicy can be restricted + by IP but the datadog intake IP cannot be guaranteed to be stable. + The agents are also susceptible to connect to any pod, on any port, depending on the "auto-discovery" annotations + that can be dynamically added to them. ## 2.4.18 @@ -2714,7 +2718,7 @@ variables, instead of passing one by one. ## 2.2.11 * Add documentations around secret management in the datadog helm chart. It is to upstream - requested changes in the IBM charts repository: + requested changes in the IBM charts repository: [https://github.com/IBM/charts/pull/690#discussion_r411702458](https://github.com/IBM/charts/pull/690#discussion_r411702458) * update `kube-state-metrics` dependency * uncomment every values.yaml parameters for IBM chart compliancy @@ -2774,7 +2778,7 @@ variables, instead of passing one by one. ## 2.1.2 * Fixed a bug where `DD_LEADER_ELECTION` was not set in the config init container, leading to a failure to adapt -config to this environment variable. + config to this environment variable. ## 2.1.1 @@ -2793,13 +2797,13 @@ config to this environment variable. * Fix `system-probe` startup on latest versions of containerd. Here is the error that this change fixes: - ``` State: Waiting + ```State: Reason: CrashLoopBackOff Last State: Terminated Reason: StartError Message: failed to create containerd task: OCI runtime create failed: container_linux.go:349: starting container process caused "close exec fds: ensure /proc/self/fd is on procfs: operation not permitted": unknown Exit Code: 128 - ``` + ``` ## 2.0.11 diff --git a/charts/datadog/Chart.yaml b/charts/datadog/Chart.yaml index a6ea9b491..9f8996383 100644 --- a/charts/datadog/Chart.yaml +++ b/charts/datadog/Chart.yaml @@ -1,7 +1,7 @@ --- apiVersion: v1 name: datadog -version: 3.98.0 +version: 3.98.1 appVersion: "7" description: Datadog Agent keywords: diff --git a/charts/datadog/README.md b/charts/datadog/README.md index 7b1e55b78..e2ba71f3b 100644 --- a/charts/datadog/README.md +++ b/charts/datadog/README.md @@ -1,6 +1,6 @@ # Datadog -![Version: 3.98.0](https://img.shields.io/badge/Version-3.98.0-informational?style=flat-square) ![AppVersion: 7](https://img.shields.io/badge/AppVersion-7-informational?style=flat-square) +![Version: 3.98.1](https://img.shields.io/badge/Version-3.98.1-informational?style=flat-square) ![AppVersion: 7](https://img.shields.io/badge/AppVersion-7-informational?style=flat-square) [Datadog](https://www.datadoghq.com/) is a hosted infrastructure monitoring platform. This chart adds the Datadog Agent to all nodes in your cluster via a DaemonSet. It also optionally depends on the [kube-state-metrics chart](https://github.com/prometheus-community/helm-charts/tree/main/charts/kube-state-metrics). For more information about monitoring Kubernetes with Datadog, please refer to the [Datadog documentation website](https://docs.datadoghq.com/agent/basic_agent_usage/kubernetes/). diff --git a/charts/datadog/templates/cluster-agent-rbac.yaml b/charts/datadog/templates/cluster-agent-rbac.yaml index 29ab56553..773363f1f 100644 --- a/charts/datadog/templates/cluster-agent-rbac.yaml +++ b/charts/datadog/templates/cluster-agent-rbac.yaml @@ -518,7 +518,7 @@ metadata: namespace: {{ .Release.Namespace }} {{- $groupedResources := dict }} -{{- $mergedResources := mergeOverwrite dict (default dict .Values.datadog.kubernetesResourcesAnnotationsAsTags) (default dict .Values.datadog.kubernetesResourcesLabelsAsTags)}} +{{- $mergedResources := mergeOverwrite (deepCopy (default dict .Values.datadog.kubernetesResourcesAnnotationsAsTags)) (deepCopy (default dict .Values.datadog.kubernetesResourcesLabelsAsTags))}} {{- range $resource, $labels := $mergedResources }} {{- $parts := splitList "." $resource }} {{- $apiGroup := "" }} diff --git a/test/datadog/baseline/agent-clusterchecks-deployment_default.yaml b/test/datadog/baseline/agent-clusterchecks-deployment_default.yaml index f384cf618..ade6ff696 100644 --- a/test/datadog/baseline/agent-clusterchecks-deployment_default.yaml +++ b/test/datadog/baseline/agent-clusterchecks-deployment_default.yaml @@ -6,13 +6,13 @@ metadata: name: datadog-clusterchecks namespace: datadog-agent labels: - helm.sh/chart: 'datadog-3.98.0' + helm.sh/chart: "datadog-3.98.1" app.kubernetes.io/name: "datadog" app.kubernetes.io/instance: "datadog" app.kubernetes.io/managed-by: Helm app.kubernetes.io/version: "7" app.kubernetes.io/component: clusterchecks-agent - + spec: replicas: 2 revisionHistoryLimit: 10 @@ -33,7 +33,7 @@ spec: app.kubernetes.io/component: clusterchecks-agent admission.datadoghq.com/enabled: "false" app: datadog-clusterchecks - + name: datadog-clusterchecks annotations: checksum/clusteragent_token: ce75393cbdc42f29bc23068e7ebd685d85a9d00f6eab86c9030153d065d7c2bc @@ -41,136 +41,130 @@ spec: spec: serviceAccountName: datadog-cluster-checks automountServiceAccountToken: true - imagePullSecrets: - [] + imagePullSecrets: [] initContainers: - - name: init-volume - image: "gcr.io/datadoghq/agent:7.63.0" - imagePullPolicy: IfNotPresent - command: ["bash", "-c"] - args: - - cp -r /etc/datadog-agent /opt - volumeMounts: - - name: config - mountPath: /opt/datadog-agent - readOnly: false # Need RW for writing agent config files - resources: - {} - - name: init-config - image: "gcr.io/datadoghq/agent:7.63.0" - imagePullPolicy: IfNotPresent - command: ["bash", "-c"] - args: - - for script in $(find /etc/cont-init.d/ -type f -name '*.sh' | sort) ; do bash $script ; done - volumeMounts: - - name: config - mountPath: /etc/datadog-agent - readOnly: false # Need RW for writing datadog.yaml config file - resources: - {} + - name: init-volume + image: "gcr.io/datadoghq/agent:7.63.0" + imagePullPolicy: IfNotPresent + command: ["bash", "-c"] + args: + - cp -r /etc/datadog-agent /opt + volumeMounts: + - name: config + mountPath: /opt/datadog-agent + readOnly: false # Need RW for writing agent config files + resources: {} + - name: init-config + image: "gcr.io/datadoghq/agent:7.63.0" + imagePullPolicy: IfNotPresent + command: ["bash", "-c"] + args: + - for script in $(find /etc/cont-init.d/ -type f -name '*.sh' | sort) ; do bash $script ; done + volumeMounts: + - name: config + mountPath: /etc/datadog-agent + readOnly: false # Need RW for writing datadog.yaml config file + resources: {} containers: - - name: agent - image: "gcr.io/datadoghq/agent:7.63.0" - command: ["bash", "-c"] - args: - - find /etc/datadog-agent/conf.d/ -name "*.yaml.default" -type f -delete && touch /etc/datadog-agent/datadog.yaml && exec agent run - imagePullPolicy: IfNotPresent - env: - - - name: KUBERNETES - value: "yes" - - name: DD_API_KEY - valueFrom: - secretKeyRef: - name: "datadog-secret" - key: api-key - - name: DD_LOG_LEVEL - value: "INFO" - - name: DD_EXTRA_CONFIG_PROVIDERS - value: "clusterchecks" - - name: DD_HEALTH_PORT - value: "5557" - # Cluster checks (cluster-agent communication) - - name: DD_CLUSTER_AGENT_ENABLED - value: "true" - - name: DD_CLUSTER_AGENT_KUBERNETES_SERVICE_NAME - value: datadog-cluster-agent - - name: DD_CLUSTER_AGENT_AUTH_TOKEN - valueFrom: - secretKeyRef: + - name: agent + image: "gcr.io/datadoghq/agent:7.63.0" + command: ["bash", "-c"] + args: + - find /etc/datadog-agent/conf.d/ -name "*.yaml.default" -type f -delete && touch /etc/datadog-agent/datadog.yaml && exec agent run + imagePullPolicy: IfNotPresent + env: + - name: KUBERNETES + value: "yes" + - name: DD_API_KEY + valueFrom: + secretKeyRef: + name: "datadog-secret" + key: api-key + - name: DD_LOG_LEVEL + value: "INFO" + - name: DD_EXTRA_CONFIG_PROVIDERS + value: "clusterchecks" + - name: DD_HEALTH_PORT + value: "5557" + # Cluster checks (cluster-agent communication) + - name: DD_CLUSTER_AGENT_ENABLED + value: "true" + - name: DD_CLUSTER_AGENT_KUBERNETES_SERVICE_NAME + value: datadog-cluster-agent + - name: DD_CLUSTER_AGENT_AUTH_TOKEN + valueFrom: + secretKeyRef: name: datadog-cluster-agent key: token - # Safely run alongside the daemonset - - name: DD_ENABLE_METADATA_COLLECTION - value: "false" - # Expose CLC stats - - name: DD_CLC_RUNNER_ENABLED - value: "true" - - name: DD_CLC_RUNNER_HOST - valueFrom: - fieldRef: - fieldPath: status.podIP - - name: DD_CLC_RUNNER_ID - valueFrom: - fieldRef: - fieldPath: metadata.name - # Remove unused features - - name: DD_USE_DOGSTATSD - value: "false" - - name: DD_PROCESS_AGENT_ENABLED - value: "false" - - name: DD_LOGS_ENABLED - value: "false" - - name: DD_APM_ENABLED - value: "false" - - name: DD_REMOTE_CONFIGURATION_ENABLED - value: "false" - - name: DD_HOSTNAME - valueFrom: - fieldRef: - fieldPath: spec.nodeName - - - resources: - {} - volumeMounts: - - name: installinfo - subPath: install_info - mountPath: /etc/datadog-agent/install_info - readOnly: true - - name: config - mountPath: /etc/datadog-agent - readOnly: false # Need RW for config path - livenessProbe: - failureThreshold: 6 - httpGet: - path: /live - port: 5557 - scheme: HTTP - initialDelaySeconds: 15 - periodSeconds: 15 - successThreshold: 1 - timeoutSeconds: 5 - readinessProbe: - failureThreshold: 6 - httpGet: - path: /ready - port: 5557 - scheme: HTTP - initialDelaySeconds: 15 - periodSeconds: 15 - successThreshold: 1 - timeoutSeconds: 5 - startupProbe: - failureThreshold: 6 - httpGet: - path: /startup - port: 5557 - scheme: HTTP - initialDelaySeconds: 15 - periodSeconds: 15 - successThreshold: 1 - timeoutSeconds: 5 + # Safely run alongside the daemonset + - name: DD_ENABLE_METADATA_COLLECTION + value: "false" + # Expose CLC stats + - name: DD_CLC_RUNNER_ENABLED + value: "true" + - name: DD_CLC_RUNNER_HOST + valueFrom: + fieldRef: + fieldPath: status.podIP + - name: DD_CLC_RUNNER_ID + valueFrom: + fieldRef: + fieldPath: metadata.name + # Remove unused features + - name: DD_USE_DOGSTATSD + value: "false" + - name: DD_PROCESS_AGENT_ENABLED + value: "false" + - name: DD_LOGS_ENABLED + value: "false" + - name: DD_APM_ENABLED + value: "false" + - name: DD_REMOTE_CONFIGURATION_ENABLED + value: "false" + - name: DD_HOSTNAME + valueFrom: + fieldRef: + fieldPath: spec.nodeName + + resources: {} + volumeMounts: + - name: installinfo + subPath: install_info + mountPath: /etc/datadog-agent/install_info + readOnly: true + - name: config + mountPath: /etc/datadog-agent + readOnly: false # Need RW for config path + livenessProbe: + failureThreshold: 6 + httpGet: + path: /live + port: 5557 + scheme: HTTP + initialDelaySeconds: 15 + periodSeconds: 15 + successThreshold: 1 + timeoutSeconds: 5 + readinessProbe: + failureThreshold: 6 + httpGet: + path: /ready + port: 5557 + scheme: HTTP + initialDelaySeconds: 15 + periodSeconds: 15 + successThreshold: 1 + timeoutSeconds: 5 + startupProbe: + failureThreshold: 6 + httpGet: + path: /startup + port: 5557 + scheme: HTTP + initialDelaySeconds: 15 + periodSeconds: 15 + successThreshold: 1 + timeoutSeconds: 5 volumes: - name: installinfo configMap: @@ -182,11 +176,11 @@ spec: # for better checks stability in case of node failure. podAntiAffinity: preferredDuringSchedulingIgnoredDuringExecution: - - weight: 50 - podAffinityTerm: - labelSelector: - matchLabels: - app: datadog-clusterchecks - topologyKey: kubernetes.io/hostname + - weight: 50 + podAffinityTerm: + labelSelector: + matchLabels: + app: datadog-clusterchecks + topologyKey: kubernetes.io/hostname nodeSelector: - kubernetes.io/os: linux \ No newline at end of file + kubernetes.io/os: linux diff --git a/test/datadog/baseline/cluster-agent-deployment_default.yaml b/test/datadog/baseline/cluster-agent-deployment_default.yaml index 92a0b2b28..046ece91e 100644 --- a/test/datadog/baseline/cluster-agent-deployment_default.yaml +++ b/test/datadog/baseline/cluster-agent-deployment_default.yaml @@ -6,13 +6,13 @@ metadata: name: datadog-cluster-agent namespace: datadog-agent labels: - helm.sh/chart: 'datadog-3.98.0' + helm.sh/chart: "datadog-3.98.1" app.kubernetes.io/name: "datadog" app.kubernetes.io/instance: "datadog" app.kubernetes.io/managed-by: Helm app.kubernetes.io/version: "7" app.kubernetes.io/component: cluster-agent - + spec: replicas: 1 revisionHistoryLimit: 10 @@ -33,7 +33,7 @@ spec: app.kubernetes.io/component: cluster-agent admission.datadoghq.com/enabled: "false" app: datadog-cluster-agent - + name: datadog-cluster-agent annotations: checksum/clusteragent_token: 34148a29542217f2ac0f20b3b8be5eba4fb54f6cc59d7dc3c81f9098e32e80b5 @@ -45,197 +45,195 @@ spec: serviceAccountName: datadog-cluster-agent automountServiceAccountToken: true initContainers: - - name: init-volume - image: "gcr.io/datadoghq/cluster-agent:7.63.0" - imagePullPolicy: IfNotPresent - command: - - cp - - -r - args: - - /etc/datadog-agent - - /opt - volumeMounts: - - name: config - mountPath: /opt/datadog-agent + - name: init-volume + image: "gcr.io/datadoghq/cluster-agent:7.63.0" + imagePullPolicy: IfNotPresent + command: + - cp + - -r + args: + - /etc/datadog-agent + - /opt + volumeMounts: + - name: config + mountPath: /opt/datadog-agent containers: - - name: cluster-agent - image: "gcr.io/datadoghq/cluster-agent:7.63.0" - imagePullPolicy: IfNotPresent - resources: - {} - ports: - - containerPort: 5005 - name: agentport - protocol: TCP - - containerPort: 5000 - name: agentmetrics - protocol: TCP - - containerPort: 8000 - name: datadog-webhook - protocol: TCP - env: - - name: DD_POD_NAME - valueFrom: - fieldRef: - fieldPath: metadata.name - - name: DD_CLUSTER_AGENT_SERVICE_ACCOUNT_NAME - valueFrom: - fieldRef: - fieldPath: spec.serviceAccountName - - name: DD_HEALTH_PORT - value: "5556" - - name: DD_API_KEY - valueFrom: - secretKeyRef: - name: "datadog" - key: api-key - optional: true - - - name: KUBERNETES - value: "yes" - - name: DD_LANGUAGE_DETECTION_ENABLED - value: "false" - - name: DD_LANGUAGE_DETECTION_REPORTING_ENABLED - value: "false" - - name: DD_ADMISSION_CONTROLLER_ENABLED - value: "true" - - name: DD_ADMISSION_CONTROLLER_VALIDATION_ENABLED - value: "true" - - name: DD_ADMISSION_CONTROLLER_MUTATION_ENABLED - value: "true" - - name: DD_ADMISSION_CONTROLLER_WEBHOOK_NAME - value: "datadog-webhook" - - name: DD_ADMISSION_CONTROLLER_MUTATE_UNLABELLED - value: "false" - - name: DD_ADMISSION_CONTROLLER_SERVICE_NAME - value: datadog-cluster-agent-admission-controller - - name: DD_ADMISSION_CONTROLLER_INJECT_CONFIG_MODE - value: socket - - name: DD_ADMISSION_CONTROLLER_INJECT_CONFIG_LOCAL_SERVICE_NAME - value: datadog - - name: DD_ADMISSION_CONTROLLER_FAILURE_POLICY - value: "Ignore" - - name: DD_ADMISSION_CONTROLLER_PORT - value: "8000" - - name: DD_ADMISSION_CONTROLLER_CONTAINER_REGISTRY - value: "gcr.io/datadoghq" - - - - name: DD_REMOTE_CONFIGURATION_ENABLED - value: "false" - - name: DD_CLUSTER_CHECKS_ENABLED - value: "true" - - name: DD_EXTRA_CONFIG_PROVIDERS - value: "kube_endpoints kube_services" - - name: DD_EXTRA_LISTENERS - value: "kube_endpoints kube_services" - - name: DD_LOG_LEVEL - value: "INFO" - - name: DD_LEADER_ELECTION - value: "true" - - name: DD_LEADER_ELECTION_DEFAULT_RESOURCE - value: "configmap" - - name: DD_LEADER_LEASE_NAME - value: datadog-leader-election - - name: DD_CLUSTER_AGENT_TOKEN_NAME - value: datadogtoken - - name: DD_COLLECT_KUBERNETES_EVENTS - value: "true" - - name: DD_KUBERNETES_USE_ENDPOINT_SLICES - value: "false" - - name: DD_KUBERNETES_EVENTS_SOURCE_DETECTION_ENABLED - value: "false" - - name: DD_CLUSTER_AGENT_KUBERNETES_SERVICE_NAME - value: datadog-cluster-agent - - name: DD_CLUSTER_AGENT_AUTH_TOKEN - valueFrom: - secretKeyRef: - name: datadog-cluster-agent - key: token - - name: DD_CLUSTER_AGENT_COLLECT_KUBERNETES_TAGS - value: "false" - - name: DD_KUBE_RESOURCES_NAMESPACE - value: datadog-agent - - name: CHART_RELEASE_NAME - value: "datadog" - - name: AGENT_DAEMONSET - value: datadog - - name: CLUSTER_AGENT_DEPLOYMENT - value: datadog-cluster-agent - - name: DD_ORCHESTRATOR_EXPLORER_ENABLED - value: "true" - - name: DD_ORCHESTRATOR_EXPLORER_CONTAINER_SCRUBBING_ENABLED - value: "true" - - name: DD_CLUSTER_AGENT_LANGUAGE_DETECTION_PATCHER_ENABLED - value: "false" - - name: DD_INSTRUMENTATION_INSTALL_TIME - valueFrom: - configMapKeyRef: - name: datadog-kpi-telemetry-configmap - key: install_time - - name: DD_INSTRUMENTATION_INSTALL_ID - valueFrom: - configMapKeyRef: - name: datadog-kpi-telemetry-configmap - key: install_id - - name: DD_INSTRUMENTATION_INSTALL_TYPE - valueFrom: - configMapKeyRef: - name: datadog-kpi-telemetry-configmap - key: install_type - - livenessProbe: - failureThreshold: 6 - httpGet: - path: /live - port: 5556 - scheme: HTTP - initialDelaySeconds: 15 - periodSeconds: 15 - successThreshold: 1 - timeoutSeconds: 5 - readinessProbe: - failureThreshold: 6 - httpGet: - path: /ready - port: 5556 - scheme: HTTP - initialDelaySeconds: 15 - periodSeconds: 15 - successThreshold: 1 - timeoutSeconds: 5 - startupProbe: - failureThreshold: 6 - httpGet: - path: /startup - port: 5556 - scheme: HTTP - initialDelaySeconds: 15 - periodSeconds: 15 - successThreshold: 1 - timeoutSeconds: 5 - securityContext: - allowPrivilegeEscalation: false - readOnlyRootFilesystem: true - volumeMounts: - - name: datadogrun - mountPath: /opt/datadog-agent/run - readOnly: false - - name: varlog - mountPath: /var/log/datadog - readOnly: false - - name: tmpdir - mountPath: /tmp - readOnly: false - - name: installinfo - subPath: install_info - mountPath: /etc/datadog-agent/install_info - readOnly: true - - name: confd - mountPath: /conf.d - readOnly: true - - name: config - mountPath: /etc/datadog-agent + - name: cluster-agent + image: "gcr.io/datadoghq/cluster-agent:7.63.0" + imagePullPolicy: IfNotPresent + resources: {} + ports: + - containerPort: 5005 + name: agentport + protocol: TCP + - containerPort: 5000 + name: agentmetrics + protocol: TCP + - containerPort: 8000 + name: datadog-webhook + protocol: TCP + env: + - name: DD_POD_NAME + valueFrom: + fieldRef: + fieldPath: metadata.name + - name: DD_CLUSTER_AGENT_SERVICE_ACCOUNT_NAME + valueFrom: + fieldRef: + fieldPath: spec.serviceAccountName + - name: DD_HEALTH_PORT + value: "5556" + - name: DD_API_KEY + valueFrom: + secretKeyRef: + name: "datadog" + key: api-key + optional: true + + - name: KUBERNETES + value: "yes" + - name: DD_LANGUAGE_DETECTION_ENABLED + value: "false" + - name: DD_LANGUAGE_DETECTION_REPORTING_ENABLED + value: "false" + - name: DD_ADMISSION_CONTROLLER_ENABLED + value: "true" + - name: DD_ADMISSION_CONTROLLER_VALIDATION_ENABLED + value: "true" + - name: DD_ADMISSION_CONTROLLER_MUTATION_ENABLED + value: "true" + - name: DD_ADMISSION_CONTROLLER_WEBHOOK_NAME + value: "datadog-webhook" + - name: DD_ADMISSION_CONTROLLER_MUTATE_UNLABELLED + value: "false" + - name: DD_ADMISSION_CONTROLLER_SERVICE_NAME + value: datadog-cluster-agent-admission-controller + - name: DD_ADMISSION_CONTROLLER_INJECT_CONFIG_MODE + value: socket + - name: DD_ADMISSION_CONTROLLER_INJECT_CONFIG_LOCAL_SERVICE_NAME + value: datadog + - name: DD_ADMISSION_CONTROLLER_FAILURE_POLICY + value: "Ignore" + - name: DD_ADMISSION_CONTROLLER_PORT + value: "8000" + - name: DD_ADMISSION_CONTROLLER_CONTAINER_REGISTRY + value: "gcr.io/datadoghq" + + - name: DD_REMOTE_CONFIGURATION_ENABLED + value: "false" + - name: DD_CLUSTER_CHECKS_ENABLED + value: "true" + - name: DD_EXTRA_CONFIG_PROVIDERS + value: "kube_endpoints kube_services" + - name: DD_EXTRA_LISTENERS + value: "kube_endpoints kube_services" + - name: DD_LOG_LEVEL + value: "INFO" + - name: DD_LEADER_ELECTION + value: "true" + - name: DD_LEADER_ELECTION_DEFAULT_RESOURCE + value: "configmap" + - name: DD_LEADER_LEASE_NAME + value: datadog-leader-election + - name: DD_CLUSTER_AGENT_TOKEN_NAME + value: datadogtoken + - name: DD_COLLECT_KUBERNETES_EVENTS + value: "true" + - name: DD_KUBERNETES_USE_ENDPOINT_SLICES + value: "false" + - name: DD_KUBERNETES_EVENTS_SOURCE_DETECTION_ENABLED + value: "false" + - name: DD_CLUSTER_AGENT_KUBERNETES_SERVICE_NAME + value: datadog-cluster-agent + - name: DD_CLUSTER_AGENT_AUTH_TOKEN + valueFrom: + secretKeyRef: + name: datadog-cluster-agent + key: token + - name: DD_CLUSTER_AGENT_COLLECT_KUBERNETES_TAGS + value: "false" + - name: DD_KUBE_RESOURCES_NAMESPACE + value: datadog-agent + - name: CHART_RELEASE_NAME + value: "datadog" + - name: AGENT_DAEMONSET + value: datadog + - name: CLUSTER_AGENT_DEPLOYMENT + value: datadog-cluster-agent + - name: DD_ORCHESTRATOR_EXPLORER_ENABLED + value: "true" + - name: DD_ORCHESTRATOR_EXPLORER_CONTAINER_SCRUBBING_ENABLED + value: "true" + - name: DD_CLUSTER_AGENT_LANGUAGE_DETECTION_PATCHER_ENABLED + value: "false" + - name: DD_INSTRUMENTATION_INSTALL_TIME + valueFrom: + configMapKeyRef: + name: datadog-kpi-telemetry-configmap + key: install_time + - name: DD_INSTRUMENTATION_INSTALL_ID + valueFrom: + configMapKeyRef: + name: datadog-kpi-telemetry-configmap + key: install_id + - name: DD_INSTRUMENTATION_INSTALL_TYPE + valueFrom: + configMapKeyRef: + name: datadog-kpi-telemetry-configmap + key: install_type + + livenessProbe: + failureThreshold: 6 + httpGet: + path: /live + port: 5556 + scheme: HTTP + initialDelaySeconds: 15 + periodSeconds: 15 + successThreshold: 1 + timeoutSeconds: 5 + readinessProbe: + failureThreshold: 6 + httpGet: + path: /ready + port: 5556 + scheme: HTTP + initialDelaySeconds: 15 + periodSeconds: 15 + successThreshold: 1 + timeoutSeconds: 5 + startupProbe: + failureThreshold: 6 + httpGet: + path: /startup + port: 5556 + scheme: HTTP + initialDelaySeconds: 15 + periodSeconds: 15 + successThreshold: 1 + timeoutSeconds: 5 + securityContext: + allowPrivilegeEscalation: false + readOnlyRootFilesystem: true + volumeMounts: + - name: datadogrun + mountPath: /opt/datadog-agent/run + readOnly: false + - name: varlog + mountPath: /var/log/datadog + readOnly: false + - name: tmpdir + mountPath: /tmp + readOnly: false + - name: installinfo + subPath: install_info + mountPath: /etc/datadog-agent/install_info + readOnly: true + - name: confd + mountPath: /conf.d + readOnly: true + - name: config + mountPath: /etc/datadog-agent volumes: - name: datadogrun emptyDir: {} @@ -250,10 +248,10 @@ spec: configMap: name: datadog-cluster-agent-confd items: - - key: kubernetes_state_core.yaml.default - path: kubernetes_state_core.yaml.default - - key: kubernetes_apiserver.yaml - path: kubernetes_apiserver.yaml + - key: kubernetes_state_core.yaml.default + path: kubernetes_state_core.yaml.default + - key: kubernetes_apiserver.yaml + path: kubernetes_apiserver.yaml - name: config emptyDir: {} affinity: @@ -261,11 +259,11 @@ spec: # to guarantee that the standby instance can immediately take the lead from a leader running of a faulty node. podAntiAffinity: preferredDuringSchedulingIgnoredDuringExecution: - - weight: 50 - podAffinityTerm: - labelSelector: - matchLabels: - app: datadog-cluster-agent - topologyKey: kubernetes.io/hostname + - weight: 50 + podAffinityTerm: + labelSelector: + matchLabels: + app: datadog-cluster-agent + topologyKey: kubernetes.io/hostname nodeSelector: - kubernetes.io/os: linux \ No newline at end of file + kubernetes.io/os: linux diff --git a/test/datadog/baseline/cluster-agent-deployment_default_advanced_AC_injection.yaml b/test/datadog/baseline/cluster-agent-deployment_default_advanced_AC_injection.yaml index 5ea559d62..97a862e8f 100644 --- a/test/datadog/baseline/cluster-agent-deployment_default_advanced_AC_injection.yaml +++ b/test/datadog/baseline/cluster-agent-deployment_default_advanced_AC_injection.yaml @@ -6,13 +6,13 @@ metadata: name: datadog-cluster-agent namespace: datadog-agent labels: - helm.sh/chart: 'datadog-3.98.0' + helm.sh/chart: "datadog-3.98.1" app.kubernetes.io/name: "datadog" app.kubernetes.io/instance: "datadog" app.kubernetes.io/managed-by: Helm app.kubernetes.io/version: "7" app.kubernetes.io/component: cluster-agent - + spec: replicas: 1 revisionHistoryLimit: 10 @@ -33,7 +33,7 @@ spec: app.kubernetes.io/component: cluster-agent admission.datadoghq.com/enabled: "false" app: datadog-cluster-agent - + name: datadog-cluster-agent annotations: checksum/clusteragent_token: f6e2f64e9a4f2f4115bef3a3abb83debde7a322cc6226606ed8e2ba84eafa597 @@ -45,211 +45,209 @@ spec: serviceAccountName: datadog-cluster-agent automountServiceAccountToken: true initContainers: - - name: init-volume - image: "gcr.io/datadoghq/cluster-agent:7.63.0" - imagePullPolicy: IfNotPresent - command: - - cp - - -r - args: - - /etc/datadog-agent - - /opt - volumeMounts: - - name: config - mountPath: /opt/datadog-agent + - name: init-volume + image: "gcr.io/datadoghq/cluster-agent:7.63.0" + imagePullPolicy: IfNotPresent + command: + - cp + - -r + args: + - /etc/datadog-agent + - /opt + volumeMounts: + - name: config + mountPath: /opt/datadog-agent containers: - - name: cluster-agent - image: "gcr.io/datadoghq/cluster-agent:7.63.0" - imagePullPolicy: IfNotPresent - resources: - {} - ports: - - containerPort: 5005 - name: agentport - protocol: TCP - - containerPort: 5000 - name: agentmetrics - protocol: TCP - - containerPort: 8000 - name: datadog-webhook - protocol: TCP - env: - - name: DD_POD_NAME - valueFrom: - fieldRef: - fieldPath: metadata.name - - name: DD_CLUSTER_AGENT_SERVICE_ACCOUNT_NAME - valueFrom: - fieldRef: - fieldPath: spec.serviceAccountName - - name: DD_HEALTH_PORT - value: "5556" - - name: DD_API_KEY - valueFrom: - secretKeyRef: - name: "datadog" - key: api-key - optional: true - - - name: KUBERNETES - value: "yes" - - name: DD_LANGUAGE_DETECTION_ENABLED - value: "false" - - name: DD_LANGUAGE_DETECTION_REPORTING_ENABLED - value: "false" - - name: DD_ADMISSION_CONTROLLER_ENABLED - value: "true" - - name: DD_ADMISSION_CONTROLLER_VALIDATION_ENABLED - value: "true" - - name: DD_ADMISSION_CONTROLLER_MUTATION_ENABLED - value: "true" - - name: DD_ADMISSION_CONTROLLER_WEBHOOK_NAME - value: "datadog-webhook" - - name: DD_ADMISSION_CONTROLLER_MUTATE_UNLABELLED - value: "false" - - name: DD_ADMISSION_CONTROLLER_SERVICE_NAME - value: datadog-cluster-agent-admission-controller - - name: DD_ADMISSION_CONTROLLER_INJECT_CONFIG_MODE - value: socket - - name: DD_ADMISSION_CONTROLLER_INJECT_CONFIG_LOCAL_SERVICE_NAME - value: datadog - - name: DD_ADMISSION_CONTROLLER_FAILURE_POLICY - value: "Ignore" - - name: DD_ADMISSION_CONTROLLER_PORT - value: "8000" - - name: DD_ADMISSION_CONTROLLER_CONTAINER_REGISTRY - value: "gcr.io/datadoghq" - - - - name: DD_ADMISSION_CONTROLLER_AGENT_SIDECAR_ENABLED - value: "true" - - name: DD_ADMISSION_CONTROLLER_AGENT_SIDECAR_CLUSTER_AGENT_ENABLED - value: "false" - - name: DD_ADMISSION_CONTROLLER_AGENT_SIDECAR_CONTAINER_REGISTRY - value: gcr.io/datadoghq - - name: DD_ADMISSION_CONTROLLER_AGENT_SIDECAR_IMAGE_NAME - value: agent - - name: DD_ADMISSION_CONTROLLER_AGENT_SIDECAR_IMAGE_TAG - value: 7.52.0 - - name: DD_ADMISSION_CONTROLLER_AGENT_SIDECAR_SELECTORS - value: '[{"namespaceSelector":{"matchLabels":{"agentSidecars":"true"}},"objectSelector":{"matchLabels":{"app":"nginx","runsOn":"nodeless"}}}]' - - name: DD_ADMISSION_CONTROLLER_AGENT_SIDECAR_PROFILES - value: '[{"env":[{"name":"DD_ORCHESTRATOR_EXPLORER_ENABLED","value":"false"},{"name":"DD_TAGS","value":"key1:value1 key2:value2"}],"resources":{"limits":{"cpu":"2","memory":"1024Mi"},"requests":{"cpu":"1","memory":"512Mi"}}}]' - - name: DD_REMOTE_CONFIGURATION_ENABLED - value: "false" - - name: DD_CLUSTER_CHECKS_ENABLED - value: "true" - - name: DD_EXTRA_CONFIG_PROVIDERS - value: "kube_endpoints kube_services" - - name: DD_EXTRA_LISTENERS - value: "kube_endpoints kube_services" - - name: DD_LOG_LEVEL - value: "INFO" - - name: DD_LEADER_ELECTION - value: "true" - - name: DD_LEADER_ELECTION_DEFAULT_RESOURCE - value: "configmap" - - name: DD_LEADER_LEASE_NAME - value: datadog-leader-election - - name: DD_CLUSTER_AGENT_TOKEN_NAME - value: datadogtoken - - name: DD_COLLECT_KUBERNETES_EVENTS - value: "true" - - name: DD_KUBERNETES_USE_ENDPOINT_SLICES - value: "false" - - name: DD_KUBERNETES_EVENTS_SOURCE_DETECTION_ENABLED - value: "false" - - name: DD_CLUSTER_AGENT_KUBERNETES_SERVICE_NAME - value: datadog-cluster-agent - - name: DD_CLUSTER_AGENT_AUTH_TOKEN - valueFrom: - secretKeyRef: - name: datadog-cluster-agent - key: token - - name: DD_CLUSTER_AGENT_COLLECT_KUBERNETES_TAGS - value: "false" - - name: DD_KUBE_RESOURCES_NAMESPACE - value: datadog-agent - - name: CHART_RELEASE_NAME - value: "datadog" - - name: AGENT_DAEMONSET - value: datadog - - name: CLUSTER_AGENT_DEPLOYMENT - value: datadog-cluster-agent - - name: DD_ORCHESTRATOR_EXPLORER_ENABLED - value: "true" - - name: DD_ORCHESTRATOR_EXPLORER_CONTAINER_SCRUBBING_ENABLED - value: "true" - - name: DD_CLUSTER_AGENT_LANGUAGE_DETECTION_PATCHER_ENABLED - value: "false" - - name: DD_INSTRUMENTATION_INSTALL_TIME - valueFrom: - configMapKeyRef: - name: datadog-kpi-telemetry-configmap - key: install_time - - name: DD_INSTRUMENTATION_INSTALL_ID - valueFrom: - configMapKeyRef: - name: datadog-kpi-telemetry-configmap - key: install_id - - name: DD_INSTRUMENTATION_INSTALL_TYPE - valueFrom: - configMapKeyRef: - name: datadog-kpi-telemetry-configmap - key: install_type - - livenessProbe: - failureThreshold: 6 - httpGet: - path: /live - port: 5556 - scheme: HTTP - initialDelaySeconds: 15 - periodSeconds: 15 - successThreshold: 1 - timeoutSeconds: 5 - readinessProbe: - failureThreshold: 6 - httpGet: - path: /ready - port: 5556 - scheme: HTTP - initialDelaySeconds: 15 - periodSeconds: 15 - successThreshold: 1 - timeoutSeconds: 5 - startupProbe: - failureThreshold: 6 - httpGet: - path: /startup - port: 5556 - scheme: HTTP - initialDelaySeconds: 15 - periodSeconds: 15 - successThreshold: 1 - timeoutSeconds: 5 - securityContext: - allowPrivilegeEscalation: false - readOnlyRootFilesystem: true - volumeMounts: - - name: datadogrun - mountPath: /opt/datadog-agent/run - readOnly: false - - name: varlog - mountPath: /var/log/datadog - readOnly: false - - name: tmpdir - mountPath: /tmp - readOnly: false - - name: installinfo - subPath: install_info - mountPath: /etc/datadog-agent/install_info - readOnly: true - - name: confd - mountPath: /conf.d - readOnly: true - - name: config - mountPath: /etc/datadog-agent + - name: cluster-agent + image: "gcr.io/datadoghq/cluster-agent:7.63.0" + imagePullPolicy: IfNotPresent + resources: {} + ports: + - containerPort: 5005 + name: agentport + protocol: TCP + - containerPort: 5000 + name: agentmetrics + protocol: TCP + - containerPort: 8000 + name: datadog-webhook + protocol: TCP + env: + - name: DD_POD_NAME + valueFrom: + fieldRef: + fieldPath: metadata.name + - name: DD_CLUSTER_AGENT_SERVICE_ACCOUNT_NAME + valueFrom: + fieldRef: + fieldPath: spec.serviceAccountName + - name: DD_HEALTH_PORT + value: "5556" + - name: DD_API_KEY + valueFrom: + secretKeyRef: + name: "datadog" + key: api-key + optional: true + + - name: KUBERNETES + value: "yes" + - name: DD_LANGUAGE_DETECTION_ENABLED + value: "false" + - name: DD_LANGUAGE_DETECTION_REPORTING_ENABLED + value: "false" + - name: DD_ADMISSION_CONTROLLER_ENABLED + value: "true" + - name: DD_ADMISSION_CONTROLLER_VALIDATION_ENABLED + value: "true" + - name: DD_ADMISSION_CONTROLLER_MUTATION_ENABLED + value: "true" + - name: DD_ADMISSION_CONTROLLER_WEBHOOK_NAME + value: "datadog-webhook" + - name: DD_ADMISSION_CONTROLLER_MUTATE_UNLABELLED + value: "false" + - name: DD_ADMISSION_CONTROLLER_SERVICE_NAME + value: datadog-cluster-agent-admission-controller + - name: DD_ADMISSION_CONTROLLER_INJECT_CONFIG_MODE + value: socket + - name: DD_ADMISSION_CONTROLLER_INJECT_CONFIG_LOCAL_SERVICE_NAME + value: datadog + - name: DD_ADMISSION_CONTROLLER_FAILURE_POLICY + value: "Ignore" + - name: DD_ADMISSION_CONTROLLER_PORT + value: "8000" + - name: DD_ADMISSION_CONTROLLER_CONTAINER_REGISTRY + value: "gcr.io/datadoghq" + + - name: DD_ADMISSION_CONTROLLER_AGENT_SIDECAR_ENABLED + value: "true" + - name: DD_ADMISSION_CONTROLLER_AGENT_SIDECAR_CLUSTER_AGENT_ENABLED + value: "false" + - name: DD_ADMISSION_CONTROLLER_AGENT_SIDECAR_CONTAINER_REGISTRY + value: gcr.io/datadoghq + - name: DD_ADMISSION_CONTROLLER_AGENT_SIDECAR_IMAGE_NAME + value: agent + - name: DD_ADMISSION_CONTROLLER_AGENT_SIDECAR_IMAGE_TAG + value: 7.52.0 + - name: DD_ADMISSION_CONTROLLER_AGENT_SIDECAR_SELECTORS + value: '[{"namespaceSelector":{"matchLabels":{"agentSidecars":"true"}},"objectSelector":{"matchLabels":{"app":"nginx","runsOn":"nodeless"}}}]' + - name: DD_ADMISSION_CONTROLLER_AGENT_SIDECAR_PROFILES + value: '[{"env":[{"name":"DD_ORCHESTRATOR_EXPLORER_ENABLED","value":"false"},{"name":"DD_TAGS","value":"key1:value1 key2:value2"}],"resources":{"limits":{"cpu":"2","memory":"1024Mi"},"requests":{"cpu":"1","memory":"512Mi"}}}]' + - name: DD_REMOTE_CONFIGURATION_ENABLED + value: "false" + - name: DD_CLUSTER_CHECKS_ENABLED + value: "true" + - name: DD_EXTRA_CONFIG_PROVIDERS + value: "kube_endpoints kube_services" + - name: DD_EXTRA_LISTENERS + value: "kube_endpoints kube_services" + - name: DD_LOG_LEVEL + value: "INFO" + - name: DD_LEADER_ELECTION + value: "true" + - name: DD_LEADER_ELECTION_DEFAULT_RESOURCE + value: "configmap" + - name: DD_LEADER_LEASE_NAME + value: datadog-leader-election + - name: DD_CLUSTER_AGENT_TOKEN_NAME + value: datadogtoken + - name: DD_COLLECT_KUBERNETES_EVENTS + value: "true" + - name: DD_KUBERNETES_USE_ENDPOINT_SLICES + value: "false" + - name: DD_KUBERNETES_EVENTS_SOURCE_DETECTION_ENABLED + value: "false" + - name: DD_CLUSTER_AGENT_KUBERNETES_SERVICE_NAME + value: datadog-cluster-agent + - name: DD_CLUSTER_AGENT_AUTH_TOKEN + valueFrom: + secretKeyRef: + name: datadog-cluster-agent + key: token + - name: DD_CLUSTER_AGENT_COLLECT_KUBERNETES_TAGS + value: "false" + - name: DD_KUBE_RESOURCES_NAMESPACE + value: datadog-agent + - name: CHART_RELEASE_NAME + value: "datadog" + - name: AGENT_DAEMONSET + value: datadog + - name: CLUSTER_AGENT_DEPLOYMENT + value: datadog-cluster-agent + - name: DD_ORCHESTRATOR_EXPLORER_ENABLED + value: "true" + - name: DD_ORCHESTRATOR_EXPLORER_CONTAINER_SCRUBBING_ENABLED + value: "true" + - name: DD_CLUSTER_AGENT_LANGUAGE_DETECTION_PATCHER_ENABLED + value: "false" + - name: DD_INSTRUMENTATION_INSTALL_TIME + valueFrom: + configMapKeyRef: + name: datadog-kpi-telemetry-configmap + key: install_time + - name: DD_INSTRUMENTATION_INSTALL_ID + valueFrom: + configMapKeyRef: + name: datadog-kpi-telemetry-configmap + key: install_id + - name: DD_INSTRUMENTATION_INSTALL_TYPE + valueFrom: + configMapKeyRef: + name: datadog-kpi-telemetry-configmap + key: install_type + + livenessProbe: + failureThreshold: 6 + httpGet: + path: /live + port: 5556 + scheme: HTTP + initialDelaySeconds: 15 + periodSeconds: 15 + successThreshold: 1 + timeoutSeconds: 5 + readinessProbe: + failureThreshold: 6 + httpGet: + path: /ready + port: 5556 + scheme: HTTP + initialDelaySeconds: 15 + periodSeconds: 15 + successThreshold: 1 + timeoutSeconds: 5 + startupProbe: + failureThreshold: 6 + httpGet: + path: /startup + port: 5556 + scheme: HTTP + initialDelaySeconds: 15 + periodSeconds: 15 + successThreshold: 1 + timeoutSeconds: 5 + securityContext: + allowPrivilegeEscalation: false + readOnlyRootFilesystem: true + volumeMounts: + - name: datadogrun + mountPath: /opt/datadog-agent/run + readOnly: false + - name: varlog + mountPath: /var/log/datadog + readOnly: false + - name: tmpdir + mountPath: /tmp + readOnly: false + - name: installinfo + subPath: install_info + mountPath: /etc/datadog-agent/install_info + readOnly: true + - name: confd + mountPath: /conf.d + readOnly: true + - name: config + mountPath: /etc/datadog-agent volumes: - name: datadogrun emptyDir: {} @@ -264,10 +262,10 @@ spec: configMap: name: datadog-cluster-agent-confd items: - - key: kubernetes_state_core.yaml.default - path: kubernetes_state_core.yaml.default - - key: kubernetes_apiserver.yaml - path: kubernetes_apiserver.yaml + - key: kubernetes_state_core.yaml.default + path: kubernetes_state_core.yaml.default + - key: kubernetes_apiserver.yaml + path: kubernetes_apiserver.yaml - name: config emptyDir: {} affinity: @@ -275,11 +273,11 @@ spec: # to guarantee that the standby instance can immediately take the lead from a leader running of a faulty node. podAntiAffinity: preferredDuringSchedulingIgnoredDuringExecution: - - weight: 50 - podAffinityTerm: - labelSelector: - matchLabels: - app: datadog-cluster-agent - topologyKey: kubernetes.io/hostname + - weight: 50 + podAffinityTerm: + labelSelector: + matchLabels: + app: datadog-cluster-agent + topologyKey: kubernetes.io/hostname nodeSelector: - kubernetes.io/os: linux \ No newline at end of file + kubernetes.io/os: linux diff --git a/test/datadog/baseline/cluster-agent-deployment_default_minimal_AC_injection.yaml b/test/datadog/baseline/cluster-agent-deployment_default_minimal_AC_injection.yaml index 7c154b35c..c06487dec 100644 --- a/test/datadog/baseline/cluster-agent-deployment_default_minimal_AC_injection.yaml +++ b/test/datadog/baseline/cluster-agent-deployment_default_minimal_AC_injection.yaml @@ -6,13 +6,13 @@ metadata: name: datadog-cluster-agent namespace: datadog-agent labels: - helm.sh/chart: 'datadog-3.98.0' + helm.sh/chart: "datadog-3.98.1" app.kubernetes.io/name: "datadog" app.kubernetes.io/instance: "datadog" app.kubernetes.io/managed-by: Helm app.kubernetes.io/version: "7" app.kubernetes.io/component: cluster-agent - + spec: replicas: 1 revisionHistoryLimit: 10 @@ -33,7 +33,7 @@ spec: app.kubernetes.io/component: cluster-agent admission.datadoghq.com/enabled: "false" app: datadog-cluster-agent - + name: datadog-cluster-agent annotations: checksum/clusteragent_token: 576e732a32a1d08d77384a65ed64027db154c2a6254a456a75948b7de4278242 @@ -45,207 +45,205 @@ spec: serviceAccountName: datadog-cluster-agent automountServiceAccountToken: true initContainers: - - name: init-volume - image: "gcr.io/datadoghq/cluster-agent:7.63.0" - imagePullPolicy: IfNotPresent - command: - - cp - - -r - args: - - /etc/datadog-agent - - /opt - volumeMounts: - - name: config - mountPath: /opt/datadog-agent + - name: init-volume + image: "gcr.io/datadoghq/cluster-agent:7.63.0" + imagePullPolicy: IfNotPresent + command: + - cp + - -r + args: + - /etc/datadog-agent + - /opt + volumeMounts: + - name: config + mountPath: /opt/datadog-agent containers: - - name: cluster-agent - image: "gcr.io/datadoghq/cluster-agent:7.63.0" - imagePullPolicy: IfNotPresent - resources: - {} - ports: - - containerPort: 5005 - name: agentport - protocol: TCP - - containerPort: 5000 - name: agentmetrics - protocol: TCP - - containerPort: 8000 - name: datadog-webhook - protocol: TCP - env: - - name: DD_POD_NAME - valueFrom: - fieldRef: - fieldPath: metadata.name - - name: DD_CLUSTER_AGENT_SERVICE_ACCOUNT_NAME - valueFrom: - fieldRef: - fieldPath: spec.serviceAccountName - - name: DD_HEALTH_PORT - value: "5556" - - name: DD_API_KEY - valueFrom: - secretKeyRef: - name: "datadog" - key: api-key - optional: true - - - name: KUBERNETES - value: "yes" - - name: DD_LANGUAGE_DETECTION_ENABLED - value: "false" - - name: DD_LANGUAGE_DETECTION_REPORTING_ENABLED - value: "false" - - name: DD_ADMISSION_CONTROLLER_ENABLED - value: "true" - - name: DD_ADMISSION_CONTROLLER_VALIDATION_ENABLED - value: "true" - - name: DD_ADMISSION_CONTROLLER_MUTATION_ENABLED - value: "true" - - name: DD_ADMISSION_CONTROLLER_WEBHOOK_NAME - value: "datadog-webhook" - - name: DD_ADMISSION_CONTROLLER_MUTATE_UNLABELLED - value: "false" - - name: DD_ADMISSION_CONTROLLER_SERVICE_NAME - value: datadog-cluster-agent-admission-controller - - name: DD_ADMISSION_CONTROLLER_INJECT_CONFIG_MODE - value: socket - - name: DD_ADMISSION_CONTROLLER_INJECT_CONFIG_LOCAL_SERVICE_NAME - value: datadog - - name: DD_ADMISSION_CONTROLLER_FAILURE_POLICY - value: "Ignore" - - name: DD_ADMISSION_CONTROLLER_PORT - value: "8000" - - name: DD_ADMISSION_CONTROLLER_CONTAINER_REGISTRY - value: "gcr.io/datadoghq" - - - - name: DD_ADMISSION_CONTROLLER_AGENT_SIDECAR_ENABLED - value: "true" - - name: DD_ADMISSION_CONTROLLER_AGENT_SIDECAR_CLUSTER_AGENT_ENABLED - value: "true" - - name: DD_ADMISSION_CONTROLLER_AGENT_SIDECAR_PROVIDER - value: fargate - - name: DD_ADMISSION_CONTROLLER_AGENT_SIDECAR_IMAGE_NAME - value: agent - - name: DD_ADMISSION_CONTROLLER_AGENT_SIDECAR_IMAGE_TAG - value: 7.63.0 - - name: DD_REMOTE_CONFIGURATION_ENABLED - value: "false" - - name: DD_CLUSTER_CHECKS_ENABLED - value: "true" - - name: DD_EXTRA_CONFIG_PROVIDERS - value: "kube_endpoints kube_services" - - name: DD_EXTRA_LISTENERS - value: "kube_endpoints kube_services" - - name: DD_LOG_LEVEL - value: "INFO" - - name: DD_LEADER_ELECTION - value: "true" - - name: DD_LEADER_ELECTION_DEFAULT_RESOURCE - value: "configmap" - - name: DD_LEADER_LEASE_NAME - value: datadog-leader-election - - name: DD_CLUSTER_AGENT_TOKEN_NAME - value: datadogtoken - - name: DD_COLLECT_KUBERNETES_EVENTS - value: "true" - - name: DD_KUBERNETES_USE_ENDPOINT_SLICES - value: "false" - - name: DD_KUBERNETES_EVENTS_SOURCE_DETECTION_ENABLED - value: "false" - - name: DD_CLUSTER_AGENT_KUBERNETES_SERVICE_NAME - value: datadog-cluster-agent - - name: DD_CLUSTER_AGENT_AUTH_TOKEN - valueFrom: - secretKeyRef: - name: datadog-cluster-agent - key: token - - name: DD_CLUSTER_AGENT_COLLECT_KUBERNETES_TAGS - value: "false" - - name: DD_KUBE_RESOURCES_NAMESPACE - value: datadog-agent - - name: CHART_RELEASE_NAME - value: "datadog" - - name: AGENT_DAEMONSET - value: datadog - - name: CLUSTER_AGENT_DEPLOYMENT - value: datadog-cluster-agent - - name: DD_ORCHESTRATOR_EXPLORER_ENABLED - value: "true" - - name: DD_ORCHESTRATOR_EXPLORER_CONTAINER_SCRUBBING_ENABLED - value: "true" - - name: DD_CLUSTER_AGENT_LANGUAGE_DETECTION_PATCHER_ENABLED - value: "false" - - name: DD_INSTRUMENTATION_INSTALL_TIME - valueFrom: - configMapKeyRef: - name: datadog-kpi-telemetry-configmap - key: install_time - - name: DD_INSTRUMENTATION_INSTALL_ID - valueFrom: - configMapKeyRef: - name: datadog-kpi-telemetry-configmap - key: install_id - - name: DD_INSTRUMENTATION_INSTALL_TYPE - valueFrom: - configMapKeyRef: - name: datadog-kpi-telemetry-configmap - key: install_type - - livenessProbe: - failureThreshold: 6 - httpGet: - path: /live - port: 5556 - scheme: HTTP - initialDelaySeconds: 15 - periodSeconds: 15 - successThreshold: 1 - timeoutSeconds: 5 - readinessProbe: - failureThreshold: 6 - httpGet: - path: /ready - port: 5556 - scheme: HTTP - initialDelaySeconds: 15 - periodSeconds: 15 - successThreshold: 1 - timeoutSeconds: 5 - startupProbe: - failureThreshold: 6 - httpGet: - path: /startup - port: 5556 - scheme: HTTP - initialDelaySeconds: 15 - periodSeconds: 15 - successThreshold: 1 - timeoutSeconds: 5 - securityContext: - allowPrivilegeEscalation: false - readOnlyRootFilesystem: true - volumeMounts: - - name: datadogrun - mountPath: /opt/datadog-agent/run - readOnly: false - - name: varlog - mountPath: /var/log/datadog - readOnly: false - - name: tmpdir - mountPath: /tmp - readOnly: false - - name: installinfo - subPath: install_info - mountPath: /etc/datadog-agent/install_info - readOnly: true - - name: confd - mountPath: /conf.d - readOnly: true - - name: config - mountPath: /etc/datadog-agent + - name: cluster-agent + image: "gcr.io/datadoghq/cluster-agent:7.63.0" + imagePullPolicy: IfNotPresent + resources: {} + ports: + - containerPort: 5005 + name: agentport + protocol: TCP + - containerPort: 5000 + name: agentmetrics + protocol: TCP + - containerPort: 8000 + name: datadog-webhook + protocol: TCP + env: + - name: DD_POD_NAME + valueFrom: + fieldRef: + fieldPath: metadata.name + - name: DD_CLUSTER_AGENT_SERVICE_ACCOUNT_NAME + valueFrom: + fieldRef: + fieldPath: spec.serviceAccountName + - name: DD_HEALTH_PORT + value: "5556" + - name: DD_API_KEY + valueFrom: + secretKeyRef: + name: "datadog" + key: api-key + optional: true + + - name: KUBERNETES + value: "yes" + - name: DD_LANGUAGE_DETECTION_ENABLED + value: "false" + - name: DD_LANGUAGE_DETECTION_REPORTING_ENABLED + value: "false" + - name: DD_ADMISSION_CONTROLLER_ENABLED + value: "true" + - name: DD_ADMISSION_CONTROLLER_VALIDATION_ENABLED + value: "true" + - name: DD_ADMISSION_CONTROLLER_MUTATION_ENABLED + value: "true" + - name: DD_ADMISSION_CONTROLLER_WEBHOOK_NAME + value: "datadog-webhook" + - name: DD_ADMISSION_CONTROLLER_MUTATE_UNLABELLED + value: "false" + - name: DD_ADMISSION_CONTROLLER_SERVICE_NAME + value: datadog-cluster-agent-admission-controller + - name: DD_ADMISSION_CONTROLLER_INJECT_CONFIG_MODE + value: socket + - name: DD_ADMISSION_CONTROLLER_INJECT_CONFIG_LOCAL_SERVICE_NAME + value: datadog + - name: DD_ADMISSION_CONTROLLER_FAILURE_POLICY + value: "Ignore" + - name: DD_ADMISSION_CONTROLLER_PORT + value: "8000" + - name: DD_ADMISSION_CONTROLLER_CONTAINER_REGISTRY + value: "gcr.io/datadoghq" + + - name: DD_ADMISSION_CONTROLLER_AGENT_SIDECAR_ENABLED + value: "true" + - name: DD_ADMISSION_CONTROLLER_AGENT_SIDECAR_CLUSTER_AGENT_ENABLED + value: "true" + - name: DD_ADMISSION_CONTROLLER_AGENT_SIDECAR_PROVIDER + value: fargate + - name: DD_ADMISSION_CONTROLLER_AGENT_SIDECAR_IMAGE_NAME + value: agent + - name: DD_ADMISSION_CONTROLLER_AGENT_SIDECAR_IMAGE_TAG + value: 7.63.0 + - name: DD_REMOTE_CONFIGURATION_ENABLED + value: "false" + - name: DD_CLUSTER_CHECKS_ENABLED + value: "true" + - name: DD_EXTRA_CONFIG_PROVIDERS + value: "kube_endpoints kube_services" + - name: DD_EXTRA_LISTENERS + value: "kube_endpoints kube_services" + - name: DD_LOG_LEVEL + value: "INFO" + - name: DD_LEADER_ELECTION + value: "true" + - name: DD_LEADER_ELECTION_DEFAULT_RESOURCE + value: "configmap" + - name: DD_LEADER_LEASE_NAME + value: datadog-leader-election + - name: DD_CLUSTER_AGENT_TOKEN_NAME + value: datadogtoken + - name: DD_COLLECT_KUBERNETES_EVENTS + value: "true" + - name: DD_KUBERNETES_USE_ENDPOINT_SLICES + value: "false" + - name: DD_KUBERNETES_EVENTS_SOURCE_DETECTION_ENABLED + value: "false" + - name: DD_CLUSTER_AGENT_KUBERNETES_SERVICE_NAME + value: datadog-cluster-agent + - name: DD_CLUSTER_AGENT_AUTH_TOKEN + valueFrom: + secretKeyRef: + name: datadog-cluster-agent + key: token + - name: DD_CLUSTER_AGENT_COLLECT_KUBERNETES_TAGS + value: "false" + - name: DD_KUBE_RESOURCES_NAMESPACE + value: datadog-agent + - name: CHART_RELEASE_NAME + value: "datadog" + - name: AGENT_DAEMONSET + value: datadog + - name: CLUSTER_AGENT_DEPLOYMENT + value: datadog-cluster-agent + - name: DD_ORCHESTRATOR_EXPLORER_ENABLED + value: "true" + - name: DD_ORCHESTRATOR_EXPLORER_CONTAINER_SCRUBBING_ENABLED + value: "true" + - name: DD_CLUSTER_AGENT_LANGUAGE_DETECTION_PATCHER_ENABLED + value: "false" + - name: DD_INSTRUMENTATION_INSTALL_TIME + valueFrom: + configMapKeyRef: + name: datadog-kpi-telemetry-configmap + key: install_time + - name: DD_INSTRUMENTATION_INSTALL_ID + valueFrom: + configMapKeyRef: + name: datadog-kpi-telemetry-configmap + key: install_id + - name: DD_INSTRUMENTATION_INSTALL_TYPE + valueFrom: + configMapKeyRef: + name: datadog-kpi-telemetry-configmap + key: install_type + + livenessProbe: + failureThreshold: 6 + httpGet: + path: /live + port: 5556 + scheme: HTTP + initialDelaySeconds: 15 + periodSeconds: 15 + successThreshold: 1 + timeoutSeconds: 5 + readinessProbe: + failureThreshold: 6 + httpGet: + path: /ready + port: 5556 + scheme: HTTP + initialDelaySeconds: 15 + periodSeconds: 15 + successThreshold: 1 + timeoutSeconds: 5 + startupProbe: + failureThreshold: 6 + httpGet: + path: /startup + port: 5556 + scheme: HTTP + initialDelaySeconds: 15 + periodSeconds: 15 + successThreshold: 1 + timeoutSeconds: 5 + securityContext: + allowPrivilegeEscalation: false + readOnlyRootFilesystem: true + volumeMounts: + - name: datadogrun + mountPath: /opt/datadog-agent/run + readOnly: false + - name: varlog + mountPath: /var/log/datadog + readOnly: false + - name: tmpdir + mountPath: /tmp + readOnly: false + - name: installinfo + subPath: install_info + mountPath: /etc/datadog-agent/install_info + readOnly: true + - name: confd + mountPath: /conf.d + readOnly: true + - name: config + mountPath: /etc/datadog-agent volumes: - name: datadogrun emptyDir: {} @@ -260,10 +258,10 @@ spec: configMap: name: datadog-cluster-agent-confd items: - - key: kubernetes_state_core.yaml.default - path: kubernetes_state_core.yaml.default - - key: kubernetes_apiserver.yaml - path: kubernetes_apiserver.yaml + - key: kubernetes_state_core.yaml.default + path: kubernetes_state_core.yaml.default + - key: kubernetes_apiserver.yaml + path: kubernetes_apiserver.yaml - name: config emptyDir: {} affinity: @@ -271,11 +269,11 @@ spec: # to guarantee that the standby instance can immediately take the lead from a leader running of a faulty node. podAntiAffinity: preferredDuringSchedulingIgnoredDuringExecution: - - weight: 50 - podAffinityTerm: - labelSelector: - matchLabels: - app: datadog-cluster-agent - topologyKey: kubernetes.io/hostname + - weight: 50 + podAffinityTerm: + labelSelector: + matchLabels: + app: datadog-cluster-agent + topologyKey: kubernetes.io/hostname nodeSelector: - kubernetes.io/os: linux \ No newline at end of file + kubernetes.io/os: linux diff --git a/test/datadog/baseline/daemonset_default.yaml b/test/datadog/baseline/daemonset_default.yaml index 754e635d2..d086fac38 100644 --- a/test/datadog/baseline/daemonset_default.yaml +++ b/test/datadog/baseline/daemonset_default.yaml @@ -6,13 +6,13 @@ metadata: name: datadog namespace: datadog-agent labels: - helm.sh/chart: 'datadog-3.98.0' + helm.sh/chart: "datadog-3.98.1" app.kubernetes.io/name: "datadog" app.kubernetes.io/instance: "datadog" app.kubernetes.io/managed-by: Helm app.kubernetes.io/version: "7" app.kubernetes.io/component: agent - + spec: revisionHistoryLimit: 10 selector: @@ -27,7 +27,7 @@ spec: app.kubernetes.io/component: agent admission.datadoghq.com/enabled: "false" app: datadog - + name: datadog annotations: checksum/clusteragent_token: 3be632e3858cae1c7ddb79bbe1f7e1ce4a1174cfb3bfeadc4cf97243b9ca20a5 @@ -36,387 +36,379 @@ spec: checksum/confd-config: 44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a checksum/checksd-config: 44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a spec: - securityContext: runAsUser: 0 hostPID: true containers: - - name: agent - image: "gcr.io/datadoghq/agent:7.63.0" - imagePullPolicy: IfNotPresent - command: ["agent", "run"] - - resources: - {} - ports: - - containerPort: 8125 - name: dogstatsdport - protocol: UDP - env: - - name: DD_API_KEY - valueFrom: - secretKeyRef: - name: "datadog-secret" - key: api-key - - name: DD_REMOTE_CONFIGURATION_ENABLED - value: "true" - - name: DD_AUTH_TOKEN_FILE_PATH - value: /etc/datadog-agent/auth/token - - - name: KUBERNETES - value: "yes" - - name: DD_LANGUAGE_DETECTION_ENABLED - value: "false" - - name: DD_LANGUAGE_DETECTION_REPORTING_ENABLED - value: "false" - - name: DD_KUBERNETES_KUBELET_HOST - valueFrom: - fieldRef: - fieldPath: status.hostIP - - name: DD_OTLP_CONFIG_LOGS_ENABLED - value: "false" - - - - - name: DD_PROCESS_CONFIG_PROCESS_COLLECTION_ENABLED - value: "false" - - name: DD_PROCESS_CONFIG_CONTAINER_COLLECTION_ENABLED - value: "true" - - name: DD_PROCESS_AGENT_DISCOVERY_ENABLED - value: "true" - - name: DD_STRIP_PROCESS_ARGS - value: "false" - - name: DD_PROCESS_CONFIG_RUN_IN_CORE_AGENT_ENABLED - value: "true" - - name: DD_LOG_LEVEL - value: "INFO" - - name: DD_DOGSTATSD_PORT - value: "8125" - - name: DD_DOGSTATSD_NON_LOCAL_TRAFFIC - value: "true" - - name: DD_DOGSTATSD_TAG_CARDINALITY - value: "low" - - name: DD_CLUSTER_AGENT_ENABLED - value: "true" - - name: DD_CLUSTER_AGENT_KUBERNETES_SERVICE_NAME - value: datadog-cluster-agent - - name: DD_CLUSTER_AGENT_AUTH_TOKEN - valueFrom: - secretKeyRef: + - name: agent + image: "gcr.io/datadoghq/agent:7.63.0" + imagePullPolicy: IfNotPresent + command: ["agent", "run"] + + resources: {} + ports: + - containerPort: 8125 + name: dogstatsdport + protocol: UDP + env: + - name: DD_API_KEY + valueFrom: + secretKeyRef: + name: "datadog-secret" + key: api-key + - name: DD_REMOTE_CONFIGURATION_ENABLED + value: "true" + - name: DD_AUTH_TOKEN_FILE_PATH + value: /etc/datadog-agent/auth/token + + - name: KUBERNETES + value: "yes" + - name: DD_LANGUAGE_DETECTION_ENABLED + value: "false" + - name: DD_LANGUAGE_DETECTION_REPORTING_ENABLED + value: "false" + - name: DD_KUBERNETES_KUBELET_HOST + valueFrom: + fieldRef: + fieldPath: status.hostIP + - name: DD_OTLP_CONFIG_LOGS_ENABLED + value: "false" + + - name: DD_PROCESS_CONFIG_PROCESS_COLLECTION_ENABLED + value: "false" + - name: DD_PROCESS_CONFIG_CONTAINER_COLLECTION_ENABLED + value: "true" + - name: DD_PROCESS_AGENT_DISCOVERY_ENABLED + value: "true" + - name: DD_STRIP_PROCESS_ARGS + value: "false" + - name: DD_PROCESS_CONFIG_RUN_IN_CORE_AGENT_ENABLED + value: "true" + - name: DD_LOG_LEVEL + value: "INFO" + - name: DD_DOGSTATSD_PORT + value: "8125" + - name: DD_DOGSTATSD_NON_LOCAL_TRAFFIC + value: "true" + - name: DD_DOGSTATSD_TAG_CARDINALITY + value: "low" + - name: DD_CLUSTER_AGENT_ENABLED + value: "true" + - name: DD_CLUSTER_AGENT_KUBERNETES_SERVICE_NAME + value: datadog-cluster-agent + - name: DD_CLUSTER_AGENT_AUTH_TOKEN + valueFrom: + secretKeyRef: name: datadog-cluster-agent key: token - - name: DD_APM_ENABLED - value: "true" - - name: DD_LOGS_ENABLED - value: "false" - - name: DD_LOGS_CONFIG_CONTAINER_COLLECT_ALL - value: "false" - - name: DD_LOGS_CONFIG_K8S_CONTAINER_USE_FILE - value: "true" - - name: DD_LOGS_CONFIG_AUTO_MULTI_LINE_DETECTION - value: "false" - - name: DD_HEALTH_PORT - value: "5555" - - name: DD_DOGSTATSD_SOCKET - value: "/var/run/datadog/dsd.socket" - - name: DD_EXTRA_CONFIG_PROVIDERS - value: "clusterchecks endpointschecks" - - name: DD_IGNORE_AUTOCONF - value: "kubernetes_state" - - name: DD_CONTAINER_LIFECYCLE_ENABLED - value: "true" - - name: DD_ORCHESTRATOR_EXPLORER_ENABLED - value: "true" - - name: DD_EXPVAR_PORT - value: "6000" - - name: DD_COMPLIANCE_CONFIG_ENABLED - value: "false" - - name: DD_CONTAINER_IMAGE_ENABLED - value: "true" - - name: DD_KUBELET_CORE_CHECK_ENABLED - value: "true" - volumeMounts: - - name: logdatadog - mountPath: /var/log/datadog - readOnly: false # Need RW to write logs - - name: installinfo - subPath: install_info - mountPath: /etc/datadog-agent/install_info - readOnly: true - - name: tmpdir - mountPath: /tmp - readOnly: false # Need RW to write to /tmp directory - - - name: os-release-file - mountPath: /host/etc/os-release - readOnly: true - - name: config - mountPath: /etc/datadog-agent - readOnly: false # Need RW to mount to config path - - name: auth-token - mountPath: /etc/datadog-agent/auth - readOnly: false # Need RW to write auth token - - - name: runtimesocketdir - mountPath: /host/var/run - mountPropagation: None - readOnly: true - - - name: dsdsocket - mountPath: /var/run/datadog - readOnly: false - - name: procdir - mountPath: /host/proc - mountPropagation: None - readOnly: true - - name: cgroups - mountPath: /host/sys/fs/cgroup - mountPropagation: None - readOnly: true - - name: passwd - mountPath: /etc/passwd - readOnly: true - livenessProbe: - failureThreshold: 6 - httpGet: - path: /live - port: 5555 - scheme: HTTP - initialDelaySeconds: 15 - periodSeconds: 15 - successThreshold: 1 - timeoutSeconds: 5 - readinessProbe: - failureThreshold: 6 - httpGet: - path: /ready - port: 5555 - scheme: HTTP - initialDelaySeconds: 15 - periodSeconds: 15 - successThreshold: 1 - timeoutSeconds: 5 - startupProbe: - failureThreshold: 6 - httpGet: - path: /startup - port: 5555 - scheme: HTTP - initialDelaySeconds: 15 - periodSeconds: 15 - successThreshold: 1 - timeoutSeconds: 5 - - name: trace-agent - image: "gcr.io/datadoghq/agent:7.63.0" - imagePullPolicy: IfNotPresent - command: ["trace-agent", "-config=/etc/datadog-agent/datadog.yaml"] - resources: - {} - ports: - - containerPort: 8126 - name: traceport - protocol: TCP - env: - - name: DD_API_KEY - valueFrom: - secretKeyRef: - name: "datadog-secret" - key: api-key - - name: DD_REMOTE_CONFIGURATION_ENABLED - value: "true" - - name: DD_AUTH_TOKEN_FILE_PATH - value: /etc/datadog-agent/auth/token - - - name: KUBERNETES - value: "yes" - - name: DD_LANGUAGE_DETECTION_ENABLED - value: "false" - - name: DD_LANGUAGE_DETECTION_REPORTING_ENABLED - value: "false" - - name: DD_KUBERNETES_KUBELET_HOST - valueFrom: - fieldRef: - fieldPath: status.hostIP - - name: DD_OTLP_CONFIG_LOGS_ENABLED - value: "false" - - - name: DD_CLUSTER_AGENT_ENABLED - value: "true" - - name: DD_CLUSTER_AGENT_KUBERNETES_SERVICE_NAME - value: datadog-cluster-agent - - name: DD_CLUSTER_AGENT_AUTH_TOKEN - valueFrom: - secretKeyRef: + - name: DD_APM_ENABLED + value: "true" + - name: DD_LOGS_ENABLED + value: "false" + - name: DD_LOGS_CONFIG_CONTAINER_COLLECT_ALL + value: "false" + - name: DD_LOGS_CONFIG_K8S_CONTAINER_USE_FILE + value: "true" + - name: DD_LOGS_CONFIG_AUTO_MULTI_LINE_DETECTION + value: "false" + - name: DD_HEALTH_PORT + value: "5555" + - name: DD_DOGSTATSD_SOCKET + value: "/var/run/datadog/dsd.socket" + - name: DD_EXTRA_CONFIG_PROVIDERS + value: "clusterchecks endpointschecks" + - name: DD_IGNORE_AUTOCONF + value: "kubernetes_state" + - name: DD_CONTAINER_LIFECYCLE_ENABLED + value: "true" + - name: DD_ORCHESTRATOR_EXPLORER_ENABLED + value: "true" + - name: DD_EXPVAR_PORT + value: "6000" + - name: DD_COMPLIANCE_CONFIG_ENABLED + value: "false" + - name: DD_CONTAINER_IMAGE_ENABLED + value: "true" + - name: DD_KUBELET_CORE_CHECK_ENABLED + value: "true" + volumeMounts: + - name: logdatadog + mountPath: /var/log/datadog + readOnly: false # Need RW to write logs + - name: installinfo + subPath: install_info + mountPath: /etc/datadog-agent/install_info + readOnly: true + - name: tmpdir + mountPath: /tmp + readOnly: false # Need RW to write to /tmp directory + + - name: os-release-file + mountPath: /host/etc/os-release + readOnly: true + - name: config + mountPath: /etc/datadog-agent + readOnly: false # Need RW to mount to config path + - name: auth-token + mountPath: /etc/datadog-agent/auth + readOnly: false # Need RW to write auth token + + - name: runtimesocketdir + mountPath: /host/var/run + mountPropagation: None + readOnly: true + + - name: dsdsocket + mountPath: /var/run/datadog + readOnly: false + - name: procdir + mountPath: /host/proc + mountPropagation: None + readOnly: true + - name: cgroups + mountPath: /host/sys/fs/cgroup + mountPropagation: None + readOnly: true + - name: passwd + mountPath: /etc/passwd + readOnly: true + livenessProbe: + failureThreshold: 6 + httpGet: + path: /live + port: 5555 + scheme: HTTP + initialDelaySeconds: 15 + periodSeconds: 15 + successThreshold: 1 + timeoutSeconds: 5 + readinessProbe: + failureThreshold: 6 + httpGet: + path: /ready + port: 5555 + scheme: HTTP + initialDelaySeconds: 15 + periodSeconds: 15 + successThreshold: 1 + timeoutSeconds: 5 + startupProbe: + failureThreshold: 6 + httpGet: + path: /startup + port: 5555 + scheme: HTTP + initialDelaySeconds: 15 + periodSeconds: 15 + successThreshold: 1 + timeoutSeconds: 5 + - name: trace-agent + image: "gcr.io/datadoghq/agent:7.63.0" + imagePullPolicy: IfNotPresent + command: ["trace-agent", "-config=/etc/datadog-agent/datadog.yaml"] + resources: {} + ports: + - containerPort: 8126 + name: traceport + protocol: TCP + env: + - name: DD_API_KEY + valueFrom: + secretKeyRef: + name: "datadog-secret" + key: api-key + - name: DD_REMOTE_CONFIGURATION_ENABLED + value: "true" + - name: DD_AUTH_TOKEN_FILE_PATH + value: /etc/datadog-agent/auth/token + + - name: KUBERNETES + value: "yes" + - name: DD_LANGUAGE_DETECTION_ENABLED + value: "false" + - name: DD_LANGUAGE_DETECTION_REPORTING_ENABLED + value: "false" + - name: DD_KUBERNETES_KUBELET_HOST + valueFrom: + fieldRef: + fieldPath: status.hostIP + - name: DD_OTLP_CONFIG_LOGS_ENABLED + value: "false" + + - name: DD_CLUSTER_AGENT_ENABLED + value: "true" + - name: DD_CLUSTER_AGENT_KUBERNETES_SERVICE_NAME + value: datadog-cluster-agent + - name: DD_CLUSTER_AGENT_AUTH_TOKEN + valueFrom: + secretKeyRef: name: datadog-cluster-agent key: token - - - name: DD_LOG_LEVEL - value: "INFO" - - name: DD_APM_ENABLED - value: "true" - - name: DD_APM_NON_LOCAL_TRAFFIC - value: "true" - - name: DD_APM_RECEIVER_PORT - value: "8126" - - name: DD_APM_RECEIVER_SOCKET - value: "/var/run/datadog/apm.socket" - - name: DD_DOGSTATSD_SOCKET - value: "/var/run/datadog/dsd.socket" - - name: DD_INSTRUMENTATION_INSTALL_TIME - valueFrom: - configMapKeyRef: - name: datadog-kpi-telemetry-configmap - key: install_time - - name: DD_INSTRUMENTATION_INSTALL_ID - valueFrom: - configMapKeyRef: - name: datadog-kpi-telemetry-configmap - key: install_id - - name: DD_INSTRUMENTATION_INSTALL_TYPE - valueFrom: - configMapKeyRef: - name: datadog-kpi-telemetry-configmap - key: install_type - volumeMounts: - - name: config - mountPath: /etc/datadog-agent - readOnly: true - - name: logdatadog - mountPath: /var/log/datadog - readOnly: false # Need RW to write logs - - name: auth-token - mountPath: /etc/datadog-agent/auth - readOnly: true - - name: procdir - mountPath: /host/proc - mountPropagation: None - readOnly: true - - name: cgroups - mountPath: /host/sys/fs/cgroup - mountPropagation: None - readOnly: true - - name: tmpdir - mountPath: /tmp - readOnly: false # Need RW for tmp directory - - name: dsdsocket - mountPath: /var/run/datadog - readOnly: false # Need RW for UDS DSD socket - - - name: runtimesocketdir - mountPath: /host/var/run - mountPropagation: None - readOnly: true - - livenessProbe: - initialDelaySeconds: 15 - periodSeconds: 15 - tcpSocket: - port: 8126 - timeoutSeconds: 5 + + - name: DD_LOG_LEVEL + value: "INFO" + - name: DD_APM_ENABLED + value: "true" + - name: DD_APM_NON_LOCAL_TRAFFIC + value: "true" + - name: DD_APM_RECEIVER_PORT + value: "8126" + - name: DD_APM_RECEIVER_SOCKET + value: "/var/run/datadog/apm.socket" + - name: DD_DOGSTATSD_SOCKET + value: "/var/run/datadog/dsd.socket" + - name: DD_INSTRUMENTATION_INSTALL_TIME + valueFrom: + configMapKeyRef: + name: datadog-kpi-telemetry-configmap + key: install_time + - name: DD_INSTRUMENTATION_INSTALL_ID + valueFrom: + configMapKeyRef: + name: datadog-kpi-telemetry-configmap + key: install_id + - name: DD_INSTRUMENTATION_INSTALL_TYPE + valueFrom: + configMapKeyRef: + name: datadog-kpi-telemetry-configmap + key: install_type + volumeMounts: + - name: config + mountPath: /etc/datadog-agent + readOnly: true + - name: logdatadog + mountPath: /var/log/datadog + readOnly: false # Need RW to write logs + - name: auth-token + mountPath: /etc/datadog-agent/auth + readOnly: true + - name: procdir + mountPath: /host/proc + mountPropagation: None + readOnly: true + - name: cgroups + mountPath: /host/sys/fs/cgroup + mountPropagation: None + readOnly: true + - name: tmpdir + mountPath: /tmp + readOnly: false # Need RW for tmp directory + - name: dsdsocket + mountPath: /var/run/datadog + readOnly: false # Need RW for UDS DSD socket + + - name: runtimesocketdir + mountPath: /host/var/run + mountPropagation: None + readOnly: true + + livenessProbe: + initialDelaySeconds: 15 + periodSeconds: 15 + tcpSocket: + port: 8126 + timeoutSeconds: 5 initContainers: - - name: init-volume - image: "gcr.io/datadoghq/agent:7.63.0" - imagePullPolicy: IfNotPresent - command: ["bash", "-c"] - args: - - cp -r /etc/datadog-agent /opt - volumeMounts: - - name: config - mountPath: /opt/datadog-agent - readOnly: false # Need RW for config path - resources: - {} - - name: init-config - image: "gcr.io/datadoghq/agent:7.63.0" - imagePullPolicy: IfNotPresent - command: - - bash - - -c - args: - - for script in $(find /etc/cont-init.d/ -type f -name '*.sh' | sort) ; do bash $script ; done - volumeMounts: - - name: config - mountPath: /etc/datadog-agent - readOnly: false # Need RW for config path - - name: logdatadog - mountPath: /var/log/datadog - readOnly: false # Need RW to write logs - - name: procdir - mountPath: /host/proc - mountPropagation: None - readOnly: true - - - name: runtimesocketdir - mountPath: /host/var/run - mountPropagation: None - readOnly: true - env: - - name: DD_API_KEY - valueFrom: - secretKeyRef: - name: "datadog-secret" - key: api-key - - name: DD_REMOTE_CONFIGURATION_ENABLED - value: "true" - - name: DD_AUTH_TOKEN_FILE_PATH - value: /etc/datadog-agent/auth/token - - - name: KUBERNETES - value: "yes" - - name: DD_LANGUAGE_DETECTION_ENABLED - value: "false" - - name: DD_LANGUAGE_DETECTION_REPORTING_ENABLED - value: "false" - - name: DD_KUBERNETES_KUBELET_HOST - valueFrom: - fieldRef: - fieldPath: status.hostIP - - name: DD_OTLP_CONFIG_LOGS_ENABLED - value: "false" - - resources: - {} + - name: init-volume + image: "gcr.io/datadoghq/agent:7.63.0" + imagePullPolicy: IfNotPresent + command: ["bash", "-c"] + args: + - cp -r /etc/datadog-agent /opt + volumeMounts: + - name: config + mountPath: /opt/datadog-agent + readOnly: false # Need RW for config path + resources: {} + - name: init-config + image: "gcr.io/datadoghq/agent:7.63.0" + imagePullPolicy: IfNotPresent + command: + - bash + - -c + args: + - for script in $(find /etc/cont-init.d/ -type f -name '*.sh' | sort) ; do bash $script ; done + volumeMounts: + - name: config + mountPath: /etc/datadog-agent + readOnly: false # Need RW for config path + - name: logdatadog + mountPath: /var/log/datadog + readOnly: false # Need RW to write logs + - name: procdir + mountPath: /host/proc + mountPropagation: None + readOnly: true + + - name: runtimesocketdir + mountPath: /host/var/run + mountPropagation: None + readOnly: true + env: + - name: DD_API_KEY + valueFrom: + secretKeyRef: + name: "datadog-secret" + key: api-key + - name: DD_REMOTE_CONFIGURATION_ENABLED + value: "true" + - name: DD_AUTH_TOKEN_FILE_PATH + value: /etc/datadog-agent/auth/token + + - name: KUBERNETES + value: "yes" + - name: DD_LANGUAGE_DETECTION_ENABLED + value: "false" + - name: DD_LANGUAGE_DETECTION_REPORTING_ENABLED + value: "false" + - name: DD_KUBERNETES_KUBELET_HOST + valueFrom: + fieldRef: + fieldPath: status.hostIP + - name: DD_OTLP_CONFIG_LOGS_ENABLED + value: "false" + + resources: {} volumes: - - name: auth-token - emptyDir: {} - - name: installinfo - configMap: - name: datadog-installinfo - - name: config - emptyDir: {} - - - name: logdatadog - emptyDir: {} - - name: tmpdir - emptyDir: {} - - name: s6-run - emptyDir: {} - - hostPath: - path: /proc - name: procdir - - hostPath: - path: /sys/fs/cgroup - name: cgroups - - hostPath: - path: /etc/os-release - name: os-release-file - - hostPath: - path: /var/run/datadog/ - type: DirectoryOrCreate - name: dsdsocket - - hostPath: - path: /var/run/datadog/ - type: DirectoryOrCreate - name: apmsocket - - hostPath: - path: /etc/passwd - name: passwd - - hostPath: - path: /var/run - name: runtimesocketdir + - name: auth-token + emptyDir: {} + - name: installinfo + configMap: + name: datadog-installinfo + - name: config + emptyDir: {} + + - name: logdatadog + emptyDir: {} + - name: tmpdir + emptyDir: {} + - name: s6-run + emptyDir: {} + - hostPath: + path: /proc + name: procdir + - hostPath: + path: /sys/fs/cgroup + name: cgroups + - hostPath: + path: /etc/os-release + name: os-release-file + - hostPath: + path: /var/run/datadog/ + type: DirectoryOrCreate + name: dsdsocket + - hostPath: + path: /var/run/datadog/ + type: DirectoryOrCreate + name: apmsocket + - hostPath: + path: /etc/passwd + name: passwd + - hostPath: + path: /var/run + name: runtimesocketdir tolerations: - affinity: - {} + affinity: {} serviceAccountName: "datadog" automountServiceAccountToken: true nodeSelector: @@ -424,4 +416,4 @@ spec: updateStrategy: rollingUpdate: maxUnavailable: 10% - type: RollingUpdate \ No newline at end of file + type: RollingUpdate diff --git a/test/datadog/baseline/gdc_daemonset_default.yaml b/test/datadog/baseline/gdc_daemonset_default.yaml index 419642780..fa8caea7a 100644 --- a/test/datadog/baseline/gdc_daemonset_default.yaml +++ b/test/datadog/baseline/gdc_daemonset_default.yaml @@ -6,7 +6,7 @@ metadata: name: datadog namespace: datadog-agent labels: - helm.sh/chart: 'datadog-3.98.0' + helm.sh/chart: "datadog-3.98.1" app.kubernetes.io/name: "datadog" app.kubernetes.io/instance: "datadog" app.kubernetes.io/managed-by: Helm @@ -36,240 +36,233 @@ spec: checksum/confd-config: 44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a checksum/checksd-config: 44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a spec: - securityContext: runAsUser: 0 containers: - - name: agent - image: "gcr.io/datadoghq/agent:7.63.0" - imagePullPolicy: IfNotPresent - command: ["agent", "run"] - - resources: - {} - ports: - - containerPort: 8125 - name: dogstatsdport - protocol: UDP - env: - - name: DD_API_KEY - valueFrom: - secretKeyRef: - name: "datadog-secret" - key: api-key - - name: DD_REMOTE_CONFIGURATION_ENABLED - value: "false" - - name: DD_AUTH_TOKEN_FILE_PATH - value: /etc/datadog-agent/auth/token - - - name: KUBERNETES - value: "yes" - - name: DD_KUBELET_CLIENT_CRT - value: /certs/tls.crt - - name: DD_KUBELET_CLIENT_KEY - value: /certs/tls.key - - name: DD_LANGUAGE_DETECTION_ENABLED - value: "false" - - name: DD_LANGUAGE_DETECTION_REPORTING_ENABLED - value: "false" - - name: DD_KUBERNETES_KUBELET_HOST - valueFrom: - fieldRef: - fieldPath: status.hostIP - - name: DD_NODE_NAME - valueFrom: - fieldRef: - apiVersion: v1 - fieldPath: spec.nodeName - - name: DD_HOSTNAME - value: "$(DD_NODE_NAME)-$(DD_CLUSTER_NAME)" - - name: DD_OTLP_CONFIG_LOGS_ENABLED - value: "false" - - name: DD_PROVIDER_KIND - value: gke-gdc - - - - name: DD_LOG_LEVEL - value: "INFO" - - name: DD_DOGSTATSD_PORT - value: "8125" - - name: DD_DOGSTATSD_NON_LOCAL_TRAFFIC - value: "true" - - name: DD_DOGSTATSD_TAG_CARDINALITY - value: "low" - - name: DD_CLUSTER_AGENT_ENABLED - value: "true" - - name: DD_CLUSTER_AGENT_KUBERNETES_SERVICE_NAME - value: datadog-cluster-agent - - name: DD_CLUSTER_AGENT_AUTH_TOKEN - valueFrom: - secretKeyRef: + - name: agent + image: "gcr.io/datadoghq/agent:7.63.0" + imagePullPolicy: IfNotPresent + command: ["agent", "run"] + + resources: {} + ports: + - containerPort: 8125 + name: dogstatsdport + protocol: UDP + env: + - name: DD_API_KEY + valueFrom: + secretKeyRef: + name: "datadog-secret" + key: api-key + - name: DD_REMOTE_CONFIGURATION_ENABLED + value: "false" + - name: DD_AUTH_TOKEN_FILE_PATH + value: /etc/datadog-agent/auth/token + + - name: KUBERNETES + value: "yes" + - name: DD_KUBELET_CLIENT_CRT + value: /certs/tls.crt + - name: DD_KUBELET_CLIENT_KEY + value: /certs/tls.key + - name: DD_LANGUAGE_DETECTION_ENABLED + value: "false" + - name: DD_LANGUAGE_DETECTION_REPORTING_ENABLED + value: "false" + - name: DD_KUBERNETES_KUBELET_HOST + valueFrom: + fieldRef: + fieldPath: status.hostIP + - name: DD_NODE_NAME + valueFrom: + fieldRef: + apiVersion: v1 + fieldPath: spec.nodeName + - name: DD_HOSTNAME + value: "$(DD_NODE_NAME)-$(DD_CLUSTER_NAME)" + - name: DD_OTLP_CONFIG_LOGS_ENABLED + value: "false" + - name: DD_PROVIDER_KIND + value: gke-gdc + + - name: DD_LOG_LEVEL + value: "INFO" + - name: DD_DOGSTATSD_PORT + value: "8125" + - name: DD_DOGSTATSD_NON_LOCAL_TRAFFIC + value: "true" + - name: DD_DOGSTATSD_TAG_CARDINALITY + value: "low" + - name: DD_CLUSTER_AGENT_ENABLED + value: "true" + - name: DD_CLUSTER_AGENT_KUBERNETES_SERVICE_NAME + value: datadog-cluster-agent + - name: DD_CLUSTER_AGENT_AUTH_TOKEN + valueFrom: + secretKeyRef: name: datadog-cluster-agent key: token - - name: DD_APM_ENABLED - value: "false" - - name: DD_LOGS_ENABLED - value: "false" - - name: DD_LOGS_CONFIG_CONTAINER_COLLECT_ALL - value: "false" - - name: DD_LOGS_CONFIG_K8S_CONTAINER_USE_FILE - value: "true" - - name: DD_LOGS_CONFIG_AUTO_MULTI_LINE_DETECTION - value: "false" - - name: DD_HEALTH_PORT - value: "5555" - - name: DD_EXTRA_CONFIG_PROVIDERS - value: "clusterchecks endpointschecks" - - name: DD_IGNORE_AUTOCONF - value: "kubernetes_state" - - name: DD_CONTAINER_LIFECYCLE_ENABLED - value: "true" - - name: DD_ORCHESTRATOR_EXPLORER_ENABLED - value: "true" - - name: DD_EXPVAR_PORT - value: "6000" - - name: DD_COMPLIANCE_CONFIG_ENABLED - value: "false" - - name: DD_CONTAINER_IMAGE_ENABLED - value: "true" - - name: DD_KUBELET_CORE_CHECK_ENABLED - value: "true" - volumeMounts: - - name: logdatadog - mountPath: /var/log/datadog - readOnly: false # Need RW to write logs - - name: installinfo - subPath: install_info - mountPath: /etc/datadog-agent/install_info - readOnly: true - - name: tmpdir - mountPath: /tmp - readOnly: false # Need RW to write to /tmp directory - - - name: config - mountPath: /etc/datadog-agent - readOnly: false # Need RW to mount to config path - - name: auth-token - mountPath: /etc/datadog-agent/auth - readOnly: false # Need RW to write auth token - - - - name: kubelet-cert-volume - mountPath: /certs - livenessProbe: - failureThreshold: 6 - httpGet: - path: /live - port: 5555 - scheme: HTTP - initialDelaySeconds: 15 - periodSeconds: 15 - successThreshold: 1 - timeoutSeconds: 5 - readinessProbe: - failureThreshold: 6 - httpGet: - path: /ready - port: 5555 - scheme: HTTP - initialDelaySeconds: 15 - periodSeconds: 15 - successThreshold: 1 - timeoutSeconds: 5 - startupProbe: - failureThreshold: 6 - httpGet: - path: /startup - port: 5555 - scheme: HTTP - initialDelaySeconds: 15 - periodSeconds: 15 - successThreshold: 1 - timeoutSeconds: 5 + - name: DD_APM_ENABLED + value: "false" + - name: DD_LOGS_ENABLED + value: "false" + - name: DD_LOGS_CONFIG_CONTAINER_COLLECT_ALL + value: "false" + - name: DD_LOGS_CONFIG_K8S_CONTAINER_USE_FILE + value: "true" + - name: DD_LOGS_CONFIG_AUTO_MULTI_LINE_DETECTION + value: "false" + - name: DD_HEALTH_PORT + value: "5555" + - name: DD_EXTRA_CONFIG_PROVIDERS + value: "clusterchecks endpointschecks" + - name: DD_IGNORE_AUTOCONF + value: "kubernetes_state" + - name: DD_CONTAINER_LIFECYCLE_ENABLED + value: "true" + - name: DD_ORCHESTRATOR_EXPLORER_ENABLED + value: "true" + - name: DD_EXPVAR_PORT + value: "6000" + - name: DD_COMPLIANCE_CONFIG_ENABLED + value: "false" + - name: DD_CONTAINER_IMAGE_ENABLED + value: "true" + - name: DD_KUBELET_CORE_CHECK_ENABLED + value: "true" + volumeMounts: + - name: logdatadog + mountPath: /var/log/datadog + readOnly: false # Need RW to write logs + - name: installinfo + subPath: install_info + mountPath: /etc/datadog-agent/install_info + readOnly: true + - name: tmpdir + mountPath: /tmp + readOnly: false # Need RW to write to /tmp directory + + - name: config + mountPath: /etc/datadog-agent + readOnly: false # Need RW to mount to config path + - name: auth-token + mountPath: /etc/datadog-agent/auth + readOnly: false # Need RW to write auth token + + - name: kubelet-cert-volume + mountPath: /certs + livenessProbe: + failureThreshold: 6 + httpGet: + path: /live + port: 5555 + scheme: HTTP + initialDelaySeconds: 15 + periodSeconds: 15 + successThreshold: 1 + timeoutSeconds: 5 + readinessProbe: + failureThreshold: 6 + httpGet: + path: /ready + port: 5555 + scheme: HTTP + initialDelaySeconds: 15 + periodSeconds: 15 + successThreshold: 1 + timeoutSeconds: 5 + startupProbe: + failureThreshold: 6 + httpGet: + path: /startup + port: 5555 + scheme: HTTP + initialDelaySeconds: 15 + periodSeconds: 15 + successThreshold: 1 + timeoutSeconds: 5 initContainers: - - name: init-volume - image: "gcr.io/datadoghq/agent:7.63.0" - imagePullPolicy: IfNotPresent - command: ["bash", "-c"] - args: - - cp -r /etc/datadog-agent /opt - volumeMounts: - - name: config - mountPath: /opt/datadog-agent - readOnly: false # Need RW for config path - resources: - {} - - name: init-config - image: "gcr.io/datadoghq/agent:7.63.0" - imagePullPolicy: IfNotPresent - command: - - bash - - -c - args: - - for script in $(find /etc/cont-init.d/ -type f -name '*.sh' | sort) ; do bash $script ; done - volumeMounts: - - name: config - mountPath: /etc/datadog-agent - readOnly: false # Need RW for config path - env: - - name: DD_API_KEY - valueFrom: - secretKeyRef: - name: "datadog-secret" - key: api-key - - name: DD_REMOTE_CONFIGURATION_ENABLED - value: "false" - - name: DD_AUTH_TOKEN_FILE_PATH - value: /etc/datadog-agent/auth/token - - - name: KUBERNETES - value: "yes" - - name: DD_KUBELET_CLIENT_CRT - value: /certs/tls.crt - - name: DD_KUBELET_CLIENT_KEY - value: /certs/tls.key - - name: DD_LANGUAGE_DETECTION_ENABLED - value: "false" - - name: DD_LANGUAGE_DETECTION_REPORTING_ENABLED - value: "false" - - name: DD_KUBERNETES_KUBELET_HOST - valueFrom: - fieldRef: - fieldPath: status.hostIP - - name: DD_NODE_NAME - valueFrom: - fieldRef: - apiVersion: v1 - fieldPath: spec.nodeName - - name: DD_HOSTNAME - value: "$(DD_NODE_NAME)-$(DD_CLUSTER_NAME)" - - name: DD_OTLP_CONFIG_LOGS_ENABLED - value: "false" - - name: DD_PROVIDER_KIND - value: gke-gdc - resources: - {} + - name: init-volume + image: "gcr.io/datadoghq/agent:7.63.0" + imagePullPolicy: IfNotPresent + command: ["bash", "-c"] + args: + - cp -r /etc/datadog-agent /opt + volumeMounts: + - name: config + mountPath: /opt/datadog-agent + readOnly: false # Need RW for config path + resources: {} + - name: init-config + image: "gcr.io/datadoghq/agent:7.63.0" + imagePullPolicy: IfNotPresent + command: + - bash + - -c + args: + - for script in $(find /etc/cont-init.d/ -type f -name '*.sh' | sort) ; do bash $script ; done + volumeMounts: + - name: config + mountPath: /etc/datadog-agent + readOnly: false # Need RW for config path + env: + - name: DD_API_KEY + valueFrom: + secretKeyRef: + name: "datadog-secret" + key: api-key + - name: DD_REMOTE_CONFIGURATION_ENABLED + value: "false" + - name: DD_AUTH_TOKEN_FILE_PATH + value: /etc/datadog-agent/auth/token + + - name: KUBERNETES + value: "yes" + - name: DD_KUBELET_CLIENT_CRT + value: /certs/tls.crt + - name: DD_KUBELET_CLIENT_KEY + value: /certs/tls.key + - name: DD_LANGUAGE_DETECTION_ENABLED + value: "false" + - name: DD_LANGUAGE_DETECTION_REPORTING_ENABLED + value: "false" + - name: DD_KUBERNETES_KUBELET_HOST + valueFrom: + fieldRef: + fieldPath: status.hostIP + - name: DD_NODE_NAME + valueFrom: + fieldRef: + apiVersion: v1 + fieldPath: spec.nodeName + - name: DD_HOSTNAME + value: "$(DD_NODE_NAME)-$(DD_CLUSTER_NAME)" + - name: DD_OTLP_CONFIG_LOGS_ENABLED + value: "false" + - name: DD_PROVIDER_KIND + value: gke-gdc + resources: {} volumes: - - name: auth-token - emptyDir: {} - - name: installinfo - configMap: - name: datadog-installinfo - - name: config - emptyDir: {} - - - name: logdatadog - emptyDir: {} - - name: tmpdir - emptyDir: {} - - name: s6-run - emptyDir: {} - - secret: - secretName: datadog-kubelet-cert - name: kubelet-cert-volume + - name: auth-token + emptyDir: {} + - name: installinfo + configMap: + name: datadog-installinfo + - name: config + emptyDir: {} + + - name: logdatadog + emptyDir: {} + - name: tmpdir + emptyDir: {} + - name: s6-run + emptyDir: {} + - secret: + secretName: datadog-kubelet-cert + name: kubelet-cert-volume tolerations: - affinity: - {} + affinity: {} serviceAccountName: "datadog" automountServiceAccountToken: true nodeSelector: @@ -277,4 +270,4 @@ spec: updateStrategy: rollingUpdate: maxUnavailable: 10% - type: RollingUpdate \ No newline at end of file + type: RollingUpdate diff --git a/test/datadog/baseline/gdc_daemonset_logs_collection.yaml b/test/datadog/baseline/gdc_daemonset_logs_collection.yaml index 083fe290a..7319c767d 100644 --- a/test/datadog/baseline/gdc_daemonset_logs_collection.yaml +++ b/test/datadog/baseline/gdc_daemonset_logs_collection.yaml @@ -6,7 +6,7 @@ metadata: name: datadog namespace: datadog-agent labels: - helm.sh/chart: 'datadog-3.98.0' + helm.sh/chart: "datadog-3.98.1" app.kubernetes.io/name: "datadog" app.kubernetes.io/instance: "datadog" app.kubernetes.io/managed-by: Helm @@ -36,261 +36,254 @@ spec: checksum/confd-config: 44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a checksum/checksd-config: 44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a spec: - securityContext: runAsUser: 0 containers: - - name: agent - image: "gcr.io/datadoghq/agent:7.63.0" - imagePullPolicy: IfNotPresent - command: ["agent", "run"] - - resources: - {} - ports: - - containerPort: 8125 - name: dogstatsdport - protocol: UDP - env: - - name: DD_API_KEY - valueFrom: - secretKeyRef: - name: "datadog-secret" - key: api-key - - name: DD_REMOTE_CONFIGURATION_ENABLED - value: "false" - - name: DD_AUTH_TOKEN_FILE_PATH - value: /etc/datadog-agent/auth/token - - - name: KUBERNETES - value: "yes" - - name: DD_KUBELET_CLIENT_CRT - value: /certs/tls.crt - - name: DD_KUBELET_CLIENT_KEY - value: /certs/tls.key - - name: DD_LANGUAGE_DETECTION_ENABLED - value: "false" - - name: DD_LANGUAGE_DETECTION_REPORTING_ENABLED - value: "false" - - name: DD_KUBERNETES_KUBELET_HOST - valueFrom: - fieldRef: - fieldPath: status.hostIP - - name: DD_NODE_NAME - valueFrom: - fieldRef: - apiVersion: v1 - fieldPath: spec.nodeName - - name: DD_HOSTNAME - value: "$(DD_NODE_NAME)-$(DD_CLUSTER_NAME)" - - name: DD_OTLP_CONFIG_LOGS_ENABLED - value: "false" - - name: DD_PROVIDER_KIND - value: gke-gdc - - - - name: DD_LOG_LEVEL - value: "INFO" - - name: DD_DOGSTATSD_PORT - value: "8125" - - name: DD_DOGSTATSD_NON_LOCAL_TRAFFIC - value: "true" - - name: DD_DOGSTATSD_TAG_CARDINALITY - value: "low" - - name: DD_CLUSTER_AGENT_ENABLED - value: "true" - - name: DD_CLUSTER_AGENT_KUBERNETES_SERVICE_NAME - value: datadog-cluster-agent - - name: DD_CLUSTER_AGENT_AUTH_TOKEN - valueFrom: - secretKeyRef: + - name: agent + image: "gcr.io/datadoghq/agent:7.63.0" + imagePullPolicy: IfNotPresent + command: ["agent", "run"] + + resources: {} + ports: + - containerPort: 8125 + name: dogstatsdport + protocol: UDP + env: + - name: DD_API_KEY + valueFrom: + secretKeyRef: + name: "datadog-secret" + key: api-key + - name: DD_REMOTE_CONFIGURATION_ENABLED + value: "false" + - name: DD_AUTH_TOKEN_FILE_PATH + value: /etc/datadog-agent/auth/token + + - name: KUBERNETES + value: "yes" + - name: DD_KUBELET_CLIENT_CRT + value: /certs/tls.crt + - name: DD_KUBELET_CLIENT_KEY + value: /certs/tls.key + - name: DD_LANGUAGE_DETECTION_ENABLED + value: "false" + - name: DD_LANGUAGE_DETECTION_REPORTING_ENABLED + value: "false" + - name: DD_KUBERNETES_KUBELET_HOST + valueFrom: + fieldRef: + fieldPath: status.hostIP + - name: DD_NODE_NAME + valueFrom: + fieldRef: + apiVersion: v1 + fieldPath: spec.nodeName + - name: DD_HOSTNAME + value: "$(DD_NODE_NAME)-$(DD_CLUSTER_NAME)" + - name: DD_OTLP_CONFIG_LOGS_ENABLED + value: "false" + - name: DD_PROVIDER_KIND + value: gke-gdc + + - name: DD_LOG_LEVEL + value: "INFO" + - name: DD_DOGSTATSD_PORT + value: "8125" + - name: DD_DOGSTATSD_NON_LOCAL_TRAFFIC + value: "true" + - name: DD_DOGSTATSD_TAG_CARDINALITY + value: "low" + - name: DD_CLUSTER_AGENT_ENABLED + value: "true" + - name: DD_CLUSTER_AGENT_KUBERNETES_SERVICE_NAME + value: datadog-cluster-agent + - name: DD_CLUSTER_AGENT_AUTH_TOKEN + valueFrom: + secretKeyRef: name: datadog-cluster-agent key: token - - name: DD_APM_ENABLED - value: "false" - - name: DD_LOGS_ENABLED - value: "true" - - name: DD_LOGS_CONFIG_CONTAINER_COLLECT_ALL - value: "true" - - name: DD_LOGS_CONFIG_K8S_CONTAINER_USE_FILE - value: "true" - - name: DD_LOGS_CONFIG_AUTO_MULTI_LINE_DETECTION - value: "true" - - name: DD_HEALTH_PORT - value: "5555" - - name: DD_EXTRA_CONFIG_PROVIDERS - value: "clusterchecks endpointschecks" - - name: DD_IGNORE_AUTOCONF - value: "kubernetes_state" - - name: DD_CONTAINER_LIFECYCLE_ENABLED - value: "true" - - name: DD_ORCHESTRATOR_EXPLORER_ENABLED - value: "true" - - name: DD_EXPVAR_PORT - value: "6000" - - name: DD_COMPLIANCE_CONFIG_ENABLED - value: "false" - - name: DD_CONTAINER_IMAGE_ENABLED - value: "true" - - name: DD_KUBELET_CORE_CHECK_ENABLED - value: "true" - volumeMounts: - - name: logdatadog - mountPath: /var/log/datadog - readOnly: false # Need RW to write logs - - name: installinfo - subPath: install_info - mountPath: /etc/datadog-agent/install_info - readOnly: true - - name: tmpdir - mountPath: /tmp - readOnly: false # Need RW to write to /tmp directory - - - name: config - mountPath: /etc/datadog-agent - readOnly: false # Need RW to mount to config path - - name: auth-token - mountPath: /etc/datadog-agent/auth - readOnly: false # Need RW to write auth token - - - - name: pointerdir - mountPath: /opt/datadog-agent/run - mountPropagation: None - readOnly: false # Need RW for logs pointer - - name: logpodpath - mountPath: /var/log/pods - mountPropagation: None - readOnly: true - - name: logscontainerspath - mountPath: /var/log/containers - mountPropagation: None - readOnly: true - - name: kubelet-cert-volume - mountPath: /certs - livenessProbe: - failureThreshold: 6 - httpGet: - path: /live - port: 5555 - scheme: HTTP - initialDelaySeconds: 15 - periodSeconds: 15 - successThreshold: 1 - timeoutSeconds: 5 - readinessProbe: - failureThreshold: 6 - httpGet: - path: /ready - port: 5555 - scheme: HTTP - initialDelaySeconds: 15 - periodSeconds: 15 - successThreshold: 1 - timeoutSeconds: 5 - startupProbe: - failureThreshold: 6 - httpGet: - path: /startup - port: 5555 - scheme: HTTP - initialDelaySeconds: 15 - periodSeconds: 15 - successThreshold: 1 - timeoutSeconds: 5 + - name: DD_APM_ENABLED + value: "false" + - name: DD_LOGS_ENABLED + value: "true" + - name: DD_LOGS_CONFIG_CONTAINER_COLLECT_ALL + value: "true" + - name: DD_LOGS_CONFIG_K8S_CONTAINER_USE_FILE + value: "true" + - name: DD_LOGS_CONFIG_AUTO_MULTI_LINE_DETECTION + value: "true" + - name: DD_HEALTH_PORT + value: "5555" + - name: DD_EXTRA_CONFIG_PROVIDERS + value: "clusterchecks endpointschecks" + - name: DD_IGNORE_AUTOCONF + value: "kubernetes_state" + - name: DD_CONTAINER_LIFECYCLE_ENABLED + value: "true" + - name: DD_ORCHESTRATOR_EXPLORER_ENABLED + value: "true" + - name: DD_EXPVAR_PORT + value: "6000" + - name: DD_COMPLIANCE_CONFIG_ENABLED + value: "false" + - name: DD_CONTAINER_IMAGE_ENABLED + value: "true" + - name: DD_KUBELET_CORE_CHECK_ENABLED + value: "true" + volumeMounts: + - name: logdatadog + mountPath: /var/log/datadog + readOnly: false # Need RW to write logs + - name: installinfo + subPath: install_info + mountPath: /etc/datadog-agent/install_info + readOnly: true + - name: tmpdir + mountPath: /tmp + readOnly: false # Need RW to write to /tmp directory + + - name: config + mountPath: /etc/datadog-agent + readOnly: false # Need RW to mount to config path + - name: auth-token + mountPath: /etc/datadog-agent/auth + readOnly: false # Need RW to write auth token + + - name: pointerdir + mountPath: /opt/datadog-agent/run + mountPropagation: None + readOnly: false # Need RW for logs pointer + - name: logpodpath + mountPath: /var/log/pods + mountPropagation: None + readOnly: true + - name: logscontainerspath + mountPath: /var/log/containers + mountPropagation: None + readOnly: true + - name: kubelet-cert-volume + mountPath: /certs + livenessProbe: + failureThreshold: 6 + httpGet: + path: /live + port: 5555 + scheme: HTTP + initialDelaySeconds: 15 + periodSeconds: 15 + successThreshold: 1 + timeoutSeconds: 5 + readinessProbe: + failureThreshold: 6 + httpGet: + path: /ready + port: 5555 + scheme: HTTP + initialDelaySeconds: 15 + periodSeconds: 15 + successThreshold: 1 + timeoutSeconds: 5 + startupProbe: + failureThreshold: 6 + httpGet: + path: /startup + port: 5555 + scheme: HTTP + initialDelaySeconds: 15 + periodSeconds: 15 + successThreshold: 1 + timeoutSeconds: 5 initContainers: - - name: init-volume - image: "gcr.io/datadoghq/agent:7.63.0" - imagePullPolicy: IfNotPresent - command: ["bash", "-c"] - args: - - cp -r /etc/datadog-agent /opt - volumeMounts: - - name: config - mountPath: /opt/datadog-agent - readOnly: false # Need RW for config path - resources: - {} - - name: init-config - image: "gcr.io/datadoghq/agent:7.63.0" - imagePullPolicy: IfNotPresent - command: - - bash - - -c - args: - - for script in $(find /etc/cont-init.d/ -type f -name '*.sh' | sort) ; do bash $script ; done - volumeMounts: - - name: config - mountPath: /etc/datadog-agent - readOnly: false # Need RW for config path - env: - - name: DD_API_KEY - valueFrom: - secretKeyRef: - name: "datadog-secret" - key: api-key - - name: DD_REMOTE_CONFIGURATION_ENABLED - value: "false" - - name: DD_AUTH_TOKEN_FILE_PATH - value: /etc/datadog-agent/auth/token - - - name: KUBERNETES - value: "yes" - - name: DD_KUBELET_CLIENT_CRT - value: /certs/tls.crt - - name: DD_KUBELET_CLIENT_KEY - value: /certs/tls.key - - name: DD_LANGUAGE_DETECTION_ENABLED - value: "false" - - name: DD_LANGUAGE_DETECTION_REPORTING_ENABLED - value: "false" - - name: DD_KUBERNETES_KUBELET_HOST - valueFrom: - fieldRef: - fieldPath: status.hostIP - - name: DD_NODE_NAME - valueFrom: - fieldRef: - apiVersion: v1 - fieldPath: spec.nodeName - - name: DD_HOSTNAME - value: "$(DD_NODE_NAME)-$(DD_CLUSTER_NAME)" - - name: DD_OTLP_CONFIG_LOGS_ENABLED - value: "false" - - name: DD_PROVIDER_KIND - value: gke-gdc - resources: - {} + - name: init-volume + image: "gcr.io/datadoghq/agent:7.63.0" + imagePullPolicy: IfNotPresent + command: ["bash", "-c"] + args: + - cp -r /etc/datadog-agent /opt + volumeMounts: + - name: config + mountPath: /opt/datadog-agent + readOnly: false # Need RW for config path + resources: {} + - name: init-config + image: "gcr.io/datadoghq/agent:7.63.0" + imagePullPolicy: IfNotPresent + command: + - bash + - -c + args: + - for script in $(find /etc/cont-init.d/ -type f -name '*.sh' | sort) ; do bash $script ; done + volumeMounts: + - name: config + mountPath: /etc/datadog-agent + readOnly: false # Need RW for config path + env: + - name: DD_API_KEY + valueFrom: + secretKeyRef: + name: "datadog-secret" + key: api-key + - name: DD_REMOTE_CONFIGURATION_ENABLED + value: "false" + - name: DD_AUTH_TOKEN_FILE_PATH + value: /etc/datadog-agent/auth/token + + - name: KUBERNETES + value: "yes" + - name: DD_KUBELET_CLIENT_CRT + value: /certs/tls.crt + - name: DD_KUBELET_CLIENT_KEY + value: /certs/tls.key + - name: DD_LANGUAGE_DETECTION_ENABLED + value: "false" + - name: DD_LANGUAGE_DETECTION_REPORTING_ENABLED + value: "false" + - name: DD_KUBERNETES_KUBELET_HOST + valueFrom: + fieldRef: + fieldPath: status.hostIP + - name: DD_NODE_NAME + valueFrom: + fieldRef: + apiVersion: v1 + fieldPath: spec.nodeName + - name: DD_HOSTNAME + value: "$(DD_NODE_NAME)-$(DD_CLUSTER_NAME)" + - name: DD_OTLP_CONFIG_LOGS_ENABLED + value: "false" + - name: DD_PROVIDER_KIND + value: gke-gdc + resources: {} volumes: - - name: auth-token - emptyDir: {} - - name: installinfo - configMap: - name: datadog-installinfo - - name: config - emptyDir: {} - - - name: logdatadog - emptyDir: {} - - name: tmpdir - emptyDir: {} - - name: s6-run - emptyDir: {} - - hostPath: - path: /var/datadog/logs - name: pointerdir - - hostPath: - path: /var/log/pods - name: logpodpath - - hostPath: - path: /var/log/containers - name: logscontainerspath - - secret: - secretName: datadog-kubelet-cert - name: kubelet-cert-volume + - name: auth-token + emptyDir: {} + - name: installinfo + configMap: + name: datadog-installinfo + - name: config + emptyDir: {} + + - name: logdatadog + emptyDir: {} + - name: tmpdir + emptyDir: {} + - name: s6-run + emptyDir: {} + - hostPath: + path: /var/datadog/logs + name: pointerdir + - hostPath: + path: /var/log/pods + name: logpodpath + - hostPath: + path: /var/log/containers + name: logscontainerspath + - secret: + secretName: datadog-kubelet-cert + name: kubelet-cert-volume tolerations: - affinity: - {} + affinity: {} serviceAccountName: "datadog" automountServiceAccountToken: true nodeSelector: @@ -298,4 +291,4 @@ spec: updateStrategy: rollingUpdate: maxUnavailable: 10% - type: RollingUpdate \ No newline at end of file + type: RollingUpdate diff --git a/test/datadog/baseline/other_default.yaml b/test/datadog/baseline/other_default.yaml index 3ad192455..7037a8e28 100644 --- a/test/datadog/baseline/other_default.yaml +++ b/test/datadog/baseline/other_default.yaml @@ -6,7 +6,7 @@ metadata: name: datadog-clusterchecks namespace: datadog-agent labels: - helm.sh/chart: 'datadog-3.98.0' + helm.sh/chart: "datadog-3.98.1" app.kubernetes.io/name: "datadog" app.kubernetes.io/instance: "datadog" app.kubernetes.io/managed-by: Helm @@ -24,7 +24,7 @@ metadata: name: datadog-cluster-agent namespace: datadog-agent labels: - helm.sh/chart: 'datadog-3.98.0' + helm.sh/chart: "datadog-3.98.1" app.kubernetes.io/name: "datadog" app.kubernetes.io/instance: "datadog" app.kubernetes.io/managed-by: Helm @@ -41,13 +41,13 @@ kind: ServiceAccount automountServiceAccountToken: true metadata: labels: - helm.sh/chart: 'datadog-3.98.0' + helm.sh/chart: "datadog-3.98.1" app.kubernetes.io/name: "datadog" app.kubernetes.io/instance: "datadog" app.kubernetes.io/managed-by: Helm app.kubernetes.io/version: "7" app: "datadog" - chart: "datadog-3.98.0" + chart: "datadog-3.98.1" heritage: "Helm" release: "datadog" name: datadog-cluster-checks @@ -60,10 +60,10 @@ automountServiceAccountToken: true metadata: labels: app: "datadog" - chart: "datadog-3.98.0" + chart: "datadog-3.98.1" heritage: "Helm" release: "datadog" - helm.sh/chart: 'datadog-3.98.0' + helm.sh/chart: "datadog-3.98.1" app.kubernetes.io/name: "datadog" app.kubernetes.io/instance: "datadog" app.kubernetes.io/managed-by: Helm @@ -79,7 +79,7 @@ metadata: name: datadog namespace: datadog-agent labels: - helm.sh/chart: 'datadog-3.98.0' + helm.sh/chart: "datadog-3.98.1" app.kubernetes.io/name: "datadog" app.kubernetes.io/instance: "datadog" app.kubernetes.io/managed-by: Helm @@ -92,7 +92,7 @@ metadata: name: datadog-cluster-agent namespace: datadog-agent labels: - helm.sh/chart: 'datadog-3.98.0' + helm.sh/chart: "datadog-3.98.1" app.kubernetes.io/name: "datadog" app.kubernetes.io/instance: "datadog" app.kubernetes.io/managed-by: Helm @@ -108,7 +108,7 @@ metadata: name: datadog-cluster-agent-confd namespace: datadog-agent labels: - helm.sh/chart: 'datadog-3.98.0' + helm.sh/chart: "datadog-3.98.1" app.kubernetes.io/name: "datadog" app.kubernetes.io/instance: "datadog" app.kubernetes.io/managed-by: Helm @@ -149,7 +149,7 @@ data: {} annotations_as_tags: {} - + kubernetes_apiserver.yaml: |- init_config: instances: @@ -164,7 +164,7 @@ metadata: name: datadog-installinfo namespace: datadog-agent labels: - helm.sh/chart: 'datadog-3.98.0' + helm.sh/chart: "datadog-3.98.1" app.kubernetes.io/name: "datadog" app.kubernetes.io/instance: "datadog" app.kubernetes.io/managed-by: Helm @@ -177,7 +177,7 @@ data: install_method: tool: helm tool_version: Helm - installer_version: datadog-3.98.0 + installer_version: datadog-3.98.1 --- # Source: datadog/templates/kpi-telemetry-configmap.yaml apiVersion: v1 @@ -186,7 +186,7 @@ metadata: name: datadog-kpi-telemetry-configmap namespace: datadog-agent labels: - helm.sh/chart: 'datadog-3.98.0' + helm.sh/chart: "datadog-3.98.1" app.kubernetes.io/name: "datadog" app.kubernetes.io/instance: "datadog" app.kubernetes.io/managed-by: Helm @@ -201,320 +201,320 @@ apiVersion: "rbac.authorization.k8s.io/v1" kind: ClusterRole metadata: labels: - helm.sh/chart: 'datadog-3.98.0' + helm.sh/chart: "datadog-3.98.1" app.kubernetes.io/name: "datadog" app.kubernetes.io/instance: "datadog" app.kubernetes.io/managed-by: Helm app.kubernetes.io/version: "7" name: datadog-cluster-agent rules: -- apiGroups: - - "" - resources: - - services - - endpoints - - pods - - nodes - - namespaces - - componentstatuses - - limitranges - verbs: - - get - - list - - watch -- apiGroups: - - "" - resources: - - events - verbs: - - get - - list - - watch - - create -- apiGroups: - - "discovery.k8s.io" - resources: - - endpointslices - verbs: - - get - - list - - watch -- apiGroups: ["quota.openshift.io"] - resources: - - clusterresourcequotas - verbs: - - get - - list -- apiGroups: - - "autoscaling" - resources: - - horizontalpodautoscalers - verbs: - - list - - watch -- apiGroups: - - "" - resources: - - configmaps - resourceNames: - - datadogtoken # Kubernetes event collection state - - datadogtoken # Kept for backward compatibility with agent <7.37.0 - verbs: - - get - - update -- apiGroups: - - "" - resources: - - configmaps - resourceNames: - - datadog-leader-election # Leader election token - - datadog-leader-election # Kept for backward compatibility with agent <7.37.0 - verbs: - - get - - update -- apiGroups: - - "coordination.k8s.io" - resources: - - leases - resourceNames: - - datadog-leader-election # Leader election token - verbs: - - get - - update -- apiGroups: - - "coordination.k8s.io" - resources: - - leases - verbs: - - create -- apiGroups: # To create the leader election token and hpa events - - "" - resources: - - configmaps - - events - verbs: - - create -- nonResourceURLs: - - "/version" - - "/healthz" - verbs: - - get -- apiGroups: # to get the kube-system namespace UID and generate a cluster ID - - "" - resources: - - namespaces - resourceNames: - - "kube-system" - verbs: - - get -- apiGroups: # To create the cluster-id configmap - - "" - resources: - - configmaps - resourceNames: - - "datadog-cluster-id" - verbs: - - create - - get - - update -- apiGroups: - - "" - resources: - - persistentvolumes - - persistentvolumeclaims - - serviceaccounts - verbs: - - list - - get - - watch -- apiGroups: - - "apps" - resources: - - deployments - - replicasets - - daemonsets - - statefulsets - verbs: - - list - - get - - watch -- apiGroups: - - "batch" - resources: - - cronjobs - - jobs - verbs: - - list - - get - - watch -- apiGroups: - - networking.k8s.io - resources: - - ingresses - - networkpolicies - verbs: - - list - - get - - watch -- apiGroups: - - "rbac.authorization.k8s.io" - resources: - - roles - - rolebindings - - clusterroles - - clusterrolebindings - verbs: - - list - - get - - watch -- apiGroups: - - "storage.k8s.io" - resources: - - storageclasses - verbs: - - list - - get - - watch -- apiGroups: - - autoscaling.k8s.io - resources: - - verticalpodautoscalers - verbs: - - list - - get - - watch -- apiGroups: - - apiextensions.k8s.io - resources: - - customresourcedefinitions - verbs: - - list - - get - - watch -- apiGroups: - - admissionregistration.k8s.io - resources: - - validatingwebhookconfigurations - - mutatingwebhookconfigurations - resourceNames: - - "datadog-webhook" - verbs: ["get", "list", "watch", "update", "delete"] -- apiGroups: - - admissionregistration.k8s.io - resources: - - validatingwebhookconfigurations - - mutatingwebhookconfigurations - verbs: ["create"] -- apiGroups: ["batch"] - resources: ["jobs", "cronjobs"] - verbs: ["get"] -- apiGroups: ["apps"] - resources: ["statefulsets", "replicasets", "deployments", "daemonsets"] - verbs: ["get"] -- apiGroups: - - "security.openshift.io" - resources: - - securitycontextconstraints - verbs: - - use - resourceNames: - - datadog-cluster-agent - - hostnetwork + - apiGroups: + - "" + resources: + - services + - endpoints + - pods + - nodes + - namespaces + - componentstatuses + - limitranges + verbs: + - get + - list + - watch + - apiGroups: + - "" + resources: + - events + verbs: + - get + - list + - watch + - create + - apiGroups: + - "discovery.k8s.io" + resources: + - endpointslices + verbs: + - get + - list + - watch + - apiGroups: ["quota.openshift.io"] + resources: + - clusterresourcequotas + verbs: + - get + - list + - apiGroups: + - "autoscaling" + resources: + - horizontalpodautoscalers + verbs: + - list + - watch + - apiGroups: + - "" + resources: + - configmaps + resourceNames: + - datadogtoken # Kubernetes event collection state + - datadogtoken # Kept for backward compatibility with agent <7.37.0 + verbs: + - get + - update + - apiGroups: + - "" + resources: + - configmaps + resourceNames: + - datadog-leader-election # Leader election token + - datadog-leader-election # Kept for backward compatibility with agent <7.37.0 + verbs: + - get + - update + - apiGroups: + - "coordination.k8s.io" + resources: + - leases + resourceNames: + - datadog-leader-election # Leader election token + verbs: + - get + - update + - apiGroups: + - "coordination.k8s.io" + resources: + - leases + verbs: + - create + - apiGroups: # To create the leader election token and hpa events + - "" + resources: + - configmaps + - events + verbs: + - create + - nonResourceURLs: + - "/version" + - "/healthz" + verbs: + - get + - apiGroups: # to get the kube-system namespace UID and generate a cluster ID + - "" + resources: + - namespaces + resourceNames: + - "kube-system" + verbs: + - get + - apiGroups: # To create the cluster-id configmap + - "" + resources: + - configmaps + resourceNames: + - "datadog-cluster-id" + verbs: + - create + - get + - update + - apiGroups: + - "" + resources: + - persistentvolumes + - persistentvolumeclaims + - serviceaccounts + verbs: + - list + - get + - watch + - apiGroups: + - "apps" + resources: + - deployments + - replicasets + - daemonsets + - statefulsets + verbs: + - list + - get + - watch + - apiGroups: + - "batch" + resources: + - cronjobs + - jobs + verbs: + - list + - get + - watch + - apiGroups: + - networking.k8s.io + resources: + - ingresses + - networkpolicies + verbs: + - list + - get + - watch + - apiGroups: + - "rbac.authorization.k8s.io" + resources: + - roles + - rolebindings + - clusterroles + - clusterrolebindings + verbs: + - list + - get + - watch + - apiGroups: + - "storage.k8s.io" + resources: + - storageclasses + verbs: + - list + - get + - watch + - apiGroups: + - autoscaling.k8s.io + resources: + - verticalpodautoscalers + verbs: + - list + - get + - watch + - apiGroups: + - apiextensions.k8s.io + resources: + - customresourcedefinitions + verbs: + - list + - get + - watch + - apiGroups: + - admissionregistration.k8s.io + resources: + - validatingwebhookconfigurations + - mutatingwebhookconfigurations + resourceNames: + - "datadog-webhook" + verbs: ["get", "list", "watch", "update", "delete"] + - apiGroups: + - admissionregistration.k8s.io + resources: + - validatingwebhookconfigurations + - mutatingwebhookconfigurations + verbs: ["create"] + - apiGroups: ["batch"] + resources: ["jobs", "cronjobs"] + verbs: ["get"] + - apiGroups: ["apps"] + resources: ["statefulsets", "replicasets", "deployments", "daemonsets"] + verbs: ["get"] + - apiGroups: + - "security.openshift.io" + resources: + - securitycontextconstraints + verbs: + - use + resourceNames: + - datadog-cluster-agent + - hostnetwork --- # Source: datadog/templates/kube-state-metrics-core-rbac.yaml apiVersion: "rbac.authorization.k8s.io/v1" kind: ClusterRole metadata: labels: - helm.sh/chart: 'datadog-3.98.0' + helm.sh/chart: "datadog-3.98.1" app.kubernetes.io/name: "datadog" app.kubernetes.io/instance: "datadog" app.kubernetes.io/managed-by: Helm app.kubernetes.io/version: "7" name: datadog-ksm-core rules: -- apiGroups: - - "" - resources: - - secrets - - configmaps - - nodes - - pods - - services - - resourcequotas - - replicationcontrollers - - limitranges - - persistentvolumeclaims - - persistentvolumes - - namespaces - - endpoints - - events - verbs: - - list - - watch -- apiGroups: - - extensions - resources: - - daemonsets - - deployments - - replicasets - verbs: - - list - - watch -- apiGroups: - - apps - resources: - - statefulsets - - daemonsets - - deployments - - replicasets - verbs: - - list - - watch -- apiGroups: - - batch - resources: - - cronjobs - - jobs - verbs: - - list - - watch -- apiGroups: - - autoscaling - resources: - - horizontalpodautoscalers - verbs: - - list - - watch -- apiGroups: - - policy - resources: - - poddisruptionbudgets - verbs: - - list - - watch -- apiGroups: - - storage.k8s.io - resources: - - storageclasses - - volumeattachments - verbs: - - list - - watch -- apiGroups: - - networking.k8s.io - resources: - - ingresses - verbs: - - list - - watch -- apiGroups: - - apiextensions.k8s.io - resources: - - customresourcedefinitions - verbs: - - list - - watch + - apiGroups: + - "" + resources: + - secrets + - configmaps + - nodes + - pods + - services + - resourcequotas + - replicationcontrollers + - limitranges + - persistentvolumeclaims + - persistentvolumes + - namespaces + - endpoints + - events + verbs: + - list + - watch + - apiGroups: + - extensions + resources: + - daemonsets + - deployments + - replicasets + verbs: + - list + - watch + - apiGroups: + - apps + resources: + - statefulsets + - daemonsets + - deployments + - replicasets + verbs: + - list + - watch + - apiGroups: + - batch + resources: + - cronjobs + - jobs + verbs: + - list + - watch + - apiGroups: + - autoscaling + resources: + - horizontalpodautoscalers + verbs: + - list + - watch + - apiGroups: + - policy + resources: + - poddisruptionbudgets + verbs: + - list + - watch + - apiGroups: + - storage.k8s.io + resources: + - storageclasses + - volumeattachments + verbs: + - list + - watch + - apiGroups: + - networking.k8s.io + resources: + - ingresses + verbs: + - list + - watch + - apiGroups: + - apiextensions.k8s.io + resources: + - customresourcedefinitions + verbs: + - list + - watch --- # Source: datadog/templates/rbac.yaml apiVersion: "rbac.authorization.k8s.io/v1" @@ -522,62 +522,62 @@ kind: ClusterRole metadata: name: datadog labels: - helm.sh/chart: 'datadog-3.98.0' + helm.sh/chart: "datadog-3.98.1" app.kubernetes.io/name: "datadog" app.kubernetes.io/instance: "datadog" app.kubernetes.io/managed-by: Helm app.kubernetes.io/version: "7" rules: -- nonResourceURLs: - - "/metrics" - - "/metrics/slis" - verbs: - - get -- apiGroups: # Kubelet connectivity - - "" - resources: - - nodes/metrics - - nodes/spec - - nodes/proxy - - nodes/stats - verbs: - - get -- apiGroups: # leader election check - - "" - resources: - - endpoints - verbs: - - get -- apiGroups: - - "security.openshift.io" - resources: - - securitycontextconstraints - verbs: - - use - resourceNames: - - datadog - - hostaccess - - privileged -- apiGroups: # leader election check - - "coordination.k8s.io" - resources: - - leases - verbs: - - get -- apiGroups: # EKS kube_scheduler and kube_controller_manager control plane metrics - - "metrics.eks.amazonaws.com" - resources: - - kcm/metrics - - ksh/metrics - verbs: - - get + - nonResourceURLs: + - "/metrics" + - "/metrics/slis" + verbs: + - get + - apiGroups: # Kubelet connectivity + - "" + resources: + - nodes/metrics + - nodes/spec + - nodes/proxy + - nodes/stats + verbs: + - get + - apiGroups: # leader election check + - "" + resources: + - endpoints + verbs: + - get + - apiGroups: + - "security.openshift.io" + resources: + - securitycontextconstraints + verbs: + - use + resourceNames: + - datadog + - hostaccess + - privileged + - apiGroups: # leader election check + - "coordination.k8s.io" + resources: + - leases + verbs: + - get + - apiGroups: # EKS kube_scheduler and kube_controller_manager control plane metrics + - "metrics.eks.amazonaws.com" + resources: + - kcm/metrics + - ksh/metrics + verbs: + - get --- # Source: datadog/templates/agent-clusterchecks-rbac.yaml apiVersion: "rbac.authorization.k8s.io/v1" kind: ClusterRoleBinding metadata: labels: - helm.sh/chart: 'datadog-3.98.0' + helm.sh/chart: "datadog-3.98.1" app.kubernetes.io/name: "datadog" app.kubernetes.io/instance: "datadog" app.kubernetes.io/managed-by: Helm @@ -597,7 +597,7 @@ apiVersion: "rbac.authorization.k8s.io/v1" kind: ClusterRoleBinding metadata: labels: - helm.sh/chart: 'datadog-3.98.0' + helm.sh/chart: "datadog-3.98.1" app.kubernetes.io/name: "datadog" app.kubernetes.io/instance: "datadog" app.kubernetes.io/managed-by: Helm @@ -617,7 +617,7 @@ apiVersion: "rbac.authorization.k8s.io/v1" kind: ClusterRoleBinding metadata: labels: - helm.sh/chart: 'datadog-3.98.0' + helm.sh/chart: "datadog-3.98.1" app.kubernetes.io/name: "datadog" app.kubernetes.io/instance: "datadog" app.kubernetes.io/managed-by: Helm @@ -638,7 +638,7 @@ kind: ClusterRoleBinding metadata: name: datadog labels: - helm.sh/chart: 'datadog-3.98.0' + helm.sh/chart: "datadog-3.98.1" app.kubernetes.io/name: "datadog" app.kubernetes.io/instance: "datadog" app.kubernetes.io/managed-by: Helm @@ -657,7 +657,7 @@ apiVersion: "rbac.authorization.k8s.io/v1" kind: Role metadata: labels: - helm.sh/chart: 'datadog-3.98.0' + helm.sh/chart: "datadog-3.98.1" app.kubernetes.io/name: "datadog" app.kubernetes.io/instance: "datadog" app.kubernetes.io/managed-by: Helm @@ -665,16 +665,16 @@ metadata: name: datadog-cluster-agent-main namespace: datadog-agent rules: -- apiGroups: [""] - resources: ["secrets"] - verbs: ["get", "list", "watch", "update", "create"] + - apiGroups: [""] + resources: ["secrets"] + verbs: ["get", "list", "watch", "update", "create"] --- # Source: datadog/templates/dca-helm-values-rbac.yaml apiVersion: "rbac.authorization.k8s.io/v1" kind: Role metadata: labels: - helm.sh/chart: 'datadog-3.98.0' + helm.sh/chart: "datadog-3.98.1" app.kubernetes.io/name: "datadog" app.kubernetes.io/instance: "datadog" app.kubernetes.io/managed-by: Helm @@ -682,21 +682,21 @@ metadata: name: datadog-dca-flare namespace: datadog-agent rules: -- apiGroups: - - "" - resources: - - secrets - - configmaps - verbs: - - get - - list + - apiGroups: + - "" + resources: + - secrets + - configmaps + verbs: + - get + - list --- # Source: datadog/templates/cluster-agent-rbac.yaml apiVersion: "rbac.authorization.k8s.io/v1" kind: RoleBinding metadata: labels: - helm.sh/chart: 'datadog-3.98.0' + helm.sh/chart: "datadog-3.98.1" app.kubernetes.io/name: "datadog" app.kubernetes.io/instance: "datadog" app.kubernetes.io/managed-by: Helm @@ -717,7 +717,7 @@ apiVersion: "rbac.authorization.k8s.io/v1" kind: RoleBinding metadata: labels: - helm.sh/chart: 'datadog-3.98.0' + helm.sh/chart: "datadog-3.98.1" app.kubernetes.io/name: "datadog" app.kubernetes.io/instance: "datadog" app.kubernetes.io/managed-by: Helm @@ -740,7 +740,7 @@ metadata: name: datadog-cluster-agent namespace: datadog-agent labels: - helm.sh/chart: 'datadog-3.98.0' + helm.sh/chart: "datadog-3.98.1" app.kubernetes.io/name: "datadog" app.kubernetes.io/instance: "datadog" app.kubernetes.io/managed-by: Helm @@ -750,9 +750,9 @@ spec: selector: app: datadog-cluster-agent ports: - - port: 5005 - name: agentport - protocol: TCP + - port: 5005 + name: agentport + protocol: TCP --- # Source: datadog/templates/agent-services.yaml apiVersion: v1 @@ -762,10 +762,10 @@ metadata: namespace: datadog-agent labels: app: "datadog" - chart: "datadog-3.98.0" + chart: "datadog-3.98.1" release: "datadog" heritage: "Helm" - helm.sh/chart: 'datadog-3.98.0' + helm.sh/chart: "datadog-3.98.1" app.kubernetes.io/name: "datadog" app.kubernetes.io/instance: "datadog" app.kubernetes.io/managed-by: Helm @@ -774,10 +774,10 @@ spec: selector: app: datadog-cluster-agent ports: - - port: 443 - targetPort: 8000 - name: datadog-webhook - protocol: TCP + - port: 443 + targetPort: 8000 + name: datadog-webhook + protocol: TCP --- # Source: datadog/templates/agent-services.yaml apiVersion: v1 @@ -788,10 +788,10 @@ metadata: namespace: datadog-agent labels: app: "datadog" - chart: "datadog-3.98.0" + chart: "datadog-3.98.1" release: "datadog" heritage: "Helm" - helm.sh/chart: 'datadog-3.98.0' + helm.sh/chart: "datadog-3.98.1" app.kubernetes.io/name: "datadog" app.kubernetes.io/instance: "datadog" app.kubernetes.io/managed-by: Helm @@ -817,13 +817,13 @@ metadata: name: datadog namespace: datadog-agent labels: - helm.sh/chart: 'datadog-3.98.0' + helm.sh/chart: "datadog-3.98.1" app.kubernetes.io/name: "datadog" app.kubernetes.io/instance: "datadog" app.kubernetes.io/managed-by: Helm app.kubernetes.io/version: "7" app.kubernetes.io/component: agent - + spec: revisionHistoryLimit: 10 selector: @@ -838,7 +838,7 @@ spec: app.kubernetes.io/component: agent admission.datadoghq.com/enabled: "false" app: datadog - + name: datadog annotations: checksum/clusteragent_token: b00bc32745e194c0e3d56bf1b877efc859958662d66bea1235dfb443734a9e2d @@ -847,388 +847,380 @@ spec: checksum/confd-config: 44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a checksum/checksd-config: 44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a spec: - securityContext: runAsUser: 0 hostPID: true containers: - - name: agent - image: "gcr.io/datadoghq/agent:7.63.0" - imagePullPolicy: IfNotPresent - command: ["agent", "run"] - - resources: - {} - ports: - - containerPort: 8125 - name: dogstatsdport - protocol: UDP - env: - - name: DD_API_KEY - valueFrom: - secretKeyRef: - name: "datadog-secret" - key: api-key - - name: DD_REMOTE_CONFIGURATION_ENABLED - value: "true" - - name: DD_AUTH_TOKEN_FILE_PATH - value: /etc/datadog-agent/auth/token - - - name: KUBERNETES - value: "yes" - - name: DD_LANGUAGE_DETECTION_ENABLED - value: "false" - - name: DD_LANGUAGE_DETECTION_REPORTING_ENABLED - value: "false" - - name: DD_KUBERNETES_KUBELET_HOST - valueFrom: - fieldRef: - fieldPath: status.hostIP - - name: DD_OTLP_CONFIG_LOGS_ENABLED - value: "false" - - - - - name: DD_PROCESS_CONFIG_PROCESS_COLLECTION_ENABLED - value: "false" - - name: DD_PROCESS_CONFIG_CONTAINER_COLLECTION_ENABLED - value: "true" - - name: DD_PROCESS_AGENT_DISCOVERY_ENABLED - value: "true" - - name: DD_STRIP_PROCESS_ARGS - value: "false" - - name: DD_PROCESS_CONFIG_RUN_IN_CORE_AGENT_ENABLED - value: "true" - - name: DD_LOG_LEVEL - value: "INFO" - - name: DD_DOGSTATSD_PORT - value: "8125" - - name: DD_DOGSTATSD_NON_LOCAL_TRAFFIC - value: "true" - - name: DD_DOGSTATSD_TAG_CARDINALITY - value: "low" - - name: DD_CLUSTER_AGENT_ENABLED - value: "true" - - name: DD_CLUSTER_AGENT_KUBERNETES_SERVICE_NAME - value: datadog-cluster-agent - - name: DD_CLUSTER_AGENT_AUTH_TOKEN - valueFrom: - secretKeyRef: + - name: agent + image: "gcr.io/datadoghq/agent:7.63.0" + imagePullPolicy: IfNotPresent + command: ["agent", "run"] + + resources: {} + ports: + - containerPort: 8125 + name: dogstatsdport + protocol: UDP + env: + - name: DD_API_KEY + valueFrom: + secretKeyRef: + name: "datadog-secret" + key: api-key + - name: DD_REMOTE_CONFIGURATION_ENABLED + value: "true" + - name: DD_AUTH_TOKEN_FILE_PATH + value: /etc/datadog-agent/auth/token + + - name: KUBERNETES + value: "yes" + - name: DD_LANGUAGE_DETECTION_ENABLED + value: "false" + - name: DD_LANGUAGE_DETECTION_REPORTING_ENABLED + value: "false" + - name: DD_KUBERNETES_KUBELET_HOST + valueFrom: + fieldRef: + fieldPath: status.hostIP + - name: DD_OTLP_CONFIG_LOGS_ENABLED + value: "false" + + - name: DD_PROCESS_CONFIG_PROCESS_COLLECTION_ENABLED + value: "false" + - name: DD_PROCESS_CONFIG_CONTAINER_COLLECTION_ENABLED + value: "true" + - name: DD_PROCESS_AGENT_DISCOVERY_ENABLED + value: "true" + - name: DD_STRIP_PROCESS_ARGS + value: "false" + - name: DD_PROCESS_CONFIG_RUN_IN_CORE_AGENT_ENABLED + value: "true" + - name: DD_LOG_LEVEL + value: "INFO" + - name: DD_DOGSTATSD_PORT + value: "8125" + - name: DD_DOGSTATSD_NON_LOCAL_TRAFFIC + value: "true" + - name: DD_DOGSTATSD_TAG_CARDINALITY + value: "low" + - name: DD_CLUSTER_AGENT_ENABLED + value: "true" + - name: DD_CLUSTER_AGENT_KUBERNETES_SERVICE_NAME + value: datadog-cluster-agent + - name: DD_CLUSTER_AGENT_AUTH_TOKEN + valueFrom: + secretKeyRef: name: datadog-cluster-agent key: token - - name: DD_APM_ENABLED - value: "true" - - name: DD_LOGS_ENABLED - value: "false" - - name: DD_LOGS_CONFIG_CONTAINER_COLLECT_ALL - value: "false" - - name: DD_LOGS_CONFIG_K8S_CONTAINER_USE_FILE - value: "true" - - name: DD_LOGS_CONFIG_AUTO_MULTI_LINE_DETECTION - value: "false" - - name: DD_HEALTH_PORT - value: "5555" - - name: DD_DOGSTATSD_SOCKET - value: "/var/run/datadog/dsd.socket" - - name: DD_EXTRA_CONFIG_PROVIDERS - value: "endpointschecks" - - - name: DD_IGNORE_AUTOCONF - value: "kubernetes_state" - - name: DD_CONTAINER_LIFECYCLE_ENABLED - value: "true" - - name: DD_ORCHESTRATOR_EXPLORER_ENABLED - value: "true" - - name: DD_EXPVAR_PORT - value: "6000" - - name: DD_COMPLIANCE_CONFIG_ENABLED - value: "false" - - name: DD_CONTAINER_IMAGE_ENABLED - value: "true" - - name: DD_KUBELET_CORE_CHECK_ENABLED - value: "true" - volumeMounts: - - name: logdatadog - mountPath: /var/log/datadog - readOnly: false # Need RW to write logs - - name: installinfo - subPath: install_info - mountPath: /etc/datadog-agent/install_info - readOnly: true - - name: tmpdir - mountPath: /tmp - readOnly: false # Need RW to write to /tmp directory - - - name: os-release-file - mountPath: /host/etc/os-release - readOnly: true - - name: config - mountPath: /etc/datadog-agent - readOnly: false # Need RW to mount to config path - - name: auth-token - mountPath: /etc/datadog-agent/auth - readOnly: false # Need RW to write auth token - - - name: runtimesocketdir - mountPath: /host/var/run - mountPropagation: None - readOnly: true - - - name: dsdsocket - mountPath: /var/run/datadog - readOnly: false - - name: procdir - mountPath: /host/proc - mountPropagation: None - readOnly: true - - name: cgroups - mountPath: /host/sys/fs/cgroup - mountPropagation: None - readOnly: true - - name: passwd - mountPath: /etc/passwd - readOnly: true - livenessProbe: - failureThreshold: 6 - httpGet: - path: /live - port: 5555 - scheme: HTTP - initialDelaySeconds: 15 - periodSeconds: 15 - successThreshold: 1 - timeoutSeconds: 5 - readinessProbe: - failureThreshold: 6 - httpGet: - path: /ready - port: 5555 - scheme: HTTP - initialDelaySeconds: 15 - periodSeconds: 15 - successThreshold: 1 - timeoutSeconds: 5 - startupProbe: - failureThreshold: 6 - httpGet: - path: /startup - port: 5555 - scheme: HTTP - initialDelaySeconds: 15 - periodSeconds: 15 - successThreshold: 1 - timeoutSeconds: 5 - - name: trace-agent - image: "gcr.io/datadoghq/agent:7.63.0" - imagePullPolicy: IfNotPresent - command: ["trace-agent", "-config=/etc/datadog-agent/datadog.yaml"] - resources: - {} - ports: - - containerPort: 8126 - name: traceport - protocol: TCP - env: - - name: DD_API_KEY - valueFrom: - secretKeyRef: - name: "datadog-secret" - key: api-key - - name: DD_REMOTE_CONFIGURATION_ENABLED - value: "true" - - name: DD_AUTH_TOKEN_FILE_PATH - value: /etc/datadog-agent/auth/token - - - name: KUBERNETES - value: "yes" - - name: DD_LANGUAGE_DETECTION_ENABLED - value: "false" - - name: DD_LANGUAGE_DETECTION_REPORTING_ENABLED - value: "false" - - name: DD_KUBERNETES_KUBELET_HOST - valueFrom: - fieldRef: - fieldPath: status.hostIP - - name: DD_OTLP_CONFIG_LOGS_ENABLED - value: "false" - - - name: DD_CLUSTER_AGENT_ENABLED - value: "true" - - name: DD_CLUSTER_AGENT_KUBERNETES_SERVICE_NAME - value: datadog-cluster-agent - - name: DD_CLUSTER_AGENT_AUTH_TOKEN - valueFrom: - secretKeyRef: + - name: DD_APM_ENABLED + value: "true" + - name: DD_LOGS_ENABLED + value: "false" + - name: DD_LOGS_CONFIG_CONTAINER_COLLECT_ALL + value: "false" + - name: DD_LOGS_CONFIG_K8S_CONTAINER_USE_FILE + value: "true" + - name: DD_LOGS_CONFIG_AUTO_MULTI_LINE_DETECTION + value: "false" + - name: DD_HEALTH_PORT + value: "5555" + - name: DD_DOGSTATSD_SOCKET + value: "/var/run/datadog/dsd.socket" + - name: DD_EXTRA_CONFIG_PROVIDERS + value: "endpointschecks" + + - name: DD_IGNORE_AUTOCONF + value: "kubernetes_state" + - name: DD_CONTAINER_LIFECYCLE_ENABLED + value: "true" + - name: DD_ORCHESTRATOR_EXPLORER_ENABLED + value: "true" + - name: DD_EXPVAR_PORT + value: "6000" + - name: DD_COMPLIANCE_CONFIG_ENABLED + value: "false" + - name: DD_CONTAINER_IMAGE_ENABLED + value: "true" + - name: DD_KUBELET_CORE_CHECK_ENABLED + value: "true" + volumeMounts: + - name: logdatadog + mountPath: /var/log/datadog + readOnly: false # Need RW to write logs + - name: installinfo + subPath: install_info + mountPath: /etc/datadog-agent/install_info + readOnly: true + - name: tmpdir + mountPath: /tmp + readOnly: false # Need RW to write to /tmp directory + + - name: os-release-file + mountPath: /host/etc/os-release + readOnly: true + - name: config + mountPath: /etc/datadog-agent + readOnly: false # Need RW to mount to config path + - name: auth-token + mountPath: /etc/datadog-agent/auth + readOnly: false # Need RW to write auth token + + - name: runtimesocketdir + mountPath: /host/var/run + mountPropagation: None + readOnly: true + + - name: dsdsocket + mountPath: /var/run/datadog + readOnly: false + - name: procdir + mountPath: /host/proc + mountPropagation: None + readOnly: true + - name: cgroups + mountPath: /host/sys/fs/cgroup + mountPropagation: None + readOnly: true + - name: passwd + mountPath: /etc/passwd + readOnly: true + livenessProbe: + failureThreshold: 6 + httpGet: + path: /live + port: 5555 + scheme: HTTP + initialDelaySeconds: 15 + periodSeconds: 15 + successThreshold: 1 + timeoutSeconds: 5 + readinessProbe: + failureThreshold: 6 + httpGet: + path: /ready + port: 5555 + scheme: HTTP + initialDelaySeconds: 15 + periodSeconds: 15 + successThreshold: 1 + timeoutSeconds: 5 + startupProbe: + failureThreshold: 6 + httpGet: + path: /startup + port: 5555 + scheme: HTTP + initialDelaySeconds: 15 + periodSeconds: 15 + successThreshold: 1 + timeoutSeconds: 5 + - name: trace-agent + image: "gcr.io/datadoghq/agent:7.63.0" + imagePullPolicy: IfNotPresent + command: ["trace-agent", "-config=/etc/datadog-agent/datadog.yaml"] + resources: {} + ports: + - containerPort: 8126 + name: traceport + protocol: TCP + env: + - name: DD_API_KEY + valueFrom: + secretKeyRef: + name: "datadog-secret" + key: api-key + - name: DD_REMOTE_CONFIGURATION_ENABLED + value: "true" + - name: DD_AUTH_TOKEN_FILE_PATH + value: /etc/datadog-agent/auth/token + + - name: KUBERNETES + value: "yes" + - name: DD_LANGUAGE_DETECTION_ENABLED + value: "false" + - name: DD_LANGUAGE_DETECTION_REPORTING_ENABLED + value: "false" + - name: DD_KUBERNETES_KUBELET_HOST + valueFrom: + fieldRef: + fieldPath: status.hostIP + - name: DD_OTLP_CONFIG_LOGS_ENABLED + value: "false" + + - name: DD_CLUSTER_AGENT_ENABLED + value: "true" + - name: DD_CLUSTER_AGENT_KUBERNETES_SERVICE_NAME + value: datadog-cluster-agent + - name: DD_CLUSTER_AGENT_AUTH_TOKEN + valueFrom: + secretKeyRef: name: datadog-cluster-agent key: token - - - name: DD_LOG_LEVEL - value: "INFO" - - name: DD_APM_ENABLED - value: "true" - - name: DD_APM_NON_LOCAL_TRAFFIC - value: "true" - - name: DD_APM_RECEIVER_PORT - value: "8126" - - name: DD_APM_RECEIVER_SOCKET - value: "/var/run/datadog/apm.socket" - - name: DD_DOGSTATSD_SOCKET - value: "/var/run/datadog/dsd.socket" - - name: DD_INSTRUMENTATION_INSTALL_TIME - valueFrom: - configMapKeyRef: - name: datadog-kpi-telemetry-configmap - key: install_time - - name: DD_INSTRUMENTATION_INSTALL_ID - valueFrom: - configMapKeyRef: - name: datadog-kpi-telemetry-configmap - key: install_id - - name: DD_INSTRUMENTATION_INSTALL_TYPE - valueFrom: - configMapKeyRef: - name: datadog-kpi-telemetry-configmap - key: install_type - volumeMounts: - - name: config - mountPath: /etc/datadog-agent - readOnly: true - - name: logdatadog - mountPath: /var/log/datadog - readOnly: false # Need RW to write logs - - name: auth-token - mountPath: /etc/datadog-agent/auth - readOnly: true - - name: procdir - mountPath: /host/proc - mountPropagation: None - readOnly: true - - name: cgroups - mountPath: /host/sys/fs/cgroup - mountPropagation: None - readOnly: true - - name: tmpdir - mountPath: /tmp - readOnly: false # Need RW for tmp directory - - name: dsdsocket - mountPath: /var/run/datadog - readOnly: false # Need RW for UDS DSD socket - - - name: runtimesocketdir - mountPath: /host/var/run - mountPropagation: None - readOnly: true - - livenessProbe: - initialDelaySeconds: 15 - periodSeconds: 15 - tcpSocket: - port: 8126 - timeoutSeconds: 5 + + - name: DD_LOG_LEVEL + value: "INFO" + - name: DD_APM_ENABLED + value: "true" + - name: DD_APM_NON_LOCAL_TRAFFIC + value: "true" + - name: DD_APM_RECEIVER_PORT + value: "8126" + - name: DD_APM_RECEIVER_SOCKET + value: "/var/run/datadog/apm.socket" + - name: DD_DOGSTATSD_SOCKET + value: "/var/run/datadog/dsd.socket" + - name: DD_INSTRUMENTATION_INSTALL_TIME + valueFrom: + configMapKeyRef: + name: datadog-kpi-telemetry-configmap + key: install_time + - name: DD_INSTRUMENTATION_INSTALL_ID + valueFrom: + configMapKeyRef: + name: datadog-kpi-telemetry-configmap + key: install_id + - name: DD_INSTRUMENTATION_INSTALL_TYPE + valueFrom: + configMapKeyRef: + name: datadog-kpi-telemetry-configmap + key: install_type + volumeMounts: + - name: config + mountPath: /etc/datadog-agent + readOnly: true + - name: logdatadog + mountPath: /var/log/datadog + readOnly: false # Need RW to write logs + - name: auth-token + mountPath: /etc/datadog-agent/auth + readOnly: true + - name: procdir + mountPath: /host/proc + mountPropagation: None + readOnly: true + - name: cgroups + mountPath: /host/sys/fs/cgroup + mountPropagation: None + readOnly: true + - name: tmpdir + mountPath: /tmp + readOnly: false # Need RW for tmp directory + - name: dsdsocket + mountPath: /var/run/datadog + readOnly: false # Need RW for UDS DSD socket + + - name: runtimesocketdir + mountPath: /host/var/run + mountPropagation: None + readOnly: true + + livenessProbe: + initialDelaySeconds: 15 + periodSeconds: 15 + tcpSocket: + port: 8126 + timeoutSeconds: 5 initContainers: - - name: init-volume - image: "gcr.io/datadoghq/agent:7.63.0" - imagePullPolicy: IfNotPresent - command: ["bash", "-c"] - args: - - cp -r /etc/datadog-agent /opt - volumeMounts: - - name: config - mountPath: /opt/datadog-agent - readOnly: false # Need RW for config path - resources: - {} - - name: init-config - image: "gcr.io/datadoghq/agent:7.63.0" - imagePullPolicy: IfNotPresent - command: - - bash - - -c - args: - - for script in $(find /etc/cont-init.d/ -type f -name '*.sh' | sort) ; do bash $script ; done - volumeMounts: - - name: config - mountPath: /etc/datadog-agent - readOnly: false # Need RW for config path - - name: logdatadog - mountPath: /var/log/datadog - readOnly: false # Need RW to write logs - - name: procdir - mountPath: /host/proc - mountPropagation: None - readOnly: true - - - name: runtimesocketdir - mountPath: /host/var/run - mountPropagation: None - readOnly: true - env: - - name: DD_API_KEY - valueFrom: - secretKeyRef: - name: "datadog-secret" - key: api-key - - name: DD_REMOTE_CONFIGURATION_ENABLED - value: "true" - - name: DD_AUTH_TOKEN_FILE_PATH - value: /etc/datadog-agent/auth/token - - - name: KUBERNETES - value: "yes" - - name: DD_LANGUAGE_DETECTION_ENABLED - value: "false" - - name: DD_LANGUAGE_DETECTION_REPORTING_ENABLED - value: "false" - - name: DD_KUBERNETES_KUBELET_HOST - valueFrom: - fieldRef: - fieldPath: status.hostIP - - name: DD_OTLP_CONFIG_LOGS_ENABLED - value: "false" - - resources: - {} + - name: init-volume + image: "gcr.io/datadoghq/agent:7.63.0" + imagePullPolicy: IfNotPresent + command: ["bash", "-c"] + args: + - cp -r /etc/datadog-agent /opt + volumeMounts: + - name: config + mountPath: /opt/datadog-agent + readOnly: false # Need RW for config path + resources: {} + - name: init-config + image: "gcr.io/datadoghq/agent:7.63.0" + imagePullPolicy: IfNotPresent + command: + - bash + - -c + args: + - for script in $(find /etc/cont-init.d/ -type f -name '*.sh' | sort) ; do bash $script ; done + volumeMounts: + - name: config + mountPath: /etc/datadog-agent + readOnly: false # Need RW for config path + - name: logdatadog + mountPath: /var/log/datadog + readOnly: false # Need RW to write logs + - name: procdir + mountPath: /host/proc + mountPropagation: None + readOnly: true + + - name: runtimesocketdir + mountPath: /host/var/run + mountPropagation: None + readOnly: true + env: + - name: DD_API_KEY + valueFrom: + secretKeyRef: + name: "datadog-secret" + key: api-key + - name: DD_REMOTE_CONFIGURATION_ENABLED + value: "true" + - name: DD_AUTH_TOKEN_FILE_PATH + value: /etc/datadog-agent/auth/token + + - name: KUBERNETES + value: "yes" + - name: DD_LANGUAGE_DETECTION_ENABLED + value: "false" + - name: DD_LANGUAGE_DETECTION_REPORTING_ENABLED + value: "false" + - name: DD_KUBERNETES_KUBELET_HOST + valueFrom: + fieldRef: + fieldPath: status.hostIP + - name: DD_OTLP_CONFIG_LOGS_ENABLED + value: "false" + + resources: {} volumes: - - name: auth-token - emptyDir: {} - - name: installinfo - configMap: - name: datadog-installinfo - - name: config - emptyDir: {} - - - name: logdatadog - emptyDir: {} - - name: tmpdir - emptyDir: {} - - name: s6-run - emptyDir: {} - - hostPath: - path: /proc - name: procdir - - hostPath: - path: /sys/fs/cgroup - name: cgroups - - hostPath: - path: /etc/os-release - name: os-release-file - - hostPath: - path: /var/run/datadog/ - type: DirectoryOrCreate - name: dsdsocket - - hostPath: - path: /var/run/datadog/ - type: DirectoryOrCreate - name: apmsocket - - hostPath: - path: /etc/passwd - name: passwd - - hostPath: - path: /var/run - name: runtimesocketdir + - name: auth-token + emptyDir: {} + - name: installinfo + configMap: + name: datadog-installinfo + - name: config + emptyDir: {} + + - name: logdatadog + emptyDir: {} + - name: tmpdir + emptyDir: {} + - name: s6-run + emptyDir: {} + - hostPath: + path: /proc + name: procdir + - hostPath: + path: /sys/fs/cgroup + name: cgroups + - hostPath: + path: /etc/os-release + name: os-release-file + - hostPath: + path: /var/run/datadog/ + type: DirectoryOrCreate + name: dsdsocket + - hostPath: + path: /var/run/datadog/ + type: DirectoryOrCreate + name: apmsocket + - hostPath: + path: /etc/passwd + name: passwd + - hostPath: + path: /var/run + name: runtimesocketdir tolerations: - affinity: - {} + affinity: {} serviceAccountName: "datadog" automountServiceAccountToken: true nodeSelector: @@ -1245,13 +1237,13 @@ metadata: name: datadog-clusterchecks namespace: datadog-agent labels: - helm.sh/chart: 'datadog-3.98.0' + helm.sh/chart: "datadog-3.98.1" app.kubernetes.io/name: "datadog" app.kubernetes.io/instance: "datadog" app.kubernetes.io/managed-by: Helm app.kubernetes.io/version: "7" app.kubernetes.io/component: clusterchecks-agent - + spec: replicas: 2 revisionHistoryLimit: 10 @@ -1272,7 +1264,7 @@ spec: app.kubernetes.io/component: clusterchecks-agent admission.datadoghq.com/enabled: "false" app: datadog-clusterchecks - + name: datadog-clusterchecks annotations: checksum/clusteragent_token: 0f396e3493380edb5b42f1029515a5828da6fbdcfe49486411da711abf646a3c @@ -1280,136 +1272,130 @@ spec: spec: serviceAccountName: datadog-cluster-checks automountServiceAccountToken: true - imagePullSecrets: - [] + imagePullSecrets: [] initContainers: - - name: init-volume - image: "gcr.io/datadoghq/agent:7.63.0" - imagePullPolicy: IfNotPresent - command: ["bash", "-c"] - args: - - cp -r /etc/datadog-agent /opt - volumeMounts: - - name: config - mountPath: /opt/datadog-agent - readOnly: false # Need RW for writing agent config files - resources: - {} - - name: init-config - image: "gcr.io/datadoghq/agent:7.63.0" - imagePullPolicy: IfNotPresent - command: ["bash", "-c"] - args: - - for script in $(find /etc/cont-init.d/ -type f -name '*.sh' | sort) ; do bash $script ; done - volumeMounts: - - name: config - mountPath: /etc/datadog-agent - readOnly: false # Need RW for writing datadog.yaml config file - resources: - {} + - name: init-volume + image: "gcr.io/datadoghq/agent:7.63.0" + imagePullPolicy: IfNotPresent + command: ["bash", "-c"] + args: + - cp -r /etc/datadog-agent /opt + volumeMounts: + - name: config + mountPath: /opt/datadog-agent + readOnly: false # Need RW for writing agent config files + resources: {} + - name: init-config + image: "gcr.io/datadoghq/agent:7.63.0" + imagePullPolicy: IfNotPresent + command: ["bash", "-c"] + args: + - for script in $(find /etc/cont-init.d/ -type f -name '*.sh' | sort) ; do bash $script ; done + volumeMounts: + - name: config + mountPath: /etc/datadog-agent + readOnly: false # Need RW for writing datadog.yaml config file + resources: {} containers: - - name: agent - image: "gcr.io/datadoghq/agent:7.63.0" - command: ["bash", "-c"] - args: - - find /etc/datadog-agent/conf.d/ -name "*.yaml.default" -type f -delete && touch /etc/datadog-agent/datadog.yaml && exec agent run - imagePullPolicy: IfNotPresent - env: - - - name: KUBERNETES - value: "yes" - - name: DD_API_KEY - valueFrom: - secretKeyRef: - name: "datadog-secret" - key: api-key - - name: DD_LOG_LEVEL - value: "INFO" - - name: DD_EXTRA_CONFIG_PROVIDERS - value: "clusterchecks" - - name: DD_HEALTH_PORT - value: "5557" - # Cluster checks (cluster-agent communication) - - name: DD_CLUSTER_AGENT_ENABLED - value: "true" - - name: DD_CLUSTER_AGENT_KUBERNETES_SERVICE_NAME - value: datadog-cluster-agent - - name: DD_CLUSTER_AGENT_AUTH_TOKEN - valueFrom: - secretKeyRef: + - name: agent + image: "gcr.io/datadoghq/agent:7.63.0" + command: ["bash", "-c"] + args: + - find /etc/datadog-agent/conf.d/ -name "*.yaml.default" -type f -delete && touch /etc/datadog-agent/datadog.yaml && exec agent run + imagePullPolicy: IfNotPresent + env: + - name: KUBERNETES + value: "yes" + - name: DD_API_KEY + valueFrom: + secretKeyRef: + name: "datadog-secret" + key: api-key + - name: DD_LOG_LEVEL + value: "INFO" + - name: DD_EXTRA_CONFIG_PROVIDERS + value: "clusterchecks" + - name: DD_HEALTH_PORT + value: "5557" + # Cluster checks (cluster-agent communication) + - name: DD_CLUSTER_AGENT_ENABLED + value: "true" + - name: DD_CLUSTER_AGENT_KUBERNETES_SERVICE_NAME + value: datadog-cluster-agent + - name: DD_CLUSTER_AGENT_AUTH_TOKEN + valueFrom: + secretKeyRef: name: datadog-cluster-agent key: token - # Safely run alongside the daemonset - - name: DD_ENABLE_METADATA_COLLECTION - value: "false" - # Expose CLC stats - - name: DD_CLC_RUNNER_ENABLED - value: "true" - - name: DD_CLC_RUNNER_HOST - valueFrom: - fieldRef: - fieldPath: status.podIP - - name: DD_CLC_RUNNER_ID - valueFrom: - fieldRef: - fieldPath: metadata.name - # Remove unused features - - name: DD_USE_DOGSTATSD - value: "false" - - name: DD_PROCESS_AGENT_ENABLED - value: "false" - - name: DD_LOGS_ENABLED - value: "false" - - name: DD_APM_ENABLED - value: "false" - - name: DD_REMOTE_CONFIGURATION_ENABLED - value: "false" - - name: DD_HOSTNAME - valueFrom: - fieldRef: - fieldPath: spec.nodeName - - - resources: - {} - volumeMounts: - - name: installinfo - subPath: install_info - mountPath: /etc/datadog-agent/install_info - readOnly: true - - name: config - mountPath: /etc/datadog-agent - readOnly: false # Need RW for config path - livenessProbe: - failureThreshold: 6 - httpGet: - path: /live - port: 5557 - scheme: HTTP - initialDelaySeconds: 15 - periodSeconds: 15 - successThreshold: 1 - timeoutSeconds: 5 - readinessProbe: - failureThreshold: 6 - httpGet: - path: /ready - port: 5557 - scheme: HTTP - initialDelaySeconds: 15 - periodSeconds: 15 - successThreshold: 1 - timeoutSeconds: 5 - startupProbe: - failureThreshold: 6 - httpGet: - path: /startup - port: 5557 - scheme: HTTP - initialDelaySeconds: 15 - periodSeconds: 15 - successThreshold: 1 - timeoutSeconds: 5 + # Safely run alongside the daemonset + - name: DD_ENABLE_METADATA_COLLECTION + value: "false" + # Expose CLC stats + - name: DD_CLC_RUNNER_ENABLED + value: "true" + - name: DD_CLC_RUNNER_HOST + valueFrom: + fieldRef: + fieldPath: status.podIP + - name: DD_CLC_RUNNER_ID + valueFrom: + fieldRef: + fieldPath: metadata.name + # Remove unused features + - name: DD_USE_DOGSTATSD + value: "false" + - name: DD_PROCESS_AGENT_ENABLED + value: "false" + - name: DD_LOGS_ENABLED + value: "false" + - name: DD_APM_ENABLED + value: "false" + - name: DD_REMOTE_CONFIGURATION_ENABLED + value: "false" + - name: DD_HOSTNAME + valueFrom: + fieldRef: + fieldPath: spec.nodeName + + resources: {} + volumeMounts: + - name: installinfo + subPath: install_info + mountPath: /etc/datadog-agent/install_info + readOnly: true + - name: config + mountPath: /etc/datadog-agent + readOnly: false # Need RW for config path + livenessProbe: + failureThreshold: 6 + httpGet: + path: /live + port: 5557 + scheme: HTTP + initialDelaySeconds: 15 + periodSeconds: 15 + successThreshold: 1 + timeoutSeconds: 5 + readinessProbe: + failureThreshold: 6 + httpGet: + path: /ready + port: 5557 + scheme: HTTP + initialDelaySeconds: 15 + periodSeconds: 15 + successThreshold: 1 + timeoutSeconds: 5 + startupProbe: + failureThreshold: 6 + httpGet: + path: /startup + port: 5557 + scheme: HTTP + initialDelaySeconds: 15 + periodSeconds: 15 + successThreshold: 1 + timeoutSeconds: 5 volumes: - name: installinfo configMap: @@ -1421,12 +1407,12 @@ spec: # for better checks stability in case of node failure. podAntiAffinity: preferredDuringSchedulingIgnoredDuringExecution: - - weight: 50 - podAffinityTerm: - labelSelector: - matchLabels: - app: datadog-clusterchecks - topologyKey: kubernetes.io/hostname + - weight: 50 + podAffinityTerm: + labelSelector: + matchLabels: + app: datadog-clusterchecks + topologyKey: kubernetes.io/hostname nodeSelector: kubernetes.io/os: linux --- @@ -1437,13 +1423,13 @@ metadata: name: datadog-cluster-agent namespace: datadog-agent labels: - helm.sh/chart: 'datadog-3.98.0' + helm.sh/chart: "datadog-3.98.1" app.kubernetes.io/name: "datadog" app.kubernetes.io/instance: "datadog" app.kubernetes.io/managed-by: Helm app.kubernetes.io/version: "7" app.kubernetes.io/component: cluster-agent - + spec: replicas: 1 revisionHistoryLimit: 10 @@ -1464,7 +1450,7 @@ spec: app.kubernetes.io/component: cluster-agent admission.datadoghq.com/enabled: "false" app: datadog-cluster-agent - + name: datadog-cluster-agent annotations: checksum/clusteragent_token: f32c0e89f2c62e682e618b4c8871ac2fa441b78ff20bc66d827869fdacfb591f @@ -1474,199 +1460,197 @@ spec: serviceAccountName: datadog-cluster-agent automountServiceAccountToken: true initContainers: - - name: init-volume - image: "gcr.io/datadoghq/cluster-agent:7.63.0" - imagePullPolicy: IfNotPresent - command: - - cp - - -r - args: - - /etc/datadog-agent - - /opt - volumeMounts: - - name: config - mountPath: /opt/datadog-agent + - name: init-volume + image: "gcr.io/datadoghq/cluster-agent:7.63.0" + imagePullPolicy: IfNotPresent + command: + - cp + - -r + args: + - /etc/datadog-agent + - /opt + volumeMounts: + - name: config + mountPath: /opt/datadog-agent containers: - - name: cluster-agent - image: "gcr.io/datadoghq/cluster-agent:7.63.0" - imagePullPolicy: IfNotPresent - resources: - {} - ports: - - containerPort: 5005 - name: agentport - protocol: TCP - - containerPort: 5000 - name: agentmetrics - protocol: TCP - - containerPort: 8000 - name: datadog-webhook - protocol: TCP - env: - - name: DD_POD_NAME - valueFrom: - fieldRef: - fieldPath: metadata.name - - name: DD_CLUSTER_AGENT_SERVICE_ACCOUNT_NAME - valueFrom: - fieldRef: - fieldPath: spec.serviceAccountName - - name: DD_HEALTH_PORT - value: "5556" - - name: DD_API_KEY - valueFrom: - secretKeyRef: - name: "datadog-secret" - key: api-key - optional: true - - - name: KUBERNETES - value: "yes" - - name: DD_LANGUAGE_DETECTION_ENABLED - value: "false" - - name: DD_LANGUAGE_DETECTION_REPORTING_ENABLED - value: "false" - - name: DD_ADMISSION_CONTROLLER_ENABLED - value: "true" - - name: DD_ADMISSION_CONTROLLER_VALIDATION_ENABLED - value: "true" - - name: DD_ADMISSION_CONTROLLER_MUTATION_ENABLED - value: "true" - - name: DD_ADMISSION_CONTROLLER_WEBHOOK_NAME - value: "datadog-webhook" - - name: DD_ADMISSION_CONTROLLER_MUTATE_UNLABELLED - value: "false" - - name: DD_ADMISSION_CONTROLLER_SERVICE_NAME - value: datadog-cluster-agent-admission-controller - - name: DD_ADMISSION_CONTROLLER_INJECT_CONFIG_MODE - value: socket - - name: DD_ADMISSION_CONTROLLER_INJECT_CONFIG_LOCAL_SERVICE_NAME - value: datadog - - name: DD_ADMISSION_CONTROLLER_FAILURE_POLICY - value: "Ignore" - - name: DD_ADMISSION_CONTROLLER_PORT - value: "8000" - - name: DD_ADMISSION_CONTROLLER_CONTAINER_REGISTRY - value: "gcr.io/datadoghq" - - - - name: DD_REMOTE_CONFIGURATION_ENABLED - value: "false" - - name: DD_CLUSTER_CHECKS_ENABLED - value: "true" - - name: DD_EXTRA_CONFIG_PROVIDERS - value: "kube_endpoints kube_services" - - name: DD_EXTRA_LISTENERS - value: "kube_endpoints kube_services" - - name: DD_LOG_LEVEL - value: "INFO" - - name: DD_LEADER_ELECTION - value: "true" - - name: DD_LEADER_ELECTION_DEFAULT_RESOURCE - value: "configmap" - - name: DD_LEADER_LEASE_DURATION - value: "15" - - name: DD_LEADER_LEASE_NAME - value: datadog-leader-election - - name: DD_CLUSTER_AGENT_TOKEN_NAME - value: datadogtoken - - name: DD_COLLECT_KUBERNETES_EVENTS - value: "true" - - name: DD_KUBERNETES_USE_ENDPOINT_SLICES - value: "false" - - name: DD_KUBERNETES_EVENTS_SOURCE_DETECTION_ENABLED - value: "false" - - name: DD_CLUSTER_AGENT_KUBERNETES_SERVICE_NAME - value: datadog-cluster-agent - - name: DD_CLUSTER_AGENT_AUTH_TOKEN - valueFrom: - secretKeyRef: - name: datadog-cluster-agent - key: token - - name: DD_CLUSTER_AGENT_COLLECT_KUBERNETES_TAGS - value: "false" - - name: DD_KUBE_RESOURCES_NAMESPACE - value: datadog-agent - - name: CHART_RELEASE_NAME - value: "datadog" - - name: AGENT_DAEMONSET - value: datadog - - name: CLUSTER_AGENT_DEPLOYMENT - value: datadog-cluster-agent - - name: DD_ORCHESTRATOR_EXPLORER_ENABLED - value: "true" - - name: DD_ORCHESTRATOR_EXPLORER_CONTAINER_SCRUBBING_ENABLED - value: "true" - - name: DD_CLUSTER_AGENT_LANGUAGE_DETECTION_PATCHER_ENABLED - value: "false" - - name: DD_INSTRUMENTATION_INSTALL_TIME - valueFrom: - configMapKeyRef: - name: datadog-kpi-telemetry-configmap - key: install_time - - name: DD_INSTRUMENTATION_INSTALL_ID - valueFrom: - configMapKeyRef: - name: datadog-kpi-telemetry-configmap - key: install_id - - name: DD_INSTRUMENTATION_INSTALL_TYPE - valueFrom: - configMapKeyRef: - name: datadog-kpi-telemetry-configmap - key: install_type - - livenessProbe: - failureThreshold: 6 - httpGet: - path: /live - port: 5556 - scheme: HTTP - initialDelaySeconds: 15 - periodSeconds: 15 - successThreshold: 1 - timeoutSeconds: 5 - readinessProbe: - failureThreshold: 6 - httpGet: - path: /ready - port: 5556 - scheme: HTTP - initialDelaySeconds: 15 - periodSeconds: 15 - successThreshold: 1 - timeoutSeconds: 5 - startupProbe: - failureThreshold: 6 - httpGet: - path: /startup - port: 5556 - scheme: HTTP - initialDelaySeconds: 15 - periodSeconds: 15 - successThreshold: 1 - timeoutSeconds: 5 - securityContext: - allowPrivilegeEscalation: false - readOnlyRootFilesystem: true - volumeMounts: - - name: datadogrun - mountPath: /opt/datadog-agent/run - readOnly: false - - name: varlog - mountPath: /var/log/datadog - readOnly: false - - name: tmpdir - mountPath: /tmp - readOnly: false - - name: installinfo - subPath: install_info - mountPath: /etc/datadog-agent/install_info - readOnly: true - - name: confd - mountPath: /conf.d - readOnly: true - - name: config - mountPath: /etc/datadog-agent + - name: cluster-agent + image: "gcr.io/datadoghq/cluster-agent:7.63.0" + imagePullPolicy: IfNotPresent + resources: {} + ports: + - containerPort: 5005 + name: agentport + protocol: TCP + - containerPort: 5000 + name: agentmetrics + protocol: TCP + - containerPort: 8000 + name: datadog-webhook + protocol: TCP + env: + - name: DD_POD_NAME + valueFrom: + fieldRef: + fieldPath: metadata.name + - name: DD_CLUSTER_AGENT_SERVICE_ACCOUNT_NAME + valueFrom: + fieldRef: + fieldPath: spec.serviceAccountName + - name: DD_HEALTH_PORT + value: "5556" + - name: DD_API_KEY + valueFrom: + secretKeyRef: + name: "datadog-secret" + key: api-key + optional: true + + - name: KUBERNETES + value: "yes" + - name: DD_LANGUAGE_DETECTION_ENABLED + value: "false" + - name: DD_LANGUAGE_DETECTION_REPORTING_ENABLED + value: "false" + - name: DD_ADMISSION_CONTROLLER_ENABLED + value: "true" + - name: DD_ADMISSION_CONTROLLER_VALIDATION_ENABLED + value: "true" + - name: DD_ADMISSION_CONTROLLER_MUTATION_ENABLED + value: "true" + - name: DD_ADMISSION_CONTROLLER_WEBHOOK_NAME + value: "datadog-webhook" + - name: DD_ADMISSION_CONTROLLER_MUTATE_UNLABELLED + value: "false" + - name: DD_ADMISSION_CONTROLLER_SERVICE_NAME + value: datadog-cluster-agent-admission-controller + - name: DD_ADMISSION_CONTROLLER_INJECT_CONFIG_MODE + value: socket + - name: DD_ADMISSION_CONTROLLER_INJECT_CONFIG_LOCAL_SERVICE_NAME + value: datadog + - name: DD_ADMISSION_CONTROLLER_FAILURE_POLICY + value: "Ignore" + - name: DD_ADMISSION_CONTROLLER_PORT + value: "8000" + - name: DD_ADMISSION_CONTROLLER_CONTAINER_REGISTRY + value: "gcr.io/datadoghq" + + - name: DD_REMOTE_CONFIGURATION_ENABLED + value: "false" + - name: DD_CLUSTER_CHECKS_ENABLED + value: "true" + - name: DD_EXTRA_CONFIG_PROVIDERS + value: "kube_endpoints kube_services" + - name: DD_EXTRA_LISTENERS + value: "kube_endpoints kube_services" + - name: DD_LOG_LEVEL + value: "INFO" + - name: DD_LEADER_ELECTION + value: "true" + - name: DD_LEADER_ELECTION_DEFAULT_RESOURCE + value: "configmap" + - name: DD_LEADER_LEASE_DURATION + value: "15" + - name: DD_LEADER_LEASE_NAME + value: datadog-leader-election + - name: DD_CLUSTER_AGENT_TOKEN_NAME + value: datadogtoken + - name: DD_COLLECT_KUBERNETES_EVENTS + value: "true" + - name: DD_KUBERNETES_USE_ENDPOINT_SLICES + value: "false" + - name: DD_KUBERNETES_EVENTS_SOURCE_DETECTION_ENABLED + value: "false" + - name: DD_CLUSTER_AGENT_KUBERNETES_SERVICE_NAME + value: datadog-cluster-agent + - name: DD_CLUSTER_AGENT_AUTH_TOKEN + valueFrom: + secretKeyRef: + name: datadog-cluster-agent + key: token + - name: DD_CLUSTER_AGENT_COLLECT_KUBERNETES_TAGS + value: "false" + - name: DD_KUBE_RESOURCES_NAMESPACE + value: datadog-agent + - name: CHART_RELEASE_NAME + value: "datadog" + - name: AGENT_DAEMONSET + value: datadog + - name: CLUSTER_AGENT_DEPLOYMENT + value: datadog-cluster-agent + - name: DD_ORCHESTRATOR_EXPLORER_ENABLED + value: "true" + - name: DD_ORCHESTRATOR_EXPLORER_CONTAINER_SCRUBBING_ENABLED + value: "true" + - name: DD_CLUSTER_AGENT_LANGUAGE_DETECTION_PATCHER_ENABLED + value: "false" + - name: DD_INSTRUMENTATION_INSTALL_TIME + valueFrom: + configMapKeyRef: + name: datadog-kpi-telemetry-configmap + key: install_time + - name: DD_INSTRUMENTATION_INSTALL_ID + valueFrom: + configMapKeyRef: + name: datadog-kpi-telemetry-configmap + key: install_id + - name: DD_INSTRUMENTATION_INSTALL_TYPE + valueFrom: + configMapKeyRef: + name: datadog-kpi-telemetry-configmap + key: install_type + + livenessProbe: + failureThreshold: 6 + httpGet: + path: /live + port: 5556 + scheme: HTTP + initialDelaySeconds: 15 + periodSeconds: 15 + successThreshold: 1 + timeoutSeconds: 5 + readinessProbe: + failureThreshold: 6 + httpGet: + path: /ready + port: 5556 + scheme: HTTP + initialDelaySeconds: 15 + periodSeconds: 15 + successThreshold: 1 + timeoutSeconds: 5 + startupProbe: + failureThreshold: 6 + httpGet: + path: /startup + port: 5556 + scheme: HTTP + initialDelaySeconds: 15 + periodSeconds: 15 + successThreshold: 1 + timeoutSeconds: 5 + securityContext: + allowPrivilegeEscalation: false + readOnlyRootFilesystem: true + volumeMounts: + - name: datadogrun + mountPath: /opt/datadog-agent/run + readOnly: false + - name: varlog + mountPath: /var/log/datadog + readOnly: false + - name: tmpdir + mountPath: /tmp + readOnly: false + - name: installinfo + subPath: install_info + mountPath: /etc/datadog-agent/install_info + readOnly: true + - name: confd + mountPath: /conf.d + readOnly: true + - name: config + mountPath: /etc/datadog-agent volumes: - name: datadogrun emptyDir: {} @@ -1681,10 +1665,10 @@ spec: configMap: name: datadog-cluster-agent-confd items: - - key: kubernetes_state_core.yaml.default - path: kubernetes_state_core.yaml.default - - key: kubernetes_apiserver.yaml - path: kubernetes_apiserver.yaml + - key: kubernetes_state_core.yaml.default + path: kubernetes_state_core.yaml.default + - key: kubernetes_apiserver.yaml + path: kubernetes_apiserver.yaml - name: config emptyDir: {} affinity: @@ -1692,11 +1676,11 @@ spec: # to guarantee that the standby instance can immediately take the lead from a leader running of a faulty node. podAntiAffinity: preferredDuringSchedulingIgnoredDuringExecution: - - weight: 50 - podAffinityTerm: - labelSelector: - matchLabels: - app: datadog-cluster-agent - topologyKey: kubernetes.io/hostname + - weight: 50 + podAffinityTerm: + labelSelector: + matchLabels: + app: datadog-cluster-agent + topologyKey: kubernetes.io/hostname nodeSelector: - kubernetes.io/os: linux \ No newline at end of file + kubernetes.io/os: linux From 3edc105f18d90a1a5e854101ec7751c280ced655 Mon Sep 17 00:00:00 2001 From: levan-m <116471169+levan-m@users.noreply.github.com> Date: Thu, 27 Feb 2025 14:32:49 -0500 Subject: [PATCH 28/45] Filter dynamic fields in datadog chart baseline tests (#1721) * Reformat baselines * Add dynamic key filtering to datadog chart baseline tests * run pr-validated PR on test changes * workflow name --- .github/workflows/no-ci.yaml | 3 +- test/common/common.go | 60 +- ...gent-clusterchecks-deployment_default.yaml | 163 +- .../cluster-agent-deployment_default.yaml | 206 ++- ...loyment_default_advanced_AC_injection.yaml | 206 ++- ...ployment_default_minimal_AC_injection.yaml | 206 ++- test/datadog/baseline/daemonset_default.yaml | 346 ++--- test/datadog/baseline/default_all.yaml | 1361 +++++++++++++++++ .../baseline/gdc_daemonset_default.yaml | 194 ++- .../gdc_daemonset_logs_collection.yaml | 218 ++- test/datadog/baseline/other_default.yaml | 1171 +++++++------- test/datadog/baseline_test.go | 51 +- 12 files changed, 2742 insertions(+), 1443 deletions(-) create mode 100644 test/datadog/baseline/default_all.yaml diff --git a/.github/workflows/no-ci.yaml b/.github/workflows/no-ci.yaml index f7224dd5d..79b8089bf 100644 --- a/.github/workflows/no-ci.yaml +++ b/.github/workflows/no-ci.yaml @@ -1,9 +1,8 @@ -name: No lint and test needed +name: No chart lint and test needed on: pull_request: paths-ignore: - 'charts/**' - - 'test/**' jobs: pr-validated: name: pr-validated diff --git a/test/common/common.go b/test/common/common.go index e34b481b8..8c71d242d 100644 --- a/test/common/common.go +++ b/test/common/common.go @@ -1,7 +1,9 @@ package common import ( - appsv1 "k8s.io/api/apps/v1" + "bytes" + "fmt" + "io" "os" "path/filepath" "strings" @@ -11,6 +13,9 @@ import ( "github.com/gruntwork-io/terratest/modules/k8s" "github.com/gruntwork-io/terratest/modules/random" "github.com/stretchr/testify/require" + yaml "gopkg.in/yaml.v3" + appsv1 "k8s.io/api/apps/v1" + yaml2 "k8s.io/apimachinery/pkg/util/yaml" ) type HelmCommand struct { @@ -117,3 +122,56 @@ func Contains(str string, list []string) bool { } return false } + +// Takes multi-document YAML and filter out keys from each document. +func FilterYamlKeysMultiManifest(manifest string, filterKeys map[string]interface{}) (string, error) { + reader := strings.NewReader(manifest) + decoder := yaml2.NewYAMLOrJSONDecoder(reader, 4096) + builder := strings.Builder{} + for { + var obj map[string]interface{} + // We read the next YAML document from the input stream until we reach EOF. + // This is needed if Helm rendering contains multiple resource manifests. + err := decoder.Decode(&obj) + if err == io.EOF { + break + } + if err != nil { + return "", fmt.Errorf("couldn't decode manifest for filtering dynamic keys: %s", err) + } + + filterKeysRecursive(&obj, filterKeys) + + var buf bytes.Buffer + enc := yaml.NewEncoder(&buf) + enc.SetIndent(2) // Adjust indentation (default is 4) + err = enc.Encode(obj) + if err != nil { + return "", fmt.Errorf("couldn't encode manifest after filtering: %s", err) + } + + err = enc.Close() + if err != nil { + return "", fmt.Errorf("couldn't close encoder: %s", err) + } + + output := buf.String() + _, err = builder.WriteString(output) + if err != nil { + return "", fmt.Errorf("couldn't write manifest string in builder: %s", err) + } + builder.WriteString("---\n") + } + return builder.String(), nil +} + +func filterKeysRecursive(yamlMap *map[string]interface{}, keys map[string]interface{}) { + for yamlKey := range *yamlMap { + if _, found := keys[yamlKey]; found { + // fmt.Println("deleting key", yamlKey) + delete(*yamlMap, yamlKey) + } else if nested, ok := (*yamlMap)[yamlKey].(map[string]interface{}); ok { + filterKeysRecursive(&nested, keys) + } + } +} diff --git a/test/datadog/baseline/agent-clusterchecks-deployment_default.yaml b/test/datadog/baseline/agent-clusterchecks-deployment_default.yaml index ade6ff696..eb57aace4 100644 --- a/test/datadog/baseline/agent-clusterchecks-deployment_default.yaml +++ b/test/datadog/baseline/agent-clusterchecks-deployment_default.yaml @@ -1,92 +1,67 @@ ---- -# Source: datadog/templates/agent-clusterchecks-deployment.yaml apiVersion: apps/v1 kind: Deployment metadata: - name: datadog-clusterchecks - namespace: datadog-agent labels: - helm.sh/chart: "datadog-3.98.1" - app.kubernetes.io/name: "datadog" - app.kubernetes.io/instance: "datadog" + app.kubernetes.io/component: clusterchecks-agent + app.kubernetes.io/instance: datadog app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: datadog app.kubernetes.io/version: "7" - app.kubernetes.io/component: clusterchecks-agent - + name: datadog-clusterchecks + namespace: datadog-agent spec: replicas: 2 revisionHistoryLimit: 10 + selector: + matchLabels: + app: datadog-clusterchecks strategy: rollingUpdate: maxSurge: 1 maxUnavailable: 0 type: RollingUpdate - selector: - matchLabels: - app: datadog-clusterchecks template: metadata: + annotations: {} labels: - app.kubernetes.io/name: "datadog" - app.kubernetes.io/instance: "datadog" - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/component: clusterchecks-agent admission.datadoghq.com/enabled: "false" app: datadog-clusterchecks - + app.kubernetes.io/component: clusterchecks-agent + app.kubernetes.io/instance: datadog + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: datadog name: datadog-clusterchecks - annotations: - checksum/clusteragent_token: ce75393cbdc42f29bc23068e7ebd685d85a9d00f6eab86c9030153d065d7c2bc - checksum/install_info: 5dc2ee139450be3da942ecdcd059c0481d4422714c642d6592cba7c2779ee0f4 spec: - serviceAccountName: datadog-cluster-checks + affinity: + podAntiAffinity: + preferredDuringSchedulingIgnoredDuringExecution: + - podAffinityTerm: + labelSelector: + matchLabels: + app: datadog-clusterchecks + topologyKey: kubernetes.io/hostname + weight: 50 automountServiceAccountToken: true - imagePullSecrets: [] - initContainers: - - name: init-volume - image: "gcr.io/datadoghq/agent:7.63.0" - imagePullPolicy: IfNotPresent - command: ["bash", "-c"] - args: - - cp -r /etc/datadog-agent /opt - volumeMounts: - - name: config - mountPath: /opt/datadog-agent - readOnly: false # Need RW for writing agent config files - resources: {} - - name: init-config - image: "gcr.io/datadoghq/agent:7.63.0" - imagePullPolicy: IfNotPresent - command: ["bash", "-c"] - args: - - for script in $(find /etc/cont-init.d/ -type f -name '*.sh' | sort) ; do bash $script ; done - volumeMounts: - - name: config - mountPath: /etc/datadog-agent - readOnly: false # Need RW for writing datadog.yaml config file - resources: {} containers: - - name: agent - image: "gcr.io/datadoghq/agent:7.63.0" - command: ["bash", "-c"] - args: + - args: - find /etc/datadog-agent/conf.d/ -name "*.yaml.default" -type f -delete && touch /etc/datadog-agent/datadog.yaml && exec agent run - imagePullPolicy: IfNotPresent + command: + - bash + - -c env: - name: KUBERNETES value: "yes" - name: DD_API_KEY valueFrom: secretKeyRef: - name: "datadog-secret" key: api-key + name: datadog-secret - name: DD_LOG_LEVEL - value: "INFO" + value: INFO - name: DD_EXTRA_CONFIG_PROVIDERS - value: "clusterchecks" + value: clusterchecks - name: DD_HEALTH_PORT value: "5557" - # Cluster checks (cluster-agent communication) - name: DD_CLUSTER_AGENT_ENABLED value: "true" - name: DD_CLUSTER_AGENT_KUBERNETES_SERVICE_NAME @@ -94,12 +69,10 @@ spec: - name: DD_CLUSTER_AGENT_AUTH_TOKEN valueFrom: secretKeyRef: - name: datadog-cluster-agent key: token - # Safely run alongside the daemonset + name: datadog-cluster-agent - name: DD_ENABLE_METADATA_COLLECTION value: "false" - # Expose CLC stats - name: DD_CLC_RUNNER_ENABLED value: "true" - name: DD_CLC_RUNNER_HOST @@ -110,7 +83,6 @@ spec: valueFrom: fieldRef: fieldPath: metadata.name - # Remove unused features - name: DD_USE_DOGSTATSD value: "false" - name: DD_PROCESS_AGENT_ENABLED @@ -125,16 +97,8 @@ spec: valueFrom: fieldRef: fieldPath: spec.nodeName - - resources: {} - volumeMounts: - - name: installinfo - subPath: install_info - mountPath: /etc/datadog-agent/install_info - readOnly: true - - name: config - mountPath: /etc/datadog-agent - readOnly: false # Need RW for config path + image: gcr.io/datadoghq/agent:7.63.0 + imagePullPolicy: IfNotPresent livenessProbe: failureThreshold: 6 httpGet: @@ -145,6 +109,7 @@ spec: periodSeconds: 15 successThreshold: 1 timeoutSeconds: 5 + name: agent readinessProbe: failureThreshold: 6 httpGet: @@ -155,6 +120,7 @@ spec: periodSeconds: 15 successThreshold: 1 timeoutSeconds: 5 + resources: {} startupProbe: failureThreshold: 6 httpGet: @@ -165,22 +131,49 @@ spec: periodSeconds: 15 successThreshold: 1 timeoutSeconds: 5 - volumes: - - name: installinfo - configMap: - name: datadog-installinfo - - name: config - emptyDir: {} - affinity: - # Prefer scheduling the runners on different nodes if possible - # for better checks stability in case of node failure. - podAntiAffinity: - preferredDuringSchedulingIgnoredDuringExecution: - - weight: 50 - podAffinityTerm: - labelSelector: - matchLabels: - app: datadog-clusterchecks - topologyKey: kubernetes.io/hostname + volumeMounts: + - mountPath: /etc/datadog-agent/install_info + name: installinfo + readOnly: true + subPath: install_info + - mountPath: /etc/datadog-agent + name: config + readOnly: false + imagePullSecrets: [] + initContainers: + - args: + - cp -r /etc/datadog-agent /opt + command: + - bash + - -c + image: gcr.io/datadoghq/agent:7.63.0 + imagePullPolicy: IfNotPresent + name: init-volume + resources: {} + volumeMounts: + - mountPath: /opt/datadog-agent + name: config + readOnly: false + - args: + - for script in $(find /etc/cont-init.d/ -type f -name '*.sh' | sort) ; do bash $script ; done + command: + - bash + - -c + image: gcr.io/datadoghq/agent:7.63.0 + imagePullPolicy: IfNotPresent + name: init-config + resources: {} + volumeMounts: + - mountPath: /etc/datadog-agent + name: config + readOnly: false nodeSelector: kubernetes.io/os: linux + serviceAccountName: datadog-cluster-checks + volumes: + - configMap: + name: datadog-installinfo + name: installinfo + - emptyDir: {} + name: config +--- diff --git a/test/datadog/baseline/cluster-agent-deployment_default.yaml b/test/datadog/baseline/cluster-agent-deployment_default.yaml index 046ece91e..ebb4f8a6c 100644 --- a/test/datadog/baseline/cluster-agent-deployment_default.yaml +++ b/test/datadog/baseline/cluster-agent-deployment_default.yaml @@ -1,78 +1,49 @@ ---- -# Source: datadog/templates/cluster-agent-deployment.yaml apiVersion: apps/v1 kind: Deployment metadata: - name: datadog-cluster-agent - namespace: datadog-agent labels: - helm.sh/chart: "datadog-3.98.1" - app.kubernetes.io/name: "datadog" - app.kubernetes.io/instance: "datadog" + app.kubernetes.io/component: cluster-agent + app.kubernetes.io/instance: datadog app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: datadog app.kubernetes.io/version: "7" - app.kubernetes.io/component: cluster-agent - + name: datadog-cluster-agent + namespace: datadog-agent spec: replicas: 1 revisionHistoryLimit: 10 + selector: + matchLabels: + app: datadog-cluster-agent strategy: rollingUpdate: maxSurge: 1 maxUnavailable: 0 type: RollingUpdate - selector: - matchLabels: - app: datadog-cluster-agent template: metadata: + annotations: {} labels: - app.kubernetes.io/name: "datadog" - app.kubernetes.io/instance: "datadog" - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/component: cluster-agent admission.datadoghq.com/enabled: "false" app: datadog-cluster-agent - + app.kubernetes.io/component: cluster-agent + app.kubernetes.io/instance: datadog + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: datadog name: datadog-cluster-agent - annotations: - checksum/clusteragent_token: 34148a29542217f2ac0f20b3b8be5eba4fb54f6cc59d7dc3c81f9098e32e80b5 - checksum/clusteragent-configmap: 23aba2cccbdf1563326d25166e91751298fdd7d6d2d545db2c9402170d19a8a8 - checksum/api_key: 0ad0c720629ae13ef081208d24bd515121f08686f472fd690fdce6e482fd6be9 - checksum/application_key: 01ba4719c80b6fe911b091a7c05124b64eeece964e09c058ef8f9805daca546b - checksum/install_info: 5dc2ee139450be3da942ecdcd059c0481d4422714c642d6592cba7c2779ee0f4 spec: - serviceAccountName: datadog-cluster-agent + affinity: + podAntiAffinity: + preferredDuringSchedulingIgnoredDuringExecution: + - podAffinityTerm: + labelSelector: + matchLabels: + app: datadog-cluster-agent + topologyKey: kubernetes.io/hostname + weight: 50 automountServiceAccountToken: true - initContainers: - - name: init-volume - image: "gcr.io/datadoghq/cluster-agent:7.63.0" - imagePullPolicy: IfNotPresent - command: - - cp - - -r - args: - - /etc/datadog-agent - - /opt - volumeMounts: - - name: config - mountPath: /opt/datadog-agent containers: - - name: cluster-agent - image: "gcr.io/datadoghq/cluster-agent:7.63.0" - imagePullPolicy: IfNotPresent - resources: {} - ports: - - containerPort: 5005 - name: agentport - protocol: TCP - - containerPort: 5000 - name: agentmetrics - protocol: TCP - - containerPort: 8000 - name: datadog-webhook - protocol: TCP - env: + - env: - name: DD_POD_NAME valueFrom: fieldRef: @@ -86,10 +57,9 @@ spec: - name: DD_API_KEY valueFrom: secretKeyRef: - name: "datadog" key: api-key + name: datadog optional: true - - name: KUBERNETES value: "yes" - name: DD_LANGUAGE_DETECTION_ENABLED @@ -103,7 +73,7 @@ spec: - name: DD_ADMISSION_CONTROLLER_MUTATION_ENABLED value: "true" - name: DD_ADMISSION_CONTROLLER_WEBHOOK_NAME - value: "datadog-webhook" + value: datadog-webhook - name: DD_ADMISSION_CONTROLLER_MUTATE_UNLABELLED value: "false" - name: DD_ADMISSION_CONTROLLER_SERVICE_NAME @@ -113,26 +83,25 @@ spec: - name: DD_ADMISSION_CONTROLLER_INJECT_CONFIG_LOCAL_SERVICE_NAME value: datadog - name: DD_ADMISSION_CONTROLLER_FAILURE_POLICY - value: "Ignore" + value: Ignore - name: DD_ADMISSION_CONTROLLER_PORT value: "8000" - name: DD_ADMISSION_CONTROLLER_CONTAINER_REGISTRY - value: "gcr.io/datadoghq" - + value: gcr.io/datadoghq - name: DD_REMOTE_CONFIGURATION_ENABLED value: "false" - name: DD_CLUSTER_CHECKS_ENABLED value: "true" - name: DD_EXTRA_CONFIG_PROVIDERS - value: "kube_endpoints kube_services" + value: kube_endpoints kube_services - name: DD_EXTRA_LISTENERS - value: "kube_endpoints kube_services" + value: kube_endpoints kube_services - name: DD_LOG_LEVEL - value: "INFO" + value: INFO - name: DD_LEADER_ELECTION value: "true" - name: DD_LEADER_ELECTION_DEFAULT_RESOURCE - value: "configmap" + value: configmap - name: DD_LEADER_LEASE_NAME value: datadog-leader-election - name: DD_CLUSTER_AGENT_TOKEN_NAME @@ -148,14 +117,14 @@ spec: - name: DD_CLUSTER_AGENT_AUTH_TOKEN valueFrom: secretKeyRef: - name: datadog-cluster-agent key: token + name: datadog-cluster-agent - name: DD_CLUSTER_AGENT_COLLECT_KUBERNETES_TAGS value: "false" - name: DD_KUBE_RESOURCES_NAMESPACE value: datadog-agent - name: CHART_RELEASE_NAME - value: "datadog" + value: datadog - name: AGENT_DAEMONSET value: datadog - name: CLUSTER_AGENT_DEPLOYMENT @@ -169,19 +138,20 @@ spec: - name: DD_INSTRUMENTATION_INSTALL_TIME valueFrom: configMapKeyRef: - name: datadog-kpi-telemetry-configmap key: install_time + name: datadog-kpi-telemetry-configmap - name: DD_INSTRUMENTATION_INSTALL_ID valueFrom: configMapKeyRef: - name: datadog-kpi-telemetry-configmap key: install_id + name: datadog-kpi-telemetry-configmap - name: DD_INSTRUMENTATION_INSTALL_TYPE valueFrom: configMapKeyRef: - name: datadog-kpi-telemetry-configmap key: install_type - + name: datadog-kpi-telemetry-configmap + image: gcr.io/datadoghq/cluster-agent:7.63.0 + imagePullPolicy: IfNotPresent livenessProbe: failureThreshold: 6 httpGet: @@ -192,6 +162,17 @@ spec: periodSeconds: 15 successThreshold: 1 timeoutSeconds: 5 + name: cluster-agent + ports: + - containerPort: 5005 + name: agentport + protocol: TCP + - containerPort: 5000 + name: agentmetrics + protocol: TCP + - containerPort: 8000 + name: datadog-webhook + protocol: TCP readinessProbe: failureThreshold: 6 httpGet: @@ -202,6 +183,10 @@ spec: periodSeconds: 15 successThreshold: 1 timeoutSeconds: 5 + resources: {} + securityContext: + allowPrivilegeEscalation: false + readOnlyRootFilesystem: true startupProbe: failureThreshold: 6 httpGet: @@ -212,58 +197,59 @@ spec: periodSeconds: 15 successThreshold: 1 timeoutSeconds: 5 - securityContext: - allowPrivilegeEscalation: false - readOnlyRootFilesystem: true volumeMounts: - - name: datadogrun - mountPath: /opt/datadog-agent/run + - mountPath: /opt/datadog-agent/run + name: datadogrun readOnly: false - - name: varlog - mountPath: /var/log/datadog + - mountPath: /var/log/datadog + name: varlog readOnly: false - - name: tmpdir - mountPath: /tmp + - mountPath: /tmp + name: tmpdir readOnly: false - - name: installinfo - subPath: install_info - mountPath: /etc/datadog-agent/install_info + - mountPath: /etc/datadog-agent/install_info + name: installinfo readOnly: true - - name: confd - mountPath: /conf.d + subPath: install_info + - mountPath: /conf.d + name: confd readOnly: true - - name: config - mountPath: /etc/datadog-agent + - mountPath: /etc/datadog-agent + name: config + initContainers: + - args: + - /etc/datadog-agent + - /opt + command: + - cp + - -r + image: gcr.io/datadoghq/cluster-agent:7.63.0 + imagePullPolicy: IfNotPresent + name: init-volume + volumeMounts: + - mountPath: /opt/datadog-agent + name: config + nodeSelector: + kubernetes.io/os: linux + serviceAccountName: datadog-cluster-agent volumes: - - name: datadogrun - emptyDir: {} - - name: varlog - emptyDir: {} - - name: tmpdir - emptyDir: {} - - name: installinfo - configMap: + - emptyDir: {} + name: datadogrun + - emptyDir: {} + name: varlog + - emptyDir: {} + name: tmpdir + - configMap: name: datadog-installinfo - - name: confd - configMap: - name: datadog-cluster-agent-confd + name: installinfo + - configMap: items: - key: kubernetes_state_core.yaml.default path: kubernetes_state_core.yaml.default - key: kubernetes_apiserver.yaml path: kubernetes_apiserver.yaml - - name: config - emptyDir: {} - affinity: - # Prefer scheduling the cluster agents on different nodes - # to guarantee that the standby instance can immediately take the lead from a leader running of a faulty node. - podAntiAffinity: - preferredDuringSchedulingIgnoredDuringExecution: - - weight: 50 - podAffinityTerm: - labelSelector: - matchLabels: - app: datadog-cluster-agent - topologyKey: kubernetes.io/hostname - nodeSelector: - kubernetes.io/os: linux + name: datadog-cluster-agent-confd + name: confd + - emptyDir: {} + name: config +--- diff --git a/test/datadog/baseline/cluster-agent-deployment_default_advanced_AC_injection.yaml b/test/datadog/baseline/cluster-agent-deployment_default_advanced_AC_injection.yaml index 97a862e8f..5ec163755 100644 --- a/test/datadog/baseline/cluster-agent-deployment_default_advanced_AC_injection.yaml +++ b/test/datadog/baseline/cluster-agent-deployment_default_advanced_AC_injection.yaml @@ -1,78 +1,49 @@ ---- -# Source: datadog/templates/cluster-agent-deployment.yaml apiVersion: apps/v1 kind: Deployment metadata: - name: datadog-cluster-agent - namespace: datadog-agent labels: - helm.sh/chart: "datadog-3.98.1" - app.kubernetes.io/name: "datadog" - app.kubernetes.io/instance: "datadog" + app.kubernetes.io/component: cluster-agent + app.kubernetes.io/instance: datadog app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: datadog app.kubernetes.io/version: "7" - app.kubernetes.io/component: cluster-agent - + name: datadog-cluster-agent + namespace: datadog-agent spec: replicas: 1 revisionHistoryLimit: 10 + selector: + matchLabels: + app: datadog-cluster-agent strategy: rollingUpdate: maxSurge: 1 maxUnavailable: 0 type: RollingUpdate - selector: - matchLabels: - app: datadog-cluster-agent template: metadata: + annotations: {} labels: - app.kubernetes.io/name: "datadog" - app.kubernetes.io/instance: "datadog" - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/component: cluster-agent admission.datadoghq.com/enabled: "false" app: datadog-cluster-agent - + app.kubernetes.io/component: cluster-agent + app.kubernetes.io/instance: datadog + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: datadog name: datadog-cluster-agent - annotations: - checksum/clusteragent_token: f6e2f64e9a4f2f4115bef3a3abb83debde7a322cc6226606ed8e2ba84eafa597 - checksum/clusteragent-configmap: 23aba2cccbdf1563326d25166e91751298fdd7d6d2d545db2c9402170d19a8a8 - checksum/api_key: 0ad0c720629ae13ef081208d24bd515121f08686f472fd690fdce6e482fd6be9 - checksum/application_key: 01ba4719c80b6fe911b091a7c05124b64eeece964e09c058ef8f9805daca546b - checksum/install_info: 5dc2ee139450be3da942ecdcd059c0481d4422714c642d6592cba7c2779ee0f4 spec: - serviceAccountName: datadog-cluster-agent + affinity: + podAntiAffinity: + preferredDuringSchedulingIgnoredDuringExecution: + - podAffinityTerm: + labelSelector: + matchLabels: + app: datadog-cluster-agent + topologyKey: kubernetes.io/hostname + weight: 50 automountServiceAccountToken: true - initContainers: - - name: init-volume - image: "gcr.io/datadoghq/cluster-agent:7.63.0" - imagePullPolicy: IfNotPresent - command: - - cp - - -r - args: - - /etc/datadog-agent - - /opt - volumeMounts: - - name: config - mountPath: /opt/datadog-agent containers: - - name: cluster-agent - image: "gcr.io/datadoghq/cluster-agent:7.63.0" - imagePullPolicy: IfNotPresent - resources: {} - ports: - - containerPort: 5005 - name: agentport - protocol: TCP - - containerPort: 5000 - name: agentmetrics - protocol: TCP - - containerPort: 8000 - name: datadog-webhook - protocol: TCP - env: + - env: - name: DD_POD_NAME valueFrom: fieldRef: @@ -86,10 +57,9 @@ spec: - name: DD_API_KEY valueFrom: secretKeyRef: - name: "datadog" key: api-key + name: datadog optional: true - - name: KUBERNETES value: "yes" - name: DD_LANGUAGE_DETECTION_ENABLED @@ -103,7 +73,7 @@ spec: - name: DD_ADMISSION_CONTROLLER_MUTATION_ENABLED value: "true" - name: DD_ADMISSION_CONTROLLER_WEBHOOK_NAME - value: "datadog-webhook" + value: datadog-webhook - name: DD_ADMISSION_CONTROLLER_MUTATE_UNLABELLED value: "false" - name: DD_ADMISSION_CONTROLLER_SERVICE_NAME @@ -113,12 +83,11 @@ spec: - name: DD_ADMISSION_CONTROLLER_INJECT_CONFIG_LOCAL_SERVICE_NAME value: datadog - name: DD_ADMISSION_CONTROLLER_FAILURE_POLICY - value: "Ignore" + value: Ignore - name: DD_ADMISSION_CONTROLLER_PORT value: "8000" - name: DD_ADMISSION_CONTROLLER_CONTAINER_REGISTRY - value: "gcr.io/datadoghq" - + value: gcr.io/datadoghq - name: DD_ADMISSION_CONTROLLER_AGENT_SIDECAR_ENABLED value: "true" - name: DD_ADMISSION_CONTROLLER_AGENT_SIDECAR_CLUSTER_AGENT_ENABLED @@ -138,15 +107,15 @@ spec: - name: DD_CLUSTER_CHECKS_ENABLED value: "true" - name: DD_EXTRA_CONFIG_PROVIDERS - value: "kube_endpoints kube_services" + value: kube_endpoints kube_services - name: DD_EXTRA_LISTENERS - value: "kube_endpoints kube_services" + value: kube_endpoints kube_services - name: DD_LOG_LEVEL - value: "INFO" + value: INFO - name: DD_LEADER_ELECTION value: "true" - name: DD_LEADER_ELECTION_DEFAULT_RESOURCE - value: "configmap" + value: configmap - name: DD_LEADER_LEASE_NAME value: datadog-leader-election - name: DD_CLUSTER_AGENT_TOKEN_NAME @@ -162,14 +131,14 @@ spec: - name: DD_CLUSTER_AGENT_AUTH_TOKEN valueFrom: secretKeyRef: - name: datadog-cluster-agent key: token + name: datadog-cluster-agent - name: DD_CLUSTER_AGENT_COLLECT_KUBERNETES_TAGS value: "false" - name: DD_KUBE_RESOURCES_NAMESPACE value: datadog-agent - name: CHART_RELEASE_NAME - value: "datadog" + value: datadog - name: AGENT_DAEMONSET value: datadog - name: CLUSTER_AGENT_DEPLOYMENT @@ -183,19 +152,20 @@ spec: - name: DD_INSTRUMENTATION_INSTALL_TIME valueFrom: configMapKeyRef: - name: datadog-kpi-telemetry-configmap key: install_time + name: datadog-kpi-telemetry-configmap - name: DD_INSTRUMENTATION_INSTALL_ID valueFrom: configMapKeyRef: - name: datadog-kpi-telemetry-configmap key: install_id + name: datadog-kpi-telemetry-configmap - name: DD_INSTRUMENTATION_INSTALL_TYPE valueFrom: configMapKeyRef: - name: datadog-kpi-telemetry-configmap key: install_type - + name: datadog-kpi-telemetry-configmap + image: gcr.io/datadoghq/cluster-agent:7.63.0 + imagePullPolicy: IfNotPresent livenessProbe: failureThreshold: 6 httpGet: @@ -206,6 +176,17 @@ spec: periodSeconds: 15 successThreshold: 1 timeoutSeconds: 5 + name: cluster-agent + ports: + - containerPort: 5005 + name: agentport + protocol: TCP + - containerPort: 5000 + name: agentmetrics + protocol: TCP + - containerPort: 8000 + name: datadog-webhook + protocol: TCP readinessProbe: failureThreshold: 6 httpGet: @@ -216,6 +197,10 @@ spec: periodSeconds: 15 successThreshold: 1 timeoutSeconds: 5 + resources: {} + securityContext: + allowPrivilegeEscalation: false + readOnlyRootFilesystem: true startupProbe: failureThreshold: 6 httpGet: @@ -226,58 +211,59 @@ spec: periodSeconds: 15 successThreshold: 1 timeoutSeconds: 5 - securityContext: - allowPrivilegeEscalation: false - readOnlyRootFilesystem: true volumeMounts: - - name: datadogrun - mountPath: /opt/datadog-agent/run + - mountPath: /opt/datadog-agent/run + name: datadogrun readOnly: false - - name: varlog - mountPath: /var/log/datadog + - mountPath: /var/log/datadog + name: varlog readOnly: false - - name: tmpdir - mountPath: /tmp + - mountPath: /tmp + name: tmpdir readOnly: false - - name: installinfo - subPath: install_info - mountPath: /etc/datadog-agent/install_info + - mountPath: /etc/datadog-agent/install_info + name: installinfo readOnly: true - - name: confd - mountPath: /conf.d + subPath: install_info + - mountPath: /conf.d + name: confd readOnly: true - - name: config - mountPath: /etc/datadog-agent + - mountPath: /etc/datadog-agent + name: config + initContainers: + - args: + - /etc/datadog-agent + - /opt + command: + - cp + - -r + image: gcr.io/datadoghq/cluster-agent:7.63.0 + imagePullPolicy: IfNotPresent + name: init-volume + volumeMounts: + - mountPath: /opt/datadog-agent + name: config + nodeSelector: + kubernetes.io/os: linux + serviceAccountName: datadog-cluster-agent volumes: - - name: datadogrun - emptyDir: {} - - name: varlog - emptyDir: {} - - name: tmpdir - emptyDir: {} - - name: installinfo - configMap: + - emptyDir: {} + name: datadogrun + - emptyDir: {} + name: varlog + - emptyDir: {} + name: tmpdir + - configMap: name: datadog-installinfo - - name: confd - configMap: - name: datadog-cluster-agent-confd + name: installinfo + - configMap: items: - key: kubernetes_state_core.yaml.default path: kubernetes_state_core.yaml.default - key: kubernetes_apiserver.yaml path: kubernetes_apiserver.yaml - - name: config - emptyDir: {} - affinity: - # Prefer scheduling the cluster agents on different nodes - # to guarantee that the standby instance can immediately take the lead from a leader running of a faulty node. - podAntiAffinity: - preferredDuringSchedulingIgnoredDuringExecution: - - weight: 50 - podAffinityTerm: - labelSelector: - matchLabels: - app: datadog-cluster-agent - topologyKey: kubernetes.io/hostname - nodeSelector: - kubernetes.io/os: linux + name: datadog-cluster-agent-confd + name: confd + - emptyDir: {} + name: config +--- diff --git a/test/datadog/baseline/cluster-agent-deployment_default_minimal_AC_injection.yaml b/test/datadog/baseline/cluster-agent-deployment_default_minimal_AC_injection.yaml index c06487dec..36200578f 100644 --- a/test/datadog/baseline/cluster-agent-deployment_default_minimal_AC_injection.yaml +++ b/test/datadog/baseline/cluster-agent-deployment_default_minimal_AC_injection.yaml @@ -1,78 +1,49 @@ ---- -# Source: datadog/templates/cluster-agent-deployment.yaml apiVersion: apps/v1 kind: Deployment metadata: - name: datadog-cluster-agent - namespace: datadog-agent labels: - helm.sh/chart: "datadog-3.98.1" - app.kubernetes.io/name: "datadog" - app.kubernetes.io/instance: "datadog" + app.kubernetes.io/component: cluster-agent + app.kubernetes.io/instance: datadog app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: datadog app.kubernetes.io/version: "7" - app.kubernetes.io/component: cluster-agent - + name: datadog-cluster-agent + namespace: datadog-agent spec: replicas: 1 revisionHistoryLimit: 10 + selector: + matchLabels: + app: datadog-cluster-agent strategy: rollingUpdate: maxSurge: 1 maxUnavailable: 0 type: RollingUpdate - selector: - matchLabels: - app: datadog-cluster-agent template: metadata: + annotations: {} labels: - app.kubernetes.io/name: "datadog" - app.kubernetes.io/instance: "datadog" - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/component: cluster-agent admission.datadoghq.com/enabled: "false" app: datadog-cluster-agent - + app.kubernetes.io/component: cluster-agent + app.kubernetes.io/instance: datadog + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: datadog name: datadog-cluster-agent - annotations: - checksum/clusteragent_token: 576e732a32a1d08d77384a65ed64027db154c2a6254a456a75948b7de4278242 - checksum/clusteragent-configmap: 23aba2cccbdf1563326d25166e91751298fdd7d6d2d545db2c9402170d19a8a8 - checksum/api_key: 0ad0c720629ae13ef081208d24bd515121f08686f472fd690fdce6e482fd6be9 - checksum/application_key: 01ba4719c80b6fe911b091a7c05124b64eeece964e09c058ef8f9805daca546b - checksum/install_info: 5dc2ee139450be3da942ecdcd059c0481d4422714c642d6592cba7c2779ee0f4 spec: - serviceAccountName: datadog-cluster-agent + affinity: + podAntiAffinity: + preferredDuringSchedulingIgnoredDuringExecution: + - podAffinityTerm: + labelSelector: + matchLabels: + app: datadog-cluster-agent + topologyKey: kubernetes.io/hostname + weight: 50 automountServiceAccountToken: true - initContainers: - - name: init-volume - image: "gcr.io/datadoghq/cluster-agent:7.63.0" - imagePullPolicy: IfNotPresent - command: - - cp - - -r - args: - - /etc/datadog-agent - - /opt - volumeMounts: - - name: config - mountPath: /opt/datadog-agent containers: - - name: cluster-agent - image: "gcr.io/datadoghq/cluster-agent:7.63.0" - imagePullPolicy: IfNotPresent - resources: {} - ports: - - containerPort: 5005 - name: agentport - protocol: TCP - - containerPort: 5000 - name: agentmetrics - protocol: TCP - - containerPort: 8000 - name: datadog-webhook - protocol: TCP - env: + - env: - name: DD_POD_NAME valueFrom: fieldRef: @@ -86,10 +57,9 @@ spec: - name: DD_API_KEY valueFrom: secretKeyRef: - name: "datadog" key: api-key + name: datadog optional: true - - name: KUBERNETES value: "yes" - name: DD_LANGUAGE_DETECTION_ENABLED @@ -103,7 +73,7 @@ spec: - name: DD_ADMISSION_CONTROLLER_MUTATION_ENABLED value: "true" - name: DD_ADMISSION_CONTROLLER_WEBHOOK_NAME - value: "datadog-webhook" + value: datadog-webhook - name: DD_ADMISSION_CONTROLLER_MUTATE_UNLABELLED value: "false" - name: DD_ADMISSION_CONTROLLER_SERVICE_NAME @@ -113,12 +83,11 @@ spec: - name: DD_ADMISSION_CONTROLLER_INJECT_CONFIG_LOCAL_SERVICE_NAME value: datadog - name: DD_ADMISSION_CONTROLLER_FAILURE_POLICY - value: "Ignore" + value: Ignore - name: DD_ADMISSION_CONTROLLER_PORT value: "8000" - name: DD_ADMISSION_CONTROLLER_CONTAINER_REGISTRY - value: "gcr.io/datadoghq" - + value: gcr.io/datadoghq - name: DD_ADMISSION_CONTROLLER_AGENT_SIDECAR_ENABLED value: "true" - name: DD_ADMISSION_CONTROLLER_AGENT_SIDECAR_CLUSTER_AGENT_ENABLED @@ -134,15 +103,15 @@ spec: - name: DD_CLUSTER_CHECKS_ENABLED value: "true" - name: DD_EXTRA_CONFIG_PROVIDERS - value: "kube_endpoints kube_services" + value: kube_endpoints kube_services - name: DD_EXTRA_LISTENERS - value: "kube_endpoints kube_services" + value: kube_endpoints kube_services - name: DD_LOG_LEVEL - value: "INFO" + value: INFO - name: DD_LEADER_ELECTION value: "true" - name: DD_LEADER_ELECTION_DEFAULT_RESOURCE - value: "configmap" + value: configmap - name: DD_LEADER_LEASE_NAME value: datadog-leader-election - name: DD_CLUSTER_AGENT_TOKEN_NAME @@ -158,14 +127,14 @@ spec: - name: DD_CLUSTER_AGENT_AUTH_TOKEN valueFrom: secretKeyRef: - name: datadog-cluster-agent key: token + name: datadog-cluster-agent - name: DD_CLUSTER_AGENT_COLLECT_KUBERNETES_TAGS value: "false" - name: DD_KUBE_RESOURCES_NAMESPACE value: datadog-agent - name: CHART_RELEASE_NAME - value: "datadog" + value: datadog - name: AGENT_DAEMONSET value: datadog - name: CLUSTER_AGENT_DEPLOYMENT @@ -179,19 +148,20 @@ spec: - name: DD_INSTRUMENTATION_INSTALL_TIME valueFrom: configMapKeyRef: - name: datadog-kpi-telemetry-configmap key: install_time + name: datadog-kpi-telemetry-configmap - name: DD_INSTRUMENTATION_INSTALL_ID valueFrom: configMapKeyRef: - name: datadog-kpi-telemetry-configmap key: install_id + name: datadog-kpi-telemetry-configmap - name: DD_INSTRUMENTATION_INSTALL_TYPE valueFrom: configMapKeyRef: - name: datadog-kpi-telemetry-configmap key: install_type - + name: datadog-kpi-telemetry-configmap + image: gcr.io/datadoghq/cluster-agent:7.63.0 + imagePullPolicy: IfNotPresent livenessProbe: failureThreshold: 6 httpGet: @@ -202,6 +172,17 @@ spec: periodSeconds: 15 successThreshold: 1 timeoutSeconds: 5 + name: cluster-agent + ports: + - containerPort: 5005 + name: agentport + protocol: TCP + - containerPort: 5000 + name: agentmetrics + protocol: TCP + - containerPort: 8000 + name: datadog-webhook + protocol: TCP readinessProbe: failureThreshold: 6 httpGet: @@ -212,6 +193,10 @@ spec: periodSeconds: 15 successThreshold: 1 timeoutSeconds: 5 + resources: {} + securityContext: + allowPrivilegeEscalation: false + readOnlyRootFilesystem: true startupProbe: failureThreshold: 6 httpGet: @@ -222,58 +207,59 @@ spec: periodSeconds: 15 successThreshold: 1 timeoutSeconds: 5 - securityContext: - allowPrivilegeEscalation: false - readOnlyRootFilesystem: true volumeMounts: - - name: datadogrun - mountPath: /opt/datadog-agent/run + - mountPath: /opt/datadog-agent/run + name: datadogrun readOnly: false - - name: varlog - mountPath: /var/log/datadog + - mountPath: /var/log/datadog + name: varlog readOnly: false - - name: tmpdir - mountPath: /tmp + - mountPath: /tmp + name: tmpdir readOnly: false - - name: installinfo - subPath: install_info - mountPath: /etc/datadog-agent/install_info + - mountPath: /etc/datadog-agent/install_info + name: installinfo readOnly: true - - name: confd - mountPath: /conf.d + subPath: install_info + - mountPath: /conf.d + name: confd readOnly: true - - name: config - mountPath: /etc/datadog-agent + - mountPath: /etc/datadog-agent + name: config + initContainers: + - args: + - /etc/datadog-agent + - /opt + command: + - cp + - -r + image: gcr.io/datadoghq/cluster-agent:7.63.0 + imagePullPolicy: IfNotPresent + name: init-volume + volumeMounts: + - mountPath: /opt/datadog-agent + name: config + nodeSelector: + kubernetes.io/os: linux + serviceAccountName: datadog-cluster-agent volumes: - - name: datadogrun - emptyDir: {} - - name: varlog - emptyDir: {} - - name: tmpdir - emptyDir: {} - - name: installinfo - configMap: + - emptyDir: {} + name: datadogrun + - emptyDir: {} + name: varlog + - emptyDir: {} + name: tmpdir + - configMap: name: datadog-installinfo - - name: confd - configMap: - name: datadog-cluster-agent-confd + name: installinfo + - configMap: items: - key: kubernetes_state_core.yaml.default path: kubernetes_state_core.yaml.default - key: kubernetes_apiserver.yaml path: kubernetes_apiserver.yaml - - name: config - emptyDir: {} - affinity: - # Prefer scheduling the cluster agents on different nodes - # to guarantee that the standby instance can immediately take the lead from a leader running of a faulty node. - podAntiAffinity: - preferredDuringSchedulingIgnoredDuringExecution: - - weight: 50 - podAffinityTerm: - labelSelector: - matchLabels: - app: datadog-cluster-agent - topologyKey: kubernetes.io/hostname - nodeSelector: - kubernetes.io/os: linux + name: datadog-cluster-agent-confd + name: confd + - emptyDir: {} + name: config +--- diff --git a/test/datadog/baseline/daemonset_default.yaml b/test/datadog/baseline/daemonset_default.yaml index d086fac38..b7b0481de 100644 --- a/test/datadog/baseline/daemonset_default.yaml +++ b/test/datadog/baseline/daemonset_default.yaml @@ -1,18 +1,14 @@ ---- -# Source: datadog/templates/daemonset.yaml apiVersion: apps/v1 kind: DaemonSet metadata: - name: datadog - namespace: datadog-agent labels: - helm.sh/chart: "datadog-3.98.1" - app.kubernetes.io/name: "datadog" - app.kubernetes.io/instance: "datadog" + app.kubernetes.io/component: agent + app.kubernetes.io/instance: datadog app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: datadog app.kubernetes.io/version: "7" - app.kubernetes.io/component: agent - + name: datadog + namespace: datadog-agent spec: revisionHistoryLimit: 10 selector: @@ -20,47 +16,32 @@ spec: app: datadog template: metadata: + annotations: {} labels: - app.kubernetes.io/name: "datadog" - app.kubernetes.io/instance: "datadog" - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/component: agent admission.datadoghq.com/enabled: "false" app: datadog - + app.kubernetes.io/component: agent + app.kubernetes.io/instance: datadog + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: datadog name: datadog - annotations: - checksum/clusteragent_token: 3be632e3858cae1c7ddb79bbe1f7e1ce4a1174cfb3bfeadc4cf97243b9ca20a5 - checksum/install_info: 5dc2ee139450be3da942ecdcd059c0481d4422714c642d6592cba7c2779ee0f4 - checksum/autoconf-config: 74234e98afe7498fb5daf1f36ac2d78acc339464f950703b8c019892f982b90b - checksum/confd-config: 44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a - checksum/checksd-config: 44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a spec: - securityContext: - runAsUser: 0 - hostPID: true + affinity: {} + automountServiceAccountToken: true containers: - - name: agent - image: "gcr.io/datadoghq/agent:7.63.0" - imagePullPolicy: IfNotPresent - command: ["agent", "run"] - - resources: {} - ports: - - containerPort: 8125 - name: dogstatsdport - protocol: UDP + - command: + - agent + - run env: - name: DD_API_KEY valueFrom: secretKeyRef: - name: "datadog-secret" key: api-key + name: datadog-secret - name: DD_REMOTE_CONFIGURATION_ENABLED value: "true" - name: DD_AUTH_TOKEN_FILE_PATH value: /etc/datadog-agent/auth/token - - name: KUBERNETES value: "yes" - name: DD_LANGUAGE_DETECTION_ENABLED @@ -73,7 +54,6 @@ spec: fieldPath: status.hostIP - name: DD_OTLP_CONFIG_LOGS_ENABLED value: "false" - - name: DD_PROCESS_CONFIG_PROCESS_COLLECTION_ENABLED value: "false" - name: DD_PROCESS_CONFIG_CONTAINER_COLLECTION_ENABLED @@ -85,13 +65,13 @@ spec: - name: DD_PROCESS_CONFIG_RUN_IN_CORE_AGENT_ENABLED value: "true" - name: DD_LOG_LEVEL - value: "INFO" + value: INFO - name: DD_DOGSTATSD_PORT value: "8125" - name: DD_DOGSTATSD_NON_LOCAL_TRAFFIC value: "true" - name: DD_DOGSTATSD_TAG_CARDINALITY - value: "low" + value: low - name: DD_CLUSTER_AGENT_ENABLED value: "true" - name: DD_CLUSTER_AGENT_KUBERNETES_SERVICE_NAME @@ -99,8 +79,8 @@ spec: - name: DD_CLUSTER_AGENT_AUTH_TOKEN valueFrom: secretKeyRef: - name: datadog-cluster-agent key: token + name: datadog-cluster-agent - name: DD_APM_ENABLED value: "true" - name: DD_LOGS_ENABLED @@ -114,11 +94,11 @@ spec: - name: DD_HEALTH_PORT value: "5555" - name: DD_DOGSTATSD_SOCKET - value: "/var/run/datadog/dsd.socket" + value: /var/run/datadog/dsd.socket - name: DD_EXTRA_CONFIG_PROVIDERS - value: "clusterchecks endpointschecks" + value: clusterchecks endpointschecks - name: DD_IGNORE_AUTOCONF - value: "kubernetes_state" + value: kubernetes_state - name: DD_CONTAINER_LIFECYCLE_ENABLED value: "true" - name: DD_ORCHESTRATOR_EXPLORER_ENABLED @@ -131,47 +111,8 @@ spec: value: "true" - name: DD_KUBELET_CORE_CHECK_ENABLED value: "true" - volumeMounts: - - name: logdatadog - mountPath: /var/log/datadog - readOnly: false # Need RW to write logs - - name: installinfo - subPath: install_info - mountPath: /etc/datadog-agent/install_info - readOnly: true - - name: tmpdir - mountPath: /tmp - readOnly: false # Need RW to write to /tmp directory - - - name: os-release-file - mountPath: /host/etc/os-release - readOnly: true - - name: config - mountPath: /etc/datadog-agent - readOnly: false # Need RW to mount to config path - - name: auth-token - mountPath: /etc/datadog-agent/auth - readOnly: false # Need RW to write auth token - - - name: runtimesocketdir - mountPath: /host/var/run - mountPropagation: None - readOnly: true - - - name: dsdsocket - mountPath: /var/run/datadog - readOnly: false - - name: procdir - mountPath: /host/proc - mountPropagation: None - readOnly: true - - name: cgroups - mountPath: /host/sys/fs/cgroup - mountPropagation: None - readOnly: true - - name: passwd - mountPath: /etc/passwd - readOnly: true + image: gcr.io/datadoghq/agent:7.63.0 + imagePullPolicy: IfNotPresent livenessProbe: failureThreshold: 6 httpGet: @@ -182,6 +123,11 @@ spec: periodSeconds: 15 successThreshold: 1 timeoutSeconds: 5 + name: agent + ports: + - containerPort: 8125 + name: dogstatsdport + protocol: UDP readinessProbe: failureThreshold: 6 httpGet: @@ -192,6 +138,7 @@ spec: periodSeconds: 15 successThreshold: 1 timeoutSeconds: 5 + resources: {} startupProbe: failureThreshold: 6 httpGet: @@ -202,26 +149,57 @@ spec: periodSeconds: 15 successThreshold: 1 timeoutSeconds: 5 - - name: trace-agent - image: "gcr.io/datadoghq/agent:7.63.0" - imagePullPolicy: IfNotPresent - command: ["trace-agent", "-config=/etc/datadog-agent/datadog.yaml"] - resources: {} - ports: - - containerPort: 8126 - name: traceport - protocol: TCP + volumeMounts: + - mountPath: /var/log/datadog + name: logdatadog + readOnly: false + - mountPath: /etc/datadog-agent/install_info + name: installinfo + readOnly: true + subPath: install_info + - mountPath: /tmp + name: tmpdir + readOnly: false + - mountPath: /host/etc/os-release + name: os-release-file + readOnly: true + - mountPath: /etc/datadog-agent + name: config + readOnly: false + - mountPath: /etc/datadog-agent/auth + name: auth-token + readOnly: false + - mountPath: /host/var/run + mountPropagation: None + name: runtimesocketdir + readOnly: true + - mountPath: /var/run/datadog + name: dsdsocket + readOnly: false + - mountPath: /host/proc + mountPropagation: None + name: procdir + readOnly: true + - mountPath: /host/sys/fs/cgroup + mountPropagation: None + name: cgroups + readOnly: true + - mountPath: /etc/passwd + name: passwd + readOnly: true + - command: + - trace-agent + - -config=/etc/datadog-agent/datadog.yaml env: - name: DD_API_KEY valueFrom: secretKeyRef: - name: "datadog-secret" key: api-key + name: datadog-secret - name: DD_REMOTE_CONFIGURATION_ENABLED value: "true" - name: DD_AUTH_TOKEN_FILE_PATH value: /etc/datadog-agent/auth/token - - name: KUBERNETES value: "yes" - name: DD_LANGUAGE_DETECTION_ENABLED @@ -234,7 +212,6 @@ spec: fieldPath: status.hostIP - name: DD_OTLP_CONFIG_LOGS_ENABLED value: "false" - - name: DD_CLUSTER_AGENT_ENABLED value: "true" - name: DD_CLUSTER_AGENT_KUBERNETES_SERVICE_NAME @@ -242,11 +219,10 @@ spec: - name: DD_CLUSTER_AGENT_AUTH_TOKEN valueFrom: secretKeyRef: - name: datadog-cluster-agent key: token - + name: datadog-cluster-agent - name: DD_LOG_LEVEL - value: "INFO" + value: INFO - name: DD_APM_ENABLED value: "true" - name: DD_APM_NON_LOCAL_TRAFFIC @@ -254,107 +230,96 @@ spec: - name: DD_APM_RECEIVER_PORT value: "8126" - name: DD_APM_RECEIVER_SOCKET - value: "/var/run/datadog/apm.socket" + value: /var/run/datadog/apm.socket - name: DD_DOGSTATSD_SOCKET - value: "/var/run/datadog/dsd.socket" + value: /var/run/datadog/dsd.socket - name: DD_INSTRUMENTATION_INSTALL_TIME valueFrom: configMapKeyRef: - name: datadog-kpi-telemetry-configmap key: install_time + name: datadog-kpi-telemetry-configmap - name: DD_INSTRUMENTATION_INSTALL_ID valueFrom: configMapKeyRef: - name: datadog-kpi-telemetry-configmap key: install_id + name: datadog-kpi-telemetry-configmap - name: DD_INSTRUMENTATION_INSTALL_TYPE valueFrom: configMapKeyRef: - name: datadog-kpi-telemetry-configmap key: install_type + name: datadog-kpi-telemetry-configmap + image: gcr.io/datadoghq/agent:7.63.0 + imagePullPolicy: IfNotPresent + livenessProbe: + initialDelaySeconds: 15 + periodSeconds: 15 + tcpSocket: + port: 8126 + timeoutSeconds: 5 + name: trace-agent + ports: + - containerPort: 8126 + name: traceport + protocol: TCP + resources: {} volumeMounts: - - name: config - mountPath: /etc/datadog-agent + - mountPath: /etc/datadog-agent + name: config readOnly: true - - name: logdatadog - mountPath: /var/log/datadog - readOnly: false # Need RW to write logs - - name: auth-token - mountPath: /etc/datadog-agent/auth + - mountPath: /var/log/datadog + name: logdatadog + readOnly: false + - mountPath: /etc/datadog-agent/auth + name: auth-token readOnly: true - - name: procdir - mountPath: /host/proc + - mountPath: /host/proc mountPropagation: None + name: procdir readOnly: true - - name: cgroups - mountPath: /host/sys/fs/cgroup + - mountPath: /host/sys/fs/cgroup mountPropagation: None + name: cgroups readOnly: true - - name: tmpdir - mountPath: /tmp - readOnly: false # Need RW for tmp directory - - name: dsdsocket - mountPath: /var/run/datadog - readOnly: false # Need RW for UDS DSD socket - - - name: runtimesocketdir - mountPath: /host/var/run + - mountPath: /tmp + name: tmpdir + readOnly: false + - mountPath: /var/run/datadog + name: dsdsocket + readOnly: false + - mountPath: /host/var/run mountPropagation: None + name: runtimesocketdir readOnly: true - - livenessProbe: - initialDelaySeconds: 15 - periodSeconds: 15 - tcpSocket: - port: 8126 - timeoutSeconds: 5 + hostPID: true initContainers: - - name: init-volume - image: "gcr.io/datadoghq/agent:7.63.0" - imagePullPolicy: IfNotPresent - command: ["bash", "-c"] - args: + - args: - cp -r /etc/datadog-agent /opt - volumeMounts: - - name: config - mountPath: /opt/datadog-agent - readOnly: false # Need RW for config path - resources: {} - - name: init-config - image: "gcr.io/datadoghq/agent:7.63.0" - imagePullPolicy: IfNotPresent command: - bash - -c - args: - - for script in $(find /etc/cont-init.d/ -type f -name '*.sh' | sort) ; do bash $script ; done + image: gcr.io/datadoghq/agent:7.63.0 + imagePullPolicy: IfNotPresent + name: init-volume + resources: {} volumeMounts: - - name: config - mountPath: /etc/datadog-agent - readOnly: false # Need RW for config path - - name: logdatadog - mountPath: /var/log/datadog - readOnly: false # Need RW to write logs - - name: procdir - mountPath: /host/proc - mountPropagation: None - readOnly: true - - - name: runtimesocketdir - mountPath: /host/var/run - mountPropagation: None - readOnly: true + - mountPath: /opt/datadog-agent + name: config + readOnly: false + - args: + - for script in $(find /etc/cont-init.d/ -type f -name '*.sh' | sort) ; do bash $script ; done + command: + - bash + - -c env: - name: DD_API_KEY valueFrom: secretKeyRef: - name: "datadog-secret" key: api-key + name: datadog-secret - name: DD_REMOTE_CONFIGURATION_ENABLED value: "true" - name: DD_AUTH_TOKEN_FILE_PATH value: /etc/datadog-agent/auth/token - - name: KUBERNETES value: "yes" - name: DD_LANGUAGE_DETECTION_ENABLED @@ -367,23 +332,45 @@ spec: fieldPath: status.hostIP - name: DD_OTLP_CONFIG_LOGS_ENABLED value: "false" - + image: gcr.io/datadoghq/agent:7.63.0 + imagePullPolicy: IfNotPresent + name: init-config resources: {} + volumeMounts: + - mountPath: /etc/datadog-agent + name: config + readOnly: false + - mountPath: /var/log/datadog + name: logdatadog + readOnly: false + - mountPath: /host/proc + mountPropagation: None + name: procdir + readOnly: true + - mountPath: /host/var/run + mountPropagation: None + name: runtimesocketdir + readOnly: true + nodeSelector: + kubernetes.io/os: linux + securityContext: + runAsUser: 0 + serviceAccountName: datadog + tolerations: null volumes: - - name: auth-token - emptyDir: {} - - name: installinfo - configMap: + - emptyDir: {} + name: auth-token + - configMap: name: datadog-installinfo - - name: config - emptyDir: {} - - - name: logdatadog - emptyDir: {} - - name: tmpdir - emptyDir: {} - - name: s6-run - emptyDir: {} + name: installinfo + - emptyDir: {} + name: config + - emptyDir: {} + name: logdatadog + - emptyDir: {} + name: tmpdir + - emptyDir: {} + name: s6-run - hostPath: path: /proc name: procdir @@ -407,13 +394,8 @@ spec: - hostPath: path: /var/run name: runtimesocketdir - tolerations: - affinity: {} - serviceAccountName: "datadog" - automountServiceAccountToken: true - nodeSelector: - kubernetes.io/os: linux updateStrategy: rollingUpdate: maxUnavailable: 10% type: RollingUpdate +--- diff --git a/test/datadog/baseline/default_all.yaml b/test/datadog/baseline/default_all.yaml new file mode 100644 index 000000000..ab04dfd80 --- /dev/null +++ b/test/datadog/baseline/default_all.yaml @@ -0,0 +1,1361 @@ +apiVersion: v1 +automountServiceAccountToken: true +kind: ServiceAccount +metadata: + labels: + app: datadog + app.kubernetes.io/instance: datadog + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: datadog + app.kubernetes.io/version: "7" + heritage: Helm + release: datadog + name: datadog-cluster-agent + namespace: datadog-agent +--- +apiVersion: v1 +automountServiceAccountToken: true +kind: ServiceAccount +metadata: + labels: + app.kubernetes.io/instance: datadog + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: datadog + app.kubernetes.io/version: "7" + name: datadog + namespace: datadog-agent +--- +apiVersion: v1 +data: {} +kind: Secret +metadata: + labels: + app.kubernetes.io/instance: datadog + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: datadog + app.kubernetes.io/version: "7" + name: datadog-cluster-agent + namespace: datadog-agent +type: Opaque +--- +apiVersion: v1 +data: + kubernetes_apiserver.yaml: |- + init_config: + instances: + - + filtering_enabled: false + unbundle_events: false + kubernetes_state_core.yaml.default: |- + init_config: + instances: + - collectors: + - secrets + - configmaps + - nodes + - pods + - services + - resourcequotas + - replicationcontrollers + - limitranges + - persistentvolumeclaims + - persistentvolumes + - namespaces + - endpoints + - daemonsets + - deployments + - replicasets + - statefulsets + - cronjobs + - jobs + - horizontalpodautoscalers + - poddisruptionbudgets + - storageclasses + - volumeattachments + - ingresses + labels_as_tags: + {} + annotations_as_tags: + {} +kind: ConfigMap +metadata: + annotations: {} + labels: + app.kubernetes.io/instance: datadog + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: datadog + app.kubernetes.io/version: "7" + name: datadog-cluster-agent-confd + namespace: datadog-agent +--- +apiVersion: v1 +data: {} +kind: ConfigMap +metadata: + annotations: {} + labels: + app.kubernetes.io/instance: datadog + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: datadog + app.kubernetes.io/version: "7" + name: datadog-installinfo + namespace: datadog-agent +--- +apiVersion: v1 +data: + install_type: k8s_manual +kind: ConfigMap +metadata: + labels: + app.kubernetes.io/instance: datadog + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: datadog + app.kubernetes.io/version: "7" + name: datadog-kpi-telemetry-configmap + namespace: datadog-agent +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + labels: + app.kubernetes.io/instance: datadog + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: datadog + app.kubernetes.io/version: "7" + name: datadog-cluster-agent +rules: + - apiGroups: + - "" + resources: + - services + - endpoints + - pods + - nodes + - namespaces + - componentstatuses + - limitranges + verbs: + - get + - list + - watch + - apiGroups: + - "" + resources: + - events + verbs: + - get + - list + - watch + - create + - apiGroups: + - discovery.k8s.io + resources: + - endpointslices + verbs: + - get + - list + - watch + - apiGroups: + - quota.openshift.io + resources: + - clusterresourcequotas + verbs: + - get + - list + - apiGroups: + - autoscaling + resources: + - horizontalpodautoscalers + verbs: + - list + - watch + - apiGroups: + - "" + resourceNames: + - datadogtoken + - datadogtoken + resources: + - configmaps + verbs: + - get + - update + - apiGroups: + - "" + resourceNames: + - datadog-leader-election + - datadog-leader-election + resources: + - configmaps + verbs: + - get + - update + - apiGroups: + - coordination.k8s.io + resourceNames: + - datadog-leader-election + resources: + - leases + verbs: + - get + - update + - apiGroups: + - coordination.k8s.io + resources: + - leases + verbs: + - create + - apiGroups: + - "" + resources: + - configmaps + - events + verbs: + - create + - nonResourceURLs: + - /version + - /healthz + verbs: + - get + - apiGroups: + - "" + resourceNames: + - kube-system + resources: + - namespaces + verbs: + - get + - apiGroups: + - "" + resourceNames: + - datadog-cluster-id + resources: + - configmaps + verbs: + - create + - get + - update + - apiGroups: + - "" + resources: + - persistentvolumes + - persistentvolumeclaims + - serviceaccounts + verbs: + - list + - get + - watch + - apiGroups: + - apps + resources: + - deployments + - replicasets + - daemonsets + - statefulsets + verbs: + - list + - get + - watch + - apiGroups: + - batch + resources: + - cronjobs + - jobs + verbs: + - list + - get + - watch + - apiGroups: + - networking.k8s.io + resources: + - ingresses + - networkpolicies + verbs: + - list + - get + - watch + - apiGroups: + - rbac.authorization.k8s.io + resources: + - roles + - rolebindings + - clusterroles + - clusterrolebindings + verbs: + - list + - get + - watch + - apiGroups: + - storage.k8s.io + resources: + - storageclasses + verbs: + - list + - get + - watch + - apiGroups: + - autoscaling.k8s.io + resources: + - verticalpodautoscalers + verbs: + - list + - get + - watch + - apiGroups: + - apiextensions.k8s.io + resources: + - customresourcedefinitions + verbs: + - list + - get + - watch + - apiGroups: + - admissionregistration.k8s.io + resourceNames: + - datadog-webhook + resources: + - validatingwebhookconfigurations + - mutatingwebhookconfigurations + verbs: + - get + - list + - watch + - update + - delete + - apiGroups: + - admissionregistration.k8s.io + resources: + - validatingwebhookconfigurations + - mutatingwebhookconfigurations + verbs: + - create + - apiGroups: + - batch + resources: + - jobs + - cronjobs + verbs: + - get + - apiGroups: + - apps + resources: + - statefulsets + - replicasets + - deployments + - daemonsets + verbs: + - get + - apiGroups: + - security.openshift.io + resourceNames: + - datadog-cluster-agent + - hostnetwork + resources: + - securitycontextconstraints + verbs: + - use +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + labels: + app.kubernetes.io/instance: datadog + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: datadog + app.kubernetes.io/version: "7" + name: datadog-ksm-core +rules: + - apiGroups: + - "" + resources: + - secrets + - configmaps + - nodes + - pods + - services + - resourcequotas + - replicationcontrollers + - limitranges + - persistentvolumeclaims + - persistentvolumes + - namespaces + - endpoints + - events + verbs: + - list + - watch + - apiGroups: + - extensions + resources: + - daemonsets + - deployments + - replicasets + verbs: + - list + - watch + - apiGroups: + - apps + resources: + - statefulsets + - daemonsets + - deployments + - replicasets + verbs: + - list + - watch + - apiGroups: + - batch + resources: + - cronjobs + - jobs + verbs: + - list + - watch + - apiGroups: + - autoscaling + resources: + - horizontalpodautoscalers + verbs: + - list + - watch + - apiGroups: + - policy + resources: + - poddisruptionbudgets + verbs: + - list + - watch + - apiGroups: + - storage.k8s.io + resources: + - storageclasses + - volumeattachments + verbs: + - list + - watch + - apiGroups: + - networking.k8s.io + resources: + - ingresses + verbs: + - list + - watch + - apiGroups: + - apiextensions.k8s.io + resources: + - customresourcedefinitions + verbs: + - list + - watch +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + labels: + app.kubernetes.io/instance: datadog + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: datadog + app.kubernetes.io/version: "7" + name: datadog +rules: + - nonResourceURLs: + - /metrics + - /metrics/slis + verbs: + - get + - apiGroups: + - "" + resources: + - nodes/metrics + - nodes/spec + - nodes/proxy + - nodes/stats + verbs: + - get + - apiGroups: + - "" + resources: + - endpoints + verbs: + - get + - apiGroups: + - security.openshift.io + resourceNames: + - datadog + - hostaccess + - privileged + resources: + - securitycontextconstraints + verbs: + - use + - apiGroups: + - coordination.k8s.io + resources: + - leases + verbs: + - get + - apiGroups: + - metrics.eks.amazonaws.com + resources: + - kcm/metrics + - ksh/metrics + verbs: + - get +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + labels: + app.kubernetes.io/instance: datadog + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: datadog + app.kubernetes.io/version: "7" + name: datadog-cluster-agent +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: datadog-cluster-agent +subjects: + - kind: ServiceAccount + name: datadog-cluster-agent + namespace: datadog-agent +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + labels: + app.kubernetes.io/instance: datadog + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: datadog + app.kubernetes.io/version: "7" + name: datadog-ksm-core +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: datadog-ksm-core +subjects: + - kind: ServiceAccount + name: datadog-cluster-agent + namespace: datadog-agent +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + labels: + app.kubernetes.io/instance: datadog + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: datadog + app.kubernetes.io/version: "7" + name: datadog +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: datadog +subjects: + - kind: ServiceAccount + name: datadog + namespace: datadog-agent +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + labels: + app.kubernetes.io/instance: datadog + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: datadog + app.kubernetes.io/version: "7" + name: datadog-cluster-agent-main + namespace: datadog-agent +rules: + - apiGroups: + - "" + resources: + - secrets + verbs: + - get + - list + - watch + - update + - create +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + labels: + app.kubernetes.io/instance: datadog + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: datadog + app.kubernetes.io/version: "7" + name: datadog-dca-flare + namespace: datadog-agent +rules: + - apiGroups: + - "" + resources: + - secrets + - configmaps + verbs: + - get + - list +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + labels: + app.kubernetes.io/instance: datadog + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: datadog + app.kubernetes.io/version: "7" + name: datadog-cluster-agent-main + namespace: datadog-agent +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: datadog-cluster-agent-main +subjects: + - kind: ServiceAccount + name: datadog-cluster-agent + namespace: datadog-agent +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + labels: + app.kubernetes.io/instance: datadog + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: datadog + app.kubernetes.io/version: "7" + name: datadog-dca-flare + namespace: datadog-agent +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: datadog-dca-flare +subjects: + - kind: ServiceAccount + name: datadog-cluster-agent + namespace: datadog-agent +--- +apiVersion: v1 +kind: Service +metadata: + labels: + app.kubernetes.io/instance: datadog + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: datadog + app.kubernetes.io/version: "7" + name: datadog-cluster-agent + namespace: datadog-agent +spec: + ports: + - name: agentport + port: 5005 + protocol: TCP + selector: + app: datadog-cluster-agent + type: ClusterIP +--- +apiVersion: v1 +kind: Service +metadata: + labels: + app: datadog + app.kubernetes.io/instance: datadog + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: datadog + app.kubernetes.io/version: "7" + heritage: Helm + release: datadog + name: datadog-cluster-agent-admission-controller + namespace: datadog-agent +spec: + ports: + - name: datadog-webhook + port: 443 + protocol: TCP + targetPort: 8000 + selector: + app: datadog-cluster-agent +--- +apiVersion: v1 +kind: Service +metadata: + labels: + app: datadog + app.kubernetes.io/instance: datadog + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: datadog + app.kubernetes.io/version: "7" + heritage: Helm + release: datadog + name: datadog + namespace: datadog-agent +spec: + internalTrafficPolicy: Local + ports: + - name: dogstatsdport + port: 8125 + protocol: UDP + targetPort: 8125 + - name: traceport + port: 8126 + protocol: TCP + targetPort: 8126 + selector: + app: datadog +--- +apiVersion: apps/v1 +kind: DaemonSet +metadata: + labels: + app.kubernetes.io/component: agent + app.kubernetes.io/instance: datadog + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: datadog + app.kubernetes.io/version: "7" + name: datadog + namespace: datadog-agent +spec: + revisionHistoryLimit: 10 + selector: + matchLabels: + app: datadog + template: + metadata: + annotations: {} + labels: + admission.datadoghq.com/enabled: "false" + app: datadog + app.kubernetes.io/component: agent + app.kubernetes.io/instance: datadog + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: datadog + name: datadog + spec: + affinity: {} + automountServiceAccountToken: true + containers: + - command: + - agent + - run + env: + - name: DD_API_KEY + valueFrom: + secretKeyRef: + key: api-key + name: datadog-secret + - name: DD_REMOTE_CONFIGURATION_ENABLED + value: "true" + - name: DD_AUTH_TOKEN_FILE_PATH + value: /etc/datadog-agent/auth/token + - name: KUBERNETES + value: "yes" + - name: DD_LANGUAGE_DETECTION_ENABLED + value: "false" + - name: DD_LANGUAGE_DETECTION_REPORTING_ENABLED + value: "false" + - name: DD_KUBERNETES_KUBELET_HOST + valueFrom: + fieldRef: + fieldPath: status.hostIP + - name: DD_OTLP_CONFIG_LOGS_ENABLED + value: "false" + - name: DD_PROCESS_CONFIG_PROCESS_COLLECTION_ENABLED + value: "false" + - name: DD_PROCESS_CONFIG_CONTAINER_COLLECTION_ENABLED + value: "true" + - name: DD_PROCESS_AGENT_DISCOVERY_ENABLED + value: "true" + - name: DD_STRIP_PROCESS_ARGS + value: "false" + - name: DD_PROCESS_CONFIG_RUN_IN_CORE_AGENT_ENABLED + value: "true" + - name: DD_LOG_LEVEL + value: INFO + - name: DD_DOGSTATSD_PORT + value: "8125" + - name: DD_DOGSTATSD_NON_LOCAL_TRAFFIC + value: "true" + - name: DD_DOGSTATSD_TAG_CARDINALITY + value: low + - name: DD_CLUSTER_AGENT_ENABLED + value: "true" + - name: DD_CLUSTER_AGENT_KUBERNETES_SERVICE_NAME + value: datadog-cluster-agent + - name: DD_CLUSTER_AGENT_AUTH_TOKEN + valueFrom: + secretKeyRef: + key: token + name: datadog-cluster-agent + - name: DD_APM_ENABLED + value: "true" + - name: DD_LOGS_ENABLED + value: "false" + - name: DD_LOGS_CONFIG_CONTAINER_COLLECT_ALL + value: "false" + - name: DD_LOGS_CONFIG_K8S_CONTAINER_USE_FILE + value: "true" + - name: DD_LOGS_CONFIG_AUTO_MULTI_LINE_DETECTION + value: "false" + - name: DD_HEALTH_PORT + value: "5555" + - name: DD_DOGSTATSD_SOCKET + value: /var/run/datadog/dsd.socket + - name: DD_EXTRA_CONFIG_PROVIDERS + value: clusterchecks endpointschecks + - name: DD_IGNORE_AUTOCONF + value: kubernetes_state + - name: DD_CONTAINER_LIFECYCLE_ENABLED + value: "true" + - name: DD_ORCHESTRATOR_EXPLORER_ENABLED + value: "true" + - name: DD_EXPVAR_PORT + value: "6000" + - name: DD_COMPLIANCE_CONFIG_ENABLED + value: "false" + - name: DD_CONTAINER_IMAGE_ENABLED + value: "true" + - name: DD_KUBELET_CORE_CHECK_ENABLED + value: "true" + image: gcr.io/datadoghq/agent:7.63.0 + imagePullPolicy: IfNotPresent + livenessProbe: + failureThreshold: 6 + httpGet: + path: /live + port: 5555 + scheme: HTTP + initialDelaySeconds: 15 + periodSeconds: 15 + successThreshold: 1 + timeoutSeconds: 5 + name: agent + ports: + - containerPort: 8125 + name: dogstatsdport + protocol: UDP + readinessProbe: + failureThreshold: 6 + httpGet: + path: /ready + port: 5555 + scheme: HTTP + initialDelaySeconds: 15 + periodSeconds: 15 + successThreshold: 1 + timeoutSeconds: 5 + resources: {} + startupProbe: + failureThreshold: 6 + httpGet: + path: /startup + port: 5555 + scheme: HTTP + initialDelaySeconds: 15 + periodSeconds: 15 + successThreshold: 1 + timeoutSeconds: 5 + volumeMounts: + - mountPath: /var/log/datadog + name: logdatadog + readOnly: false + - mountPath: /etc/datadog-agent/install_info + name: installinfo + readOnly: true + subPath: install_info + - mountPath: /tmp + name: tmpdir + readOnly: false + - mountPath: /host/etc/os-release + name: os-release-file + readOnly: true + - mountPath: /etc/datadog-agent + name: config + readOnly: false + - mountPath: /etc/datadog-agent/auth + name: auth-token + readOnly: false + - mountPath: /host/var/run + mountPropagation: None + name: runtimesocketdir + readOnly: true + - mountPath: /var/run/datadog + name: dsdsocket + readOnly: false + - mountPath: /host/proc + mountPropagation: None + name: procdir + readOnly: true + - mountPath: /host/sys/fs/cgroup + mountPropagation: None + name: cgroups + readOnly: true + - mountPath: /etc/passwd + name: passwd + readOnly: true + - command: + - trace-agent + - -config=/etc/datadog-agent/datadog.yaml + env: + - name: DD_API_KEY + valueFrom: + secretKeyRef: + key: api-key + name: datadog-secret + - name: DD_REMOTE_CONFIGURATION_ENABLED + value: "true" + - name: DD_AUTH_TOKEN_FILE_PATH + value: /etc/datadog-agent/auth/token + - name: KUBERNETES + value: "yes" + - name: DD_LANGUAGE_DETECTION_ENABLED + value: "false" + - name: DD_LANGUAGE_DETECTION_REPORTING_ENABLED + value: "false" + - name: DD_KUBERNETES_KUBELET_HOST + valueFrom: + fieldRef: + fieldPath: status.hostIP + - name: DD_OTLP_CONFIG_LOGS_ENABLED + value: "false" + - name: DD_CLUSTER_AGENT_ENABLED + value: "true" + - name: DD_CLUSTER_AGENT_KUBERNETES_SERVICE_NAME + value: datadog-cluster-agent + - name: DD_CLUSTER_AGENT_AUTH_TOKEN + valueFrom: + secretKeyRef: + key: token + name: datadog-cluster-agent + - name: DD_LOG_LEVEL + value: INFO + - name: DD_APM_ENABLED + value: "true" + - name: DD_APM_NON_LOCAL_TRAFFIC + value: "true" + - name: DD_APM_RECEIVER_PORT + value: "8126" + - name: DD_APM_RECEIVER_SOCKET + value: /var/run/datadog/apm.socket + - name: DD_DOGSTATSD_SOCKET + value: /var/run/datadog/dsd.socket + - name: DD_INSTRUMENTATION_INSTALL_TIME + valueFrom: + configMapKeyRef: + key: install_time + name: datadog-kpi-telemetry-configmap + - name: DD_INSTRUMENTATION_INSTALL_ID + valueFrom: + configMapKeyRef: + key: install_id + name: datadog-kpi-telemetry-configmap + - name: DD_INSTRUMENTATION_INSTALL_TYPE + valueFrom: + configMapKeyRef: + key: install_type + name: datadog-kpi-telemetry-configmap + image: gcr.io/datadoghq/agent:7.63.0 + imagePullPolicy: IfNotPresent + livenessProbe: + initialDelaySeconds: 15 + periodSeconds: 15 + tcpSocket: + port: 8126 + timeoutSeconds: 5 + name: trace-agent + ports: + - containerPort: 8126 + name: traceport + protocol: TCP + resources: {} + volumeMounts: + - mountPath: /etc/datadog-agent + name: config + readOnly: true + - mountPath: /var/log/datadog + name: logdatadog + readOnly: false + - mountPath: /etc/datadog-agent/auth + name: auth-token + readOnly: true + - mountPath: /host/proc + mountPropagation: None + name: procdir + readOnly: true + - mountPath: /host/sys/fs/cgroup + mountPropagation: None + name: cgroups + readOnly: true + - mountPath: /tmp + name: tmpdir + readOnly: false + - mountPath: /var/run/datadog + name: dsdsocket + readOnly: false + - mountPath: /host/var/run + mountPropagation: None + name: runtimesocketdir + readOnly: true + hostPID: true + initContainers: + - args: + - cp -r /etc/datadog-agent /opt + command: + - bash + - -c + image: gcr.io/datadoghq/agent:7.63.0 + imagePullPolicy: IfNotPresent + name: init-volume + resources: {} + volumeMounts: + - mountPath: /opt/datadog-agent + name: config + readOnly: false + - args: + - for script in $(find /etc/cont-init.d/ -type f -name '*.sh' | sort) ; do bash $script ; done + command: + - bash + - -c + env: + - name: DD_API_KEY + valueFrom: + secretKeyRef: + key: api-key + name: datadog-secret + - name: DD_REMOTE_CONFIGURATION_ENABLED + value: "true" + - name: DD_AUTH_TOKEN_FILE_PATH + value: /etc/datadog-agent/auth/token + - name: KUBERNETES + value: "yes" + - name: DD_LANGUAGE_DETECTION_ENABLED + value: "false" + - name: DD_LANGUAGE_DETECTION_REPORTING_ENABLED + value: "false" + - name: DD_KUBERNETES_KUBELET_HOST + valueFrom: + fieldRef: + fieldPath: status.hostIP + - name: DD_OTLP_CONFIG_LOGS_ENABLED + value: "false" + image: gcr.io/datadoghq/agent:7.63.0 + imagePullPolicy: IfNotPresent + name: init-config + resources: {} + volumeMounts: + - mountPath: /etc/datadog-agent + name: config + readOnly: false + - mountPath: /var/log/datadog + name: logdatadog + readOnly: false + - mountPath: /host/proc + mountPropagation: None + name: procdir + readOnly: true + - mountPath: /host/var/run + mountPropagation: None + name: runtimesocketdir + readOnly: true + nodeSelector: + kubernetes.io/os: linux + securityContext: + runAsUser: 0 + serviceAccountName: datadog + tolerations: null + volumes: + - emptyDir: {} + name: auth-token + - configMap: + name: datadog-installinfo + name: installinfo + - emptyDir: {} + name: config + - emptyDir: {} + name: logdatadog + - emptyDir: {} + name: tmpdir + - emptyDir: {} + name: s6-run + - hostPath: + path: /proc + name: procdir + - hostPath: + path: /sys/fs/cgroup + name: cgroups + - hostPath: + path: /etc/os-release + name: os-release-file + - hostPath: + path: /var/run/datadog/ + type: DirectoryOrCreate + name: dsdsocket + - hostPath: + path: /var/run/datadog/ + type: DirectoryOrCreate + name: apmsocket + - hostPath: + path: /etc/passwd + name: passwd + - hostPath: + path: /var/run + name: runtimesocketdir + updateStrategy: + rollingUpdate: + maxUnavailable: 10% + type: RollingUpdate +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + labels: + app.kubernetes.io/component: cluster-agent + app.kubernetes.io/instance: datadog + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: datadog + app.kubernetes.io/version: "7" + name: datadog-cluster-agent + namespace: datadog-agent +spec: + replicas: 1 + revisionHistoryLimit: 10 + selector: + matchLabels: + app: datadog-cluster-agent + strategy: + rollingUpdate: + maxSurge: 1 + maxUnavailable: 0 + type: RollingUpdate + template: + metadata: + annotations: {} + labels: + admission.datadoghq.com/enabled: "false" + app: datadog-cluster-agent + app.kubernetes.io/component: cluster-agent + app.kubernetes.io/instance: datadog + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: datadog + name: datadog-cluster-agent + spec: + affinity: + podAntiAffinity: + preferredDuringSchedulingIgnoredDuringExecution: + - podAffinityTerm: + labelSelector: + matchLabels: + app: datadog-cluster-agent + topologyKey: kubernetes.io/hostname + weight: 50 + automountServiceAccountToken: true + containers: + - env: + - name: DD_POD_NAME + valueFrom: + fieldRef: + fieldPath: metadata.name + - name: DD_CLUSTER_AGENT_SERVICE_ACCOUNT_NAME + valueFrom: + fieldRef: + fieldPath: spec.serviceAccountName + - name: DD_HEALTH_PORT + value: "5556" + - name: DD_API_KEY + valueFrom: + secretKeyRef: + key: api-key + name: datadog-secret + optional: true + - name: KUBERNETES + value: "yes" + - name: DD_LANGUAGE_DETECTION_ENABLED + value: "false" + - name: DD_LANGUAGE_DETECTION_REPORTING_ENABLED + value: "false" + - name: DD_ADMISSION_CONTROLLER_ENABLED + value: "true" + - name: DD_ADMISSION_CONTROLLER_VALIDATION_ENABLED + value: "true" + - name: DD_ADMISSION_CONTROLLER_MUTATION_ENABLED + value: "true" + - name: DD_ADMISSION_CONTROLLER_WEBHOOK_NAME + value: datadog-webhook + - name: DD_ADMISSION_CONTROLLER_MUTATE_UNLABELLED + value: "false" + - name: DD_ADMISSION_CONTROLLER_SERVICE_NAME + value: datadog-cluster-agent-admission-controller + - name: DD_ADMISSION_CONTROLLER_INJECT_CONFIG_MODE + value: socket + - name: DD_ADMISSION_CONTROLLER_INJECT_CONFIG_LOCAL_SERVICE_NAME + value: datadog + - name: DD_ADMISSION_CONTROLLER_FAILURE_POLICY + value: Ignore + - name: DD_ADMISSION_CONTROLLER_PORT + value: "8000" + - name: DD_ADMISSION_CONTROLLER_CONTAINER_REGISTRY + value: gcr.io/datadoghq + - name: DD_REMOTE_CONFIGURATION_ENABLED + value: "false" + - name: DD_CLUSTER_CHECKS_ENABLED + value: "true" + - name: DD_EXTRA_CONFIG_PROVIDERS + value: kube_endpoints kube_services + - name: DD_EXTRA_LISTENERS + value: kube_endpoints kube_services + - name: DD_LOG_LEVEL + value: INFO + - name: DD_LEADER_ELECTION + value: "true" + - name: DD_LEADER_ELECTION_DEFAULT_RESOURCE + value: configmap + - name: DD_LEADER_LEASE_NAME + value: datadog-leader-election + - name: DD_CLUSTER_AGENT_TOKEN_NAME + value: datadogtoken + - name: DD_COLLECT_KUBERNETES_EVENTS + value: "true" + - name: DD_KUBERNETES_USE_ENDPOINT_SLICES + value: "false" + - name: DD_KUBERNETES_EVENTS_SOURCE_DETECTION_ENABLED + value: "false" + - name: DD_CLUSTER_AGENT_KUBERNETES_SERVICE_NAME + value: datadog-cluster-agent + - name: DD_CLUSTER_AGENT_AUTH_TOKEN + valueFrom: + secretKeyRef: + key: token + name: datadog-cluster-agent + - name: DD_CLUSTER_AGENT_COLLECT_KUBERNETES_TAGS + value: "false" + - name: DD_KUBE_RESOURCES_NAMESPACE + value: datadog-agent + - name: CHART_RELEASE_NAME + value: datadog + - name: AGENT_DAEMONSET + value: datadog + - name: CLUSTER_AGENT_DEPLOYMENT + value: datadog-cluster-agent + - name: DD_ORCHESTRATOR_EXPLORER_ENABLED + value: "true" + - name: DD_ORCHESTRATOR_EXPLORER_CONTAINER_SCRUBBING_ENABLED + value: "true" + - name: DD_CLUSTER_AGENT_LANGUAGE_DETECTION_PATCHER_ENABLED + value: "false" + - name: DD_INSTRUMENTATION_INSTALL_TIME + valueFrom: + configMapKeyRef: + key: install_time + name: datadog-kpi-telemetry-configmap + - name: DD_INSTRUMENTATION_INSTALL_ID + valueFrom: + configMapKeyRef: + key: install_id + name: datadog-kpi-telemetry-configmap + - name: DD_INSTRUMENTATION_INSTALL_TYPE + valueFrom: + configMapKeyRef: + key: install_type + name: datadog-kpi-telemetry-configmap + image: gcr.io/datadoghq/cluster-agent:7.63.0 + imagePullPolicy: IfNotPresent + livenessProbe: + failureThreshold: 6 + httpGet: + path: /live + port: 5556 + scheme: HTTP + initialDelaySeconds: 15 + periodSeconds: 15 + successThreshold: 1 + timeoutSeconds: 5 + name: cluster-agent + ports: + - containerPort: 5005 + name: agentport + protocol: TCP + - containerPort: 5000 + name: agentmetrics + protocol: TCP + - containerPort: 8000 + name: datadog-webhook + protocol: TCP + readinessProbe: + failureThreshold: 6 + httpGet: + path: /ready + port: 5556 + scheme: HTTP + initialDelaySeconds: 15 + periodSeconds: 15 + successThreshold: 1 + timeoutSeconds: 5 + resources: {} + securityContext: + allowPrivilegeEscalation: false + readOnlyRootFilesystem: true + startupProbe: + failureThreshold: 6 + httpGet: + path: /startup + port: 5556 + scheme: HTTP + initialDelaySeconds: 15 + periodSeconds: 15 + successThreshold: 1 + timeoutSeconds: 5 + volumeMounts: + - mountPath: /opt/datadog-agent/run + name: datadogrun + readOnly: false + - mountPath: /var/log/datadog + name: varlog + readOnly: false + - mountPath: /tmp + name: tmpdir + readOnly: false + - mountPath: /etc/datadog-agent/install_info + name: installinfo + readOnly: true + subPath: install_info + - mountPath: /conf.d + name: confd + readOnly: true + - mountPath: /etc/datadog-agent + name: config + initContainers: + - args: + - /etc/datadog-agent + - /opt + command: + - cp + - -r + image: gcr.io/datadoghq/cluster-agent:7.63.0 + imagePullPolicy: IfNotPresent + name: init-volume + volumeMounts: + - mountPath: /opt/datadog-agent + name: config + nodeSelector: + kubernetes.io/os: linux + serviceAccountName: datadog-cluster-agent + volumes: + - emptyDir: {} + name: datadogrun + - emptyDir: {} + name: varlog + - emptyDir: {} + name: tmpdir + - configMap: + name: datadog-installinfo + name: installinfo + - configMap: + items: + - key: kubernetes_state_core.yaml.default + path: kubernetes_state_core.yaml.default + - key: kubernetes_apiserver.yaml + path: kubernetes_apiserver.yaml + name: datadog-cluster-agent-confd + name: confd + - emptyDir: {} + name: config +--- diff --git a/test/datadog/baseline/gdc_daemonset_default.yaml b/test/datadog/baseline/gdc_daemonset_default.yaml index fa8caea7a..a2e7fa96f 100644 --- a/test/datadog/baseline/gdc_daemonset_default.yaml +++ b/test/datadog/baseline/gdc_daemonset_default.yaml @@ -1,18 +1,15 @@ ---- -# Source: datadog/templates/daemonset.yaml apiVersion: apps/v1 kind: DaemonSet metadata: - name: datadog - namespace: datadog-agent labels: - helm.sh/chart: "datadog-3.98.1" - app.kubernetes.io/name: "datadog" - app.kubernetes.io/instance: "datadog" + app.kubernetes.io/component: agent + app.kubernetes.io/instance: datadog app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: datadog app.kubernetes.io/version: "7" - app.kubernetes.io/component: agent env.datadoghq.com/kind: gke-gdc + name: datadog + namespace: datadog-agent spec: revisionHistoryLimit: 10 selector: @@ -20,46 +17,33 @@ spec: app: datadog template: metadata: + annotations: {} labels: - app.kubernetes.io/name: "datadog" - app.kubernetes.io/instance: "datadog" - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/component: agent admission.datadoghq.com/enabled: "false" app: datadog + app.kubernetes.io/component: agent + app.kubernetes.io/instance: datadog + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: datadog env.datadoghq.com/kind: gke-gdc name: datadog - annotations: - checksum/clusteragent_token: 0b031290a5e81deca5e18515f7df9f20690264df092d7f181d3579b095025f4b - checksum/install_info: 5dc2ee139450be3da942ecdcd059c0481d4422714c642d6592cba7c2779ee0f4 - checksum/autoconf-config: 74234e98afe7498fb5daf1f36ac2d78acc339464f950703b8c019892f982b90b - checksum/confd-config: 44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a - checksum/checksd-config: 44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a spec: - securityContext: - runAsUser: 0 + affinity: {} + automountServiceAccountToken: true containers: - - name: agent - image: "gcr.io/datadoghq/agent:7.63.0" - imagePullPolicy: IfNotPresent - command: ["agent", "run"] - - resources: {} - ports: - - containerPort: 8125 - name: dogstatsdport - protocol: UDP + - command: + - agent + - run env: - name: DD_API_KEY valueFrom: secretKeyRef: - name: "datadog-secret" key: api-key + name: datadog-secret - name: DD_REMOTE_CONFIGURATION_ENABLED value: "false" - name: DD_AUTH_TOKEN_FILE_PATH value: /etc/datadog-agent/auth/token - - name: KUBERNETES value: "yes" - name: DD_KUBELET_CLIENT_CRT @@ -80,20 +64,19 @@ spec: apiVersion: v1 fieldPath: spec.nodeName - name: DD_HOSTNAME - value: "$(DD_NODE_NAME)-$(DD_CLUSTER_NAME)" + value: $(DD_NODE_NAME)-$(DD_CLUSTER_NAME) - name: DD_OTLP_CONFIG_LOGS_ENABLED value: "false" - name: DD_PROVIDER_KIND value: gke-gdc - - name: DD_LOG_LEVEL - value: "INFO" + value: INFO - name: DD_DOGSTATSD_PORT value: "8125" - name: DD_DOGSTATSD_NON_LOCAL_TRAFFIC value: "true" - name: DD_DOGSTATSD_TAG_CARDINALITY - value: "low" + value: low - name: DD_CLUSTER_AGENT_ENABLED value: "true" - name: DD_CLUSTER_AGENT_KUBERNETES_SERVICE_NAME @@ -101,8 +84,8 @@ spec: - name: DD_CLUSTER_AGENT_AUTH_TOKEN valueFrom: secretKeyRef: - name: datadog-cluster-agent key: token + name: datadog-cluster-agent - name: DD_APM_ENABLED value: "false" - name: DD_LOGS_ENABLED @@ -116,9 +99,9 @@ spec: - name: DD_HEALTH_PORT value: "5555" - name: DD_EXTRA_CONFIG_PROVIDERS - value: "clusterchecks endpointschecks" + value: clusterchecks endpointschecks - name: DD_IGNORE_AUTOCONF - value: "kubernetes_state" + value: kubernetes_state - name: DD_CONTAINER_LIFECYCLE_ENABLED value: "true" - name: DD_ORCHESTRATOR_EXPLORER_ENABLED @@ -131,27 +114,8 @@ spec: value: "true" - name: DD_KUBELET_CORE_CHECK_ENABLED value: "true" - volumeMounts: - - name: logdatadog - mountPath: /var/log/datadog - readOnly: false # Need RW to write logs - - name: installinfo - subPath: install_info - mountPath: /etc/datadog-agent/install_info - readOnly: true - - name: tmpdir - mountPath: /tmp - readOnly: false # Need RW to write to /tmp directory - - - name: config - mountPath: /etc/datadog-agent - readOnly: false # Need RW to mount to config path - - name: auth-token - mountPath: /etc/datadog-agent/auth - readOnly: false # Need RW to write auth token - - - name: kubelet-cert-volume - mountPath: /certs + image: gcr.io/datadoghq/agent:7.63.0 + imagePullPolicy: IfNotPresent livenessProbe: failureThreshold: 6 httpGet: @@ -162,6 +126,11 @@ spec: periodSeconds: 15 successThreshold: 1 timeoutSeconds: 5 + name: agent + ports: + - containerPort: 8125 + name: dogstatsdport + protocol: UDP readinessProbe: failureThreshold: 6 httpGet: @@ -172,6 +141,7 @@ spec: periodSeconds: 15 successThreshold: 1 timeoutSeconds: 5 + resources: {} startupProbe: failureThreshold: 6 httpGet: @@ -182,41 +152,54 @@ spec: periodSeconds: 15 successThreshold: 1 timeoutSeconds: 5 + volumeMounts: + - mountPath: /var/log/datadog + name: logdatadog + readOnly: false + - mountPath: /etc/datadog-agent/install_info + name: installinfo + readOnly: true + subPath: install_info + - mountPath: /tmp + name: tmpdir + readOnly: false + - mountPath: /etc/datadog-agent + name: config + readOnly: false + - mountPath: /etc/datadog-agent/auth + name: auth-token + readOnly: false + - mountPath: /certs + name: kubelet-cert-volume initContainers: - - name: init-volume - image: "gcr.io/datadoghq/agent:7.63.0" - imagePullPolicy: IfNotPresent - command: ["bash", "-c"] - args: + - args: - cp -r /etc/datadog-agent /opt - volumeMounts: - - name: config - mountPath: /opt/datadog-agent - readOnly: false # Need RW for config path - resources: {} - - name: init-config - image: "gcr.io/datadoghq/agent:7.63.0" - imagePullPolicy: IfNotPresent command: - bash - -c - args: - - for script in $(find /etc/cont-init.d/ -type f -name '*.sh' | sort) ; do bash $script ; done + image: gcr.io/datadoghq/agent:7.63.0 + imagePullPolicy: IfNotPresent + name: init-volume + resources: {} volumeMounts: - - name: config - mountPath: /etc/datadog-agent - readOnly: false # Need RW for config path + - mountPath: /opt/datadog-agent + name: config + readOnly: false + - args: + - for script in $(find /etc/cont-init.d/ -type f -name '*.sh' | sort) ; do bash $script ; done + command: + - bash + - -c env: - name: DD_API_KEY valueFrom: secretKeyRef: - name: "datadog-secret" key: api-key + name: datadog-secret - name: DD_REMOTE_CONFIGURATION_ENABLED value: "false" - name: DD_AUTH_TOKEN_FILE_PATH value: /etc/datadog-agent/auth/token - - name: KUBERNETES value: "yes" - name: DD_KUBELET_CLIENT_CRT @@ -237,37 +220,44 @@ spec: apiVersion: v1 fieldPath: spec.nodeName - name: DD_HOSTNAME - value: "$(DD_NODE_NAME)-$(DD_CLUSTER_NAME)" + value: $(DD_NODE_NAME)-$(DD_CLUSTER_NAME) - name: DD_OTLP_CONFIG_LOGS_ENABLED value: "false" - name: DD_PROVIDER_KIND value: gke-gdc + image: gcr.io/datadoghq/agent:7.63.0 + imagePullPolicy: IfNotPresent + name: init-config resources: {} + volumeMounts: + - mountPath: /etc/datadog-agent + name: config + readOnly: false + nodeSelector: + kubernetes.io/os: linux + securityContext: + runAsUser: 0 + serviceAccountName: datadog + tolerations: null volumes: - - name: auth-token - emptyDir: {} - - name: installinfo - configMap: + - emptyDir: {} + name: auth-token + - configMap: name: datadog-installinfo - - name: config - emptyDir: {} - - - name: logdatadog - emptyDir: {} - - name: tmpdir - emptyDir: {} - - name: s6-run - emptyDir: {} - - secret: + name: installinfo + - emptyDir: {} + name: config + - emptyDir: {} + name: logdatadog + - emptyDir: {} + name: tmpdir + - emptyDir: {} + name: s6-run + - name: kubelet-cert-volume + secret: secretName: datadog-kubelet-cert - name: kubelet-cert-volume - tolerations: - affinity: {} - serviceAccountName: "datadog" - automountServiceAccountToken: true - nodeSelector: - kubernetes.io/os: linux updateStrategy: rollingUpdate: maxUnavailable: 10% type: RollingUpdate +--- diff --git a/test/datadog/baseline/gdc_daemonset_logs_collection.yaml b/test/datadog/baseline/gdc_daemonset_logs_collection.yaml index 7319c767d..56f03f96a 100644 --- a/test/datadog/baseline/gdc_daemonset_logs_collection.yaml +++ b/test/datadog/baseline/gdc_daemonset_logs_collection.yaml @@ -1,18 +1,15 @@ ---- -# Source: datadog/templates/daemonset.yaml apiVersion: apps/v1 kind: DaemonSet metadata: - name: datadog - namespace: datadog-agent labels: - helm.sh/chart: "datadog-3.98.1" - app.kubernetes.io/name: "datadog" - app.kubernetes.io/instance: "datadog" + app.kubernetes.io/component: agent + app.kubernetes.io/instance: datadog app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: datadog app.kubernetes.io/version: "7" - app.kubernetes.io/component: agent env.datadoghq.com/kind: gke-gdc + name: datadog + namespace: datadog-agent spec: revisionHistoryLimit: 10 selector: @@ -20,46 +17,33 @@ spec: app: datadog template: metadata: + annotations: {} labels: - app.kubernetes.io/name: "datadog" - app.kubernetes.io/instance: "datadog" - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/component: agent admission.datadoghq.com/enabled: "false" app: datadog + app.kubernetes.io/component: agent + app.kubernetes.io/instance: datadog + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: datadog env.datadoghq.com/kind: gke-gdc name: datadog - annotations: - checksum/clusteragent_token: 67ca9b57ce1091cf08a3a16210f0f577f88e46f63bb06bba49d72d6f310d2156 - checksum/install_info: 5dc2ee139450be3da942ecdcd059c0481d4422714c642d6592cba7c2779ee0f4 - checksum/autoconf-config: 74234e98afe7498fb5daf1f36ac2d78acc339464f950703b8c019892f982b90b - checksum/confd-config: 44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a - checksum/checksd-config: 44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a spec: - securityContext: - runAsUser: 0 + affinity: {} + automountServiceAccountToken: true containers: - - name: agent - image: "gcr.io/datadoghq/agent:7.63.0" - imagePullPolicy: IfNotPresent - command: ["agent", "run"] - - resources: {} - ports: - - containerPort: 8125 - name: dogstatsdport - protocol: UDP + - command: + - agent + - run env: - name: DD_API_KEY valueFrom: secretKeyRef: - name: "datadog-secret" key: api-key + name: datadog-secret - name: DD_REMOTE_CONFIGURATION_ENABLED value: "false" - name: DD_AUTH_TOKEN_FILE_PATH value: /etc/datadog-agent/auth/token - - name: KUBERNETES value: "yes" - name: DD_KUBELET_CLIENT_CRT @@ -80,20 +64,19 @@ spec: apiVersion: v1 fieldPath: spec.nodeName - name: DD_HOSTNAME - value: "$(DD_NODE_NAME)-$(DD_CLUSTER_NAME)" + value: $(DD_NODE_NAME)-$(DD_CLUSTER_NAME) - name: DD_OTLP_CONFIG_LOGS_ENABLED value: "false" - name: DD_PROVIDER_KIND value: gke-gdc - - name: DD_LOG_LEVEL - value: "INFO" + value: INFO - name: DD_DOGSTATSD_PORT value: "8125" - name: DD_DOGSTATSD_NON_LOCAL_TRAFFIC value: "true" - name: DD_DOGSTATSD_TAG_CARDINALITY - value: "low" + value: low - name: DD_CLUSTER_AGENT_ENABLED value: "true" - name: DD_CLUSTER_AGENT_KUBERNETES_SERVICE_NAME @@ -101,8 +84,8 @@ spec: - name: DD_CLUSTER_AGENT_AUTH_TOKEN valueFrom: secretKeyRef: - name: datadog-cluster-agent key: token + name: datadog-cluster-agent - name: DD_APM_ENABLED value: "false" - name: DD_LOGS_ENABLED @@ -116,9 +99,9 @@ spec: - name: DD_HEALTH_PORT value: "5555" - name: DD_EXTRA_CONFIG_PROVIDERS - value: "clusterchecks endpointschecks" + value: clusterchecks endpointschecks - name: DD_IGNORE_AUTOCONF - value: "kubernetes_state" + value: kubernetes_state - name: DD_CONTAINER_LIFECYCLE_ENABLED value: "true" - name: DD_ORCHESTRATOR_EXPLORER_ENABLED @@ -131,39 +114,8 @@ spec: value: "true" - name: DD_KUBELET_CORE_CHECK_ENABLED value: "true" - volumeMounts: - - name: logdatadog - mountPath: /var/log/datadog - readOnly: false # Need RW to write logs - - name: installinfo - subPath: install_info - mountPath: /etc/datadog-agent/install_info - readOnly: true - - name: tmpdir - mountPath: /tmp - readOnly: false # Need RW to write to /tmp directory - - - name: config - mountPath: /etc/datadog-agent - readOnly: false # Need RW to mount to config path - - name: auth-token - mountPath: /etc/datadog-agent/auth - readOnly: false # Need RW to write auth token - - - name: pointerdir - mountPath: /opt/datadog-agent/run - mountPropagation: None - readOnly: false # Need RW for logs pointer - - name: logpodpath - mountPath: /var/log/pods - mountPropagation: None - readOnly: true - - name: logscontainerspath - mountPath: /var/log/containers - mountPropagation: None - readOnly: true - - name: kubelet-cert-volume - mountPath: /certs + image: gcr.io/datadoghq/agent:7.63.0 + imagePullPolicy: IfNotPresent livenessProbe: failureThreshold: 6 httpGet: @@ -174,6 +126,11 @@ spec: periodSeconds: 15 successThreshold: 1 timeoutSeconds: 5 + name: agent + ports: + - containerPort: 8125 + name: dogstatsdport + protocol: UDP readinessProbe: failureThreshold: 6 httpGet: @@ -184,6 +141,7 @@ spec: periodSeconds: 15 successThreshold: 1 timeoutSeconds: 5 + resources: {} startupProbe: failureThreshold: 6 httpGet: @@ -194,41 +152,66 @@ spec: periodSeconds: 15 successThreshold: 1 timeoutSeconds: 5 + volumeMounts: + - mountPath: /var/log/datadog + name: logdatadog + readOnly: false + - mountPath: /etc/datadog-agent/install_info + name: installinfo + readOnly: true + subPath: install_info + - mountPath: /tmp + name: tmpdir + readOnly: false + - mountPath: /etc/datadog-agent + name: config + readOnly: false + - mountPath: /etc/datadog-agent/auth + name: auth-token + readOnly: false + - mountPath: /opt/datadog-agent/run + mountPropagation: None + name: pointerdir + readOnly: false + - mountPath: /var/log/pods + mountPropagation: None + name: logpodpath + readOnly: true + - mountPath: /var/log/containers + mountPropagation: None + name: logscontainerspath + readOnly: true + - mountPath: /certs + name: kubelet-cert-volume initContainers: - - name: init-volume - image: "gcr.io/datadoghq/agent:7.63.0" - imagePullPolicy: IfNotPresent - command: ["bash", "-c"] - args: + - args: - cp -r /etc/datadog-agent /opt - volumeMounts: - - name: config - mountPath: /opt/datadog-agent - readOnly: false # Need RW for config path - resources: {} - - name: init-config - image: "gcr.io/datadoghq/agent:7.63.0" - imagePullPolicy: IfNotPresent command: - bash - -c - args: - - for script in $(find /etc/cont-init.d/ -type f -name '*.sh' | sort) ; do bash $script ; done + image: gcr.io/datadoghq/agent:7.63.0 + imagePullPolicy: IfNotPresent + name: init-volume + resources: {} volumeMounts: - - name: config - mountPath: /etc/datadog-agent - readOnly: false # Need RW for config path + - mountPath: /opt/datadog-agent + name: config + readOnly: false + - args: + - for script in $(find /etc/cont-init.d/ -type f -name '*.sh' | sort) ; do bash $script ; done + command: + - bash + - -c env: - name: DD_API_KEY valueFrom: secretKeyRef: - name: "datadog-secret" key: api-key + name: datadog-secret - name: DD_REMOTE_CONFIGURATION_ENABLED value: "false" - name: DD_AUTH_TOKEN_FILE_PATH value: /etc/datadog-agent/auth/token - - name: KUBERNETES value: "yes" - name: DD_KUBELET_CLIENT_CRT @@ -249,27 +232,39 @@ spec: apiVersion: v1 fieldPath: spec.nodeName - name: DD_HOSTNAME - value: "$(DD_NODE_NAME)-$(DD_CLUSTER_NAME)" + value: $(DD_NODE_NAME)-$(DD_CLUSTER_NAME) - name: DD_OTLP_CONFIG_LOGS_ENABLED value: "false" - name: DD_PROVIDER_KIND value: gke-gdc + image: gcr.io/datadoghq/agent:7.63.0 + imagePullPolicy: IfNotPresent + name: init-config resources: {} + volumeMounts: + - mountPath: /etc/datadog-agent + name: config + readOnly: false + nodeSelector: + kubernetes.io/os: linux + securityContext: + runAsUser: 0 + serviceAccountName: datadog + tolerations: null volumes: - - name: auth-token - emptyDir: {} - - name: installinfo - configMap: + - emptyDir: {} + name: auth-token + - configMap: name: datadog-installinfo - - name: config - emptyDir: {} - - - name: logdatadog - emptyDir: {} - - name: tmpdir - emptyDir: {} - - name: s6-run - emptyDir: {} + name: installinfo + - emptyDir: {} + name: config + - emptyDir: {} + name: logdatadog + - emptyDir: {} + name: tmpdir + - emptyDir: {} + name: s6-run - hostPath: path: /var/datadog/logs name: pointerdir @@ -279,16 +274,11 @@ spec: - hostPath: path: /var/log/containers name: logscontainerspath - - secret: + - name: kubelet-cert-volume + secret: secretName: datadog-kubelet-cert - name: kubelet-cert-volume - tolerations: - affinity: {} - serviceAccountName: "datadog" - automountServiceAccountToken: true - nodeSelector: - kubernetes.io/os: linux updateStrategy: rollingUpdate: maxUnavailable: 10% type: RollingUpdate +--- diff --git a/test/datadog/baseline/other_default.yaml b/test/datadog/baseline/other_default.yaml index 7037a8e28..adf722fc6 100644 --- a/test/datadog/baseline/other_default.yaml +++ b/test/datadog/baseline/other_default.yaml @@ -1,121 +1,98 @@ ---- -# Source: datadog/templates/agent-clusterchecks-pdb.yaml -apiVersion: "policy/v1" +apiVersion: policy/v1 kind: PodDisruptionBudget metadata: - name: datadog-clusterchecks - namespace: datadog-agent labels: - helm.sh/chart: "datadog-3.98.1" - app.kubernetes.io/name: "datadog" - app.kubernetes.io/instance: "datadog" + app.kubernetes.io/instance: datadog app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: datadog app.kubernetes.io/version: "7" + name: datadog-clusterchecks + namespace: datadog-agent spec: maxUnavailable: 1 selector: matchLabels: app: datadog-clusterchecks --- -# Source: datadog/templates/cluster-agent-pdb.yaml -apiVersion: "policy/v1" +apiVersion: policy/v1 kind: PodDisruptionBudget metadata: - name: datadog-cluster-agent - namespace: datadog-agent labels: - helm.sh/chart: "datadog-3.98.1" - app.kubernetes.io/name: "datadog" - app.kubernetes.io/instance: "datadog" + app.kubernetes.io/instance: datadog app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: datadog app.kubernetes.io/version: "7" + name: datadog-cluster-agent + namespace: datadog-agent spec: minAvailable: 1 selector: matchLabels: app: datadog-cluster-agent --- -# Source: datadog/templates/agent-clusterchecks-rbac.yaml apiVersion: v1 -kind: ServiceAccount automountServiceAccountToken: true +kind: ServiceAccount metadata: labels: - helm.sh/chart: "datadog-3.98.1" - app.kubernetes.io/name: "datadog" - app.kubernetes.io/instance: "datadog" + app: datadog + app.kubernetes.io/instance: datadog app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: datadog app.kubernetes.io/version: "7" - app: "datadog" - chart: "datadog-3.98.1" - heritage: "Helm" - release: "datadog" + heritage: Helm + release: datadog name: datadog-cluster-checks namespace: datadog-agent --- -# Source: datadog/templates/cluster-agent-rbac.yaml apiVersion: v1 -kind: ServiceAccount automountServiceAccountToken: true +kind: ServiceAccount metadata: labels: - app: "datadog" - chart: "datadog-3.98.1" - heritage: "Helm" - release: "datadog" - helm.sh/chart: "datadog-3.98.1" - app.kubernetes.io/name: "datadog" - app.kubernetes.io/instance: "datadog" + app: datadog + app.kubernetes.io/instance: datadog app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: datadog app.kubernetes.io/version: "7" + heritage: Helm + release: datadog name: datadog-cluster-agent namespace: datadog-agent --- -# Source: datadog/templates/rbac.yaml apiVersion: v1 -kind: ServiceAccount automountServiceAccountToken: true +kind: ServiceAccount metadata: - name: datadog - namespace: datadog-agent labels: - helm.sh/chart: "datadog-3.98.1" - app.kubernetes.io/name: "datadog" - app.kubernetes.io/instance: "datadog" + app.kubernetes.io/instance: datadog app.kubernetes.io/managed-by: Helm - app.kubernetes.io/version: "7" # end range $role := .Values.datadog.secretBackend.roles + app.kubernetes.io/name: datadog + app.kubernetes.io/version: "7" + name: datadog + namespace: datadog-agent --- -# Source: datadog/templates/secret-cluster-agent-token.yaml apiVersion: v1 +data: {} kind: Secret metadata: - name: datadog-cluster-agent - namespace: datadog-agent labels: - helm.sh/chart: "datadog-3.98.1" - app.kubernetes.io/name: "datadog" - app.kubernetes.io/instance: "datadog" + app.kubernetes.io/instance: datadog app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: datadog app.kubernetes.io/version: "7" + name: datadog-cluster-agent + namespace: datadog-agent type: Opaque -data: - token: "U3FUdGNaRjdQS25YVUh4UWpDSXJnMlYxdU01YTBDRWg=" --- -# Source: datadog/templates/cluster-agent-confd-configmap.yaml apiVersion: v1 -kind: ConfigMap -metadata: - name: datadog-cluster-agent-confd - namespace: datadog-agent - labels: - helm.sh/chart: "datadog-3.98.1" - app.kubernetes.io/name: "datadog" - app.kubernetes.io/instance: "datadog" - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/version: "7" - annotations: - checksum/confd-config: 44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a data: + kubernetes_apiserver.yaml: |- + init_config: + instances: + - + filtering_enabled: false + unbundle_events: false kubernetes_state_core.yaml.default: |- cluster_check: true init_config: @@ -149,62 +126,50 @@ data: {} annotations_as_tags: {} - - kubernetes_apiserver.yaml: |- - init_config: - instances: - - - filtering_enabled: false - unbundle_events: false ---- -# Source: datadog/templates/install_info-configmap.yaml -apiVersion: v1 kind: ConfigMap metadata: - name: datadog-installinfo - namespace: datadog-agent + annotations: {} labels: - helm.sh/chart: "datadog-3.98.1" - app.kubernetes.io/name: "datadog" - app.kubernetes.io/instance: "datadog" + app.kubernetes.io/instance: datadog app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: datadog app.kubernetes.io/version: "7" - annotations: - checksum/install_info: 5dc2ee139450be3da942ecdcd059c0481d4422714c642d6592cba7c2779ee0f4 -data: - install_info: | - --- - install_method: - tool: helm - tool_version: Helm - installer_version: datadog-3.98.1 + name: datadog-cluster-agent-confd + namespace: datadog-agent --- -# Source: datadog/templates/kpi-telemetry-configmap.yaml apiVersion: v1 +data: {} kind: ConfigMap metadata: - name: datadog-kpi-telemetry-configmap - namespace: datadog-agent + annotations: {} labels: - helm.sh/chart: "datadog-3.98.1" - app.kubernetes.io/name: "datadog" - app.kubernetes.io/instance: "datadog" + app.kubernetes.io/instance: datadog app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: datadog app.kubernetes.io/version: "7" + name: datadog-installinfo + namespace: datadog-agent +--- +apiVersion: v1 data: install_type: k8s_manual - install_id: "56783c40-abe4-4174-8a26-48b1117749c3" - install_time: "1740589525" +kind: ConfigMap +metadata: + labels: + app.kubernetes.io/instance: datadog + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: datadog + app.kubernetes.io/version: "7" + name: datadog-kpi-telemetry-configmap + namespace: datadog-agent --- -# Source: datadog/templates/cluster-agent-rbac.yaml -apiVersion: "rbac.authorization.k8s.io/v1" +apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole metadata: labels: - helm.sh/chart: "datadog-3.98.1" - app.kubernetes.io/name: "datadog" - app.kubernetes.io/instance: "datadog" + app.kubernetes.io/instance: datadog app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: datadog app.kubernetes.io/version: "7" name: datadog-cluster-agent rules: @@ -232,21 +197,22 @@ rules: - watch - create - apiGroups: - - "discovery.k8s.io" + - discovery.k8s.io resources: - endpointslices verbs: - get - list - watch - - apiGroups: ["quota.openshift.io"] + - apiGroups: + - quota.openshift.io resources: - clusterresourcequotas verbs: - get - list - apiGroups: - - "autoscaling" + - autoscaling resources: - horizontalpodautoscalers verbs: @@ -254,40 +220,40 @@ rules: - watch - apiGroups: - "" + resourceNames: + - datadogtoken + - datadogtoken resources: - configmaps - resourceNames: - - datadogtoken # Kubernetes event collection state - - datadogtoken # Kept for backward compatibility with agent <7.37.0 verbs: - get - update - apiGroups: - "" + resourceNames: + - datadog-leader-election + - datadog-leader-election resources: - configmaps - resourceNames: - - datadog-leader-election # Leader election token - - datadog-leader-election # Kept for backward compatibility with agent <7.37.0 verbs: - get - update - apiGroups: - - "coordination.k8s.io" + - coordination.k8s.io + resourceNames: + - datadog-leader-election resources: - leases - resourceNames: - - datadog-leader-election # Leader election token verbs: - get - update - apiGroups: - - "coordination.k8s.io" + - coordination.k8s.io resources: - leases verbs: - create - - apiGroups: # To create the leader election token and hpa events + - apiGroups: - "" resources: - configmaps @@ -295,24 +261,24 @@ rules: verbs: - create - nonResourceURLs: - - "/version" - - "/healthz" + - /version + - /healthz verbs: - get - - apiGroups: # to get the kube-system namespace UID and generate a cluster ID + - apiGroups: - "" + resourceNames: + - kube-system resources: - namespaces - resourceNames: - - "kube-system" verbs: - get - - apiGroups: # To create the cluster-id configmap + - apiGroups: - "" + resourceNames: + - datadog-cluster-id resources: - configmaps - resourceNames: - - "datadog-cluster-id" verbs: - create - get @@ -328,7 +294,7 @@ rules: - get - watch - apiGroups: - - "apps" + - apps resources: - deployments - replicasets @@ -339,7 +305,7 @@ rules: - get - watch - apiGroups: - - "batch" + - batch resources: - cronjobs - jobs @@ -357,7 +323,7 @@ rules: - get - watch - apiGroups: - - "rbac.authorization.k8s.io" + - rbac.authorization.k8s.io resources: - roles - rolebindings @@ -368,7 +334,7 @@ rules: - get - watch - apiGroups: - - "storage.k8s.io" + - storage.k8s.io resources: - storageclasses verbs: @@ -393,43 +359,57 @@ rules: - watch - apiGroups: - admissionregistration.k8s.io + resourceNames: + - datadog-webhook resources: - validatingwebhookconfigurations - mutatingwebhookconfigurations - resourceNames: - - "datadog-webhook" - verbs: ["get", "list", "watch", "update", "delete"] + verbs: + - get + - list + - watch + - update + - delete - apiGroups: - admissionregistration.k8s.io resources: - validatingwebhookconfigurations - mutatingwebhookconfigurations - verbs: ["create"] - - apiGroups: ["batch"] - resources: ["jobs", "cronjobs"] - verbs: ["get"] - - apiGroups: ["apps"] - resources: ["statefulsets", "replicasets", "deployments", "daemonsets"] - verbs: ["get"] + verbs: + - create - apiGroups: - - "security.openshift.io" + - batch resources: - - securitycontextconstraints + - jobs + - cronjobs verbs: - - use + - get + - apiGroups: + - apps + resources: + - statefulsets + - replicasets + - deployments + - daemonsets + verbs: + - get + - apiGroups: + - security.openshift.io resourceNames: - datadog-cluster-agent - hostnetwork + resources: + - securitycontextconstraints + verbs: + - use --- -# Source: datadog/templates/kube-state-metrics-core-rbac.yaml -apiVersion: "rbac.authorization.k8s.io/v1" +apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole metadata: labels: - helm.sh/chart: "datadog-3.98.1" - app.kubernetes.io/name: "datadog" - app.kubernetes.io/instance: "datadog" + app.kubernetes.io/instance: datadog app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: datadog app.kubernetes.io/version: "7" name: datadog-ksm-core rules: @@ -516,24 +496,22 @@ rules: - list - watch --- -# Source: datadog/templates/rbac.yaml -apiVersion: "rbac.authorization.k8s.io/v1" +apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole metadata: - name: datadog labels: - helm.sh/chart: "datadog-3.98.1" - app.kubernetes.io/name: "datadog" - app.kubernetes.io/instance: "datadog" + app.kubernetes.io/instance: datadog app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: datadog app.kubernetes.io/version: "7" + name: datadog rules: - nonResourceURLs: - - "/metrics" - - "/metrics/slis" + - /metrics + - /metrics/slis verbs: - get - - apiGroups: # Kubelet connectivity + - apiGroups: - "" resources: - nodes/metrics @@ -542,45 +520,43 @@ rules: - nodes/stats verbs: - get - - apiGroups: # leader election check + - apiGroups: - "" resources: - endpoints verbs: - get - apiGroups: - - "security.openshift.io" - resources: - - securitycontextconstraints - verbs: - - use + - security.openshift.io resourceNames: - datadog - hostaccess - privileged - - apiGroups: # leader election check - - "coordination.k8s.io" + resources: + - securitycontextconstraints + verbs: + - use + - apiGroups: + - coordination.k8s.io resources: - leases verbs: - get - - apiGroups: # EKS kube_scheduler and kube_controller_manager control plane metrics - - "metrics.eks.amazonaws.com" + - apiGroups: + - metrics.eks.amazonaws.com resources: - kcm/metrics - ksh/metrics verbs: - get --- -# Source: datadog/templates/agent-clusterchecks-rbac.yaml -apiVersion: "rbac.authorization.k8s.io/v1" +apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRoleBinding metadata: labels: - helm.sh/chart: "datadog-3.98.1" - app.kubernetes.io/name: "datadog" - app.kubernetes.io/instance: "datadog" + app.kubernetes.io/instance: datadog app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: datadog app.kubernetes.io/version: "7" name: datadog-cluster-checks roleRef: @@ -592,15 +568,13 @@ subjects: name: datadog-cluster-checks namespace: datadog-agent --- -# Source: datadog/templates/cluster-agent-rbac.yaml -apiVersion: "rbac.authorization.k8s.io/v1" +apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRoleBinding metadata: labels: - helm.sh/chart: "datadog-3.98.1" - app.kubernetes.io/name: "datadog" - app.kubernetes.io/instance: "datadog" + app.kubernetes.io/instance: datadog app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: datadog app.kubernetes.io/version: "7" name: datadog-cluster-agent roleRef: @@ -612,15 +586,13 @@ subjects: name: datadog-cluster-agent namespace: datadog-agent --- -# Source: datadog/templates/kube-state-metrics-core-rbac.yaml -apiVersion: "rbac.authorization.k8s.io/v1" +apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRoleBinding metadata: labels: - helm.sh/chart: "datadog-3.98.1" - app.kubernetes.io/name: "datadog" - app.kubernetes.io/instance: "datadog" + app.kubernetes.io/instance: datadog app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: datadog app.kubernetes.io/version: "7" name: datadog-ksm-core roleRef: @@ -632,17 +604,15 @@ subjects: name: datadog-cluster-checks namespace: datadog-agent --- -# Source: datadog/templates/rbac.yaml -apiVersion: "rbac.authorization.k8s.io/v1" +apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRoleBinding metadata: - name: datadog labels: - helm.sh/chart: "datadog-3.98.1" - app.kubernetes.io/name: "datadog" - app.kubernetes.io/instance: "datadog" + app.kubernetes.io/instance: datadog app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: datadog app.kubernetes.io/version: "7" + name: datadog roleRef: apiGroup: rbac.authorization.k8s.io kind: ClusterRole @@ -652,32 +622,35 @@ subjects: name: datadog namespace: datadog-agent --- -# Source: datadog/templates/cluster-agent-rbac.yaml -apiVersion: "rbac.authorization.k8s.io/v1" +apiVersion: rbac.authorization.k8s.io/v1 kind: Role metadata: labels: - helm.sh/chart: "datadog-3.98.1" - app.kubernetes.io/name: "datadog" - app.kubernetes.io/instance: "datadog" + app.kubernetes.io/instance: datadog app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: datadog app.kubernetes.io/version: "7" name: datadog-cluster-agent-main namespace: datadog-agent rules: - - apiGroups: [""] - resources: ["secrets"] - verbs: ["get", "list", "watch", "update", "create"] + - apiGroups: + - "" + resources: + - secrets + verbs: + - get + - list + - watch + - update + - create --- -# Source: datadog/templates/dca-helm-values-rbac.yaml -apiVersion: "rbac.authorization.k8s.io/v1" +apiVersion: rbac.authorization.k8s.io/v1 kind: Role metadata: labels: - helm.sh/chart: "datadog-3.98.1" - app.kubernetes.io/name: "datadog" - app.kubernetes.io/instance: "datadog" + app.kubernetes.io/instance: datadog app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: datadog app.kubernetes.io/version: "7" name: datadog-dca-flare namespace: datadog-agent @@ -691,17 +664,15 @@ rules: - get - list --- -# Source: datadog/templates/cluster-agent-rbac.yaml -apiVersion: "rbac.authorization.k8s.io/v1" +apiVersion: rbac.authorization.k8s.io/v1 kind: RoleBinding metadata: labels: - helm.sh/chart: "datadog-3.98.1" - app.kubernetes.io/name: "datadog" - app.kubernetes.io/instance: "datadog" + app.kubernetes.io/instance: datadog app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: datadog app.kubernetes.io/version: "7" - name: "datadog-cluster-agent-main" + name: datadog-cluster-agent-main namespace: datadog-agent roleRef: apiGroup: rbac.authorization.k8s.io @@ -712,15 +683,13 @@ subjects: name: datadog-cluster-agent namespace: datadog-agent --- -# Source: datadog/templates/dca-helm-values-rbac.yaml -apiVersion: "rbac.authorization.k8s.io/v1" +apiVersion: rbac.authorization.k8s.io/v1 kind: RoleBinding metadata: labels: - helm.sh/chart: "datadog-3.98.1" - app.kubernetes.io/name: "datadog" - app.kubernetes.io/instance: "datadog" + app.kubernetes.io/instance: datadog app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: datadog app.kubernetes.io/version: "7" name: datadog-dca-flare namespace: datadog-agent @@ -733,97 +702,85 @@ subjects: name: datadog-cluster-agent namespace: datadog-agent --- -# Source: datadog/templates/agent-services.yaml apiVersion: v1 kind: Service metadata: - name: datadog-cluster-agent - namespace: datadog-agent labels: - helm.sh/chart: "datadog-3.98.1" - app.kubernetes.io/name: "datadog" - app.kubernetes.io/instance: "datadog" + app.kubernetes.io/instance: datadog app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: datadog app.kubernetes.io/version: "7" + name: datadog-cluster-agent + namespace: datadog-agent spec: - type: ClusterIP - selector: - app: datadog-cluster-agent ports: - - port: 5005 - name: agentport + - name: agentport + port: 5005 protocol: TCP + selector: + app: datadog-cluster-agent + type: ClusterIP --- -# Source: datadog/templates/agent-services.yaml apiVersion: v1 kind: Service metadata: - name: datadog-cluster-agent-admission-controller - namespace: datadog-agent labels: - app: "datadog" - chart: "datadog-3.98.1" - release: "datadog" - heritage: "Helm" - helm.sh/chart: "datadog-3.98.1" - app.kubernetes.io/name: "datadog" - app.kubernetes.io/instance: "datadog" + app: datadog + app.kubernetes.io/instance: datadog app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: datadog app.kubernetes.io/version: "7" + heritage: Helm + release: datadog + name: datadog-cluster-agent-admission-controller + namespace: datadog-agent spec: - selector: - app: datadog-cluster-agent ports: - - port: 443 - targetPort: 8000 - name: datadog-webhook + - name: datadog-webhook + port: 443 protocol: TCP + targetPort: 8000 + selector: + app: datadog-cluster-agent --- -# Source: datadog/templates/agent-services.yaml apiVersion: v1 kind: Service - metadata: - name: datadog - namespace: datadog-agent labels: - app: "datadog" - chart: "datadog-3.98.1" - release: "datadog" - heritage: "Helm" - helm.sh/chart: "datadog-3.98.1" - app.kubernetes.io/name: "datadog" - app.kubernetes.io/instance: "datadog" + app: datadog + app.kubernetes.io/instance: datadog app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: datadog app.kubernetes.io/version: "7" + heritage: Helm + release: datadog + name: datadog + namespace: datadog-agent spec: - selector: - app: datadog + internalTrafficPolicy: Local ports: - - protocol: UDP + - name: dogstatsdport port: 8125 + protocol: UDP targetPort: 8125 - name: dogstatsdport - - protocol: TCP + - name: traceport port: 8126 + protocol: TCP targetPort: 8126 - name: traceport - internalTrafficPolicy: Local + selector: + app: datadog --- -# Source: datadog/templates/daemonset.yaml apiVersion: apps/v1 kind: DaemonSet metadata: - name: datadog - namespace: datadog-agent labels: - helm.sh/chart: "datadog-3.98.1" - app.kubernetes.io/name: "datadog" - app.kubernetes.io/instance: "datadog" + app.kubernetes.io/component: agent + app.kubernetes.io/instance: datadog app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: datadog app.kubernetes.io/version: "7" - app.kubernetes.io/component: agent - + name: datadog + namespace: datadog-agent spec: revisionHistoryLimit: 10 selector: @@ -831,47 +788,32 @@ spec: app: datadog template: metadata: + annotations: {} labels: - app.kubernetes.io/name: "datadog" - app.kubernetes.io/instance: "datadog" - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/component: agent admission.datadoghq.com/enabled: "false" app: datadog - + app.kubernetes.io/component: agent + app.kubernetes.io/instance: datadog + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: datadog name: datadog - annotations: - checksum/clusteragent_token: b00bc32745e194c0e3d56bf1b877efc859958662d66bea1235dfb443734a9e2d - checksum/install_info: 5dc2ee139450be3da942ecdcd059c0481d4422714c642d6592cba7c2779ee0f4 - checksum/autoconf-config: 74234e98afe7498fb5daf1f36ac2d78acc339464f950703b8c019892f982b90b - checksum/confd-config: 44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a - checksum/checksd-config: 44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a spec: - securityContext: - runAsUser: 0 - hostPID: true + affinity: {} + automountServiceAccountToken: true containers: - - name: agent - image: "gcr.io/datadoghq/agent:7.63.0" - imagePullPolicy: IfNotPresent - command: ["agent", "run"] - - resources: {} - ports: - - containerPort: 8125 - name: dogstatsdport - protocol: UDP + - command: + - agent + - run env: - name: DD_API_KEY valueFrom: secretKeyRef: - name: "datadog-secret" key: api-key + name: datadog-secret - name: DD_REMOTE_CONFIGURATION_ENABLED value: "true" - name: DD_AUTH_TOKEN_FILE_PATH value: /etc/datadog-agent/auth/token - - name: KUBERNETES value: "yes" - name: DD_LANGUAGE_DETECTION_ENABLED @@ -884,7 +826,6 @@ spec: fieldPath: status.hostIP - name: DD_OTLP_CONFIG_LOGS_ENABLED value: "false" - - name: DD_PROCESS_CONFIG_PROCESS_COLLECTION_ENABLED value: "false" - name: DD_PROCESS_CONFIG_CONTAINER_COLLECTION_ENABLED @@ -896,13 +837,13 @@ spec: - name: DD_PROCESS_CONFIG_RUN_IN_CORE_AGENT_ENABLED value: "true" - name: DD_LOG_LEVEL - value: "INFO" + value: INFO - name: DD_DOGSTATSD_PORT value: "8125" - name: DD_DOGSTATSD_NON_LOCAL_TRAFFIC value: "true" - name: DD_DOGSTATSD_TAG_CARDINALITY - value: "low" + value: low - name: DD_CLUSTER_AGENT_ENABLED value: "true" - name: DD_CLUSTER_AGENT_KUBERNETES_SERVICE_NAME @@ -910,8 +851,8 @@ spec: - name: DD_CLUSTER_AGENT_AUTH_TOKEN valueFrom: secretKeyRef: - name: datadog-cluster-agent key: token + name: datadog-cluster-agent - name: DD_APM_ENABLED value: "true" - name: DD_LOGS_ENABLED @@ -925,12 +866,11 @@ spec: - name: DD_HEALTH_PORT value: "5555" - name: DD_DOGSTATSD_SOCKET - value: "/var/run/datadog/dsd.socket" + value: /var/run/datadog/dsd.socket - name: DD_EXTRA_CONFIG_PROVIDERS - value: "endpointschecks" - + value: endpointschecks - name: DD_IGNORE_AUTOCONF - value: "kubernetes_state" + value: kubernetes_state - name: DD_CONTAINER_LIFECYCLE_ENABLED value: "true" - name: DD_ORCHESTRATOR_EXPLORER_ENABLED @@ -943,47 +883,8 @@ spec: value: "true" - name: DD_KUBELET_CORE_CHECK_ENABLED value: "true" - volumeMounts: - - name: logdatadog - mountPath: /var/log/datadog - readOnly: false # Need RW to write logs - - name: installinfo - subPath: install_info - mountPath: /etc/datadog-agent/install_info - readOnly: true - - name: tmpdir - mountPath: /tmp - readOnly: false # Need RW to write to /tmp directory - - - name: os-release-file - mountPath: /host/etc/os-release - readOnly: true - - name: config - mountPath: /etc/datadog-agent - readOnly: false # Need RW to mount to config path - - name: auth-token - mountPath: /etc/datadog-agent/auth - readOnly: false # Need RW to write auth token - - - name: runtimesocketdir - mountPath: /host/var/run - mountPropagation: None - readOnly: true - - - name: dsdsocket - mountPath: /var/run/datadog - readOnly: false - - name: procdir - mountPath: /host/proc - mountPropagation: None - readOnly: true - - name: cgroups - mountPath: /host/sys/fs/cgroup - mountPropagation: None - readOnly: true - - name: passwd - mountPath: /etc/passwd - readOnly: true + image: gcr.io/datadoghq/agent:7.63.0 + imagePullPolicy: IfNotPresent livenessProbe: failureThreshold: 6 httpGet: @@ -994,6 +895,11 @@ spec: periodSeconds: 15 successThreshold: 1 timeoutSeconds: 5 + name: agent + ports: + - containerPort: 8125 + name: dogstatsdport + protocol: UDP readinessProbe: failureThreshold: 6 httpGet: @@ -1004,6 +910,7 @@ spec: periodSeconds: 15 successThreshold: 1 timeoutSeconds: 5 + resources: {} startupProbe: failureThreshold: 6 httpGet: @@ -1014,26 +921,57 @@ spec: periodSeconds: 15 successThreshold: 1 timeoutSeconds: 5 - - name: trace-agent - image: "gcr.io/datadoghq/agent:7.63.0" - imagePullPolicy: IfNotPresent - command: ["trace-agent", "-config=/etc/datadog-agent/datadog.yaml"] - resources: {} - ports: - - containerPort: 8126 - name: traceport - protocol: TCP + volumeMounts: + - mountPath: /var/log/datadog + name: logdatadog + readOnly: false + - mountPath: /etc/datadog-agent/install_info + name: installinfo + readOnly: true + subPath: install_info + - mountPath: /tmp + name: tmpdir + readOnly: false + - mountPath: /host/etc/os-release + name: os-release-file + readOnly: true + - mountPath: /etc/datadog-agent + name: config + readOnly: false + - mountPath: /etc/datadog-agent/auth + name: auth-token + readOnly: false + - mountPath: /host/var/run + mountPropagation: None + name: runtimesocketdir + readOnly: true + - mountPath: /var/run/datadog + name: dsdsocket + readOnly: false + - mountPath: /host/proc + mountPropagation: None + name: procdir + readOnly: true + - mountPath: /host/sys/fs/cgroup + mountPropagation: None + name: cgroups + readOnly: true + - mountPath: /etc/passwd + name: passwd + readOnly: true + - command: + - trace-agent + - -config=/etc/datadog-agent/datadog.yaml env: - name: DD_API_KEY valueFrom: secretKeyRef: - name: "datadog-secret" key: api-key + name: datadog-secret - name: DD_REMOTE_CONFIGURATION_ENABLED value: "true" - name: DD_AUTH_TOKEN_FILE_PATH value: /etc/datadog-agent/auth/token - - name: KUBERNETES value: "yes" - name: DD_LANGUAGE_DETECTION_ENABLED @@ -1046,7 +984,6 @@ spec: fieldPath: status.hostIP - name: DD_OTLP_CONFIG_LOGS_ENABLED value: "false" - - name: DD_CLUSTER_AGENT_ENABLED value: "true" - name: DD_CLUSTER_AGENT_KUBERNETES_SERVICE_NAME @@ -1054,11 +991,10 @@ spec: - name: DD_CLUSTER_AGENT_AUTH_TOKEN valueFrom: secretKeyRef: - name: datadog-cluster-agent key: token - + name: datadog-cluster-agent - name: DD_LOG_LEVEL - value: "INFO" + value: INFO - name: DD_APM_ENABLED value: "true" - name: DD_APM_NON_LOCAL_TRAFFIC @@ -1066,107 +1002,96 @@ spec: - name: DD_APM_RECEIVER_PORT value: "8126" - name: DD_APM_RECEIVER_SOCKET - value: "/var/run/datadog/apm.socket" + value: /var/run/datadog/apm.socket - name: DD_DOGSTATSD_SOCKET - value: "/var/run/datadog/dsd.socket" + value: /var/run/datadog/dsd.socket - name: DD_INSTRUMENTATION_INSTALL_TIME valueFrom: configMapKeyRef: - name: datadog-kpi-telemetry-configmap key: install_time + name: datadog-kpi-telemetry-configmap - name: DD_INSTRUMENTATION_INSTALL_ID valueFrom: configMapKeyRef: - name: datadog-kpi-telemetry-configmap key: install_id + name: datadog-kpi-telemetry-configmap - name: DD_INSTRUMENTATION_INSTALL_TYPE valueFrom: configMapKeyRef: - name: datadog-kpi-telemetry-configmap key: install_type + name: datadog-kpi-telemetry-configmap + image: gcr.io/datadoghq/agent:7.63.0 + imagePullPolicy: IfNotPresent + livenessProbe: + initialDelaySeconds: 15 + periodSeconds: 15 + tcpSocket: + port: 8126 + timeoutSeconds: 5 + name: trace-agent + ports: + - containerPort: 8126 + name: traceport + protocol: TCP + resources: {} volumeMounts: - - name: config - mountPath: /etc/datadog-agent + - mountPath: /etc/datadog-agent + name: config readOnly: true - - name: logdatadog - mountPath: /var/log/datadog - readOnly: false # Need RW to write logs - - name: auth-token - mountPath: /etc/datadog-agent/auth + - mountPath: /var/log/datadog + name: logdatadog + readOnly: false + - mountPath: /etc/datadog-agent/auth + name: auth-token readOnly: true - - name: procdir - mountPath: /host/proc + - mountPath: /host/proc mountPropagation: None + name: procdir readOnly: true - - name: cgroups - mountPath: /host/sys/fs/cgroup + - mountPath: /host/sys/fs/cgroup mountPropagation: None + name: cgroups readOnly: true - - name: tmpdir - mountPath: /tmp - readOnly: false # Need RW for tmp directory - - name: dsdsocket - mountPath: /var/run/datadog - readOnly: false # Need RW for UDS DSD socket - - - name: runtimesocketdir - mountPath: /host/var/run + - mountPath: /tmp + name: tmpdir + readOnly: false + - mountPath: /var/run/datadog + name: dsdsocket + readOnly: false + - mountPath: /host/var/run mountPropagation: None + name: runtimesocketdir readOnly: true - - livenessProbe: - initialDelaySeconds: 15 - periodSeconds: 15 - tcpSocket: - port: 8126 - timeoutSeconds: 5 + hostPID: true initContainers: - - name: init-volume - image: "gcr.io/datadoghq/agent:7.63.0" - imagePullPolicy: IfNotPresent - command: ["bash", "-c"] - args: + - args: - cp -r /etc/datadog-agent /opt - volumeMounts: - - name: config - mountPath: /opt/datadog-agent - readOnly: false # Need RW for config path - resources: {} - - name: init-config - image: "gcr.io/datadoghq/agent:7.63.0" - imagePullPolicy: IfNotPresent command: - bash - -c - args: - - for script in $(find /etc/cont-init.d/ -type f -name '*.sh' | sort) ; do bash $script ; done + image: gcr.io/datadoghq/agent:7.63.0 + imagePullPolicy: IfNotPresent + name: init-volume + resources: {} volumeMounts: - - name: config - mountPath: /etc/datadog-agent - readOnly: false # Need RW for config path - - name: logdatadog - mountPath: /var/log/datadog - readOnly: false # Need RW to write logs - - name: procdir - mountPath: /host/proc - mountPropagation: None - readOnly: true - - - name: runtimesocketdir - mountPath: /host/var/run - mountPropagation: None - readOnly: true + - mountPath: /opt/datadog-agent + name: config + readOnly: false + - args: + - for script in $(find /etc/cont-init.d/ -type f -name '*.sh' | sort) ; do bash $script ; done + command: + - bash + - -c env: - name: DD_API_KEY valueFrom: secretKeyRef: - name: "datadog-secret" key: api-key + name: datadog-secret - name: DD_REMOTE_CONFIGURATION_ENABLED value: "true" - name: DD_AUTH_TOKEN_FILE_PATH value: /etc/datadog-agent/auth/token - - name: KUBERNETES value: "yes" - name: DD_LANGUAGE_DETECTION_ENABLED @@ -1179,23 +1104,45 @@ spec: fieldPath: status.hostIP - name: DD_OTLP_CONFIG_LOGS_ENABLED value: "false" - + image: gcr.io/datadoghq/agent:7.63.0 + imagePullPolicy: IfNotPresent + name: init-config resources: {} + volumeMounts: + - mountPath: /etc/datadog-agent + name: config + readOnly: false + - mountPath: /var/log/datadog + name: logdatadog + readOnly: false + - mountPath: /host/proc + mountPropagation: None + name: procdir + readOnly: true + - mountPath: /host/var/run + mountPropagation: None + name: runtimesocketdir + readOnly: true + nodeSelector: + kubernetes.io/os: linux + securityContext: + runAsUser: 0 + serviceAccountName: datadog + tolerations: null volumes: - - name: auth-token - emptyDir: {} - - name: installinfo - configMap: + - emptyDir: {} + name: auth-token + - configMap: name: datadog-installinfo - - name: config - emptyDir: {} - - - name: logdatadog - emptyDir: {} - - name: tmpdir - emptyDir: {} - - name: s6-run - emptyDir: {} + name: installinfo + - emptyDir: {} + name: config + - emptyDir: {} + name: logdatadog + - emptyDir: {} + name: tmpdir + - emptyDir: {} + name: s6-run - hostPath: path: /proc name: procdir @@ -1219,105 +1166,75 @@ spec: - hostPath: path: /var/run name: runtimesocketdir - tolerations: - affinity: {} - serviceAccountName: "datadog" - automountServiceAccountToken: true - nodeSelector: - kubernetes.io/os: linux updateStrategy: rollingUpdate: maxUnavailable: 10% type: RollingUpdate --- -# Source: datadog/templates/agent-clusterchecks-deployment.yaml apiVersion: apps/v1 kind: Deployment metadata: - name: datadog-clusterchecks - namespace: datadog-agent labels: - helm.sh/chart: "datadog-3.98.1" - app.kubernetes.io/name: "datadog" - app.kubernetes.io/instance: "datadog" + app.kubernetes.io/component: clusterchecks-agent + app.kubernetes.io/instance: datadog app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: datadog app.kubernetes.io/version: "7" - app.kubernetes.io/component: clusterchecks-agent - + name: datadog-clusterchecks + namespace: datadog-agent spec: replicas: 2 revisionHistoryLimit: 10 + selector: + matchLabels: + app: datadog-clusterchecks strategy: rollingUpdate: maxSurge: 1 maxUnavailable: 0 type: RollingUpdate - selector: - matchLabels: - app: datadog-clusterchecks template: metadata: + annotations: {} labels: - app.kubernetes.io/name: "datadog" - app.kubernetes.io/instance: "datadog" - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/component: clusterchecks-agent admission.datadoghq.com/enabled: "false" app: datadog-clusterchecks - + app.kubernetes.io/component: clusterchecks-agent + app.kubernetes.io/instance: datadog + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: datadog name: datadog-clusterchecks - annotations: - checksum/clusteragent_token: 0f396e3493380edb5b42f1029515a5828da6fbdcfe49486411da711abf646a3c - checksum/install_info: 5dc2ee139450be3da942ecdcd059c0481d4422714c642d6592cba7c2779ee0f4 spec: - serviceAccountName: datadog-cluster-checks + affinity: + podAntiAffinity: + preferredDuringSchedulingIgnoredDuringExecution: + - podAffinityTerm: + labelSelector: + matchLabels: + app: datadog-clusterchecks + topologyKey: kubernetes.io/hostname + weight: 50 automountServiceAccountToken: true - imagePullSecrets: [] - initContainers: - - name: init-volume - image: "gcr.io/datadoghq/agent:7.63.0" - imagePullPolicy: IfNotPresent - command: ["bash", "-c"] - args: - - cp -r /etc/datadog-agent /opt - volumeMounts: - - name: config - mountPath: /opt/datadog-agent - readOnly: false # Need RW for writing agent config files - resources: {} - - name: init-config - image: "gcr.io/datadoghq/agent:7.63.0" - imagePullPolicy: IfNotPresent - command: ["bash", "-c"] - args: - - for script in $(find /etc/cont-init.d/ -type f -name '*.sh' | sort) ; do bash $script ; done - volumeMounts: - - name: config - mountPath: /etc/datadog-agent - readOnly: false # Need RW for writing datadog.yaml config file - resources: {} containers: - - name: agent - image: "gcr.io/datadoghq/agent:7.63.0" - command: ["bash", "-c"] - args: + - args: - find /etc/datadog-agent/conf.d/ -name "*.yaml.default" -type f -delete && touch /etc/datadog-agent/datadog.yaml && exec agent run - imagePullPolicy: IfNotPresent + command: + - bash + - -c env: - name: KUBERNETES value: "yes" - name: DD_API_KEY valueFrom: secretKeyRef: - name: "datadog-secret" key: api-key + name: datadog-secret - name: DD_LOG_LEVEL - value: "INFO" + value: INFO - name: DD_EXTRA_CONFIG_PROVIDERS - value: "clusterchecks" + value: clusterchecks - name: DD_HEALTH_PORT value: "5557" - # Cluster checks (cluster-agent communication) - name: DD_CLUSTER_AGENT_ENABLED value: "true" - name: DD_CLUSTER_AGENT_KUBERNETES_SERVICE_NAME @@ -1325,12 +1242,10 @@ spec: - name: DD_CLUSTER_AGENT_AUTH_TOKEN valueFrom: secretKeyRef: - name: datadog-cluster-agent key: token - # Safely run alongside the daemonset + name: datadog-cluster-agent - name: DD_ENABLE_METADATA_COLLECTION value: "false" - # Expose CLC stats - name: DD_CLC_RUNNER_ENABLED value: "true" - name: DD_CLC_RUNNER_HOST @@ -1341,7 +1256,6 @@ spec: valueFrom: fieldRef: fieldPath: metadata.name - # Remove unused features - name: DD_USE_DOGSTATSD value: "false" - name: DD_PROCESS_AGENT_ENABLED @@ -1356,16 +1270,8 @@ spec: valueFrom: fieldRef: fieldPath: spec.nodeName - - resources: {} - volumeMounts: - - name: installinfo - subPath: install_info - mountPath: /etc/datadog-agent/install_info - readOnly: true - - name: config - mountPath: /etc/datadog-agent - readOnly: false # Need RW for config path + image: gcr.io/datadoghq/agent:7.63.0 + imagePullPolicy: IfNotPresent livenessProbe: failureThreshold: 6 httpGet: @@ -1376,6 +1282,7 @@ spec: periodSeconds: 15 successThreshold: 1 timeoutSeconds: 5 + name: agent readinessProbe: failureThreshold: 6 httpGet: @@ -1386,6 +1293,7 @@ spec: periodSeconds: 15 successThreshold: 1 timeoutSeconds: 5 + resources: {} startupProbe: failureThreshold: 6 httpGet: @@ -1396,98 +1304,98 @@ spec: periodSeconds: 15 successThreshold: 1 timeoutSeconds: 5 - volumes: - - name: installinfo - configMap: - name: datadog-installinfo - - name: config - emptyDir: {} - affinity: - # Prefer scheduling the runners on different nodes if possible - # for better checks stability in case of node failure. - podAntiAffinity: - preferredDuringSchedulingIgnoredDuringExecution: - - weight: 50 - podAffinityTerm: - labelSelector: - matchLabels: - app: datadog-clusterchecks - topologyKey: kubernetes.io/hostname + volumeMounts: + - mountPath: /etc/datadog-agent/install_info + name: installinfo + readOnly: true + subPath: install_info + - mountPath: /etc/datadog-agent + name: config + readOnly: false + imagePullSecrets: [] + initContainers: + - args: + - cp -r /etc/datadog-agent /opt + command: + - bash + - -c + image: gcr.io/datadoghq/agent:7.63.0 + imagePullPolicy: IfNotPresent + name: init-volume + resources: {} + volumeMounts: + - mountPath: /opt/datadog-agent + name: config + readOnly: false + - args: + - for script in $(find /etc/cont-init.d/ -type f -name '*.sh' | sort) ; do bash $script ; done + command: + - bash + - -c + image: gcr.io/datadoghq/agent:7.63.0 + imagePullPolicy: IfNotPresent + name: init-config + resources: {} + volumeMounts: + - mountPath: /etc/datadog-agent + name: config + readOnly: false nodeSelector: kubernetes.io/os: linux + serviceAccountName: datadog-cluster-checks + volumes: + - configMap: + name: datadog-installinfo + name: installinfo + - emptyDir: {} + name: config --- -# Source: datadog/templates/cluster-agent-deployment.yaml apiVersion: apps/v1 kind: Deployment metadata: - name: datadog-cluster-agent - namespace: datadog-agent labels: - helm.sh/chart: "datadog-3.98.1" - app.kubernetes.io/name: "datadog" - app.kubernetes.io/instance: "datadog" + app.kubernetes.io/component: cluster-agent + app.kubernetes.io/instance: datadog app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: datadog app.kubernetes.io/version: "7" - app.kubernetes.io/component: cluster-agent - + name: datadog-cluster-agent + namespace: datadog-agent spec: replicas: 1 revisionHistoryLimit: 10 + selector: + matchLabels: + app: datadog-cluster-agent strategy: rollingUpdate: maxSurge: 1 maxUnavailable: 0 type: RollingUpdate - selector: - matchLabels: - app: datadog-cluster-agent template: metadata: + annotations: {} labels: - app.kubernetes.io/name: "datadog" - app.kubernetes.io/instance: "datadog" - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/component: cluster-agent admission.datadoghq.com/enabled: "false" app: datadog-cluster-agent - + app.kubernetes.io/component: cluster-agent + app.kubernetes.io/instance: datadog + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: datadog name: datadog-cluster-agent - annotations: - checksum/clusteragent_token: f32c0e89f2c62e682e618b4c8871ac2fa441b78ff20bc66d827869fdacfb591f - checksum/clusteragent-configmap: e90679097e8b5d76c5dd87ba5d86e9928120ccebe407ba1af8a551983d0842bb - checksum/install_info: 5dc2ee139450be3da942ecdcd059c0481d4422714c642d6592cba7c2779ee0f4 spec: - serviceAccountName: datadog-cluster-agent + affinity: + podAntiAffinity: + preferredDuringSchedulingIgnoredDuringExecution: + - podAffinityTerm: + labelSelector: + matchLabels: + app: datadog-cluster-agent + topologyKey: kubernetes.io/hostname + weight: 50 automountServiceAccountToken: true - initContainers: - - name: init-volume - image: "gcr.io/datadoghq/cluster-agent:7.63.0" - imagePullPolicy: IfNotPresent - command: - - cp - - -r - args: - - /etc/datadog-agent - - /opt - volumeMounts: - - name: config - mountPath: /opt/datadog-agent containers: - - name: cluster-agent - image: "gcr.io/datadoghq/cluster-agent:7.63.0" - imagePullPolicy: IfNotPresent - resources: {} - ports: - - containerPort: 5005 - name: agentport - protocol: TCP - - containerPort: 5000 - name: agentmetrics - protocol: TCP - - containerPort: 8000 - name: datadog-webhook - protocol: TCP - env: + - env: - name: DD_POD_NAME valueFrom: fieldRef: @@ -1501,10 +1409,9 @@ spec: - name: DD_API_KEY valueFrom: secretKeyRef: - name: "datadog-secret" key: api-key + name: datadog-secret optional: true - - name: KUBERNETES value: "yes" - name: DD_LANGUAGE_DETECTION_ENABLED @@ -1518,7 +1425,7 @@ spec: - name: DD_ADMISSION_CONTROLLER_MUTATION_ENABLED value: "true" - name: DD_ADMISSION_CONTROLLER_WEBHOOK_NAME - value: "datadog-webhook" + value: datadog-webhook - name: DD_ADMISSION_CONTROLLER_MUTATE_UNLABELLED value: "false" - name: DD_ADMISSION_CONTROLLER_SERVICE_NAME @@ -1528,26 +1435,25 @@ spec: - name: DD_ADMISSION_CONTROLLER_INJECT_CONFIG_LOCAL_SERVICE_NAME value: datadog - name: DD_ADMISSION_CONTROLLER_FAILURE_POLICY - value: "Ignore" + value: Ignore - name: DD_ADMISSION_CONTROLLER_PORT value: "8000" - name: DD_ADMISSION_CONTROLLER_CONTAINER_REGISTRY - value: "gcr.io/datadoghq" - + value: gcr.io/datadoghq - name: DD_REMOTE_CONFIGURATION_ENABLED value: "false" - name: DD_CLUSTER_CHECKS_ENABLED value: "true" - name: DD_EXTRA_CONFIG_PROVIDERS - value: "kube_endpoints kube_services" + value: kube_endpoints kube_services - name: DD_EXTRA_LISTENERS - value: "kube_endpoints kube_services" + value: kube_endpoints kube_services - name: DD_LOG_LEVEL - value: "INFO" + value: INFO - name: DD_LEADER_ELECTION value: "true" - name: DD_LEADER_ELECTION_DEFAULT_RESOURCE - value: "configmap" + value: configmap - name: DD_LEADER_LEASE_DURATION value: "15" - name: DD_LEADER_LEASE_NAME @@ -1565,14 +1471,14 @@ spec: - name: DD_CLUSTER_AGENT_AUTH_TOKEN valueFrom: secretKeyRef: - name: datadog-cluster-agent key: token + name: datadog-cluster-agent - name: DD_CLUSTER_AGENT_COLLECT_KUBERNETES_TAGS value: "false" - name: DD_KUBE_RESOURCES_NAMESPACE value: datadog-agent - name: CHART_RELEASE_NAME - value: "datadog" + value: datadog - name: AGENT_DAEMONSET value: datadog - name: CLUSTER_AGENT_DEPLOYMENT @@ -1586,19 +1492,20 @@ spec: - name: DD_INSTRUMENTATION_INSTALL_TIME valueFrom: configMapKeyRef: - name: datadog-kpi-telemetry-configmap key: install_time + name: datadog-kpi-telemetry-configmap - name: DD_INSTRUMENTATION_INSTALL_ID valueFrom: configMapKeyRef: - name: datadog-kpi-telemetry-configmap key: install_id + name: datadog-kpi-telemetry-configmap - name: DD_INSTRUMENTATION_INSTALL_TYPE valueFrom: configMapKeyRef: - name: datadog-kpi-telemetry-configmap key: install_type - + name: datadog-kpi-telemetry-configmap + image: gcr.io/datadoghq/cluster-agent:7.63.0 + imagePullPolicy: IfNotPresent livenessProbe: failureThreshold: 6 httpGet: @@ -1609,6 +1516,17 @@ spec: periodSeconds: 15 successThreshold: 1 timeoutSeconds: 5 + name: cluster-agent + ports: + - containerPort: 5005 + name: agentport + protocol: TCP + - containerPort: 5000 + name: agentmetrics + protocol: TCP + - containerPort: 8000 + name: datadog-webhook + protocol: TCP readinessProbe: failureThreshold: 6 httpGet: @@ -1619,6 +1537,10 @@ spec: periodSeconds: 15 successThreshold: 1 timeoutSeconds: 5 + resources: {} + securityContext: + allowPrivilegeEscalation: false + readOnlyRootFilesystem: true startupProbe: failureThreshold: 6 httpGet: @@ -1629,58 +1551,59 @@ spec: periodSeconds: 15 successThreshold: 1 timeoutSeconds: 5 - securityContext: - allowPrivilegeEscalation: false - readOnlyRootFilesystem: true volumeMounts: - - name: datadogrun - mountPath: /opt/datadog-agent/run + - mountPath: /opt/datadog-agent/run + name: datadogrun readOnly: false - - name: varlog - mountPath: /var/log/datadog + - mountPath: /var/log/datadog + name: varlog readOnly: false - - name: tmpdir - mountPath: /tmp + - mountPath: /tmp + name: tmpdir readOnly: false - - name: installinfo - subPath: install_info - mountPath: /etc/datadog-agent/install_info + - mountPath: /etc/datadog-agent/install_info + name: installinfo readOnly: true - - name: confd - mountPath: /conf.d + subPath: install_info + - mountPath: /conf.d + name: confd readOnly: true - - name: config - mountPath: /etc/datadog-agent + - mountPath: /etc/datadog-agent + name: config + initContainers: + - args: + - /etc/datadog-agent + - /opt + command: + - cp + - -r + image: gcr.io/datadoghq/cluster-agent:7.63.0 + imagePullPolicy: IfNotPresent + name: init-volume + volumeMounts: + - mountPath: /opt/datadog-agent + name: config + nodeSelector: + kubernetes.io/os: linux + serviceAccountName: datadog-cluster-agent volumes: - - name: datadogrun - emptyDir: {} - - name: varlog - emptyDir: {} - - name: tmpdir - emptyDir: {} - - name: installinfo - configMap: + - emptyDir: {} + name: datadogrun + - emptyDir: {} + name: varlog + - emptyDir: {} + name: tmpdir + - configMap: name: datadog-installinfo - - name: confd - configMap: - name: datadog-cluster-agent-confd + name: installinfo + - configMap: items: - key: kubernetes_state_core.yaml.default path: kubernetes_state_core.yaml.default - key: kubernetes_apiserver.yaml path: kubernetes_apiserver.yaml - - name: config - emptyDir: {} - affinity: - # Prefer scheduling the cluster agents on different nodes - # to guarantee that the standby instance can immediately take the lead from a leader running of a faulty node. - podAntiAffinity: - preferredDuringSchedulingIgnoredDuringExecution: - - weight: 50 - podAffinityTerm: - labelSelector: - matchLabels: - app: datadog-cluster-agent - topologyKey: kubernetes.io/hostname - nodeSelector: - kubernetes.io/os: linux + name: datadog-cluster-agent-confd + name: confd + - emptyDir: {} + name: config +--- diff --git a/test/datadog/baseline_test.go b/test/datadog/baseline_test.go index baf66fe53..25dd0dc7a 100644 --- a/test/datadog/baseline_test.go +++ b/test/datadog/baseline_test.go @@ -11,11 +11,35 @@ import ( "github.com/google/go-cmp/cmp/cmpopts" "github.com/stretchr/testify/assert" "github.com/stretchr/testify/require" + yaml "gopkg.in/yaml.v3" appsv1 "k8s.io/api/apps/v1" corev1 "k8s.io/api/core/v1" - "k8s.io/apimachinery/pkg/util/yaml" + yaml2 "k8s.io/apimachinery/pkg/util/yaml" ) +var FilterKeys = map[string]interface{}{ + "helm.sh/chart": nil, + "checksum/clusteragent_token": nil, + "checksum/clusteragent-configmap": nil, + "checksum/install_info": nil, + "checksum": nil, + "checksum/autoconf-config": nil, + "checksum/checksd-config": nil, + "checksum/confd-config": nil, + "checksum/api_key": nil, + "checksum/application_key": nil, + // ServiceAccount + "chart": nil, + // ConfigMap + "install_id": nil, + "install_time": nil, + // Secret + "token": nil, + // install info CM, it contains chart version + // TODO: we are dropping everything; instead could we have a mapper/function for these keys or separate for coverage. + "install_info": nil, +} + func Test_baseline_manifests(t *testing.T) { tests := []struct { name string @@ -149,12 +173,33 @@ func Test_baseline_manifests(t *testing.T) { baselineManifestPath: "./baseline/gdc_daemonset_logs_collection.yaml", assertions: verifyDaemonset, }, + { + // All resources needs to be handled separately due to multiple yaml manifests + name: "datadog default all resources", + command: common.HelmCommand{ + ReleaseName: "datadog", + ChartPath: "../../charts/datadog", + Values: []string{"../../charts/datadog/values.yaml"}, + Overrides: map[string]string{ + "datadog.apiKeyExistingSecret": "datadog-secret", + "datadog.appKeyExistingSecret": "datadog-secret", + }, + }, + baselineManifestPath: "./baseline/default_all.yaml", + assertions: verifyUntypedResources, + }, } for _, tt := range tests { t.Run(tt.name, func(t *testing.T) { manifest, err := common.RenderChart(t, tt.command) assert.Nil(t, err, "couldn't render template") + + manifest, err = common.FilterYamlKeysMultiManifest(manifest, FilterKeys) + if err != nil { + t.Fatalf("couldn't filter yaml keys: %v", err) + } + t.Log("update baselines", common.UpdateBaselines) if common.UpdateBaselines { common.WriteToFile(t, tt.baselineManifestPath, manifest) @@ -194,9 +239,9 @@ func verifyUntypedResources(t *testing.T, baselineManifestPath, actual string) { baselineManifest := common.ReadFile(t, baselineManifestPath) rB := bufio.NewReader(strings.NewReader(baselineManifest)) - baselineReader := yaml.NewYAMLReader(rB) + baselineReader := yaml2.NewYAMLReader(rB) rA := bufio.NewReader(strings.NewReader(actual)) - expectedReader := yaml.NewYAMLReader(rA) + expectedReader := yaml2.NewYAMLReader(rA) for { baselineResource, errB := baselineReader.Read() From 5e32c14867772b91001fcdb8a6d19de0d43d4fe9 Mon Sep 17 00:00:00 2001 From: khewonc <39867936+khewonc@users.noreply.github.com> Date: Fri, 28 Feb 2025 12:48:19 -0500 Subject: [PATCH 29/45] Update agent to 7.63.2 (#1727) --- charts/datadog/CHANGELOG.md | 4 ++++ charts/datadog/Chart.yaml | 2 +- charts/datadog/README.md | 8 ++++---- charts/datadog/values.yaml | 6 +++--- ...agent-clusterchecks-deployment_default.yaml | 6 +++--- .../cluster-agent-deployment_default.yaml | 4 ++-- ...ployment_default_advanced_AC_injection.yaml | 4 ++-- ...eployment_default_minimal_AC_injection.yaml | 6 +++--- test/datadog/baseline/daemonset_default.yaml | 8 ++++---- test/datadog/baseline/default_all.yaml | 12 ++++++------ .../baseline/gdc_daemonset_default.yaml | 6 +++--- .../gdc_daemonset_logs_collection.yaml | 6 +++--- test/datadog/baseline/other_default.yaml | 18 +++++++++--------- 13 files changed, 47 insertions(+), 43 deletions(-) diff --git a/charts/datadog/CHANGELOG.md b/charts/datadog/CHANGELOG.md index 41e98cd3d..f72c73d46 100644 --- a/charts/datadog/CHANGELOG.md +++ b/charts/datadog/CHANGELOG.md @@ -1,5 +1,9 @@ # Datadog changelog +## 3.99.0 + +* Upgrade default Agent version to `7.63.2`. + ## 3.98.1 * Fixes bug that causes `DD_KUBERNETES_ANNOTATIONS_AS_TAGS` env var to be incorrectly set to the merged value of `.Values.datadog.kubernetesResourcesLabelsAsTags` and `.Values.datadog.kubernetesResourcesAnnotationsAsTags`. diff --git a/charts/datadog/Chart.yaml b/charts/datadog/Chart.yaml index 9f8996383..aea08f036 100644 --- a/charts/datadog/Chart.yaml +++ b/charts/datadog/Chart.yaml @@ -1,7 +1,7 @@ --- apiVersion: v1 name: datadog -version: 3.98.1 +version: 3.99.0 appVersion: "7" description: Datadog Agent keywords: diff --git a/charts/datadog/README.md b/charts/datadog/README.md index e2ba71f3b..ef3c8dd29 100644 --- a/charts/datadog/README.md +++ b/charts/datadog/README.md @@ -1,6 +1,6 @@ # Datadog -![Version: 3.98.1](https://img.shields.io/badge/Version-3.98.1-informational?style=flat-square) ![AppVersion: 7](https://img.shields.io/badge/AppVersion-7-informational?style=flat-square) +![Version: 3.99.0](https://img.shields.io/badge/Version-3.99.0-informational?style=flat-square) ![AppVersion: 7](https://img.shields.io/badge/AppVersion-7-informational?style=flat-square) [Datadog](https://www.datadoghq.com/) is a hosted infrastructure monitoring platform. This chart adds the Datadog Agent to all nodes in your cluster via a DaemonSet. It also optionally depends on the [kube-state-metrics chart](https://github.com/prometheus-community/helm-charts/tree/main/charts/kube-state-metrics). For more information about monitoring Kubernetes with Datadog, please refer to the [Datadog documentation website](https://docs.datadoghq.com/agent/basic_agent_usage/kubernetes/). @@ -525,7 +525,7 @@ helm install \ | agents.image.pullPolicy | string | `"IfNotPresent"` | Datadog Agent image pull policy | | agents.image.pullSecrets | list | `[]` | Datadog Agent repository pullSecret (ex: specify docker registry credentials) | | agents.image.repository | string | `nil` | Override default registry + image.name for Agent | -| agents.image.tag | string | `"7.63.0"` | Define the Agent version to use | +| agents.image.tag | string | `"7.63.2"` | Define the Agent version to use | | agents.image.tagSuffix | string | `""` | Suffix to append to Agent tag | | agents.localService.forceLocalServiceEnabled | bool | `false` | Force the creation of the internal traffic policy service to target the agent running on the local node. By default, the internal traffic service is created only on Kubernetes 1.22+ where the feature became beta and enabled by default. This option allows to force the creation of the internal traffic service on kubernetes 1.21 where the feature was alpha and required a feature gate to be explicitly enabled. | | agents.localService.overrideName | string | `""` | Name of the internal traffic service to target the agent running on the local node | @@ -608,7 +608,7 @@ helm install \ | clusterAgent.image.pullPolicy | string | `"IfNotPresent"` | Cluster Agent image pullPolicy | | clusterAgent.image.pullSecrets | list | `[]` | Cluster Agent repository pullSecret (ex: specify docker registry credentials) | | clusterAgent.image.repository | string | `nil` | Override default registry + image.name for Cluster Agent | -| clusterAgent.image.tag | string | `"7.63.0"` | Cluster Agent image tag to use | +| clusterAgent.image.tag | string | `"7.63.2"` | Cluster Agent image tag to use | | clusterAgent.kubernetesApiserverCheck.disableUseComponentStatus | bool | `false` | Set this to true to disable use_component_status for the kube_apiserver integration. | | clusterAgent.livenessProbe | object | Every 15s / 6 KO / 1 OK | Override default Cluster Agent liveness probe settings | | clusterAgent.metricsProvider.aggregator | string | `"avg"` | Define the aggregator the cluster agent will use to process the metrics. The options are (avg, min, max, sum) | @@ -664,7 +664,7 @@ helm install \ | clusterChecksRunner.image.pullPolicy | string | `"IfNotPresent"` | Datadog Agent image pull policy | | clusterChecksRunner.image.pullSecrets | list | `[]` | Datadog Agent repository pullSecret (ex: specify docker registry credentials) | | clusterChecksRunner.image.repository | string | `nil` | Override default registry + image.name for Cluster Check Runners | -| clusterChecksRunner.image.tag | string | `"7.63.0"` | Define the Agent version to use | +| clusterChecksRunner.image.tag | string | `"7.63.2"` | Define the Agent version to use | | clusterChecksRunner.image.tagSuffix | string | `""` | Suffix to append to Agent tag | | clusterChecksRunner.livenessProbe | object | Every 15s / 6 KO / 1 OK | Override default agent liveness probe settings | | clusterChecksRunner.networkPolicy.create | bool | `false` | If true, create a NetworkPolicy for the cluster checks runners. DEPRECATED. Use datadog.networkPolicy.create instead | diff --git a/charts/datadog/values.yaml b/charts/datadog/values.yaml index 21517fb5e..d91064db3 100644 --- a/charts/datadog/values.yaml +++ b/charts/datadog/values.yaml @@ -1042,7 +1042,7 @@ clusterAgent: name: cluster-agent # clusterAgent.image.tag -- Cluster Agent image tag to use - tag: 7.63.0 + tag: 7.63.2 # clusterAgent.image.digest -- Cluster Agent image digest to use, takes precedence over tag if specified digest: "" @@ -1566,7 +1566,7 @@ agents: name: agent # agents.image.tag -- Define the Agent version to use - tag: 7.63.0 + tag: 7.63.2 # agents.image.digest -- Define Agent image digest to use, takes precedence over tag if specified digest: "" @@ -2075,7 +2075,7 @@ clusterChecksRunner: name: agent # clusterChecksRunner.image.tag -- Define the Agent version to use - tag: 7.63.0 + tag: 7.63.2 # clusterChecksRunner.image.digest -- Define Agent image digest to use, takes precedence over tag if specified digest: "" diff --git a/test/datadog/baseline/agent-clusterchecks-deployment_default.yaml b/test/datadog/baseline/agent-clusterchecks-deployment_default.yaml index eb57aace4..ef37bce14 100644 --- a/test/datadog/baseline/agent-clusterchecks-deployment_default.yaml +++ b/test/datadog/baseline/agent-clusterchecks-deployment_default.yaml @@ -97,7 +97,7 @@ spec: valueFrom: fieldRef: fieldPath: spec.nodeName - image: gcr.io/datadoghq/agent:7.63.0 + image: gcr.io/datadoghq/agent:7.63.2 imagePullPolicy: IfNotPresent livenessProbe: failureThreshold: 6 @@ -146,7 +146,7 @@ spec: command: - bash - -c - image: gcr.io/datadoghq/agent:7.63.0 + image: gcr.io/datadoghq/agent:7.63.2 imagePullPolicy: IfNotPresent name: init-volume resources: {} @@ -159,7 +159,7 @@ spec: command: - bash - -c - image: gcr.io/datadoghq/agent:7.63.0 + image: gcr.io/datadoghq/agent:7.63.2 imagePullPolicy: IfNotPresent name: init-config resources: {} diff --git a/test/datadog/baseline/cluster-agent-deployment_default.yaml b/test/datadog/baseline/cluster-agent-deployment_default.yaml index ebb4f8a6c..638eb31b7 100644 --- a/test/datadog/baseline/cluster-agent-deployment_default.yaml +++ b/test/datadog/baseline/cluster-agent-deployment_default.yaml @@ -150,7 +150,7 @@ spec: configMapKeyRef: key: install_type name: datadog-kpi-telemetry-configmap - image: gcr.io/datadoghq/cluster-agent:7.63.0 + image: gcr.io/datadoghq/cluster-agent:7.63.2 imagePullPolicy: IfNotPresent livenessProbe: failureThreshold: 6 @@ -223,7 +223,7 @@ spec: command: - cp - -r - image: gcr.io/datadoghq/cluster-agent:7.63.0 + image: gcr.io/datadoghq/cluster-agent:7.63.2 imagePullPolicy: IfNotPresent name: init-volume volumeMounts: diff --git a/test/datadog/baseline/cluster-agent-deployment_default_advanced_AC_injection.yaml b/test/datadog/baseline/cluster-agent-deployment_default_advanced_AC_injection.yaml index 5ec163755..247643b97 100644 --- a/test/datadog/baseline/cluster-agent-deployment_default_advanced_AC_injection.yaml +++ b/test/datadog/baseline/cluster-agent-deployment_default_advanced_AC_injection.yaml @@ -164,7 +164,7 @@ spec: configMapKeyRef: key: install_type name: datadog-kpi-telemetry-configmap - image: gcr.io/datadoghq/cluster-agent:7.63.0 + image: gcr.io/datadoghq/cluster-agent:7.63.2 imagePullPolicy: IfNotPresent livenessProbe: failureThreshold: 6 @@ -237,7 +237,7 @@ spec: command: - cp - -r - image: gcr.io/datadoghq/cluster-agent:7.63.0 + image: gcr.io/datadoghq/cluster-agent:7.63.2 imagePullPolicy: IfNotPresent name: init-volume volumeMounts: diff --git a/test/datadog/baseline/cluster-agent-deployment_default_minimal_AC_injection.yaml b/test/datadog/baseline/cluster-agent-deployment_default_minimal_AC_injection.yaml index 36200578f..2f5632367 100644 --- a/test/datadog/baseline/cluster-agent-deployment_default_minimal_AC_injection.yaml +++ b/test/datadog/baseline/cluster-agent-deployment_default_minimal_AC_injection.yaml @@ -97,7 +97,7 @@ spec: - name: DD_ADMISSION_CONTROLLER_AGENT_SIDECAR_IMAGE_NAME value: agent - name: DD_ADMISSION_CONTROLLER_AGENT_SIDECAR_IMAGE_TAG - value: 7.63.0 + value: 7.63.2 - name: DD_REMOTE_CONFIGURATION_ENABLED value: "false" - name: DD_CLUSTER_CHECKS_ENABLED @@ -160,7 +160,7 @@ spec: configMapKeyRef: key: install_type name: datadog-kpi-telemetry-configmap - image: gcr.io/datadoghq/cluster-agent:7.63.0 + image: gcr.io/datadoghq/cluster-agent:7.63.2 imagePullPolicy: IfNotPresent livenessProbe: failureThreshold: 6 @@ -233,7 +233,7 @@ spec: command: - cp - -r - image: gcr.io/datadoghq/cluster-agent:7.63.0 + image: gcr.io/datadoghq/cluster-agent:7.63.2 imagePullPolicy: IfNotPresent name: init-volume volumeMounts: diff --git a/test/datadog/baseline/daemonset_default.yaml b/test/datadog/baseline/daemonset_default.yaml index b7b0481de..b7432b3bb 100644 --- a/test/datadog/baseline/daemonset_default.yaml +++ b/test/datadog/baseline/daemonset_default.yaml @@ -111,7 +111,7 @@ spec: value: "true" - name: DD_KUBELET_CORE_CHECK_ENABLED value: "true" - image: gcr.io/datadoghq/agent:7.63.0 + image: gcr.io/datadoghq/agent:7.63.2 imagePullPolicy: IfNotPresent livenessProbe: failureThreshold: 6 @@ -248,7 +248,7 @@ spec: configMapKeyRef: key: install_type name: datadog-kpi-telemetry-configmap - image: gcr.io/datadoghq/agent:7.63.0 + image: gcr.io/datadoghq/agent:7.63.2 imagePullPolicy: IfNotPresent livenessProbe: initialDelaySeconds: 15 @@ -297,7 +297,7 @@ spec: command: - bash - -c - image: gcr.io/datadoghq/agent:7.63.0 + image: gcr.io/datadoghq/agent:7.63.2 imagePullPolicy: IfNotPresent name: init-volume resources: {} @@ -332,7 +332,7 @@ spec: fieldPath: status.hostIP - name: DD_OTLP_CONFIG_LOGS_ENABLED value: "false" - image: gcr.io/datadoghq/agent:7.63.0 + image: gcr.io/datadoghq/agent:7.63.2 imagePullPolicy: IfNotPresent name: init-config resources: {} diff --git a/test/datadog/baseline/default_all.yaml b/test/datadog/baseline/default_all.yaml index ab04dfd80..3c9a23708 100644 --- a/test/datadog/baseline/default_all.yaml +++ b/test/datadog/baseline/default_all.yaml @@ -816,7 +816,7 @@ spec: value: "true" - name: DD_KUBELET_CORE_CHECK_ENABLED value: "true" - image: gcr.io/datadoghq/agent:7.63.0 + image: gcr.io/datadoghq/agent:7.63.2 imagePullPolicy: IfNotPresent livenessProbe: failureThreshold: 6 @@ -953,7 +953,7 @@ spec: configMapKeyRef: key: install_type name: datadog-kpi-telemetry-configmap - image: gcr.io/datadoghq/agent:7.63.0 + image: gcr.io/datadoghq/agent:7.63.2 imagePullPolicy: IfNotPresent livenessProbe: initialDelaySeconds: 15 @@ -1002,7 +1002,7 @@ spec: command: - bash - -c - image: gcr.io/datadoghq/agent:7.63.0 + image: gcr.io/datadoghq/agent:7.63.2 imagePullPolicy: IfNotPresent name: init-volume resources: {} @@ -1037,7 +1037,7 @@ spec: fieldPath: status.hostIP - name: DD_OTLP_CONFIG_LOGS_ENABLED value: "false" - image: gcr.io/datadoghq/agent:7.63.0 + image: gcr.io/datadoghq/agent:7.63.2 imagePullPolicy: IfNotPresent name: init-config resources: {} @@ -1256,7 +1256,7 @@ spec: configMapKeyRef: key: install_type name: datadog-kpi-telemetry-configmap - image: gcr.io/datadoghq/cluster-agent:7.63.0 + image: gcr.io/datadoghq/cluster-agent:7.63.2 imagePullPolicy: IfNotPresent livenessProbe: failureThreshold: 6 @@ -1329,7 +1329,7 @@ spec: command: - cp - -r - image: gcr.io/datadoghq/cluster-agent:7.63.0 + image: gcr.io/datadoghq/cluster-agent:7.63.2 imagePullPolicy: IfNotPresent name: init-volume volumeMounts: diff --git a/test/datadog/baseline/gdc_daemonset_default.yaml b/test/datadog/baseline/gdc_daemonset_default.yaml index a2e7fa96f..2044c9c1b 100644 --- a/test/datadog/baseline/gdc_daemonset_default.yaml +++ b/test/datadog/baseline/gdc_daemonset_default.yaml @@ -114,7 +114,7 @@ spec: value: "true" - name: DD_KUBELET_CORE_CHECK_ENABLED value: "true" - image: gcr.io/datadoghq/agent:7.63.0 + image: gcr.io/datadoghq/agent:7.63.2 imagePullPolicy: IfNotPresent livenessProbe: failureThreshold: 6 @@ -177,7 +177,7 @@ spec: command: - bash - -c - image: gcr.io/datadoghq/agent:7.63.0 + image: gcr.io/datadoghq/agent:7.63.2 imagePullPolicy: IfNotPresent name: init-volume resources: {} @@ -225,7 +225,7 @@ spec: value: "false" - name: DD_PROVIDER_KIND value: gke-gdc - image: gcr.io/datadoghq/agent:7.63.0 + image: gcr.io/datadoghq/agent:7.63.2 imagePullPolicy: IfNotPresent name: init-config resources: {} diff --git a/test/datadog/baseline/gdc_daemonset_logs_collection.yaml b/test/datadog/baseline/gdc_daemonset_logs_collection.yaml index 56f03f96a..b0e82243d 100644 --- a/test/datadog/baseline/gdc_daemonset_logs_collection.yaml +++ b/test/datadog/baseline/gdc_daemonset_logs_collection.yaml @@ -114,7 +114,7 @@ spec: value: "true" - name: DD_KUBELET_CORE_CHECK_ENABLED value: "true" - image: gcr.io/datadoghq/agent:7.63.0 + image: gcr.io/datadoghq/agent:7.63.2 imagePullPolicy: IfNotPresent livenessProbe: failureThreshold: 6 @@ -189,7 +189,7 @@ spec: command: - bash - -c - image: gcr.io/datadoghq/agent:7.63.0 + image: gcr.io/datadoghq/agent:7.63.2 imagePullPolicy: IfNotPresent name: init-volume resources: {} @@ -237,7 +237,7 @@ spec: value: "false" - name: DD_PROVIDER_KIND value: gke-gdc - image: gcr.io/datadoghq/agent:7.63.0 + image: gcr.io/datadoghq/agent:7.63.2 imagePullPolicy: IfNotPresent name: init-config resources: {} diff --git a/test/datadog/baseline/other_default.yaml b/test/datadog/baseline/other_default.yaml index adf722fc6..ba3792960 100644 --- a/test/datadog/baseline/other_default.yaml +++ b/test/datadog/baseline/other_default.yaml @@ -883,7 +883,7 @@ spec: value: "true" - name: DD_KUBELET_CORE_CHECK_ENABLED value: "true" - image: gcr.io/datadoghq/agent:7.63.0 + image: gcr.io/datadoghq/agent:7.63.2 imagePullPolicy: IfNotPresent livenessProbe: failureThreshold: 6 @@ -1020,7 +1020,7 @@ spec: configMapKeyRef: key: install_type name: datadog-kpi-telemetry-configmap - image: gcr.io/datadoghq/agent:7.63.0 + image: gcr.io/datadoghq/agent:7.63.2 imagePullPolicy: IfNotPresent livenessProbe: initialDelaySeconds: 15 @@ -1069,7 +1069,7 @@ spec: command: - bash - -c - image: gcr.io/datadoghq/agent:7.63.0 + image: gcr.io/datadoghq/agent:7.63.2 imagePullPolicy: IfNotPresent name: init-volume resources: {} @@ -1104,7 +1104,7 @@ spec: fieldPath: status.hostIP - name: DD_OTLP_CONFIG_LOGS_ENABLED value: "false" - image: gcr.io/datadoghq/agent:7.63.0 + image: gcr.io/datadoghq/agent:7.63.2 imagePullPolicy: IfNotPresent name: init-config resources: {} @@ -1270,7 +1270,7 @@ spec: valueFrom: fieldRef: fieldPath: spec.nodeName - image: gcr.io/datadoghq/agent:7.63.0 + image: gcr.io/datadoghq/agent:7.63.2 imagePullPolicy: IfNotPresent livenessProbe: failureThreshold: 6 @@ -1319,7 +1319,7 @@ spec: command: - bash - -c - image: gcr.io/datadoghq/agent:7.63.0 + image: gcr.io/datadoghq/agent:7.63.2 imagePullPolicy: IfNotPresent name: init-volume resources: {} @@ -1332,7 +1332,7 @@ spec: command: - bash - -c - image: gcr.io/datadoghq/agent:7.63.0 + image: gcr.io/datadoghq/agent:7.63.2 imagePullPolicy: IfNotPresent name: init-config resources: {} @@ -1504,7 +1504,7 @@ spec: configMapKeyRef: key: install_type name: datadog-kpi-telemetry-configmap - image: gcr.io/datadoghq/cluster-agent:7.63.0 + image: gcr.io/datadoghq/cluster-agent:7.63.2 imagePullPolicy: IfNotPresent livenessProbe: failureThreshold: 6 @@ -1577,7 +1577,7 @@ spec: command: - cp - -r - image: gcr.io/datadoghq/cluster-agent:7.63.0 + image: gcr.io/datadoghq/cluster-agent:7.63.2 imagePullPolicy: IfNotPresent name: init-volume volumeMounts: From bd7687457caad3b2663ad99a740a895a9fcc36c6 Mon Sep 17 00:00:00 2001 From: Hasan Mahmood <6599778+hmahmood@users.noreply.github.com> Date: Fri, 28 Feb 2025 14:57:00 -0600 Subject: [PATCH 30/45] Enable system-probe on GKE Autopilot (#1453) Co-authored-by: fanny-jiang --- charts/datadog/CHANGELOG.md | 4 ++ charts/datadog/Chart.yaml | 2 +- charts/datadog/README.md | 2 +- .../ci/gke-autopilot-cri-less-values.yaml | 2 + charts/datadog/ci/gke-autopilot-values.yaml | 2 + charts/datadog/templates/NOTES.txt | 30 ++++++++------- .../_container-host-release-volumemounts.yaml | 4 +- .../templates/_container-system-probe.yaml | 4 +- .../templates/_containers-init-linux.yaml | 4 -- .../templates/_daemonset-volumes-linux.yaml | 2 +- charts/datadog/templates/_helpers.tpl | 37 ++++++++++++++++--- .../datadog/templates/_system-probe-init.yaml | 2 - charts/datadog/templates/daemonset.yaml | 2 +- .../gke_autopilot_allowlist_synchronizer.yaml | 2 + test/datadog/autopilot_test.go | 1 + 15 files changed, 68 insertions(+), 32 deletions(-) diff --git a/charts/datadog/CHANGELOG.md b/charts/datadog/CHANGELOG.md index f72c73d46..272b41178 100644 --- a/charts/datadog/CHANGELOG.md +++ b/charts/datadog/CHANGELOG.md @@ -1,5 +1,9 @@ # Datadog changelog +## 3.100.0 + +* Enable `system-probe` container on GKE Autopilot (requires GKE 1.32.1-gke.1729000 or later). + ## 3.99.0 * Upgrade default Agent version to `7.63.2`. diff --git a/charts/datadog/Chart.yaml b/charts/datadog/Chart.yaml index aea08f036..eefcb5779 100644 --- a/charts/datadog/Chart.yaml +++ b/charts/datadog/Chart.yaml @@ -1,7 +1,7 @@ --- apiVersion: v1 name: datadog -version: 3.99.0 +version: 3.100.0 appVersion: "7" description: Datadog Agent keywords: diff --git a/charts/datadog/README.md b/charts/datadog/README.md index ef3c8dd29..5991225e6 100644 --- a/charts/datadog/README.md +++ b/charts/datadog/README.md @@ -1,6 +1,6 @@ # Datadog -![Version: 3.99.0](https://img.shields.io/badge/Version-3.99.0-informational?style=flat-square) ![AppVersion: 7](https://img.shields.io/badge/AppVersion-7-informational?style=flat-square) +![Version: 3.100.0](https://img.shields.io/badge/Version-3.100.0-informational?style=flat-square) ![AppVersion: 7](https://img.shields.io/badge/AppVersion-7-informational?style=flat-square) [Datadog](https://www.datadoghq.com/) is a hosted infrastructure monitoring platform. This chart adds the Datadog Agent to all nodes in your cluster via a DaemonSet. It also optionally depends on the [kube-state-metrics chart](https://github.com/prometheus-community/helm-charts/tree/main/charts/kube-state-metrics). For more information about monitoring Kubernetes with Datadog, please refer to the [Datadog documentation website](https://docs.datadoghq.com/agent/basic_agent_usage/kubernetes/). diff --git a/charts/datadog/ci/gke-autopilot-cri-less-values.yaml b/charts/datadog/ci/gke-autopilot-cri-less-values.yaml index be7beadf1..5ac38cbd8 100644 --- a/charts/datadog/ci/gke-autopilot-cri-less-values.yaml +++ b/charts/datadog/ci/gke-autopilot-cri-less-values.yaml @@ -2,6 +2,8 @@ datadog: apiKey: "00000000000000000000000000000000" appKey: "0000000000000000000000000000000000000000" + envDict: + DD_CI: true logs: enabled: true diff --git a/charts/datadog/ci/gke-autopilot-values.yaml b/charts/datadog/ci/gke-autopilot-values.yaml index 8be7f339f..87a904cbe 100644 --- a/charts/datadog/ci/gke-autopilot-values.yaml +++ b/charts/datadog/ci/gke-autopilot-values.yaml @@ -5,6 +5,8 @@ providers: datadog: apiKey: "00000000000000000000000000000000" appKey: "0000000000000000000000000000000000000000" + envDict: + DD_CI: true logs: enabled: true diff --git a/charts/datadog/templates/NOTES.txt b/charts/datadog/templates/NOTES.txt index 692d62f9b..084949e10 100644 --- a/charts/datadog/templates/NOTES.txt +++ b/charts/datadog/templates/NOTES.txt @@ -337,7 +337,7 @@ You are using datadog.orchestratorExplorer.enabled but you disabled the cluster To enable it please set clusterAgent.enabled to 'true'. {{- end }} -{{- if .Values.providers.gke.autopilot}} +{{- if and (.Values.providers.gke.autopilot) (not .Values.datadog.envDict.DD_CI)}} ########################################################################################### #### WARNING: Only one Datadog chart release allowed by namespace on GKE Autopilot #### @@ -347,12 +347,12 @@ On GKE Autopilot, only one "datadog" Helm chart release is allowed by Kubernetes * The serviceAccountName must be "datadog-agent". * All ConfigMap names mounted must be hardcode. -{{- if eq (include "system-probe-feature" .) "true" }} +{{- if and (eq (include "system-probe-feature" .) "true") (eq (include "gke-autopilot-workloadallowlists-enabled" .) "false") }} -##################################################################### -#### WARNING: System Probe is not supported on GKE Autopilot #### -##################################################################### -{{- fail "On GKE Autopilot environments, System Probe is not supported. The option 'datadog.securityAgent.runtime.enabled', 'datadog.securityAgent.runtime.fimEnabled', 'datadog.networkMonitoring.enabled', 'datadog.systemProbe.enableTCPQueueLength', 'datadog.systemProbe.enableOOMKill', 'datadog.serviceMonitoring.enabled' and 'datadog.discovery.enabled' must be set 'false'" }} +############################################################################################## +#### WARNING: System Probe on GKE Autopilot requires GKE v1.32.1-gke.1729000 or later #### +############################################################################################## +{{- fail "System Probe on GKE Autopilot environments requires GKE v1.32.1-gke.1729000 or later. The option 'datadog.securityAgent.runtime.enabled', 'datadog.securityAgent.runtime.fimEnabled', 'datadog.networkMonitoring.enabled', 'datadog.systemProbe.enableTCPQueueLength', 'datadog.systemProbe.enableOOMKill', 'datadog.serviceMonitoring.enabled' and 'datadog.discovery.enabled' must be set 'false'" }} {{- end }} @@ -412,27 +412,31 @@ The option is overriden to avoid mounting volumes that are not allowed which wou {{- end }} -{{- if .Values.datadog.networkMonitoring.enabled }} +{{- end }} + +{{- if or .Values.providers.gke.autopilot .Values.providers.gke.gdc }} + +{{- if or .Values.datadog.sbom.containerImage.enabled .Values.datadog.sbom.host.enabled }} ####################################################################################### -#### WARNING: Network Performance Monitoring is not supported on GKE Autopilot #### +#### WARNING: SBOM Monitoring is not supported on GKE Autopilot #### ####################################################################################### -{{- fail "On GKE Autopilot environments, Network Performance Monitoring is not supported. The option 'datadog.networkMonitoring.enabled' must be set to 'false'" }} +On GKE Autopilot environments, SBOM Monitoring is not supported. The options 'datadog.sbom.containerImage.enabled' and 'datadog.sbom.host.enabled' must be set to 'false'. {{- end }} {{- end }} -{{- if or .Values.providers.gke.autopilot .Values.providers.gke.gdc }} +{{- if .Values.providers.gke.gdc }} -{{- if or .Values.datadog.sbom.containerImage.enabled .Values.datadog.sbom.host.enabled }} +{{- if .Values.datadog.networkMonitoring.enabled }} ####################################################################################### -#### WARNING: SBOM Monitoring is not supported on GKE Autopilot #### +#### WARNING: Network Performance Monitoring is not supported on GKE GDC #### ####################################################################################### -On GKE Autopilot environments, SBOM Monitoring is not supported. The options 'datadog.sbom.containerImage.enabled' and 'datadog.sbom.host.enabled' must be set to 'false'. +{{- fail "On GKE GDC environments, Network Performance Monitoring is not supported. The option 'datadog.networkMonitoring.enabled' must be set to 'false'" }} {{- end }} diff --git a/charts/datadog/templates/_container-host-release-volumemounts.yaml b/charts/datadog/templates/_container-host-release-volumemounts.yaml index af1cfea68..189a06f10 100644 --- a/charts/datadog/templates/_container-host-release-volumemounts.yaml +++ b/charts/datadog/templates/_container-host-release-volumemounts.yaml @@ -1,6 +1,5 @@ {{- define "linux-container-host-release-volumemounts" -}} -{{- if or .Values.datadog.osReleasePath .Values.datadog.systemProbe.osReleasePath }} - {{- if and (not .Values.providers.gke.gdc) (not .Values.providers.gke.autopilot) }} +{{- if eq (include "should-add-host-path-for-os-release-file" .) "true" }} {{- if eq (include "should-enable-system-probe" .) "true" }} - name: os-release-file mountPath: /host{{ .Values.datadog.systemProbe.osReleasePath | default .Values.datadog.osReleasePath }} @@ -12,4 +11,3 @@ {{- end }} {{- end }} {{- end }} -{{- end }} diff --git a/charts/datadog/templates/_container-system-probe.yaml b/charts/datadog/templates/_container-system-probe.yaml index 8b6669b18..90721eca1 100644 --- a/charts/datadog/templates/_container-system-probe.yaml +++ b/charts/datadog/templates/_container-system-probe.yaml @@ -3,7 +3,7 @@ image: "{{ include "image-path" (dict "root" .Values "image" .Values.agents.image) }}" imagePullPolicy: {{ .Values.agents.image.pullPolicy }} {{ include "generate-security-context" (dict "securityContext" .Values.agents.containers.systemProbe.securityContext "targetSystem" .Values.targetSystem "seccomp" .Values.datadog.systemProbe.seccomp "kubeversion" .Capabilities.KubeVersion.Version) | indent 2 }} - command: ["/opt/datadog-agent/embedded/bin/system-probe", "--config=/etc/datadog-agent/system-probe.yaml"] + command: ["system-probe", "--config=/etc/datadog-agent/system-probe.yaml"] {{- if .Values.agents.containers.systemProbe.ports }} ports: {{ toYaml .Values.agents.containers.systemProbe.ports | indent 2 }} @@ -30,9 +30,11 @@ resources: {{ toYaml .Values.agents.containers.systemProbe.resources | indent 4 }} volumeMounts: + {{- if (not .Values.providers.gke.autopilot) }} - name: auth-token mountPath: {{ template "datadog.confPath" . }}/auth readOnly: true + {{- end }} - name: logdatadog mountPath: {{ template "datadog.logDirectoryPath" . }} readOnly: false # Need RW to write logs diff --git a/charts/datadog/templates/_containers-init-linux.yaml b/charts/datadog/templates/_containers-init-linux.yaml index fd0636250..e50dac6f6 100644 --- a/charts/datadog/templates/_containers-init-linux.yaml +++ b/charts/datadog/templates/_containers-init-linux.yaml @@ -1,8 +1,6 @@ {{- define "containers-init-linux" -}} - name: init-volume -{{- if not .Values.providers.gke.autopilot }} {{- include "generate-security-context" (dict "securityContext" .Values.agents.containers.initContainers.securityContext "targetSystem" .Values.targetSystem "seccomp" "" "kubeversion" .Capabilities.KubeVersion.Version) | indent 2 }} -{{- end }} image: "{{ include "image-path" (dict "root" .Values "image" .Values.agents.image) }}" imagePullPolicy: {{ .Values.agents.image.pullPolicy }} command: ["bash", "-c"] @@ -15,9 +13,7 @@ resources: {{ toYaml .Values.agents.containers.initContainers.resources | indent 4 }} - name: init-config -{{- if not .Values.providers.gke.autopilot }} {{- include "generate-security-context" (dict "securityContext" .Values.agents.containers.initContainers.securityContext "targetSystem" .Values.targetSystem "seccomp" "" "kubeversion" .Capabilities.KubeVersion.Version) | indent 2 }} -{{- end }} image: "{{ include "image-path" (dict "root" .Values "image" .Values.agents.image) }}" imagePullPolicy: {{ .Values.agents.image.pullPolicy }} command: diff --git a/charts/datadog/templates/_daemonset-volumes-linux.yaml b/charts/datadog/templates/_daemonset-volumes-linux.yaml index c4238986c..da78a43ba 100644 --- a/charts/datadog/templates/_daemonset-volumes-linux.yaml +++ b/charts/datadog/templates/_daemonset-volumes-linux.yaml @@ -17,7 +17,7 @@ - hostPath: path: /sys/fs/cgroup name: cgroups -{{- if and (not .Values.providers.gke.autopilot) (or .Values.datadog.systemProbe.osReleasePath .Values.datadog.osReleasePath .Values.datadog.sbom.host.enabled) }} +{{- if eq (include "should-add-host-path-for-os-release-file" .) "true"}} - hostPath: path: {{ .Values.datadog.systemProbe.osReleasePath | default .Values.datadog.osReleasePath }} name: os-release-file diff --git a/charts/datadog/templates/_helpers.tpl b/charts/datadog/templates/_helpers.tpl index d4c2bc0bf..db31eb837 100644 --- a/charts/datadog/templates/_helpers.tpl +++ b/charts/datadog/templates/_helpers.tpl @@ -53,6 +53,7 @@ false Check if target cluster is running GKE Autopilot. */}} {{- define "is-autopilot" -}} +{{- if .Values.providers.gke.autopilot -}} {{- $nodes := (lookup "v1" "Node" "" "").items }} {{- if and $nodes (gt (len $nodes) 0) -}} {{- $node := index $nodes 0 -}} @@ -64,6 +65,9 @@ false {{- else -}} false {{- end -}} +{{- else -}} +false +{{- end -}} {{- end -}} {{/* @@ -374,7 +378,7 @@ false Return true if the system-probe container should be created. */}} {{- define "should-enable-system-probe" -}} -{{- if and (not (or .Values.providers.gke.autopilot .Values.providers.gke.gdc )) (eq (include "system-probe-feature" .) "true") (eq .Values.targetSystem "linux") -}} +{{- if or (and (eq (include "system-probe-feature" .) "true") (eq .Values.targetSystem "linux") (not .Values.providers.gke.gdc)) (eq (include "gke-autopilot-workloadallowlists-enabled" . ) "true") -}} true {{- else -}} false @@ -419,7 +423,8 @@ false Return true if the security-agent container should be created. */}} {{- define "should-enable-security-agent" -}} -{{- if and (not (or .Values.providers.gke.autopilot .Values.providers.gke.gdc )) (eq .Values.targetSystem "linux") (eq (include "security-agent-feature" .) "true") -}} +{{- if and (not .Values.providers.gke.gdc ) (eq .Values.targetSystem "linux") (eq (include "security-agent-feature" +.) "true") -}} true {{- else -}} false @@ -441,7 +446,7 @@ false Return true if the runtime security features should be enabled. */}} {{- define "should-enable-runtime-security" -}} -{{- if and (not (or .Values.providers.gke.autopilot .Values.providers.gke.gdc)) (or .Values.datadog.securityAgent.runtime.enabled .Values.datadog.securityAgent.runtime.fimEnabled) -}} +{{- if and (not .Values.providers.gke.gdc) (or .Values.datadog.securityAgent.runtime.enabled .Values.datadog.securityAgent.runtime.fimEnabled) -}} true {{- else -}} false @@ -1028,7 +1033,6 @@ Create RBACs for custom resources false {{- end -}} {{- end -}} - {{/* Return true if any process-related check is enabled */}} @@ -1058,7 +1062,7 @@ Create RBACs for custom resources Returns true if process-related checks should run on the core agent. */}} {{- define "should-run-process-checks-on-core-agent" -}} - {{- if or .Values.providers.gke.gdc .Values.providers.gke.autopilot -}} + {{- if or (.Values.providers.gke.gdc) (and (.Values.providers.gke.autopilot) (not (eq (include "gke-autopilot-workloadallowlists-enabled" .) "true"))) -}} false {{- else if ne .Values.targetSystem "linux" -}} false @@ -1099,6 +1103,27 @@ Create RBACs for custom resources {{- end -}} {{- end -}} +{{/* + Returns true if Host path for os-release-file needs to be added to the volumes. +*/}} +{{- define "should-add-host-path-for-os-release-file" -}} +{{- if .Values.providers.gke.gdc -}} +false +{{- end }} +{{- if or .Values.datadog.systemProbe.osReleasePath .Values.datadog.osReleasePath .Values.datadog.sbom.host.enabled -}} +{{- if .Values.providers.gke.autopilot -}} +{{- if eq (include "gke-autopilot-workloadallowlists-enabled" .) "true" -}} +true +{{- else -}} +false +{{- end -}} +{{- else -}} +true +{{- end -}} +{{- else -}} +false +{{- end -}} +{{- end -}} {{/* Returns true if Host paths for default OS Release Paths need to be added to the volumes. @@ -1106,6 +1131,8 @@ Create RBACs for custom resources {{- define "should-add-host-path-for-os-release-paths" -}} {{- if ne .Values.targetSystem "linux" -}} false + {{- else if .Values.providers.gke.autopilot -}} + false {{- else if .Values.providers.talos.enabled -}} false {{- else if (and .Values.datadog.systemProbe.enableDefaultOsReleasePaths (not .Values.datadog.disableDefaultOsReleasePaths)) -}} diff --git a/charts/datadog/templates/_system-probe-init.yaml b/charts/datadog/templates/_system-probe-init.yaml index cfea181fc..a9defec32 100644 --- a/charts/datadog/templates/_system-probe-init.yaml +++ b/charts/datadog/templates/_system-probe-init.yaml @@ -1,8 +1,6 @@ {{- define "system-probe-init" -}} - name: seccomp-setup -{{- if not .Values.providers.gke.autopilot }} {{ include "generate-security-context" (dict "securityContext" .Values.agents.containers.initContainers.securityContext "targetSystem" .Values.targetSystem "seccomp" "" "kubeversion" .Capabilities.KubeVersion.Version) | indent 2 }} -{{- end }} image: "{{ include "image-path" (dict "root" .Values "image" .Values.agents.image) }}" imagePullPolicy: {{ .Values.agents.image.pullPolicy }} command: diff --git a/charts/datadog/templates/daemonset.yaml b/charts/datadog/templates/daemonset.yaml index 3eb021cba..5edcd8bb0 100644 --- a/charts/datadog/templates/daemonset.yaml +++ b/charts/datadog/templates/daemonset.yaml @@ -55,7 +55,7 @@ spec: checksum/agent-config: {{ tpl (toYaml .Values.agents.customAgentConfig) . | sha256sum }} {{- end }} {{- if eq (include "should-enable-system-probe" .) "true" }} - {{- if .Values.agents.podSecurity.apparmor.enabled }} + {{- if and (.Values.agents.podSecurity.apparmor.enabled) }} container.apparmor.security.beta.kubernetes.io/system-probe: {{ .Values.datadog.systemProbe.apparmor }} {{- end }} {{- if semverCompare "<1.19.0" .Capabilities.KubeVersion.Version }} diff --git a/charts/datadog/templates/gke_autopilot_allowlist_synchronizer.yaml b/charts/datadog/templates/gke_autopilot_allowlist_synchronizer.yaml index 013a84cc6..ff19473c9 100644 --- a/charts/datadog/templates/gke_autopilot_allowlist_synchronizer.yaml +++ b/charts/datadog/templates/gke_autopilot_allowlist_synchronizer.yaml @@ -3,6 +3,8 @@ apiVersion: auto.gke.io/v1 kind: AllowlistSynchronizer metadata: name: datadog-synchronizer + annotations: + helm.sh/hook: "pre-install,pre-upgrade" spec: allowlistPaths: - Datadog/datadog/datadog-datadog-daemonset-exemption-v1.0.1.yaml diff --git a/test/datadog/autopilot_test.go b/test/datadog/autopilot_test.go index 3a7abade6..83c27df74 100644 --- a/test/datadog/autopilot_test.go +++ b/test/datadog/autopilot_test.go @@ -34,6 +34,7 @@ func Test_autopilotConfigs(t *testing.T) { ShowOnly: []string{"templates/daemonset.yaml"}, Values: []string{"../../charts/datadog/values.yaml"}, Overrides: map[string]string{ + "DD_CI": "true", "datadog.apiKeyExistingSecret": "datadog-secret", "datadog.appKeyExistingSecret": "datadog-secret", "providers.gke.autopilot": "true", From fa73f62265f91c9d55685925f769a43afd870ba3 Mon Sep 17 00:00:00 2001 From: Guy Arbitman Date: Mon, 3 Mar 2025 15:35:19 +0200 Subject: [PATCH 31/45] USM: Expose configuration options of USM (#1705) * Update chart vesion and changelog * usm: Add go-tls configuration * usm: Add istio monitoring configuration * usm: Add noejs monitoring configuration * usm: Add native monitoring configuration * usm: Add http monitoring configuration * usm: Add http2/gRPC monitoring configuration * Update charts/datadog/values.yaml Co-authored-by: Celene * Fixed wording --------- Co-authored-by: Celene --- charts/datadog/CHANGELOG.md | 10 ++++++++ charts/datadog/Chart.yaml | 2 +- charts/datadog/README.md | 8 ++++++- .../templates/system-probe-configmap.yaml | 23 +++++++++++++++++++ charts/datadog/values.yaml | 20 ++++++++++++++++ 5 files changed, 61 insertions(+), 2 deletions(-) diff --git a/charts/datadog/CHANGELOG.md b/charts/datadog/CHANGELOG.md index 272b41178..cfc5b25b0 100644 --- a/charts/datadog/CHANGELOG.md +++ b/charts/datadog/CHANGELOG.md @@ -1,5 +1,15 @@ # Datadog changelog +## 3.101.0 + +* Add multiple Universal Service Monitoring configurations support. + * `datadog.serviceMonitoring.tls.go.enabled` to control Go TLS monitoring. + * `datadog.serviceMonitoring.tls.istio.enabled` to control Istio TLS monitoring. + * `datadog.serviceMonitoring.tls.nodejs.enabled` to control Node.js TLS monitoring. + * `datadog.serviceMonitoring.tls.native.enabled` to control native (openssl, libssl, gnutls) TLS monitoring. + * `datadog.serviceMonitoring.httpMonitoringEnabled` to control HTTP monitoring. + * `datadog.serviceMonitoring.http2MonitoringEnabled` to control HTTP/2 & gRPC monitoring. + ## 3.100.0 * Enable `system-probe` container on GKE Autopilot (requires GKE 1.32.1-gke.1729000 or later). diff --git a/charts/datadog/Chart.yaml b/charts/datadog/Chart.yaml index eefcb5779..8f46eac66 100644 --- a/charts/datadog/Chart.yaml +++ b/charts/datadog/Chart.yaml @@ -1,7 +1,7 @@ --- apiVersion: v1 name: datadog -version: 3.100.0 +version: 3.101.0 appVersion: "7" description: Datadog Agent keywords: diff --git a/charts/datadog/README.md b/charts/datadog/README.md index 5991225e6..361ab8753 100644 --- a/charts/datadog/README.md +++ b/charts/datadog/README.md @@ -1,6 +1,6 @@ # Datadog -![Version: 3.100.0](https://img.shields.io/badge/Version-3.100.0-informational?style=flat-square) ![AppVersion: 7](https://img.shields.io/badge/AppVersion-7-informational?style=flat-square) +![Version: 3.101.0](https://img.shields.io/badge/Version-3.101.0-informational?style=flat-square) ![AppVersion: 7](https://img.shields.io/badge/AppVersion-7-informational?style=flat-square) [Datadog](https://www.datadoghq.com/) is a hosted infrastructure monitoring platform. This chart adds the Datadog Agent to all nodes in your cluster via a DaemonSet. It also optionally depends on the [kube-state-metrics chart](https://github.com/prometheus-community/helm-charts/tree/main/charts/kube-state-metrics). For more information about monitoring Kubernetes with Datadog, please refer to the [Datadog documentation website](https://docs.datadoghq.com/agent/basic_agent_usage/kubernetes/). @@ -861,6 +861,12 @@ helm install \ | datadog.securityAgent.runtime.useSecruntimeTrack | bool | `true` | Set to true to send Cloud Workload Security (CWS) events directly to the Agent events explorer | | datadog.securityContext | object | `{"runAsUser":0}` | Allows you to overwrite the default PodSecurityContext on the Daemonset or Deployment | | datadog.serviceMonitoring.enabled | bool | `false` | Enable Universal Service Monitoring | +| datadog.serviceMonitoring.http2MonitoringEnabled | string | `nil` | Enable HTTP2 & gRPC monitoring for Universal Service Monitoring (Requires Agent 7.53.0+ and kernel 5.2 or later). Empty values use the default setting in the datadog agent. | +| datadog.serviceMonitoring.httpMonitoringEnabled | string | `nil` | Enable HTTP monitoring for Universal Service Monitoring (Requires Agent 7.40.0+). Empty values use the default setting in the datadog agent. | +| datadog.serviceMonitoring.tls.go.enabled | bool | `nil` | Enable TLS monitoring for Golang services (Requires Agent 7.51.0+). Empty values use the default setting in the datadog agent. | +| datadog.serviceMonitoring.tls.istio.enabled | bool | `nil` | Enable TLS monitoring for Istio services (Requires Agent 7.50.0+). Empty values use the default setting in the datadog agent. | +| datadog.serviceMonitoring.tls.native.enabled | bool | `nil` | Enable TLS monitoring for native (openssl, libssl, gnutls) services (Requires Agent 7.51.0+). Empty values use the default setting in the datadog agent. | +| datadog.serviceMonitoring.tls.nodejs.enabled | bool | `nil` | Enable TLS monitoring for Node.js services (Requires Agent 7.54.0+). Empty values use the default setting in the datadog agent. | | datadog.site | string | `nil` | The site of the Datadog intake to send Agent data to. (documentation: https://docs.datadoghq.com/getting_started/site/) | | datadog.systemProbe.apparmor | string | `"unconfined"` | Specify a apparmor profile for system-probe | | datadog.systemProbe.bpfDebug | bool | `false` | Enable logging for kernel debug | diff --git a/charts/datadog/templates/system-probe-configmap.yaml b/charts/datadog/templates/system-probe-configmap.yaml index e74f96f23..88471d801 100644 --- a/charts/datadog/templates/system-probe-configmap.yaml +++ b/charts/datadog/templates/system-probe-configmap.yaml @@ -43,6 +43,29 @@ data: conntrack_init_timeout: {{ $.Values.datadog.systemProbe.conntrackInitTimeout }} service_monitoring_config: enabled: {{ $.Values.datadog.serviceMonitoring.enabled }} + {{- if not (eq .Values.datadog.serviceMonitoring.httpMonitoringEnabled nil) }} + enable_http_monitoring: {{ $.Values.datadog.serviceMonitoring.httpMonitoringEnabled }} + {{- end }} + {{- if not (eq .Values.datadog.serviceMonitoring.http2MonitoringEnabled nil) }} + enable_http2_monitoring: {{ $.Values.datadog.serviceMonitoring.http2MonitoringEnabled }} + {{- end }} + tls: + {{- if not (eq .Values.datadog.serviceMonitoring.tls.go.enabled nil) }} + go: + enabled: {{ $.Values.datadog.serviceMonitoring.tls.go.enabled }} + {{- end }} + {{- if not (eq .Values.datadog.serviceMonitoring.tls.istio.enabled nil) }} + istio: + enabled: {{ $.Values.datadog.serviceMonitoring.tls.istio.enabled }} + {{- end }} + {{- if not (eq .Values.datadog.serviceMonitoring.tls.nodejs.enabled nil) }} + nodejs: + enabled: {{ $.Values.datadog.serviceMonitoring.tls.nodejs.enabled }} + {{- end }} + {{- if not (eq .Values.datadog.serviceMonitoring.tls.native.enabled nil) }} + native: + enabled: {{ $.Values.datadog.serviceMonitoring.tls.native.enabled }} + {{- end }} {{- if not (eq .Values.datadog.discovery.enabled nil) }} discovery: enabled: {{ $.Values.datadog.discovery.enabled }} diff --git a/charts/datadog/values.yaml b/charts/datadog/values.yaml index d91064db3..f58a5d45e 100644 --- a/charts/datadog/values.yaml +++ b/charts/datadog/values.yaml @@ -831,6 +831,26 @@ datadog: # datadog.serviceMonitoring.enabled -- Enable Universal Service Monitoring enabled: false + # datadog.serviceMonitoring.httpMonitoringEnabled -- Enable HTTP monitoring for Universal Service Monitoring (Requires Agent 7.40.0+). Empty values use the default setting in the datadog agent. + httpMonitoringEnabled: + + # datadog.serviceMonitoring.http2MonitoringEnabled -- Enable HTTP2 & gRPC monitoring for Universal Service Monitoring (Requires Agent 7.53.0+ and kernel 5.2 or later). Empty values use the default setting in the datadog agent. + http2MonitoringEnabled: + + tls: + go: + # datadog.serviceMonitoring.tls.go.enabled -- (bool) Enable TLS monitoring for Golang services (Requires Agent 7.51.0+). Empty values use the default setting in the datadog agent. + enabled: + istio: + # datadog.serviceMonitoring.tls.istio.enabled -- (bool) Enable TLS monitoring for Istio services (Requires Agent 7.50.0+). Empty values use the default setting in the datadog agent. + enabled: + nodejs: + # datadog.serviceMonitoring.tls.nodejs.enabled -- (bool) Enable TLS monitoring for Node.js services (Requires Agent 7.54.0+). Empty values use the default setting in the datadog agent. + enabled: + native: + # datadog.serviceMonitoring.tls.native.enabled -- (bool) Enable TLS monitoring for native (openssl, libssl, gnutls) services (Requires Agent 7.51.0+). Empty values use the default setting in the datadog agent. + enabled: + discovery: # datadog.discovery.enabled -- (bool) Enable Service Discovery enabled: # false From bd2d4ec7e3c6f70268e0ad11711f9df7f8cafc32 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Guillermo=20Juli=C3=A1n?= Date: Tue, 4 Mar 2025 13:06:55 +0100 Subject: [PATCH 32/45] Add NVIDIA_VISIBLE_DEVICES env var in GPU monitoring (#1726) * Add NVIDIA_VISIBLE_DEVICES env var * Reword changelog --- charts/datadog/CHANGELOG.md | 4 ++++ charts/datadog/Chart.yaml | 2 +- charts/datadog/README.md | 2 +- charts/datadog/templates/_container-agent.yaml | 7 ++++++- charts/datadog/templates/_container-system-probe.yaml | 5 +++++ 5 files changed, 17 insertions(+), 3 deletions(-) diff --git a/charts/datadog/CHANGELOG.md b/charts/datadog/CHANGELOG.md index cfc5b25b0..cff42574f 100644 --- a/charts/datadog/CHANGELOG.md +++ b/charts/datadog/CHANGELOG.md @@ -1,5 +1,9 @@ # Datadog changelog +## 3.101.1 + +* Add the `NVIDIA_VISIBLE_DEVICES` environment variable to the containers when GPU monitoring is enabled: if the NVIDIA k8s device plugin does not support volume mounts for requesting devices (controlled by the `accept-nvidia-visible-devices-as-volume-mount` setting) we need to request devices via the environment variable. + ## 3.101.0 * Add multiple Universal Service Monitoring configurations support. diff --git a/charts/datadog/Chart.yaml b/charts/datadog/Chart.yaml index 8f46eac66..e8721af95 100644 --- a/charts/datadog/Chart.yaml +++ b/charts/datadog/Chart.yaml @@ -1,7 +1,7 @@ --- apiVersion: v1 name: datadog -version: 3.101.0 +version: 3.101.1 appVersion: "7" description: Datadog Agent keywords: diff --git a/charts/datadog/README.md b/charts/datadog/README.md index 361ab8753..7254f79d9 100644 --- a/charts/datadog/README.md +++ b/charts/datadog/README.md @@ -1,6 +1,6 @@ # Datadog -![Version: 3.101.0](https://img.shields.io/badge/Version-3.101.0-informational?style=flat-square) ![AppVersion: 7](https://img.shields.io/badge/AppVersion-7-informational?style=flat-square) +![Version: 3.101.1](https://img.shields.io/badge/Version-3.101.1-informational?style=flat-square) ![AppVersion: 7](https://img.shields.io/badge/AppVersion-7-informational?style=flat-square) [Datadog](https://www.datadoghq.com/) is a hosted infrastructure monitoring platform. This chart adds the Datadog Agent to all nodes in your cluster via a DaemonSet. It also optionally depends on the [kube-state-metrics chart](https://github.com/prometheus-community/helm-charts/tree/main/charts/kube-state-metrics). For more information about monitoring Kubernetes with Datadog, please refer to the [Datadog documentation website](https://docs.datadoghq.com/agent/basic_agent_usage/kubernetes/). diff --git a/charts/datadog/templates/_container-agent.yaml b/charts/datadog/templates/_container-agent.yaml index 46bcd6e26..b90ba1e44 100644 --- a/charts/datadog/templates/_container-agent.yaml +++ b/charts/datadog/templates/_container-agent.yaml @@ -165,7 +165,7 @@ value: {{ .Values.datadog.checksCardinality | quote }} {{- end }} - name: DD_CONTAINER_LIFECYCLE_ENABLED - value: {{ .Values.datadog.containerLifecycle.enabled | quote | default "true" }} + value: {{ .Values.datadog.containerLifecycle.enabled | quote | default "true" }} - name: DD_ORCHESTRATOR_EXPLORER_ENABLED value: {{ (include "should-enable-k8s-resource-monitoring" .) | quote }} - name: DD_EXPVAR_PORT @@ -205,6 +205,11 @@ - name: DD_OTELCOLLECTOR_ENABLED value: "true" {{- end }} + {{- if .Values.datadog.gpuMonitoring.enabled }} + # depending on the NVIDIA container toolkit configuration, we might need to request visible devices via this env var or via the /var/run/nvidia-container-devices/all volume mount + - name: NVIDIA_VISIBLE_DEVICES + value: all + {{- end }} {{- include "additional-env-entries" .Values.agents.containers.agent.env | indent 4 }} {{- include "additional-env-dict-entries" .Values.agents.containers.agent.envDict | indent 4 }} volumeMounts: diff --git a/charts/datadog/templates/_container-system-probe.yaml b/charts/datadog/templates/_container-system-probe.yaml index 90721eca1..04416040e 100644 --- a/charts/datadog/templates/_container-system-probe.yaml +++ b/charts/datadog/templates/_container-system-probe.yaml @@ -25,6 +25,11 @@ - name: HOST_ROOT value: "/host/root" {{- end }} + {{- if .Values.datadog.gpuMonitoring.enabled }} + # depending on the NVIDIA container toolkit configuration, we might need to request visible devices via this env var or via the /var/run/nvidia-container-devices/all volume mount + - name: NVIDIA_VISIBLE_DEVICES + value: all + {{- end }} {{- include "additional-env-entries" .Values.agents.containers.systemProbe.env | indent 4 }} {{- include "additional-env-dict-entries" .Values.agents.containers.systemProbe.envDict | indent 4 }} resources: From c51ba053d9bd1979276231939721ce955692ed56 Mon Sep 17 00:00:00 2001 From: Gabriel Plassard <138318954+dd-gplassard@users.noreply.github.com> Date: Tue, 4 Mar 2025 14:05:24 +0100 Subject: [PATCH 33/45] Upgrade PAR version to v0.1.12-beta (#1729) * Upgrade PAR version to v0.1.12-beta * update changelog --- charts/private-action-runner/CHANGELOG.md | 4 ++++ charts/private-action-runner/Chart.yaml | 2 +- charts/private-action-runner/README.md | 4 ++-- charts/private-action-runner/README.md.gotmpl | 2 +- charts/private-action-runner/values.yaml | 2 +- test/private-action-runner/__snapshot__/default.yaml | 2 +- .../__snapshot__/enable-kubernetes-actions.yaml | 2 +- 7 files changed, 11 insertions(+), 7 deletions(-) diff --git a/charts/private-action-runner/CHANGELOG.md b/charts/private-action-runner/CHANGELOG.md index 97db34964..6b4197e30 100644 --- a/charts/private-action-runner/CHANGELOG.md +++ b/charts/private-action-runner/CHANGELOG.md @@ -1,5 +1,9 @@ # Datadog changelog +## 0.15.7 + +* Update private action image version to `v0.1.12-beta` + ## 0.15.6 * Update private action image version to `v0.1.11-beta` diff --git a/charts/private-action-runner/Chart.yaml b/charts/private-action-runner/Chart.yaml index 114b8c4ed..59adb118a 100644 --- a/charts/private-action-runner/Chart.yaml +++ b/charts/private-action-runner/Chart.yaml @@ -3,7 +3,7 @@ name: private-action-runner description: A Helm chart to deploy the private action runner type: application -version: 0.15.6 +version: 0.15.7 appVersion: "1.22.0" keywords: - app builder diff --git a/charts/private-action-runner/README.md b/charts/private-action-runner/README.md index 3d15b5d3f..6f2b099a8 100644 --- a/charts/private-action-runner/README.md +++ b/charts/private-action-runner/README.md @@ -1,6 +1,6 @@ # Datadog Private Action Runner -![Version: 0.15.6](https://img.shields.io/badge/Version-0.15.6-informational?style=flat-square) ![AppVersion: v0.1.11-beta](https://img.shields.io/badge/AppVersion-v0.1.11--beta-informational?style=flat-square) +![Version: 0.15.7](https://img.shields.io/badge/Version-0.15.7-informational?style=flat-square) ![AppVersion: v0.1.12-beta](https://img.shields.io/badge/AppVersion-v0.1.12--beta-informational?style=flat-square) This Helm Chart deploys the Datadog Private Action runner inside a Kubernetes cluster. It allows you to use private actions from the Datadog Workflow and Datadog App Builder products. When deploying this chart, you can give permissions to the runner in order to be able to run Kubernetes actions. @@ -42,7 +42,7 @@ helm repo update | Key | Type | Default | Description | |-----|------|---------|-------------| -| common.image | object | `{"repository":"gcr.io/datadoghq/private-action-runner","tag":"v0.1.11-beta"}` | Current Datadog Private Action Runner image | +| common.image | object | `{"repository":"gcr.io/datadoghq/private-action-runner","tag":"v0.1.12-beta"}` | Current Datadog Private Action Runner image | | credentialFiles | list | `[]` | List of credential files to be used by the Datadog Private Action Runner | | runners[0].config | object | `{"actionsAllowlist":[],"ddBaseURL":"https://app.datadoghq.com","modes":["workflowAutomation","appBuilder"],"port":9016,"privateKey":"CHANGE_ME_PRIVATE_KEY_FROM_CONFIG","urn":"CHANGE_ME_URN_FROM_CONFIG"}` | Configuration for the Datadog Private Action Runner | | runners[0].config.actionsAllowlist | list | `[]` | List of actions that the Datadog Private Action Runner is allowed to execute | diff --git a/charts/private-action-runner/README.md.gotmpl b/charts/private-action-runner/README.md.gotmpl index 4d1cc066f..879184dff 100644 --- a/charts/private-action-runner/README.md.gotmpl +++ b/charts/private-action-runner/README.md.gotmpl @@ -1,6 +1,6 @@ # Datadog Private Action Runner -![Version: 0.15.6](https://img.shields.io/badge/Version-0.15.6-informational?style=flat-square) ![AppVersion: v0.1.11-beta](https://img.shields.io/badge/AppVersion-v0.1.11--beta-informational?style=flat-square) +![Version: 0.15.7](https://img.shields.io/badge/Version-0.15.7-informational?style=flat-square) ![AppVersion: v0.1.12-beta](https://img.shields.io/badge/AppVersion-v0.1.12--beta-informational?style=flat-square) This Helm Chart deploys the Datadog Private Action runner inside a Kubernetes cluster. It allows you to use private actions from the Datadog Workflow and Datadog App Builder products. When deploying this chart, you can give permissions to the runner in order to be able to run Kubernetes actions. diff --git a/charts/private-action-runner/values.yaml b/charts/private-action-runner/values.yaml index a30c21851..2b99fc2e3 100644 --- a/charts/private-action-runner/values.yaml +++ b/charts/private-action-runner/values.yaml @@ -6,7 +6,7 @@ common: # -- Current Datadog Private Action Runner image image: repository: gcr.io/datadoghq/private-action-runner - tag: v0.1.11-beta + tag: v0.1.12-beta runners: # runners[0].name -- Name of the Datadog Private Action Runner diff --git a/test/private-action-runner/__snapshot__/default.yaml b/test/private-action-runner/__snapshot__/default.yaml index 97496712e..bfb6afdca 100644 --- a/test/private-action-runner/__snapshot__/default.yaml +++ b/test/private-action-runner/__snapshot__/default.yaml @@ -100,7 +100,7 @@ spec: value: nodeless containers: - name: runner - image: "gcr.io/datadoghq/private-action-runner:v0.1.11-beta" + image: "gcr.io/datadoghq/private-action-runner:v0.1.12-beta" imagePullPolicy: IfNotPresent ports: - name: http diff --git a/test/private-action-runner/__snapshot__/enable-kubernetes-actions.yaml b/test/private-action-runner/__snapshot__/enable-kubernetes-actions.yaml index 0243594a4..44a906533 100644 --- a/test/private-action-runner/__snapshot__/enable-kubernetes-actions.yaml +++ b/test/private-action-runner/__snapshot__/enable-kubernetes-actions.yaml @@ -144,7 +144,7 @@ spec: value: nodeless containers: - name: runner - image: "gcr.io/datadoghq/private-action-runner:v0.1.11-beta" + image: "gcr.io/datadoghq/private-action-runner:v0.1.12-beta" imagePullPolicy: IfNotPresent ports: - name: http From 9ca6251cfbb73fa1bd4efdcd69f1701aa4684be6 Mon Sep 17 00:00:00 2001 From: levan-m <116471169+levan-m@users.noreply.github.com> Date: Tue, 4 Mar 2025 15:38:27 -0500 Subject: [PATCH 34/45] Use hot folder with values files for baselines; render all resources (#1724) * Use hot folder with values file for baselines; render all resources * pull request template update * Update .github/PULL_REQUEST_TEMPLATE.md Co-authored-by: Heston Hoffman * Update baselines after merge from main --------- Co-authored-by: Heston Hoffman --- .github/PULL_REQUEST_TEMPLATE.md | 2 +- ...ent-clusterchecks-deployment_default.yaml} | 34 +- .../cluster-agent-deployment_default.yaml | 974 ++++++++++++ ...loyment_default_advanced_AC_injection.yaml | 988 ++++++++++++ ...ployment_default_minimal_AC_injection.yaml | 984 ++++++++++++ .../daemonset_default.yaml} | 0 .../baseline/manifests/default_all.yaml | 1361 +++++++++++++++++ .../manifests/gdc_daemonset_default.yaml | 1229 +++++++++++++++ .../gdc_daemonset_logs_collection.yaml | 1250 +++++++++++++++ .../baseline/manifests/other_default.yaml | 1361 +++++++++++++++++ ...gent-clusterchecks-deployment_default.yaml | 9 + .../cluster-agent-deployment_default.yaml | 0 ...loyment_default_advanced_AC_injection.yaml | 31 + ...ployment_default_minimal_AC_injection.yaml | 8 + .../baseline/values/daemonset_default.yaml | 3 + test/datadog/baseline/values/default_all.yaml | 3 + .../values/gdc_daemonset_default.yaml | 6 + .../values/gdc_daemonset_logs_collection.yaml | 11 + .../baseline/values/other_default.yaml | 12 + test/datadog/baseline_test.go | 211 +-- 20 files changed, 8246 insertions(+), 231 deletions(-) rename test/datadog/baseline/{other_default.yaml => manifests/agent-clusterchecks-deployment_default.yaml} (98%) create mode 100644 test/datadog/baseline/manifests/cluster-agent-deployment_default.yaml create mode 100644 test/datadog/baseline/manifests/cluster-agent-deployment_default_advanced_AC_injection.yaml create mode 100644 test/datadog/baseline/manifests/cluster-agent-deployment_default_minimal_AC_injection.yaml rename test/datadog/baseline/{default_all.yaml => manifests/daemonset_default.yaml} (100%) create mode 100644 test/datadog/baseline/manifests/default_all.yaml create mode 100644 test/datadog/baseline/manifests/gdc_daemonset_default.yaml create mode 100644 test/datadog/baseline/manifests/gdc_daemonset_logs_collection.yaml create mode 100644 test/datadog/baseline/manifests/other_default.yaml create mode 100644 test/datadog/baseline/values/agent-clusterchecks-deployment_default.yaml create mode 100644 test/datadog/baseline/values/cluster-agent-deployment_default.yaml create mode 100644 test/datadog/baseline/values/cluster-agent-deployment_default_advanced_AC_injection.yaml create mode 100644 test/datadog/baseline/values/cluster-agent-deployment_default_minimal_AC_injection.yaml create mode 100644 test/datadog/baseline/values/daemonset_default.yaml create mode 100644 test/datadog/baseline/values/default_all.yaml create mode 100644 test/datadog/baseline/values/gdc_daemonset_default.yaml create mode 100644 test/datadog/baseline/values/gdc_daemonset_logs_collection.yaml create mode 100644 test/datadog/baseline/values/other_default.yaml diff --git a/.github/PULL_REQUEST_TEMPLATE.md b/.github/PULL_REQUEST_TEMPLATE.md index 352f24e3f..098c10e2e 100644 --- a/.github/PULL_REQUEST_TEMPLATE.md +++ b/.github/PULL_REQUEST_TEMPLATE.md @@ -12,4 +12,4 @@ - [ ] Documentation has been updated with helm-docs (run: `.github/helm-docs.sh`) - [ ] `CHANGELOG.md` has been updated - [ ] Variables are documented in the `README.md` -- [ ] For Datadog Operator chart or value changes update the test baselines (run: `make update-test-baselines`) +- [ ] For `datadog` or `datadog-operator` chart or value changes, update the test baselines (run: `make update-test-baselines`) diff --git a/test/datadog/baseline/other_default.yaml b/test/datadog/baseline/manifests/agent-clusterchecks-deployment_default.yaml similarity index 98% rename from test/datadog/baseline/other_default.yaml rename to test/datadog/baseline/manifests/agent-clusterchecks-deployment_default.yaml index ba3792960..514c74106 100644 --- a/test/datadog/baseline/other_default.yaml +++ b/test/datadog/baseline/manifests/agent-clusterchecks-deployment_default.yaml @@ -1,35 +1,3 @@ -apiVersion: policy/v1 -kind: PodDisruptionBudget -metadata: - labels: - app.kubernetes.io/instance: datadog - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/name: datadog - app.kubernetes.io/version: "7" - name: datadog-clusterchecks - namespace: datadog-agent -spec: - maxUnavailable: 1 - selector: - matchLabels: - app: datadog-clusterchecks ---- -apiVersion: policy/v1 -kind: PodDisruptionBudget -metadata: - labels: - app.kubernetes.io/instance: datadog - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/name: datadog - app.kubernetes.io/version: "7" - name: datadog-cluster-agent - namespace: datadog-agent -spec: - minAvailable: 1 - selector: - matchLabels: - app: datadog-cluster-agent ---- apiVersion: v1 automountServiceAccountToken: true kind: ServiceAccount @@ -868,7 +836,7 @@ spec: - name: DD_DOGSTATSD_SOCKET value: /var/run/datadog/dsd.socket - name: DD_EXTRA_CONFIG_PROVIDERS - value: endpointschecks + value: clusterchecks endpointschecks - name: DD_IGNORE_AUTOCONF value: kubernetes_state - name: DD_CONTAINER_LIFECYCLE_ENABLED diff --git a/test/datadog/baseline/manifests/cluster-agent-deployment_default.yaml b/test/datadog/baseline/manifests/cluster-agent-deployment_default.yaml new file mode 100644 index 000000000..5aeaad6b2 --- /dev/null +++ b/test/datadog/baseline/manifests/cluster-agent-deployment_default.yaml @@ -0,0 +1,974 @@ +apiVersion: v1 +automountServiceAccountToken: true +kind: ServiceAccount +metadata: + labels: + app: datadog + app.kubernetes.io/instance: datadog + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: datadog + app.kubernetes.io/version: "7" + heritage: Helm + release: datadog + name: datadog-cluster-agent + namespace: datadog-agent +--- +apiVersion: v1 +automountServiceAccountToken: true +kind: ServiceAccount +metadata: + labels: + app.kubernetes.io/instance: datadog + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: datadog + app.kubernetes.io/version: "7" + name: datadog + namespace: datadog-agent +--- +apiVersion: v1 +data: + api-key: TUlTU0lORw== +kind: Secret +metadata: + labels: + app.kubernetes.io/instance: datadog + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: datadog + app.kubernetes.io/version: "7" + name: datadog + namespace: datadog-agent +type: Opaque +--- +apiVersion: v1 +data: {} +kind: Secret +metadata: + labels: + app.kubernetes.io/instance: datadog + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: datadog + app.kubernetes.io/version: "7" + name: datadog-cluster-agent + namespace: datadog-agent +type: Opaque +--- +apiVersion: v1 +data: + kubernetes_apiserver.yaml: |- + init_config: + instances: + - + filtering_enabled: false + unbundle_events: false + kubernetes_state_core.yaml.default: |- + init_config: + instances: + - collectors: + - secrets + - configmaps + - nodes + - pods + - services + - resourcequotas + - replicationcontrollers + - limitranges + - persistentvolumeclaims + - persistentvolumes + - namespaces + - endpoints + - daemonsets + - deployments + - replicasets + - statefulsets + - cronjobs + - jobs + - horizontalpodautoscalers + - poddisruptionbudgets + - storageclasses + - volumeattachments + - ingresses + labels_as_tags: + {} + annotations_as_tags: + {} +kind: ConfigMap +metadata: + annotations: {} + labels: + app.kubernetes.io/instance: datadog + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: datadog + app.kubernetes.io/version: "7" + name: datadog-cluster-agent-confd + namespace: datadog-agent +--- +apiVersion: v1 +data: {} +kind: ConfigMap +metadata: + annotations: {} + labels: + app.kubernetes.io/instance: datadog + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: datadog + app.kubernetes.io/version: "7" + name: datadog-installinfo + namespace: datadog-agent +--- +apiVersion: v1 +data: + install_type: k8s_manual +kind: ConfigMap +metadata: + labels: + app.kubernetes.io/instance: datadog + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: datadog + app.kubernetes.io/version: "7" + name: datadog-kpi-telemetry-configmap + namespace: datadog-agent +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + labels: + app.kubernetes.io/instance: datadog + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: datadog + app.kubernetes.io/version: "7" + name: datadog-cluster-agent +rules: + - apiGroups: + - "" + resources: + - services + - endpoints + - pods + - nodes + - namespaces + - componentstatuses + - limitranges + verbs: + - get + - list + - watch + - apiGroups: + - "" + resources: + - events + verbs: + - get + - list + - watch + - create + - apiGroups: + - discovery.k8s.io + resources: + - endpointslices + verbs: + - get + - list + - watch + - apiGroups: + - quota.openshift.io + resources: + - clusterresourcequotas + verbs: + - get + - list + - apiGroups: + - autoscaling + resources: + - horizontalpodautoscalers + verbs: + - list + - watch + - apiGroups: + - "" + resourceNames: + - datadogtoken + - datadogtoken + resources: + - configmaps + verbs: + - get + - update + - apiGroups: + - "" + resourceNames: + - datadog-leader-election + - datadog-leader-election + resources: + - configmaps + verbs: + - get + - update + - apiGroups: + - coordination.k8s.io + resourceNames: + - datadog-leader-election + resources: + - leases + verbs: + - get + - update + - apiGroups: + - coordination.k8s.io + resources: + - leases + verbs: + - create + - apiGroups: + - "" + resources: + - configmaps + - events + verbs: + - create + - nonResourceURLs: + - /version + - /healthz + verbs: + - get + - apiGroups: + - "" + resourceNames: + - kube-system + resources: + - namespaces + verbs: + - get + - apiGroups: + - "" + resourceNames: + - datadog-cluster-id + resources: + - configmaps + verbs: + - create + - get + - update + - apiGroups: + - "" + resources: + - persistentvolumes + - persistentvolumeclaims + - serviceaccounts + verbs: + - list + - get + - watch + - apiGroups: + - apps + resources: + - deployments + - replicasets + - daemonsets + - statefulsets + verbs: + - list + - get + - watch + - apiGroups: + - batch + resources: + - cronjobs + - jobs + verbs: + - list + - get + - watch + - apiGroups: + - networking.k8s.io + resources: + - ingresses + - networkpolicies + verbs: + - list + - get + - watch + - apiGroups: + - rbac.authorization.k8s.io + resources: + - roles + - rolebindings + - clusterroles + - clusterrolebindings + verbs: + - list + - get + - watch + - apiGroups: + - storage.k8s.io + resources: + - storageclasses + verbs: + - list + - get + - watch + - apiGroups: + - autoscaling.k8s.io + resources: + - verticalpodautoscalers + verbs: + - list + - get + - watch + - apiGroups: + - apiextensions.k8s.io + resources: + - customresourcedefinitions + verbs: + - list + - get + - watch + - apiGroups: + - admissionregistration.k8s.io + resourceNames: + - datadog-webhook + resources: + - validatingwebhookconfigurations + - mutatingwebhookconfigurations + verbs: + - get + - list + - watch + - update + - delete + - apiGroups: + - admissionregistration.k8s.io + resources: + - validatingwebhookconfigurations + - mutatingwebhookconfigurations + verbs: + - create + - apiGroups: + - batch + resources: + - jobs + - cronjobs + verbs: + - get + - apiGroups: + - apps + resources: + - statefulsets + - replicasets + - deployments + - daemonsets + verbs: + - get + - apiGroups: + - security.openshift.io + resourceNames: + - datadog-cluster-agent + - hostnetwork + resources: + - securitycontextconstraints + verbs: + - use +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + labels: + app.kubernetes.io/instance: datadog + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: datadog + app.kubernetes.io/version: "7" + name: datadog-ksm-core +rules: + - apiGroups: + - "" + resources: + - secrets + - configmaps + - nodes + - pods + - services + - resourcequotas + - replicationcontrollers + - limitranges + - persistentvolumeclaims + - persistentvolumes + - namespaces + - endpoints + - events + verbs: + - list + - watch + - apiGroups: + - extensions + resources: + - daemonsets + - deployments + - replicasets + verbs: + - list + - watch + - apiGroups: + - apps + resources: + - statefulsets + - daemonsets + - deployments + - replicasets + verbs: + - list + - watch + - apiGroups: + - batch + resources: + - cronjobs + - jobs + verbs: + - list + - watch + - apiGroups: + - autoscaling + resources: + - horizontalpodautoscalers + verbs: + - list + - watch + - apiGroups: + - policy + resources: + - poddisruptionbudgets + verbs: + - list + - watch + - apiGroups: + - storage.k8s.io + resources: + - storageclasses + - volumeattachments + verbs: + - list + - watch + - apiGroups: + - networking.k8s.io + resources: + - ingresses + verbs: + - list + - watch + - apiGroups: + - apiextensions.k8s.io + resources: + - customresourcedefinitions + verbs: + - list + - watch +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + labels: + app.kubernetes.io/instance: datadog + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: datadog + app.kubernetes.io/version: "7" + name: datadog +rules: + - nonResourceURLs: + - /metrics + - /metrics/slis + verbs: + - get + - apiGroups: + - "" + resources: + - nodes/metrics + - nodes/spec + - nodes/proxy + - nodes/stats + verbs: + - get + - apiGroups: + - "" + resources: + - endpoints + verbs: + - get + - apiGroups: + - security.openshift.io + resourceNames: + - datadog + - hostaccess + - privileged + resources: + - securitycontextconstraints + verbs: + - use + - apiGroups: + - coordination.k8s.io + resources: + - leases + verbs: + - get + - apiGroups: + - metrics.eks.amazonaws.com + resources: + - kcm/metrics + - ksh/metrics + verbs: + - get +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + labels: + app.kubernetes.io/instance: datadog + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: datadog + app.kubernetes.io/version: "7" + name: datadog-cluster-agent +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: datadog-cluster-agent +subjects: + - kind: ServiceAccount + name: datadog-cluster-agent + namespace: datadog-agent +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + labels: + app.kubernetes.io/instance: datadog + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: datadog + app.kubernetes.io/version: "7" + name: datadog-ksm-core +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: datadog-ksm-core +subjects: + - kind: ServiceAccount + name: datadog-cluster-agent + namespace: datadog-agent +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + labels: + app.kubernetes.io/instance: datadog + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: datadog + app.kubernetes.io/version: "7" + name: datadog +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: datadog +subjects: + - kind: ServiceAccount + name: datadog + namespace: datadog-agent +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + labels: + app.kubernetes.io/instance: datadog + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: datadog + app.kubernetes.io/version: "7" + name: datadog-cluster-agent-main + namespace: datadog-agent +rules: + - apiGroups: + - "" + resources: + - secrets + verbs: + - get + - list + - watch + - update + - create +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + labels: + app.kubernetes.io/instance: datadog + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: datadog + app.kubernetes.io/version: "7" + name: datadog-dca-flare + namespace: datadog-agent +rules: + - apiGroups: + - "" + resources: + - secrets + - configmaps + verbs: + - get + - list +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + labels: + app.kubernetes.io/instance: datadog + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: datadog + app.kubernetes.io/version: "7" + name: datadog-cluster-agent-main + namespace: datadog-agent +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: datadog-cluster-agent-main +subjects: + - kind: ServiceAccount + name: datadog-cluster-agent + namespace: datadog-agent +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + labels: + app.kubernetes.io/instance: datadog + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: datadog + app.kubernetes.io/version: "7" + name: datadog-dca-flare + namespace: datadog-agent +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: datadog-dca-flare +subjects: + - kind: ServiceAccount + name: datadog-cluster-agent + namespace: datadog-agent +--- +apiVersion: v1 +kind: Service +metadata: + labels: + app.kubernetes.io/instance: datadog + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: datadog + app.kubernetes.io/version: "7" + name: datadog-cluster-agent + namespace: datadog-agent +spec: + ports: + - name: agentport + port: 5005 + protocol: TCP + selector: + app: datadog-cluster-agent + type: ClusterIP +--- +apiVersion: v1 +kind: Service +metadata: + labels: + app: datadog + app.kubernetes.io/instance: datadog + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: datadog + app.kubernetes.io/version: "7" + heritage: Helm + release: datadog + name: datadog-cluster-agent-admission-controller + namespace: datadog-agent +spec: + ports: + - name: datadog-webhook + port: 443 + protocol: TCP + targetPort: 8000 + selector: + app: datadog-cluster-agent +--- +apiVersion: v1 +kind: Service +metadata: + labels: + app: datadog + app.kubernetes.io/instance: datadog + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: datadog + app.kubernetes.io/version: "7" + heritage: Helm + release: datadog + name: datadog + namespace: datadog-agent +spec: + internalTrafficPolicy: Local + ports: + - name: dogstatsdport + port: 8125 + protocol: UDP + targetPort: 8125 + - name: traceport + port: 8126 + protocol: TCP + targetPort: 8126 + selector: + app: datadog +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + labels: + app.kubernetes.io/component: cluster-agent + app.kubernetes.io/instance: datadog + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: datadog + app.kubernetes.io/version: "7" + name: datadog-cluster-agent + namespace: datadog-agent +spec: + replicas: 1 + revisionHistoryLimit: 10 + selector: + matchLabels: + app: datadog-cluster-agent + strategy: + rollingUpdate: + maxSurge: 1 + maxUnavailable: 0 + type: RollingUpdate + template: + metadata: + annotations: {} + labels: + admission.datadoghq.com/enabled: "false" + app: datadog-cluster-agent + app.kubernetes.io/component: cluster-agent + app.kubernetes.io/instance: datadog + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: datadog + name: datadog-cluster-agent + spec: + affinity: + podAntiAffinity: + preferredDuringSchedulingIgnoredDuringExecution: + - podAffinityTerm: + labelSelector: + matchLabels: + app: datadog-cluster-agent + topologyKey: kubernetes.io/hostname + weight: 50 + automountServiceAccountToken: true + containers: + - env: + - name: DD_POD_NAME + valueFrom: + fieldRef: + fieldPath: metadata.name + - name: DD_CLUSTER_AGENT_SERVICE_ACCOUNT_NAME + valueFrom: + fieldRef: + fieldPath: spec.serviceAccountName + - name: DD_HEALTH_PORT + value: "5556" + - name: DD_API_KEY + valueFrom: + secretKeyRef: + key: api-key + name: datadog + optional: true + - name: KUBERNETES + value: "yes" + - name: DD_LANGUAGE_DETECTION_ENABLED + value: "false" + - name: DD_LANGUAGE_DETECTION_REPORTING_ENABLED + value: "false" + - name: DD_ADMISSION_CONTROLLER_ENABLED + value: "true" + - name: DD_ADMISSION_CONTROLLER_VALIDATION_ENABLED + value: "true" + - name: DD_ADMISSION_CONTROLLER_MUTATION_ENABLED + value: "true" + - name: DD_ADMISSION_CONTROLLER_WEBHOOK_NAME + value: datadog-webhook + - name: DD_ADMISSION_CONTROLLER_MUTATE_UNLABELLED + value: "false" + - name: DD_ADMISSION_CONTROLLER_SERVICE_NAME + value: datadog-cluster-agent-admission-controller + - name: DD_ADMISSION_CONTROLLER_INJECT_CONFIG_MODE + value: socket + - name: DD_ADMISSION_CONTROLLER_INJECT_CONFIG_LOCAL_SERVICE_NAME + value: datadog + - name: DD_ADMISSION_CONTROLLER_FAILURE_POLICY + value: Ignore + - name: DD_ADMISSION_CONTROLLER_PORT + value: "8000" + - name: DD_ADMISSION_CONTROLLER_CONTAINER_REGISTRY + value: gcr.io/datadoghq + - name: DD_REMOTE_CONFIGURATION_ENABLED + value: "false" + - name: DD_CLUSTER_CHECKS_ENABLED + value: "true" + - name: DD_EXTRA_CONFIG_PROVIDERS + value: kube_endpoints kube_services + - name: DD_EXTRA_LISTENERS + value: kube_endpoints kube_services + - name: DD_LOG_LEVEL + value: INFO + - name: DD_LEADER_ELECTION + value: "true" + - name: DD_LEADER_ELECTION_DEFAULT_RESOURCE + value: configmap + - name: DD_LEADER_LEASE_NAME + value: datadog-leader-election + - name: DD_CLUSTER_AGENT_TOKEN_NAME + value: datadogtoken + - name: DD_COLLECT_KUBERNETES_EVENTS + value: "true" + - name: DD_KUBERNETES_USE_ENDPOINT_SLICES + value: "false" + - name: DD_KUBERNETES_EVENTS_SOURCE_DETECTION_ENABLED + value: "false" + - name: DD_CLUSTER_AGENT_KUBERNETES_SERVICE_NAME + value: datadog-cluster-agent + - name: DD_CLUSTER_AGENT_AUTH_TOKEN + valueFrom: + secretKeyRef: + key: token + name: datadog-cluster-agent + - name: DD_CLUSTER_AGENT_COLLECT_KUBERNETES_TAGS + value: "false" + - name: DD_KUBE_RESOURCES_NAMESPACE + value: datadog-agent + - name: CHART_RELEASE_NAME + value: datadog + - name: AGENT_DAEMONSET + value: datadog + - name: CLUSTER_AGENT_DEPLOYMENT + value: datadog-cluster-agent + - name: DD_ORCHESTRATOR_EXPLORER_ENABLED + value: "true" + - name: DD_ORCHESTRATOR_EXPLORER_CONTAINER_SCRUBBING_ENABLED + value: "true" + - name: DD_CLUSTER_AGENT_LANGUAGE_DETECTION_PATCHER_ENABLED + value: "false" + - name: DD_INSTRUMENTATION_INSTALL_TIME + valueFrom: + configMapKeyRef: + key: install_time + name: datadog-kpi-telemetry-configmap + - name: DD_INSTRUMENTATION_INSTALL_ID + valueFrom: + configMapKeyRef: + key: install_id + name: datadog-kpi-telemetry-configmap + - name: DD_INSTRUMENTATION_INSTALL_TYPE + valueFrom: + configMapKeyRef: + key: install_type + name: datadog-kpi-telemetry-configmap + image: gcr.io/datadoghq/cluster-agent:7.63.2 + imagePullPolicy: IfNotPresent + livenessProbe: + failureThreshold: 6 + httpGet: + path: /live + port: 5556 + scheme: HTTP + initialDelaySeconds: 15 + periodSeconds: 15 + successThreshold: 1 + timeoutSeconds: 5 + name: cluster-agent + ports: + - containerPort: 5005 + name: agentport + protocol: TCP + - containerPort: 5000 + name: agentmetrics + protocol: TCP + - containerPort: 8000 + name: datadog-webhook + protocol: TCP + readinessProbe: + failureThreshold: 6 + httpGet: + path: /ready + port: 5556 + scheme: HTTP + initialDelaySeconds: 15 + periodSeconds: 15 + successThreshold: 1 + timeoutSeconds: 5 + resources: {} + securityContext: + allowPrivilegeEscalation: false + readOnlyRootFilesystem: true + startupProbe: + failureThreshold: 6 + httpGet: + path: /startup + port: 5556 + scheme: HTTP + initialDelaySeconds: 15 + periodSeconds: 15 + successThreshold: 1 + timeoutSeconds: 5 + volumeMounts: + - mountPath: /opt/datadog-agent/run + name: datadogrun + readOnly: false + - mountPath: /var/log/datadog + name: varlog + readOnly: false + - mountPath: /tmp + name: tmpdir + readOnly: false + - mountPath: /etc/datadog-agent/install_info + name: installinfo + readOnly: true + subPath: install_info + - mountPath: /conf.d + name: confd + readOnly: true + - mountPath: /etc/datadog-agent + name: config + initContainers: + - args: + - /etc/datadog-agent + - /opt + command: + - cp + - -r + image: gcr.io/datadoghq/cluster-agent:7.63.2 + imagePullPolicy: IfNotPresent + name: init-volume + volumeMounts: + - mountPath: /opt/datadog-agent + name: config + nodeSelector: + kubernetes.io/os: linux + serviceAccountName: datadog-cluster-agent + volumes: + - emptyDir: {} + name: datadogrun + - emptyDir: {} + name: varlog + - emptyDir: {} + name: tmpdir + - configMap: + name: datadog-installinfo + name: installinfo + - configMap: + items: + - key: kubernetes_state_core.yaml.default + path: kubernetes_state_core.yaml.default + - key: kubernetes_apiserver.yaml + path: kubernetes_apiserver.yaml + name: datadog-cluster-agent-confd + name: confd + - emptyDir: {} + name: config +--- diff --git a/test/datadog/baseline/manifests/cluster-agent-deployment_default_advanced_AC_injection.yaml b/test/datadog/baseline/manifests/cluster-agent-deployment_default_advanced_AC_injection.yaml new file mode 100644 index 000000000..d2f2022e6 --- /dev/null +++ b/test/datadog/baseline/manifests/cluster-agent-deployment_default_advanced_AC_injection.yaml @@ -0,0 +1,988 @@ +apiVersion: v1 +automountServiceAccountToken: true +kind: ServiceAccount +metadata: + labels: + app: datadog + app.kubernetes.io/instance: datadog + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: datadog + app.kubernetes.io/version: "7" + heritage: Helm + release: datadog + name: datadog-cluster-agent + namespace: datadog-agent +--- +apiVersion: v1 +automountServiceAccountToken: true +kind: ServiceAccount +metadata: + labels: + app.kubernetes.io/instance: datadog + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: datadog + app.kubernetes.io/version: "7" + name: datadog + namespace: datadog-agent +--- +apiVersion: v1 +data: + api-key: TUlTU0lORw== +kind: Secret +metadata: + labels: + app.kubernetes.io/instance: datadog + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: datadog + app.kubernetes.io/version: "7" + name: datadog + namespace: datadog-agent +type: Opaque +--- +apiVersion: v1 +data: {} +kind: Secret +metadata: + labels: + app.kubernetes.io/instance: datadog + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: datadog + app.kubernetes.io/version: "7" + name: datadog-cluster-agent + namespace: datadog-agent +type: Opaque +--- +apiVersion: v1 +data: + kubernetes_apiserver.yaml: |- + init_config: + instances: + - + filtering_enabled: false + unbundle_events: false + kubernetes_state_core.yaml.default: |- + init_config: + instances: + - collectors: + - secrets + - configmaps + - nodes + - pods + - services + - resourcequotas + - replicationcontrollers + - limitranges + - persistentvolumeclaims + - persistentvolumes + - namespaces + - endpoints + - daemonsets + - deployments + - replicasets + - statefulsets + - cronjobs + - jobs + - horizontalpodautoscalers + - poddisruptionbudgets + - storageclasses + - volumeattachments + - ingresses + labels_as_tags: + {} + annotations_as_tags: + {} +kind: ConfigMap +metadata: + annotations: {} + labels: + app.kubernetes.io/instance: datadog + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: datadog + app.kubernetes.io/version: "7" + name: datadog-cluster-agent-confd + namespace: datadog-agent +--- +apiVersion: v1 +data: {} +kind: ConfigMap +metadata: + annotations: {} + labels: + app.kubernetes.io/instance: datadog + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: datadog + app.kubernetes.io/version: "7" + name: datadog-installinfo + namespace: datadog-agent +--- +apiVersion: v1 +data: + install_type: k8s_manual +kind: ConfigMap +metadata: + labels: + app.kubernetes.io/instance: datadog + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: datadog + app.kubernetes.io/version: "7" + name: datadog-kpi-telemetry-configmap + namespace: datadog-agent +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + labels: + app.kubernetes.io/instance: datadog + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: datadog + app.kubernetes.io/version: "7" + name: datadog-cluster-agent +rules: + - apiGroups: + - "" + resources: + - services + - endpoints + - pods + - nodes + - namespaces + - componentstatuses + - limitranges + verbs: + - get + - list + - watch + - apiGroups: + - "" + resources: + - events + verbs: + - get + - list + - watch + - create + - apiGroups: + - discovery.k8s.io + resources: + - endpointslices + verbs: + - get + - list + - watch + - apiGroups: + - quota.openshift.io + resources: + - clusterresourcequotas + verbs: + - get + - list + - apiGroups: + - autoscaling + resources: + - horizontalpodautoscalers + verbs: + - list + - watch + - apiGroups: + - "" + resourceNames: + - datadogtoken + - datadogtoken + resources: + - configmaps + verbs: + - get + - update + - apiGroups: + - "" + resourceNames: + - datadog-leader-election + - datadog-leader-election + resources: + - configmaps + verbs: + - get + - update + - apiGroups: + - coordination.k8s.io + resourceNames: + - datadog-leader-election + resources: + - leases + verbs: + - get + - update + - apiGroups: + - coordination.k8s.io + resources: + - leases + verbs: + - create + - apiGroups: + - "" + resources: + - configmaps + - events + verbs: + - create + - nonResourceURLs: + - /version + - /healthz + verbs: + - get + - apiGroups: + - "" + resourceNames: + - kube-system + resources: + - namespaces + verbs: + - get + - apiGroups: + - "" + resourceNames: + - datadog-cluster-id + resources: + - configmaps + verbs: + - create + - get + - update + - apiGroups: + - "" + resources: + - persistentvolumes + - persistentvolumeclaims + - serviceaccounts + verbs: + - list + - get + - watch + - apiGroups: + - apps + resources: + - deployments + - replicasets + - daemonsets + - statefulsets + verbs: + - list + - get + - watch + - apiGroups: + - batch + resources: + - cronjobs + - jobs + verbs: + - list + - get + - watch + - apiGroups: + - networking.k8s.io + resources: + - ingresses + - networkpolicies + verbs: + - list + - get + - watch + - apiGroups: + - rbac.authorization.k8s.io + resources: + - roles + - rolebindings + - clusterroles + - clusterrolebindings + verbs: + - list + - get + - watch + - apiGroups: + - storage.k8s.io + resources: + - storageclasses + verbs: + - list + - get + - watch + - apiGroups: + - autoscaling.k8s.io + resources: + - verticalpodautoscalers + verbs: + - list + - get + - watch + - apiGroups: + - apiextensions.k8s.io + resources: + - customresourcedefinitions + verbs: + - list + - get + - watch + - apiGroups: + - admissionregistration.k8s.io + resourceNames: + - datadog-webhook + resources: + - validatingwebhookconfigurations + - mutatingwebhookconfigurations + verbs: + - get + - list + - watch + - update + - delete + - apiGroups: + - admissionregistration.k8s.io + resources: + - validatingwebhookconfigurations + - mutatingwebhookconfigurations + verbs: + - create + - apiGroups: + - batch + resources: + - jobs + - cronjobs + verbs: + - get + - apiGroups: + - apps + resources: + - statefulsets + - replicasets + - deployments + - daemonsets + verbs: + - get + - apiGroups: + - security.openshift.io + resourceNames: + - datadog-cluster-agent + - hostnetwork + resources: + - securitycontextconstraints + verbs: + - use +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + labels: + app.kubernetes.io/instance: datadog + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: datadog + app.kubernetes.io/version: "7" + name: datadog-ksm-core +rules: + - apiGroups: + - "" + resources: + - secrets + - configmaps + - nodes + - pods + - services + - resourcequotas + - replicationcontrollers + - limitranges + - persistentvolumeclaims + - persistentvolumes + - namespaces + - endpoints + - events + verbs: + - list + - watch + - apiGroups: + - extensions + resources: + - daemonsets + - deployments + - replicasets + verbs: + - list + - watch + - apiGroups: + - apps + resources: + - statefulsets + - daemonsets + - deployments + - replicasets + verbs: + - list + - watch + - apiGroups: + - batch + resources: + - cronjobs + - jobs + verbs: + - list + - watch + - apiGroups: + - autoscaling + resources: + - horizontalpodautoscalers + verbs: + - list + - watch + - apiGroups: + - policy + resources: + - poddisruptionbudgets + verbs: + - list + - watch + - apiGroups: + - storage.k8s.io + resources: + - storageclasses + - volumeattachments + verbs: + - list + - watch + - apiGroups: + - networking.k8s.io + resources: + - ingresses + verbs: + - list + - watch + - apiGroups: + - apiextensions.k8s.io + resources: + - customresourcedefinitions + verbs: + - list + - watch +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + labels: + app.kubernetes.io/instance: datadog + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: datadog + app.kubernetes.io/version: "7" + name: datadog +rules: + - nonResourceURLs: + - /metrics + - /metrics/slis + verbs: + - get + - apiGroups: + - "" + resources: + - nodes/metrics + - nodes/spec + - nodes/proxy + - nodes/stats + verbs: + - get + - apiGroups: + - "" + resources: + - endpoints + verbs: + - get + - apiGroups: + - security.openshift.io + resourceNames: + - datadog + - hostaccess + - privileged + resources: + - securitycontextconstraints + verbs: + - use + - apiGroups: + - coordination.k8s.io + resources: + - leases + verbs: + - get + - apiGroups: + - metrics.eks.amazonaws.com + resources: + - kcm/metrics + - ksh/metrics + verbs: + - get +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + labels: + app.kubernetes.io/instance: datadog + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: datadog + app.kubernetes.io/version: "7" + name: datadog-cluster-agent +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: datadog-cluster-agent +subjects: + - kind: ServiceAccount + name: datadog-cluster-agent + namespace: datadog-agent +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + labels: + app.kubernetes.io/instance: datadog + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: datadog + app.kubernetes.io/version: "7" + name: datadog-ksm-core +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: datadog-ksm-core +subjects: + - kind: ServiceAccount + name: datadog-cluster-agent + namespace: datadog-agent +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + labels: + app.kubernetes.io/instance: datadog + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: datadog + app.kubernetes.io/version: "7" + name: datadog +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: datadog +subjects: + - kind: ServiceAccount + name: datadog + namespace: datadog-agent +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + labels: + app.kubernetes.io/instance: datadog + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: datadog + app.kubernetes.io/version: "7" + name: datadog-cluster-agent-main + namespace: datadog-agent +rules: + - apiGroups: + - "" + resources: + - secrets + verbs: + - get + - list + - watch + - update + - create +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + labels: + app.kubernetes.io/instance: datadog + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: datadog + app.kubernetes.io/version: "7" + name: datadog-dca-flare + namespace: datadog-agent +rules: + - apiGroups: + - "" + resources: + - secrets + - configmaps + verbs: + - get + - list +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + labels: + app.kubernetes.io/instance: datadog + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: datadog + app.kubernetes.io/version: "7" + name: datadog-cluster-agent-main + namespace: datadog-agent +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: datadog-cluster-agent-main +subjects: + - kind: ServiceAccount + name: datadog-cluster-agent + namespace: datadog-agent +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + labels: + app.kubernetes.io/instance: datadog + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: datadog + app.kubernetes.io/version: "7" + name: datadog-dca-flare + namespace: datadog-agent +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: datadog-dca-flare +subjects: + - kind: ServiceAccount + name: datadog-cluster-agent + namespace: datadog-agent +--- +apiVersion: v1 +kind: Service +metadata: + labels: + app.kubernetes.io/instance: datadog + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: datadog + app.kubernetes.io/version: "7" + name: datadog-cluster-agent + namespace: datadog-agent +spec: + ports: + - name: agentport + port: 5005 + protocol: TCP + selector: + app: datadog-cluster-agent + type: ClusterIP +--- +apiVersion: v1 +kind: Service +metadata: + labels: + app: datadog + app.kubernetes.io/instance: datadog + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: datadog + app.kubernetes.io/version: "7" + heritage: Helm + release: datadog + name: datadog-cluster-agent-admission-controller + namespace: datadog-agent +spec: + ports: + - name: datadog-webhook + port: 443 + protocol: TCP + targetPort: 8000 + selector: + app: datadog-cluster-agent +--- +apiVersion: v1 +kind: Service +metadata: + labels: + app: datadog + app.kubernetes.io/instance: datadog + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: datadog + app.kubernetes.io/version: "7" + heritage: Helm + release: datadog + name: datadog + namespace: datadog-agent +spec: + internalTrafficPolicy: Local + ports: + - name: dogstatsdport + port: 8125 + protocol: UDP + targetPort: 8125 + - name: traceport + port: 8126 + protocol: TCP + targetPort: 8126 + selector: + app: datadog +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + labels: + app.kubernetes.io/component: cluster-agent + app.kubernetes.io/instance: datadog + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: datadog + app.kubernetes.io/version: "7" + name: datadog-cluster-agent + namespace: datadog-agent +spec: + replicas: 1 + revisionHistoryLimit: 10 + selector: + matchLabels: + app: datadog-cluster-agent + strategy: + rollingUpdate: + maxSurge: 1 + maxUnavailable: 0 + type: RollingUpdate + template: + metadata: + annotations: {} + labels: + admission.datadoghq.com/enabled: "false" + app: datadog-cluster-agent + app.kubernetes.io/component: cluster-agent + app.kubernetes.io/instance: datadog + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: datadog + name: datadog-cluster-agent + spec: + affinity: + podAntiAffinity: + preferredDuringSchedulingIgnoredDuringExecution: + - podAffinityTerm: + labelSelector: + matchLabels: + app: datadog-cluster-agent + topologyKey: kubernetes.io/hostname + weight: 50 + automountServiceAccountToken: true + containers: + - env: + - name: DD_POD_NAME + valueFrom: + fieldRef: + fieldPath: metadata.name + - name: DD_CLUSTER_AGENT_SERVICE_ACCOUNT_NAME + valueFrom: + fieldRef: + fieldPath: spec.serviceAccountName + - name: DD_HEALTH_PORT + value: "5556" + - name: DD_API_KEY + valueFrom: + secretKeyRef: + key: api-key + name: datadog + optional: true + - name: KUBERNETES + value: "yes" + - name: DD_LANGUAGE_DETECTION_ENABLED + value: "false" + - name: DD_LANGUAGE_DETECTION_REPORTING_ENABLED + value: "false" + - name: DD_ADMISSION_CONTROLLER_ENABLED + value: "true" + - name: DD_ADMISSION_CONTROLLER_VALIDATION_ENABLED + value: "true" + - name: DD_ADMISSION_CONTROLLER_MUTATION_ENABLED + value: "true" + - name: DD_ADMISSION_CONTROLLER_WEBHOOK_NAME + value: datadog-webhook + - name: DD_ADMISSION_CONTROLLER_MUTATE_UNLABELLED + value: "false" + - name: DD_ADMISSION_CONTROLLER_SERVICE_NAME + value: datadog-cluster-agent-admission-controller + - name: DD_ADMISSION_CONTROLLER_INJECT_CONFIG_MODE + value: socket + - name: DD_ADMISSION_CONTROLLER_INJECT_CONFIG_LOCAL_SERVICE_NAME + value: datadog + - name: DD_ADMISSION_CONTROLLER_FAILURE_POLICY + value: Ignore + - name: DD_ADMISSION_CONTROLLER_PORT + value: "8000" + - name: DD_ADMISSION_CONTROLLER_CONTAINER_REGISTRY + value: gcr.io/datadoghq + - name: DD_ADMISSION_CONTROLLER_AGENT_SIDECAR_ENABLED + value: "true" + - name: DD_ADMISSION_CONTROLLER_AGENT_SIDECAR_CLUSTER_AGENT_ENABLED + value: "false" + - name: DD_ADMISSION_CONTROLLER_AGENT_SIDECAR_CONTAINER_REGISTRY + value: gcr.io/datadoghq + - name: DD_ADMISSION_CONTROLLER_AGENT_SIDECAR_IMAGE_NAME + value: agent + - name: DD_ADMISSION_CONTROLLER_AGENT_SIDECAR_IMAGE_TAG + value: 7.52.0 + - name: DD_ADMISSION_CONTROLLER_AGENT_SIDECAR_SELECTORS + value: '[{"namespaceSelector":{"matchLabels":{"agentSidecars":"true"}},"objectSelector":{"matchLabels":{"app":"nginx","runsOn":"nodeless"}}}]' + - name: DD_ADMISSION_CONTROLLER_AGENT_SIDECAR_PROFILES + value: '[{"env":[{"name":"DD_ORCHESTRATOR_EXPLORER_ENABLED","value":"false"},{"name":"DD_TAGS","value":"key1:value1 key2:value2"}],"resources":{"limits":{"cpu":"2","memory":"1024Mi"},"requests":{"cpu":"1","memory":"512Mi"}}}]' + - name: DD_REMOTE_CONFIGURATION_ENABLED + value: "false" + - name: DD_CLUSTER_CHECKS_ENABLED + value: "true" + - name: DD_EXTRA_CONFIG_PROVIDERS + value: kube_endpoints kube_services + - name: DD_EXTRA_LISTENERS + value: kube_endpoints kube_services + - name: DD_LOG_LEVEL + value: INFO + - name: DD_LEADER_ELECTION + value: "true" + - name: DD_LEADER_ELECTION_DEFAULT_RESOURCE + value: configmap + - name: DD_LEADER_LEASE_NAME + value: datadog-leader-election + - name: DD_CLUSTER_AGENT_TOKEN_NAME + value: datadogtoken + - name: DD_COLLECT_KUBERNETES_EVENTS + value: "true" + - name: DD_KUBERNETES_USE_ENDPOINT_SLICES + value: "false" + - name: DD_KUBERNETES_EVENTS_SOURCE_DETECTION_ENABLED + value: "false" + - name: DD_CLUSTER_AGENT_KUBERNETES_SERVICE_NAME + value: datadog-cluster-agent + - name: DD_CLUSTER_AGENT_AUTH_TOKEN + valueFrom: + secretKeyRef: + key: token + name: datadog-cluster-agent + - name: DD_CLUSTER_AGENT_COLLECT_KUBERNETES_TAGS + value: "false" + - name: DD_KUBE_RESOURCES_NAMESPACE + value: datadog-agent + - name: CHART_RELEASE_NAME + value: datadog + - name: AGENT_DAEMONSET + value: datadog + - name: CLUSTER_AGENT_DEPLOYMENT + value: datadog-cluster-agent + - name: DD_ORCHESTRATOR_EXPLORER_ENABLED + value: "true" + - name: DD_ORCHESTRATOR_EXPLORER_CONTAINER_SCRUBBING_ENABLED + value: "true" + - name: DD_CLUSTER_AGENT_LANGUAGE_DETECTION_PATCHER_ENABLED + value: "false" + - name: DD_INSTRUMENTATION_INSTALL_TIME + valueFrom: + configMapKeyRef: + key: install_time + name: datadog-kpi-telemetry-configmap + - name: DD_INSTRUMENTATION_INSTALL_ID + valueFrom: + configMapKeyRef: + key: install_id + name: datadog-kpi-telemetry-configmap + - name: DD_INSTRUMENTATION_INSTALL_TYPE + valueFrom: + configMapKeyRef: + key: install_type + name: datadog-kpi-telemetry-configmap + image: gcr.io/datadoghq/cluster-agent:7.63.2 + imagePullPolicy: IfNotPresent + livenessProbe: + failureThreshold: 6 + httpGet: + path: /live + port: 5556 + scheme: HTTP + initialDelaySeconds: 15 + periodSeconds: 15 + successThreshold: 1 + timeoutSeconds: 5 + name: cluster-agent + ports: + - containerPort: 5005 + name: agentport + protocol: TCP + - containerPort: 5000 + name: agentmetrics + protocol: TCP + - containerPort: 8000 + name: datadog-webhook + protocol: TCP + readinessProbe: + failureThreshold: 6 + httpGet: + path: /ready + port: 5556 + scheme: HTTP + initialDelaySeconds: 15 + periodSeconds: 15 + successThreshold: 1 + timeoutSeconds: 5 + resources: {} + securityContext: + allowPrivilegeEscalation: false + readOnlyRootFilesystem: true + startupProbe: + failureThreshold: 6 + httpGet: + path: /startup + port: 5556 + scheme: HTTP + initialDelaySeconds: 15 + periodSeconds: 15 + successThreshold: 1 + timeoutSeconds: 5 + volumeMounts: + - mountPath: /opt/datadog-agent/run + name: datadogrun + readOnly: false + - mountPath: /var/log/datadog + name: varlog + readOnly: false + - mountPath: /tmp + name: tmpdir + readOnly: false + - mountPath: /etc/datadog-agent/install_info + name: installinfo + readOnly: true + subPath: install_info + - mountPath: /conf.d + name: confd + readOnly: true + - mountPath: /etc/datadog-agent + name: config + initContainers: + - args: + - /etc/datadog-agent + - /opt + command: + - cp + - -r + image: gcr.io/datadoghq/cluster-agent:7.63.2 + imagePullPolicy: IfNotPresent + name: init-volume + volumeMounts: + - mountPath: /opt/datadog-agent + name: config + nodeSelector: + kubernetes.io/os: linux + serviceAccountName: datadog-cluster-agent + volumes: + - emptyDir: {} + name: datadogrun + - emptyDir: {} + name: varlog + - emptyDir: {} + name: tmpdir + - configMap: + name: datadog-installinfo + name: installinfo + - configMap: + items: + - key: kubernetes_state_core.yaml.default + path: kubernetes_state_core.yaml.default + - key: kubernetes_apiserver.yaml + path: kubernetes_apiserver.yaml + name: datadog-cluster-agent-confd + name: confd + - emptyDir: {} + name: config +--- diff --git a/test/datadog/baseline/manifests/cluster-agent-deployment_default_minimal_AC_injection.yaml b/test/datadog/baseline/manifests/cluster-agent-deployment_default_minimal_AC_injection.yaml new file mode 100644 index 000000000..75256d776 --- /dev/null +++ b/test/datadog/baseline/manifests/cluster-agent-deployment_default_minimal_AC_injection.yaml @@ -0,0 +1,984 @@ +apiVersion: v1 +automountServiceAccountToken: true +kind: ServiceAccount +metadata: + labels: + app: datadog + app.kubernetes.io/instance: datadog + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: datadog + app.kubernetes.io/version: "7" + heritage: Helm + release: datadog + name: datadog-cluster-agent + namespace: datadog-agent +--- +apiVersion: v1 +automountServiceAccountToken: true +kind: ServiceAccount +metadata: + labels: + app.kubernetes.io/instance: datadog + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: datadog + app.kubernetes.io/version: "7" + name: datadog + namespace: datadog-agent +--- +apiVersion: v1 +data: + api-key: TUlTU0lORw== +kind: Secret +metadata: + labels: + app.kubernetes.io/instance: datadog + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: datadog + app.kubernetes.io/version: "7" + name: datadog + namespace: datadog-agent +type: Opaque +--- +apiVersion: v1 +data: {} +kind: Secret +metadata: + labels: + app.kubernetes.io/instance: datadog + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: datadog + app.kubernetes.io/version: "7" + name: datadog-cluster-agent + namespace: datadog-agent +type: Opaque +--- +apiVersion: v1 +data: + kubernetes_apiserver.yaml: |- + init_config: + instances: + - + filtering_enabled: false + unbundle_events: false + kubernetes_state_core.yaml.default: |- + init_config: + instances: + - collectors: + - secrets + - configmaps + - nodes + - pods + - services + - resourcequotas + - replicationcontrollers + - limitranges + - persistentvolumeclaims + - persistentvolumes + - namespaces + - endpoints + - daemonsets + - deployments + - replicasets + - statefulsets + - cronjobs + - jobs + - horizontalpodautoscalers + - poddisruptionbudgets + - storageclasses + - volumeattachments + - ingresses + labels_as_tags: + {} + annotations_as_tags: + {} +kind: ConfigMap +metadata: + annotations: {} + labels: + app.kubernetes.io/instance: datadog + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: datadog + app.kubernetes.io/version: "7" + name: datadog-cluster-agent-confd + namespace: datadog-agent +--- +apiVersion: v1 +data: {} +kind: ConfigMap +metadata: + annotations: {} + labels: + app.kubernetes.io/instance: datadog + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: datadog + app.kubernetes.io/version: "7" + name: datadog-installinfo + namespace: datadog-agent +--- +apiVersion: v1 +data: + install_type: k8s_manual +kind: ConfigMap +metadata: + labels: + app.kubernetes.io/instance: datadog + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: datadog + app.kubernetes.io/version: "7" + name: datadog-kpi-telemetry-configmap + namespace: datadog-agent +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + labels: + app.kubernetes.io/instance: datadog + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: datadog + app.kubernetes.io/version: "7" + name: datadog-cluster-agent +rules: + - apiGroups: + - "" + resources: + - services + - endpoints + - pods + - nodes + - namespaces + - componentstatuses + - limitranges + verbs: + - get + - list + - watch + - apiGroups: + - "" + resources: + - events + verbs: + - get + - list + - watch + - create + - apiGroups: + - discovery.k8s.io + resources: + - endpointslices + verbs: + - get + - list + - watch + - apiGroups: + - quota.openshift.io + resources: + - clusterresourcequotas + verbs: + - get + - list + - apiGroups: + - autoscaling + resources: + - horizontalpodautoscalers + verbs: + - list + - watch + - apiGroups: + - "" + resourceNames: + - datadogtoken + - datadogtoken + resources: + - configmaps + verbs: + - get + - update + - apiGroups: + - "" + resourceNames: + - datadog-leader-election + - datadog-leader-election + resources: + - configmaps + verbs: + - get + - update + - apiGroups: + - coordination.k8s.io + resourceNames: + - datadog-leader-election + resources: + - leases + verbs: + - get + - update + - apiGroups: + - coordination.k8s.io + resources: + - leases + verbs: + - create + - apiGroups: + - "" + resources: + - configmaps + - events + verbs: + - create + - nonResourceURLs: + - /version + - /healthz + verbs: + - get + - apiGroups: + - "" + resourceNames: + - kube-system + resources: + - namespaces + verbs: + - get + - apiGroups: + - "" + resourceNames: + - datadog-cluster-id + resources: + - configmaps + verbs: + - create + - get + - update + - apiGroups: + - "" + resources: + - persistentvolumes + - persistentvolumeclaims + - serviceaccounts + verbs: + - list + - get + - watch + - apiGroups: + - apps + resources: + - deployments + - replicasets + - daemonsets + - statefulsets + verbs: + - list + - get + - watch + - apiGroups: + - batch + resources: + - cronjobs + - jobs + verbs: + - list + - get + - watch + - apiGroups: + - networking.k8s.io + resources: + - ingresses + - networkpolicies + verbs: + - list + - get + - watch + - apiGroups: + - rbac.authorization.k8s.io + resources: + - roles + - rolebindings + - clusterroles + - clusterrolebindings + verbs: + - list + - get + - watch + - apiGroups: + - storage.k8s.io + resources: + - storageclasses + verbs: + - list + - get + - watch + - apiGroups: + - autoscaling.k8s.io + resources: + - verticalpodautoscalers + verbs: + - list + - get + - watch + - apiGroups: + - apiextensions.k8s.io + resources: + - customresourcedefinitions + verbs: + - list + - get + - watch + - apiGroups: + - admissionregistration.k8s.io + resourceNames: + - datadog-webhook + resources: + - validatingwebhookconfigurations + - mutatingwebhookconfigurations + verbs: + - get + - list + - watch + - update + - delete + - apiGroups: + - admissionregistration.k8s.io + resources: + - validatingwebhookconfigurations + - mutatingwebhookconfigurations + verbs: + - create + - apiGroups: + - batch + resources: + - jobs + - cronjobs + verbs: + - get + - apiGroups: + - apps + resources: + - statefulsets + - replicasets + - deployments + - daemonsets + verbs: + - get + - apiGroups: + - security.openshift.io + resourceNames: + - datadog-cluster-agent + - hostnetwork + resources: + - securitycontextconstraints + verbs: + - use +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + labels: + app.kubernetes.io/instance: datadog + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: datadog + app.kubernetes.io/version: "7" + name: datadog-ksm-core +rules: + - apiGroups: + - "" + resources: + - secrets + - configmaps + - nodes + - pods + - services + - resourcequotas + - replicationcontrollers + - limitranges + - persistentvolumeclaims + - persistentvolumes + - namespaces + - endpoints + - events + verbs: + - list + - watch + - apiGroups: + - extensions + resources: + - daemonsets + - deployments + - replicasets + verbs: + - list + - watch + - apiGroups: + - apps + resources: + - statefulsets + - daemonsets + - deployments + - replicasets + verbs: + - list + - watch + - apiGroups: + - batch + resources: + - cronjobs + - jobs + verbs: + - list + - watch + - apiGroups: + - autoscaling + resources: + - horizontalpodautoscalers + verbs: + - list + - watch + - apiGroups: + - policy + resources: + - poddisruptionbudgets + verbs: + - list + - watch + - apiGroups: + - storage.k8s.io + resources: + - storageclasses + - volumeattachments + verbs: + - list + - watch + - apiGroups: + - networking.k8s.io + resources: + - ingresses + verbs: + - list + - watch + - apiGroups: + - apiextensions.k8s.io + resources: + - customresourcedefinitions + verbs: + - list + - watch +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + labels: + app.kubernetes.io/instance: datadog + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: datadog + app.kubernetes.io/version: "7" + name: datadog +rules: + - nonResourceURLs: + - /metrics + - /metrics/slis + verbs: + - get + - apiGroups: + - "" + resources: + - nodes/metrics + - nodes/spec + - nodes/proxy + - nodes/stats + verbs: + - get + - apiGroups: + - "" + resources: + - endpoints + verbs: + - get + - apiGroups: + - security.openshift.io + resourceNames: + - datadog + - hostaccess + - privileged + resources: + - securitycontextconstraints + verbs: + - use + - apiGroups: + - coordination.k8s.io + resources: + - leases + verbs: + - get + - apiGroups: + - metrics.eks.amazonaws.com + resources: + - kcm/metrics + - ksh/metrics + verbs: + - get +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + labels: + app.kubernetes.io/instance: datadog + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: datadog + app.kubernetes.io/version: "7" + name: datadog-cluster-agent +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: datadog-cluster-agent +subjects: + - kind: ServiceAccount + name: datadog-cluster-agent + namespace: datadog-agent +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + labels: + app.kubernetes.io/instance: datadog + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: datadog + app.kubernetes.io/version: "7" + name: datadog-ksm-core +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: datadog-ksm-core +subjects: + - kind: ServiceAccount + name: datadog-cluster-agent + namespace: datadog-agent +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + labels: + app.kubernetes.io/instance: datadog + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: datadog + app.kubernetes.io/version: "7" + name: datadog +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: datadog +subjects: + - kind: ServiceAccount + name: datadog + namespace: datadog-agent +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + labels: + app.kubernetes.io/instance: datadog + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: datadog + app.kubernetes.io/version: "7" + name: datadog-cluster-agent-main + namespace: datadog-agent +rules: + - apiGroups: + - "" + resources: + - secrets + verbs: + - get + - list + - watch + - update + - create +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + labels: + app.kubernetes.io/instance: datadog + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: datadog + app.kubernetes.io/version: "7" + name: datadog-dca-flare + namespace: datadog-agent +rules: + - apiGroups: + - "" + resources: + - secrets + - configmaps + verbs: + - get + - list +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + labels: + app.kubernetes.io/instance: datadog + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: datadog + app.kubernetes.io/version: "7" + name: datadog-cluster-agent-main + namespace: datadog-agent +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: datadog-cluster-agent-main +subjects: + - kind: ServiceAccount + name: datadog-cluster-agent + namespace: datadog-agent +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + labels: + app.kubernetes.io/instance: datadog + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: datadog + app.kubernetes.io/version: "7" + name: datadog-dca-flare + namespace: datadog-agent +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: datadog-dca-flare +subjects: + - kind: ServiceAccount + name: datadog-cluster-agent + namespace: datadog-agent +--- +apiVersion: v1 +kind: Service +metadata: + labels: + app.kubernetes.io/instance: datadog + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: datadog + app.kubernetes.io/version: "7" + name: datadog-cluster-agent + namespace: datadog-agent +spec: + ports: + - name: agentport + port: 5005 + protocol: TCP + selector: + app: datadog-cluster-agent + type: ClusterIP +--- +apiVersion: v1 +kind: Service +metadata: + labels: + app: datadog + app.kubernetes.io/instance: datadog + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: datadog + app.kubernetes.io/version: "7" + heritage: Helm + release: datadog + name: datadog-cluster-agent-admission-controller + namespace: datadog-agent +spec: + ports: + - name: datadog-webhook + port: 443 + protocol: TCP + targetPort: 8000 + selector: + app: datadog-cluster-agent +--- +apiVersion: v1 +kind: Service +metadata: + labels: + app: datadog + app.kubernetes.io/instance: datadog + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: datadog + app.kubernetes.io/version: "7" + heritage: Helm + release: datadog + name: datadog + namespace: datadog-agent +spec: + internalTrafficPolicy: Local + ports: + - name: dogstatsdport + port: 8125 + protocol: UDP + targetPort: 8125 + - name: traceport + port: 8126 + protocol: TCP + targetPort: 8126 + selector: + app: datadog +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + labels: + app.kubernetes.io/component: cluster-agent + app.kubernetes.io/instance: datadog + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: datadog + app.kubernetes.io/version: "7" + name: datadog-cluster-agent + namespace: datadog-agent +spec: + replicas: 1 + revisionHistoryLimit: 10 + selector: + matchLabels: + app: datadog-cluster-agent + strategy: + rollingUpdate: + maxSurge: 1 + maxUnavailable: 0 + type: RollingUpdate + template: + metadata: + annotations: {} + labels: + admission.datadoghq.com/enabled: "false" + app: datadog-cluster-agent + app.kubernetes.io/component: cluster-agent + app.kubernetes.io/instance: datadog + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: datadog + name: datadog-cluster-agent + spec: + affinity: + podAntiAffinity: + preferredDuringSchedulingIgnoredDuringExecution: + - podAffinityTerm: + labelSelector: + matchLabels: + app: datadog-cluster-agent + topologyKey: kubernetes.io/hostname + weight: 50 + automountServiceAccountToken: true + containers: + - env: + - name: DD_POD_NAME + valueFrom: + fieldRef: + fieldPath: metadata.name + - name: DD_CLUSTER_AGENT_SERVICE_ACCOUNT_NAME + valueFrom: + fieldRef: + fieldPath: spec.serviceAccountName + - name: DD_HEALTH_PORT + value: "5556" + - name: DD_API_KEY + valueFrom: + secretKeyRef: + key: api-key + name: datadog + optional: true + - name: KUBERNETES + value: "yes" + - name: DD_LANGUAGE_DETECTION_ENABLED + value: "false" + - name: DD_LANGUAGE_DETECTION_REPORTING_ENABLED + value: "false" + - name: DD_ADMISSION_CONTROLLER_ENABLED + value: "true" + - name: DD_ADMISSION_CONTROLLER_VALIDATION_ENABLED + value: "true" + - name: DD_ADMISSION_CONTROLLER_MUTATION_ENABLED + value: "true" + - name: DD_ADMISSION_CONTROLLER_WEBHOOK_NAME + value: datadog-webhook + - name: DD_ADMISSION_CONTROLLER_MUTATE_UNLABELLED + value: "false" + - name: DD_ADMISSION_CONTROLLER_SERVICE_NAME + value: datadog-cluster-agent-admission-controller + - name: DD_ADMISSION_CONTROLLER_INJECT_CONFIG_MODE + value: socket + - name: DD_ADMISSION_CONTROLLER_INJECT_CONFIG_LOCAL_SERVICE_NAME + value: datadog + - name: DD_ADMISSION_CONTROLLER_FAILURE_POLICY + value: Ignore + - name: DD_ADMISSION_CONTROLLER_PORT + value: "8000" + - name: DD_ADMISSION_CONTROLLER_CONTAINER_REGISTRY + value: gcr.io/datadoghq + - name: DD_ADMISSION_CONTROLLER_AGENT_SIDECAR_ENABLED + value: "true" + - name: DD_ADMISSION_CONTROLLER_AGENT_SIDECAR_CLUSTER_AGENT_ENABLED + value: "true" + - name: DD_ADMISSION_CONTROLLER_AGENT_SIDECAR_PROVIDER + value: fargate + - name: DD_ADMISSION_CONTROLLER_AGENT_SIDECAR_IMAGE_NAME + value: agent + - name: DD_ADMISSION_CONTROLLER_AGENT_SIDECAR_IMAGE_TAG + value: 7.63.2 + - name: DD_REMOTE_CONFIGURATION_ENABLED + value: "false" + - name: DD_CLUSTER_CHECKS_ENABLED + value: "true" + - name: DD_EXTRA_CONFIG_PROVIDERS + value: kube_endpoints kube_services + - name: DD_EXTRA_LISTENERS + value: kube_endpoints kube_services + - name: DD_LOG_LEVEL + value: INFO + - name: DD_LEADER_ELECTION + value: "true" + - name: DD_LEADER_ELECTION_DEFAULT_RESOURCE + value: configmap + - name: DD_LEADER_LEASE_NAME + value: datadog-leader-election + - name: DD_CLUSTER_AGENT_TOKEN_NAME + value: datadogtoken + - name: DD_COLLECT_KUBERNETES_EVENTS + value: "true" + - name: DD_KUBERNETES_USE_ENDPOINT_SLICES + value: "false" + - name: DD_KUBERNETES_EVENTS_SOURCE_DETECTION_ENABLED + value: "false" + - name: DD_CLUSTER_AGENT_KUBERNETES_SERVICE_NAME + value: datadog-cluster-agent + - name: DD_CLUSTER_AGENT_AUTH_TOKEN + valueFrom: + secretKeyRef: + key: token + name: datadog-cluster-agent + - name: DD_CLUSTER_AGENT_COLLECT_KUBERNETES_TAGS + value: "false" + - name: DD_KUBE_RESOURCES_NAMESPACE + value: datadog-agent + - name: CHART_RELEASE_NAME + value: datadog + - name: AGENT_DAEMONSET + value: datadog + - name: CLUSTER_AGENT_DEPLOYMENT + value: datadog-cluster-agent + - name: DD_ORCHESTRATOR_EXPLORER_ENABLED + value: "true" + - name: DD_ORCHESTRATOR_EXPLORER_CONTAINER_SCRUBBING_ENABLED + value: "true" + - name: DD_CLUSTER_AGENT_LANGUAGE_DETECTION_PATCHER_ENABLED + value: "false" + - name: DD_INSTRUMENTATION_INSTALL_TIME + valueFrom: + configMapKeyRef: + key: install_time + name: datadog-kpi-telemetry-configmap + - name: DD_INSTRUMENTATION_INSTALL_ID + valueFrom: + configMapKeyRef: + key: install_id + name: datadog-kpi-telemetry-configmap + - name: DD_INSTRUMENTATION_INSTALL_TYPE + valueFrom: + configMapKeyRef: + key: install_type + name: datadog-kpi-telemetry-configmap + image: gcr.io/datadoghq/cluster-agent:7.63.2 + imagePullPolicy: IfNotPresent + livenessProbe: + failureThreshold: 6 + httpGet: + path: /live + port: 5556 + scheme: HTTP + initialDelaySeconds: 15 + periodSeconds: 15 + successThreshold: 1 + timeoutSeconds: 5 + name: cluster-agent + ports: + - containerPort: 5005 + name: agentport + protocol: TCP + - containerPort: 5000 + name: agentmetrics + protocol: TCP + - containerPort: 8000 + name: datadog-webhook + protocol: TCP + readinessProbe: + failureThreshold: 6 + httpGet: + path: /ready + port: 5556 + scheme: HTTP + initialDelaySeconds: 15 + periodSeconds: 15 + successThreshold: 1 + timeoutSeconds: 5 + resources: {} + securityContext: + allowPrivilegeEscalation: false + readOnlyRootFilesystem: true + startupProbe: + failureThreshold: 6 + httpGet: + path: /startup + port: 5556 + scheme: HTTP + initialDelaySeconds: 15 + periodSeconds: 15 + successThreshold: 1 + timeoutSeconds: 5 + volumeMounts: + - mountPath: /opt/datadog-agent/run + name: datadogrun + readOnly: false + - mountPath: /var/log/datadog + name: varlog + readOnly: false + - mountPath: /tmp + name: tmpdir + readOnly: false + - mountPath: /etc/datadog-agent/install_info + name: installinfo + readOnly: true + subPath: install_info + - mountPath: /conf.d + name: confd + readOnly: true + - mountPath: /etc/datadog-agent + name: config + initContainers: + - args: + - /etc/datadog-agent + - /opt + command: + - cp + - -r + image: gcr.io/datadoghq/cluster-agent:7.63.2 + imagePullPolicy: IfNotPresent + name: init-volume + volumeMounts: + - mountPath: /opt/datadog-agent + name: config + nodeSelector: + kubernetes.io/os: linux + serviceAccountName: datadog-cluster-agent + volumes: + - emptyDir: {} + name: datadogrun + - emptyDir: {} + name: varlog + - emptyDir: {} + name: tmpdir + - configMap: + name: datadog-installinfo + name: installinfo + - configMap: + items: + - key: kubernetes_state_core.yaml.default + path: kubernetes_state_core.yaml.default + - key: kubernetes_apiserver.yaml + path: kubernetes_apiserver.yaml + name: datadog-cluster-agent-confd + name: confd + - emptyDir: {} + name: config +--- diff --git a/test/datadog/baseline/default_all.yaml b/test/datadog/baseline/manifests/daemonset_default.yaml similarity index 100% rename from test/datadog/baseline/default_all.yaml rename to test/datadog/baseline/manifests/daemonset_default.yaml diff --git a/test/datadog/baseline/manifests/default_all.yaml b/test/datadog/baseline/manifests/default_all.yaml new file mode 100644 index 000000000..3c9a23708 --- /dev/null +++ b/test/datadog/baseline/manifests/default_all.yaml @@ -0,0 +1,1361 @@ +apiVersion: v1 +automountServiceAccountToken: true +kind: ServiceAccount +metadata: + labels: + app: datadog + app.kubernetes.io/instance: datadog + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: datadog + app.kubernetes.io/version: "7" + heritage: Helm + release: datadog + name: datadog-cluster-agent + namespace: datadog-agent +--- +apiVersion: v1 +automountServiceAccountToken: true +kind: ServiceAccount +metadata: + labels: + app.kubernetes.io/instance: datadog + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: datadog + app.kubernetes.io/version: "7" + name: datadog + namespace: datadog-agent +--- +apiVersion: v1 +data: {} +kind: Secret +metadata: + labels: + app.kubernetes.io/instance: datadog + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: datadog + app.kubernetes.io/version: "7" + name: datadog-cluster-agent + namespace: datadog-agent +type: Opaque +--- +apiVersion: v1 +data: + kubernetes_apiserver.yaml: |- + init_config: + instances: + - + filtering_enabled: false + unbundle_events: false + kubernetes_state_core.yaml.default: |- + init_config: + instances: + - collectors: + - secrets + - configmaps + - nodes + - pods + - services + - resourcequotas + - replicationcontrollers + - limitranges + - persistentvolumeclaims + - persistentvolumes + - namespaces + - endpoints + - daemonsets + - deployments + - replicasets + - statefulsets + - cronjobs + - jobs + - horizontalpodautoscalers + - poddisruptionbudgets + - storageclasses + - volumeattachments + - ingresses + labels_as_tags: + {} + annotations_as_tags: + {} +kind: ConfigMap +metadata: + annotations: {} + labels: + app.kubernetes.io/instance: datadog + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: datadog + app.kubernetes.io/version: "7" + name: datadog-cluster-agent-confd + namespace: datadog-agent +--- +apiVersion: v1 +data: {} +kind: ConfigMap +metadata: + annotations: {} + labels: + app.kubernetes.io/instance: datadog + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: datadog + app.kubernetes.io/version: "7" + name: datadog-installinfo + namespace: datadog-agent +--- +apiVersion: v1 +data: + install_type: k8s_manual +kind: ConfigMap +metadata: + labels: + app.kubernetes.io/instance: datadog + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: datadog + app.kubernetes.io/version: "7" + name: datadog-kpi-telemetry-configmap + namespace: datadog-agent +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + labels: + app.kubernetes.io/instance: datadog + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: datadog + app.kubernetes.io/version: "7" + name: datadog-cluster-agent +rules: + - apiGroups: + - "" + resources: + - services + - endpoints + - pods + - nodes + - namespaces + - componentstatuses + - limitranges + verbs: + - get + - list + - watch + - apiGroups: + - "" + resources: + - events + verbs: + - get + - list + - watch + - create + - apiGroups: + - discovery.k8s.io + resources: + - endpointslices + verbs: + - get + - list + - watch + - apiGroups: + - quota.openshift.io + resources: + - clusterresourcequotas + verbs: + - get + - list + - apiGroups: + - autoscaling + resources: + - horizontalpodautoscalers + verbs: + - list + - watch + - apiGroups: + - "" + resourceNames: + - datadogtoken + - datadogtoken + resources: + - configmaps + verbs: + - get + - update + - apiGroups: + - "" + resourceNames: + - datadog-leader-election + - datadog-leader-election + resources: + - configmaps + verbs: + - get + - update + - apiGroups: + - coordination.k8s.io + resourceNames: + - datadog-leader-election + resources: + - leases + verbs: + - get + - update + - apiGroups: + - coordination.k8s.io + resources: + - leases + verbs: + - create + - apiGroups: + - "" + resources: + - configmaps + - events + verbs: + - create + - nonResourceURLs: + - /version + - /healthz + verbs: + - get + - apiGroups: + - "" + resourceNames: + - kube-system + resources: + - namespaces + verbs: + - get + - apiGroups: + - "" + resourceNames: + - datadog-cluster-id + resources: + - configmaps + verbs: + - create + - get + - update + - apiGroups: + - "" + resources: + - persistentvolumes + - persistentvolumeclaims + - serviceaccounts + verbs: + - list + - get + - watch + - apiGroups: + - apps + resources: + - deployments + - replicasets + - daemonsets + - statefulsets + verbs: + - list + - get + - watch + - apiGroups: + - batch + resources: + - cronjobs + - jobs + verbs: + - list + - get + - watch + - apiGroups: + - networking.k8s.io + resources: + - ingresses + - networkpolicies + verbs: + - list + - get + - watch + - apiGroups: + - rbac.authorization.k8s.io + resources: + - roles + - rolebindings + - clusterroles + - clusterrolebindings + verbs: + - list + - get + - watch + - apiGroups: + - storage.k8s.io + resources: + - storageclasses + verbs: + - list + - get + - watch + - apiGroups: + - autoscaling.k8s.io + resources: + - verticalpodautoscalers + verbs: + - list + - get + - watch + - apiGroups: + - apiextensions.k8s.io + resources: + - customresourcedefinitions + verbs: + - list + - get + - watch + - apiGroups: + - admissionregistration.k8s.io + resourceNames: + - datadog-webhook + resources: + - validatingwebhookconfigurations + - mutatingwebhookconfigurations + verbs: + - get + - list + - watch + - update + - delete + - apiGroups: + - admissionregistration.k8s.io + resources: + - validatingwebhookconfigurations + - mutatingwebhookconfigurations + verbs: + - create + - apiGroups: + - batch + resources: + - jobs + - cronjobs + verbs: + - get + - apiGroups: + - apps + resources: + - statefulsets + - replicasets + - deployments + - daemonsets + verbs: + - get + - apiGroups: + - security.openshift.io + resourceNames: + - datadog-cluster-agent + - hostnetwork + resources: + - securitycontextconstraints + verbs: + - use +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + labels: + app.kubernetes.io/instance: datadog + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: datadog + app.kubernetes.io/version: "7" + name: datadog-ksm-core +rules: + - apiGroups: + - "" + resources: + - secrets + - configmaps + - nodes + - pods + - services + - resourcequotas + - replicationcontrollers + - limitranges + - persistentvolumeclaims + - persistentvolumes + - namespaces + - endpoints + - events + verbs: + - list + - watch + - apiGroups: + - extensions + resources: + - daemonsets + - deployments + - replicasets + verbs: + - list + - watch + - apiGroups: + - apps + resources: + - statefulsets + - daemonsets + - deployments + - replicasets + verbs: + - list + - watch + - apiGroups: + - batch + resources: + - cronjobs + - jobs + verbs: + - list + - watch + - apiGroups: + - autoscaling + resources: + - horizontalpodautoscalers + verbs: + - list + - watch + - apiGroups: + - policy + resources: + - poddisruptionbudgets + verbs: + - list + - watch + - apiGroups: + - storage.k8s.io + resources: + - storageclasses + - volumeattachments + verbs: + - list + - watch + - apiGroups: + - networking.k8s.io + resources: + - ingresses + verbs: + - list + - watch + - apiGroups: + - apiextensions.k8s.io + resources: + - customresourcedefinitions + verbs: + - list + - watch +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + labels: + app.kubernetes.io/instance: datadog + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: datadog + app.kubernetes.io/version: "7" + name: datadog +rules: + - nonResourceURLs: + - /metrics + - /metrics/slis + verbs: + - get + - apiGroups: + - "" + resources: + - nodes/metrics + - nodes/spec + - nodes/proxy + - nodes/stats + verbs: + - get + - apiGroups: + - "" + resources: + - endpoints + verbs: + - get + - apiGroups: + - security.openshift.io + resourceNames: + - datadog + - hostaccess + - privileged + resources: + - securitycontextconstraints + verbs: + - use + - apiGroups: + - coordination.k8s.io + resources: + - leases + verbs: + - get + - apiGroups: + - metrics.eks.amazonaws.com + resources: + - kcm/metrics + - ksh/metrics + verbs: + - get +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + labels: + app.kubernetes.io/instance: datadog + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: datadog + app.kubernetes.io/version: "7" + name: datadog-cluster-agent +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: datadog-cluster-agent +subjects: + - kind: ServiceAccount + name: datadog-cluster-agent + namespace: datadog-agent +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + labels: + app.kubernetes.io/instance: datadog + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: datadog + app.kubernetes.io/version: "7" + name: datadog-ksm-core +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: datadog-ksm-core +subjects: + - kind: ServiceAccount + name: datadog-cluster-agent + namespace: datadog-agent +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + labels: + app.kubernetes.io/instance: datadog + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: datadog + app.kubernetes.io/version: "7" + name: datadog +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: datadog +subjects: + - kind: ServiceAccount + name: datadog + namespace: datadog-agent +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + labels: + app.kubernetes.io/instance: datadog + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: datadog + app.kubernetes.io/version: "7" + name: datadog-cluster-agent-main + namespace: datadog-agent +rules: + - apiGroups: + - "" + resources: + - secrets + verbs: + - get + - list + - watch + - update + - create +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + labels: + app.kubernetes.io/instance: datadog + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: datadog + app.kubernetes.io/version: "7" + name: datadog-dca-flare + namespace: datadog-agent +rules: + - apiGroups: + - "" + resources: + - secrets + - configmaps + verbs: + - get + - list +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + labels: + app.kubernetes.io/instance: datadog + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: datadog + app.kubernetes.io/version: "7" + name: datadog-cluster-agent-main + namespace: datadog-agent +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: datadog-cluster-agent-main +subjects: + - kind: ServiceAccount + name: datadog-cluster-agent + namespace: datadog-agent +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + labels: + app.kubernetes.io/instance: datadog + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: datadog + app.kubernetes.io/version: "7" + name: datadog-dca-flare + namespace: datadog-agent +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: datadog-dca-flare +subjects: + - kind: ServiceAccount + name: datadog-cluster-agent + namespace: datadog-agent +--- +apiVersion: v1 +kind: Service +metadata: + labels: + app.kubernetes.io/instance: datadog + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: datadog + app.kubernetes.io/version: "7" + name: datadog-cluster-agent + namespace: datadog-agent +spec: + ports: + - name: agentport + port: 5005 + protocol: TCP + selector: + app: datadog-cluster-agent + type: ClusterIP +--- +apiVersion: v1 +kind: Service +metadata: + labels: + app: datadog + app.kubernetes.io/instance: datadog + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: datadog + app.kubernetes.io/version: "7" + heritage: Helm + release: datadog + name: datadog-cluster-agent-admission-controller + namespace: datadog-agent +spec: + ports: + - name: datadog-webhook + port: 443 + protocol: TCP + targetPort: 8000 + selector: + app: datadog-cluster-agent +--- +apiVersion: v1 +kind: Service +metadata: + labels: + app: datadog + app.kubernetes.io/instance: datadog + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: datadog + app.kubernetes.io/version: "7" + heritage: Helm + release: datadog + name: datadog + namespace: datadog-agent +spec: + internalTrafficPolicy: Local + ports: + - name: dogstatsdport + port: 8125 + protocol: UDP + targetPort: 8125 + - name: traceport + port: 8126 + protocol: TCP + targetPort: 8126 + selector: + app: datadog +--- +apiVersion: apps/v1 +kind: DaemonSet +metadata: + labels: + app.kubernetes.io/component: agent + app.kubernetes.io/instance: datadog + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: datadog + app.kubernetes.io/version: "7" + name: datadog + namespace: datadog-agent +spec: + revisionHistoryLimit: 10 + selector: + matchLabels: + app: datadog + template: + metadata: + annotations: {} + labels: + admission.datadoghq.com/enabled: "false" + app: datadog + app.kubernetes.io/component: agent + app.kubernetes.io/instance: datadog + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: datadog + name: datadog + spec: + affinity: {} + automountServiceAccountToken: true + containers: + - command: + - agent + - run + env: + - name: DD_API_KEY + valueFrom: + secretKeyRef: + key: api-key + name: datadog-secret + - name: DD_REMOTE_CONFIGURATION_ENABLED + value: "true" + - name: DD_AUTH_TOKEN_FILE_PATH + value: /etc/datadog-agent/auth/token + - name: KUBERNETES + value: "yes" + - name: DD_LANGUAGE_DETECTION_ENABLED + value: "false" + - name: DD_LANGUAGE_DETECTION_REPORTING_ENABLED + value: "false" + - name: DD_KUBERNETES_KUBELET_HOST + valueFrom: + fieldRef: + fieldPath: status.hostIP + - name: DD_OTLP_CONFIG_LOGS_ENABLED + value: "false" + - name: DD_PROCESS_CONFIG_PROCESS_COLLECTION_ENABLED + value: "false" + - name: DD_PROCESS_CONFIG_CONTAINER_COLLECTION_ENABLED + value: "true" + - name: DD_PROCESS_AGENT_DISCOVERY_ENABLED + value: "true" + - name: DD_STRIP_PROCESS_ARGS + value: "false" + - name: DD_PROCESS_CONFIG_RUN_IN_CORE_AGENT_ENABLED + value: "true" + - name: DD_LOG_LEVEL + value: INFO + - name: DD_DOGSTATSD_PORT + value: "8125" + - name: DD_DOGSTATSD_NON_LOCAL_TRAFFIC + value: "true" + - name: DD_DOGSTATSD_TAG_CARDINALITY + value: low + - name: DD_CLUSTER_AGENT_ENABLED + value: "true" + - name: DD_CLUSTER_AGENT_KUBERNETES_SERVICE_NAME + value: datadog-cluster-agent + - name: DD_CLUSTER_AGENT_AUTH_TOKEN + valueFrom: + secretKeyRef: + key: token + name: datadog-cluster-agent + - name: DD_APM_ENABLED + value: "true" + - name: DD_LOGS_ENABLED + value: "false" + - name: DD_LOGS_CONFIG_CONTAINER_COLLECT_ALL + value: "false" + - name: DD_LOGS_CONFIG_K8S_CONTAINER_USE_FILE + value: "true" + - name: DD_LOGS_CONFIG_AUTO_MULTI_LINE_DETECTION + value: "false" + - name: DD_HEALTH_PORT + value: "5555" + - name: DD_DOGSTATSD_SOCKET + value: /var/run/datadog/dsd.socket + - name: DD_EXTRA_CONFIG_PROVIDERS + value: clusterchecks endpointschecks + - name: DD_IGNORE_AUTOCONF + value: kubernetes_state + - name: DD_CONTAINER_LIFECYCLE_ENABLED + value: "true" + - name: DD_ORCHESTRATOR_EXPLORER_ENABLED + value: "true" + - name: DD_EXPVAR_PORT + value: "6000" + - name: DD_COMPLIANCE_CONFIG_ENABLED + value: "false" + - name: DD_CONTAINER_IMAGE_ENABLED + value: "true" + - name: DD_KUBELET_CORE_CHECK_ENABLED + value: "true" + image: gcr.io/datadoghq/agent:7.63.2 + imagePullPolicy: IfNotPresent + livenessProbe: + failureThreshold: 6 + httpGet: + path: /live + port: 5555 + scheme: HTTP + initialDelaySeconds: 15 + periodSeconds: 15 + successThreshold: 1 + timeoutSeconds: 5 + name: agent + ports: + - containerPort: 8125 + name: dogstatsdport + protocol: UDP + readinessProbe: + failureThreshold: 6 + httpGet: + path: /ready + port: 5555 + scheme: HTTP + initialDelaySeconds: 15 + periodSeconds: 15 + successThreshold: 1 + timeoutSeconds: 5 + resources: {} + startupProbe: + failureThreshold: 6 + httpGet: + path: /startup + port: 5555 + scheme: HTTP + initialDelaySeconds: 15 + periodSeconds: 15 + successThreshold: 1 + timeoutSeconds: 5 + volumeMounts: + - mountPath: /var/log/datadog + name: logdatadog + readOnly: false + - mountPath: /etc/datadog-agent/install_info + name: installinfo + readOnly: true + subPath: install_info + - mountPath: /tmp + name: tmpdir + readOnly: false + - mountPath: /host/etc/os-release + name: os-release-file + readOnly: true + - mountPath: /etc/datadog-agent + name: config + readOnly: false + - mountPath: /etc/datadog-agent/auth + name: auth-token + readOnly: false + - mountPath: /host/var/run + mountPropagation: None + name: runtimesocketdir + readOnly: true + - mountPath: /var/run/datadog + name: dsdsocket + readOnly: false + - mountPath: /host/proc + mountPropagation: None + name: procdir + readOnly: true + - mountPath: /host/sys/fs/cgroup + mountPropagation: None + name: cgroups + readOnly: true + - mountPath: /etc/passwd + name: passwd + readOnly: true + - command: + - trace-agent + - -config=/etc/datadog-agent/datadog.yaml + env: + - name: DD_API_KEY + valueFrom: + secretKeyRef: + key: api-key + name: datadog-secret + - name: DD_REMOTE_CONFIGURATION_ENABLED + value: "true" + - name: DD_AUTH_TOKEN_FILE_PATH + value: /etc/datadog-agent/auth/token + - name: KUBERNETES + value: "yes" + - name: DD_LANGUAGE_DETECTION_ENABLED + value: "false" + - name: DD_LANGUAGE_DETECTION_REPORTING_ENABLED + value: "false" + - name: DD_KUBERNETES_KUBELET_HOST + valueFrom: + fieldRef: + fieldPath: status.hostIP + - name: DD_OTLP_CONFIG_LOGS_ENABLED + value: "false" + - name: DD_CLUSTER_AGENT_ENABLED + value: "true" + - name: DD_CLUSTER_AGENT_KUBERNETES_SERVICE_NAME + value: datadog-cluster-agent + - name: DD_CLUSTER_AGENT_AUTH_TOKEN + valueFrom: + secretKeyRef: + key: token + name: datadog-cluster-agent + - name: DD_LOG_LEVEL + value: INFO + - name: DD_APM_ENABLED + value: "true" + - name: DD_APM_NON_LOCAL_TRAFFIC + value: "true" + - name: DD_APM_RECEIVER_PORT + value: "8126" + - name: DD_APM_RECEIVER_SOCKET + value: /var/run/datadog/apm.socket + - name: DD_DOGSTATSD_SOCKET + value: /var/run/datadog/dsd.socket + - name: DD_INSTRUMENTATION_INSTALL_TIME + valueFrom: + configMapKeyRef: + key: install_time + name: datadog-kpi-telemetry-configmap + - name: DD_INSTRUMENTATION_INSTALL_ID + valueFrom: + configMapKeyRef: + key: install_id + name: datadog-kpi-telemetry-configmap + - name: DD_INSTRUMENTATION_INSTALL_TYPE + valueFrom: + configMapKeyRef: + key: install_type + name: datadog-kpi-telemetry-configmap + image: gcr.io/datadoghq/agent:7.63.2 + imagePullPolicy: IfNotPresent + livenessProbe: + initialDelaySeconds: 15 + periodSeconds: 15 + tcpSocket: + port: 8126 + timeoutSeconds: 5 + name: trace-agent + ports: + - containerPort: 8126 + name: traceport + protocol: TCP + resources: {} + volumeMounts: + - mountPath: /etc/datadog-agent + name: config + readOnly: true + - mountPath: /var/log/datadog + name: logdatadog + readOnly: false + - mountPath: /etc/datadog-agent/auth + name: auth-token + readOnly: true + - mountPath: /host/proc + mountPropagation: None + name: procdir + readOnly: true + - mountPath: /host/sys/fs/cgroup + mountPropagation: None + name: cgroups + readOnly: true + - mountPath: /tmp + name: tmpdir + readOnly: false + - mountPath: /var/run/datadog + name: dsdsocket + readOnly: false + - mountPath: /host/var/run + mountPropagation: None + name: runtimesocketdir + readOnly: true + hostPID: true + initContainers: + - args: + - cp -r /etc/datadog-agent /opt + command: + - bash + - -c + image: gcr.io/datadoghq/agent:7.63.2 + imagePullPolicy: IfNotPresent + name: init-volume + resources: {} + volumeMounts: + - mountPath: /opt/datadog-agent + name: config + readOnly: false + - args: + - for script in $(find /etc/cont-init.d/ -type f -name '*.sh' | sort) ; do bash $script ; done + command: + - bash + - -c + env: + - name: DD_API_KEY + valueFrom: + secretKeyRef: + key: api-key + name: datadog-secret + - name: DD_REMOTE_CONFIGURATION_ENABLED + value: "true" + - name: DD_AUTH_TOKEN_FILE_PATH + value: /etc/datadog-agent/auth/token + - name: KUBERNETES + value: "yes" + - name: DD_LANGUAGE_DETECTION_ENABLED + value: "false" + - name: DD_LANGUAGE_DETECTION_REPORTING_ENABLED + value: "false" + - name: DD_KUBERNETES_KUBELET_HOST + valueFrom: + fieldRef: + fieldPath: status.hostIP + - name: DD_OTLP_CONFIG_LOGS_ENABLED + value: "false" + image: gcr.io/datadoghq/agent:7.63.2 + imagePullPolicy: IfNotPresent + name: init-config + resources: {} + volumeMounts: + - mountPath: /etc/datadog-agent + name: config + readOnly: false + - mountPath: /var/log/datadog + name: logdatadog + readOnly: false + - mountPath: /host/proc + mountPropagation: None + name: procdir + readOnly: true + - mountPath: /host/var/run + mountPropagation: None + name: runtimesocketdir + readOnly: true + nodeSelector: + kubernetes.io/os: linux + securityContext: + runAsUser: 0 + serviceAccountName: datadog + tolerations: null + volumes: + - emptyDir: {} + name: auth-token + - configMap: + name: datadog-installinfo + name: installinfo + - emptyDir: {} + name: config + - emptyDir: {} + name: logdatadog + - emptyDir: {} + name: tmpdir + - emptyDir: {} + name: s6-run + - hostPath: + path: /proc + name: procdir + - hostPath: + path: /sys/fs/cgroup + name: cgroups + - hostPath: + path: /etc/os-release + name: os-release-file + - hostPath: + path: /var/run/datadog/ + type: DirectoryOrCreate + name: dsdsocket + - hostPath: + path: /var/run/datadog/ + type: DirectoryOrCreate + name: apmsocket + - hostPath: + path: /etc/passwd + name: passwd + - hostPath: + path: /var/run + name: runtimesocketdir + updateStrategy: + rollingUpdate: + maxUnavailable: 10% + type: RollingUpdate +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + labels: + app.kubernetes.io/component: cluster-agent + app.kubernetes.io/instance: datadog + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: datadog + app.kubernetes.io/version: "7" + name: datadog-cluster-agent + namespace: datadog-agent +spec: + replicas: 1 + revisionHistoryLimit: 10 + selector: + matchLabels: + app: datadog-cluster-agent + strategy: + rollingUpdate: + maxSurge: 1 + maxUnavailable: 0 + type: RollingUpdate + template: + metadata: + annotations: {} + labels: + admission.datadoghq.com/enabled: "false" + app: datadog-cluster-agent + app.kubernetes.io/component: cluster-agent + app.kubernetes.io/instance: datadog + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: datadog + name: datadog-cluster-agent + spec: + affinity: + podAntiAffinity: + preferredDuringSchedulingIgnoredDuringExecution: + - podAffinityTerm: + labelSelector: + matchLabels: + app: datadog-cluster-agent + topologyKey: kubernetes.io/hostname + weight: 50 + automountServiceAccountToken: true + containers: + - env: + - name: DD_POD_NAME + valueFrom: + fieldRef: + fieldPath: metadata.name + - name: DD_CLUSTER_AGENT_SERVICE_ACCOUNT_NAME + valueFrom: + fieldRef: + fieldPath: spec.serviceAccountName + - name: DD_HEALTH_PORT + value: "5556" + - name: DD_API_KEY + valueFrom: + secretKeyRef: + key: api-key + name: datadog-secret + optional: true + - name: KUBERNETES + value: "yes" + - name: DD_LANGUAGE_DETECTION_ENABLED + value: "false" + - name: DD_LANGUAGE_DETECTION_REPORTING_ENABLED + value: "false" + - name: DD_ADMISSION_CONTROLLER_ENABLED + value: "true" + - name: DD_ADMISSION_CONTROLLER_VALIDATION_ENABLED + value: "true" + - name: DD_ADMISSION_CONTROLLER_MUTATION_ENABLED + value: "true" + - name: DD_ADMISSION_CONTROLLER_WEBHOOK_NAME + value: datadog-webhook + - name: DD_ADMISSION_CONTROLLER_MUTATE_UNLABELLED + value: "false" + - name: DD_ADMISSION_CONTROLLER_SERVICE_NAME + value: datadog-cluster-agent-admission-controller + - name: DD_ADMISSION_CONTROLLER_INJECT_CONFIG_MODE + value: socket + - name: DD_ADMISSION_CONTROLLER_INJECT_CONFIG_LOCAL_SERVICE_NAME + value: datadog + - name: DD_ADMISSION_CONTROLLER_FAILURE_POLICY + value: Ignore + - name: DD_ADMISSION_CONTROLLER_PORT + value: "8000" + - name: DD_ADMISSION_CONTROLLER_CONTAINER_REGISTRY + value: gcr.io/datadoghq + - name: DD_REMOTE_CONFIGURATION_ENABLED + value: "false" + - name: DD_CLUSTER_CHECKS_ENABLED + value: "true" + - name: DD_EXTRA_CONFIG_PROVIDERS + value: kube_endpoints kube_services + - name: DD_EXTRA_LISTENERS + value: kube_endpoints kube_services + - name: DD_LOG_LEVEL + value: INFO + - name: DD_LEADER_ELECTION + value: "true" + - name: DD_LEADER_ELECTION_DEFAULT_RESOURCE + value: configmap + - name: DD_LEADER_LEASE_NAME + value: datadog-leader-election + - name: DD_CLUSTER_AGENT_TOKEN_NAME + value: datadogtoken + - name: DD_COLLECT_KUBERNETES_EVENTS + value: "true" + - name: DD_KUBERNETES_USE_ENDPOINT_SLICES + value: "false" + - name: DD_KUBERNETES_EVENTS_SOURCE_DETECTION_ENABLED + value: "false" + - name: DD_CLUSTER_AGENT_KUBERNETES_SERVICE_NAME + value: datadog-cluster-agent + - name: DD_CLUSTER_AGENT_AUTH_TOKEN + valueFrom: + secretKeyRef: + key: token + name: datadog-cluster-agent + - name: DD_CLUSTER_AGENT_COLLECT_KUBERNETES_TAGS + value: "false" + - name: DD_KUBE_RESOURCES_NAMESPACE + value: datadog-agent + - name: CHART_RELEASE_NAME + value: datadog + - name: AGENT_DAEMONSET + value: datadog + - name: CLUSTER_AGENT_DEPLOYMENT + value: datadog-cluster-agent + - name: DD_ORCHESTRATOR_EXPLORER_ENABLED + value: "true" + - name: DD_ORCHESTRATOR_EXPLORER_CONTAINER_SCRUBBING_ENABLED + value: "true" + - name: DD_CLUSTER_AGENT_LANGUAGE_DETECTION_PATCHER_ENABLED + value: "false" + - name: DD_INSTRUMENTATION_INSTALL_TIME + valueFrom: + configMapKeyRef: + key: install_time + name: datadog-kpi-telemetry-configmap + - name: DD_INSTRUMENTATION_INSTALL_ID + valueFrom: + configMapKeyRef: + key: install_id + name: datadog-kpi-telemetry-configmap + - name: DD_INSTRUMENTATION_INSTALL_TYPE + valueFrom: + configMapKeyRef: + key: install_type + name: datadog-kpi-telemetry-configmap + image: gcr.io/datadoghq/cluster-agent:7.63.2 + imagePullPolicy: IfNotPresent + livenessProbe: + failureThreshold: 6 + httpGet: + path: /live + port: 5556 + scheme: HTTP + initialDelaySeconds: 15 + periodSeconds: 15 + successThreshold: 1 + timeoutSeconds: 5 + name: cluster-agent + ports: + - containerPort: 5005 + name: agentport + protocol: TCP + - containerPort: 5000 + name: agentmetrics + protocol: TCP + - containerPort: 8000 + name: datadog-webhook + protocol: TCP + readinessProbe: + failureThreshold: 6 + httpGet: + path: /ready + port: 5556 + scheme: HTTP + initialDelaySeconds: 15 + periodSeconds: 15 + successThreshold: 1 + timeoutSeconds: 5 + resources: {} + securityContext: + allowPrivilegeEscalation: false + readOnlyRootFilesystem: true + startupProbe: + failureThreshold: 6 + httpGet: + path: /startup + port: 5556 + scheme: HTTP + initialDelaySeconds: 15 + periodSeconds: 15 + successThreshold: 1 + timeoutSeconds: 5 + volumeMounts: + - mountPath: /opt/datadog-agent/run + name: datadogrun + readOnly: false + - mountPath: /var/log/datadog + name: varlog + readOnly: false + - mountPath: /tmp + name: tmpdir + readOnly: false + - mountPath: /etc/datadog-agent/install_info + name: installinfo + readOnly: true + subPath: install_info + - mountPath: /conf.d + name: confd + readOnly: true + - mountPath: /etc/datadog-agent + name: config + initContainers: + - args: + - /etc/datadog-agent + - /opt + command: + - cp + - -r + image: gcr.io/datadoghq/cluster-agent:7.63.2 + imagePullPolicy: IfNotPresent + name: init-volume + volumeMounts: + - mountPath: /opt/datadog-agent + name: config + nodeSelector: + kubernetes.io/os: linux + serviceAccountName: datadog-cluster-agent + volumes: + - emptyDir: {} + name: datadogrun + - emptyDir: {} + name: varlog + - emptyDir: {} + name: tmpdir + - configMap: + name: datadog-installinfo + name: installinfo + - configMap: + items: + - key: kubernetes_state_core.yaml.default + path: kubernetes_state_core.yaml.default + - key: kubernetes_apiserver.yaml + path: kubernetes_apiserver.yaml + name: datadog-cluster-agent-confd + name: confd + - emptyDir: {} + name: config +--- diff --git a/test/datadog/baseline/manifests/gdc_daemonset_default.yaml b/test/datadog/baseline/manifests/gdc_daemonset_default.yaml new file mode 100644 index 000000000..c62d63c26 --- /dev/null +++ b/test/datadog/baseline/manifests/gdc_daemonset_default.yaml @@ -0,0 +1,1229 @@ +apiVersion: v1 +automountServiceAccountToken: true +kind: ServiceAccount +metadata: + labels: + app: datadog + app.kubernetes.io/instance: datadog + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: datadog + app.kubernetes.io/version: "7" + heritage: Helm + release: datadog + name: datadog-cluster-agent + namespace: datadog-agent +--- +apiVersion: v1 +automountServiceAccountToken: true +kind: ServiceAccount +metadata: + labels: + app.kubernetes.io/instance: datadog + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: datadog + app.kubernetes.io/version: "7" + name: datadog + namespace: datadog-agent +--- +apiVersion: v1 +data: {} +kind: Secret +metadata: + labels: + app.kubernetes.io/instance: datadog + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: datadog + app.kubernetes.io/version: "7" + name: datadog-cluster-agent + namespace: datadog-agent +type: Opaque +--- +apiVersion: v1 +data: + kubernetes_apiserver.yaml: |- + init_config: + instances: + - + filtering_enabled: false + unbundle_events: false + kubernetes_state_core.yaml.default: |- + init_config: + instances: + - collectors: + - secrets + - configmaps + - nodes + - pods + - services + - resourcequotas + - replicationcontrollers + - limitranges + - persistentvolumeclaims + - persistentvolumes + - namespaces + - endpoints + - daemonsets + - deployments + - replicasets + - statefulsets + - cronjobs + - jobs + - horizontalpodautoscalers + - poddisruptionbudgets + - storageclasses + - volumeattachments + - ingresses + labels_as_tags: + {} + annotations_as_tags: + {} +kind: ConfigMap +metadata: + annotations: {} + labels: + app.kubernetes.io/instance: datadog + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: datadog + app.kubernetes.io/version: "7" + name: datadog-cluster-agent-confd + namespace: datadog-agent +--- +apiVersion: v1 +data: {} +kind: ConfigMap +metadata: + annotations: {} + labels: + app.kubernetes.io/instance: datadog + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: datadog + app.kubernetes.io/version: "7" + name: datadog-installinfo + namespace: datadog-agent +--- +apiVersion: v1 +data: + install_type: k8s_manual +kind: ConfigMap +metadata: + labels: + app.kubernetes.io/instance: datadog + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: datadog + app.kubernetes.io/version: "7" + name: datadog-kpi-telemetry-configmap + namespace: datadog-agent +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + labels: + app.kubernetes.io/instance: datadog + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: datadog + app.kubernetes.io/version: "7" + name: datadog-cluster-agent +rules: + - apiGroups: + - "" + resources: + - services + - endpoints + - pods + - nodes + - namespaces + - componentstatuses + - limitranges + verbs: + - get + - list + - watch + - apiGroups: + - "" + resources: + - events + verbs: + - get + - list + - watch + - create + - apiGroups: + - discovery.k8s.io + resources: + - endpointslices + verbs: + - get + - list + - watch + - apiGroups: + - quota.openshift.io + resources: + - clusterresourcequotas + verbs: + - get + - list + - apiGroups: + - autoscaling + resources: + - horizontalpodautoscalers + verbs: + - list + - watch + - apiGroups: + - "" + resourceNames: + - datadogtoken + - datadogtoken + resources: + - configmaps + verbs: + - get + - update + - apiGroups: + - "" + resourceNames: + - datadog-leader-election + - datadog-leader-election + resources: + - configmaps + verbs: + - get + - update + - apiGroups: + - coordination.k8s.io + resourceNames: + - datadog-leader-election + resources: + - leases + verbs: + - get + - update + - apiGroups: + - coordination.k8s.io + resources: + - leases + verbs: + - create + - apiGroups: + - "" + resources: + - configmaps + - events + verbs: + - create + - nonResourceURLs: + - /version + - /healthz + verbs: + - get + - apiGroups: + - "" + resourceNames: + - kube-system + resources: + - namespaces + verbs: + - get + - apiGroups: + - "" + resourceNames: + - datadog-cluster-id + resources: + - configmaps + verbs: + - create + - get + - update + - apiGroups: + - "" + resources: + - persistentvolumes + - persistentvolumeclaims + - serviceaccounts + verbs: + - list + - get + - watch + - apiGroups: + - apps + resources: + - deployments + - replicasets + - daemonsets + - statefulsets + verbs: + - list + - get + - watch + - apiGroups: + - batch + resources: + - cronjobs + - jobs + verbs: + - list + - get + - watch + - apiGroups: + - networking.k8s.io + resources: + - ingresses + - networkpolicies + verbs: + - list + - get + - watch + - apiGroups: + - rbac.authorization.k8s.io + resources: + - roles + - rolebindings + - clusterroles + - clusterrolebindings + verbs: + - list + - get + - watch + - apiGroups: + - storage.k8s.io + resources: + - storageclasses + verbs: + - list + - get + - watch + - apiGroups: + - autoscaling.k8s.io + resources: + - verticalpodautoscalers + verbs: + - list + - get + - watch + - apiGroups: + - apiextensions.k8s.io + resources: + - customresourcedefinitions + verbs: + - list + - get + - watch + - apiGroups: + - admissionregistration.k8s.io + resourceNames: + - datadog-webhook + resources: + - validatingwebhookconfigurations + - mutatingwebhookconfigurations + verbs: + - get + - list + - watch + - update + - delete + - apiGroups: + - admissionregistration.k8s.io + resources: + - validatingwebhookconfigurations + - mutatingwebhookconfigurations + verbs: + - create + - apiGroups: + - batch + resources: + - jobs + - cronjobs + verbs: + - get + - apiGroups: + - apps + resources: + - statefulsets + - replicasets + - deployments + - daemonsets + verbs: + - get + - apiGroups: + - security.openshift.io + resourceNames: + - datadog-cluster-agent + - hostnetwork + resources: + - securitycontextconstraints + verbs: + - use +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + labels: + app.kubernetes.io/instance: datadog + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: datadog + app.kubernetes.io/version: "7" + name: datadog-ksm-core +rules: + - apiGroups: + - "" + resources: + - secrets + - configmaps + - nodes + - pods + - services + - resourcequotas + - replicationcontrollers + - limitranges + - persistentvolumeclaims + - persistentvolumes + - namespaces + - endpoints + - events + verbs: + - list + - watch + - apiGroups: + - extensions + resources: + - daemonsets + - deployments + - replicasets + verbs: + - list + - watch + - apiGroups: + - apps + resources: + - statefulsets + - daemonsets + - deployments + - replicasets + verbs: + - list + - watch + - apiGroups: + - batch + resources: + - cronjobs + - jobs + verbs: + - list + - watch + - apiGroups: + - autoscaling + resources: + - horizontalpodautoscalers + verbs: + - list + - watch + - apiGroups: + - policy + resources: + - poddisruptionbudgets + verbs: + - list + - watch + - apiGroups: + - storage.k8s.io + resources: + - storageclasses + - volumeattachments + verbs: + - list + - watch + - apiGroups: + - networking.k8s.io + resources: + - ingresses + verbs: + - list + - watch + - apiGroups: + - apiextensions.k8s.io + resources: + - customresourcedefinitions + verbs: + - list + - watch +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + labels: + app.kubernetes.io/instance: datadog + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: datadog + app.kubernetes.io/version: "7" + name: datadog +rules: + - nonResourceURLs: + - /metrics + - /metrics/slis + verbs: + - get + - apiGroups: + - "" + resources: + - nodes/metrics + - nodes/spec + - nodes/proxy + - nodes/stats + verbs: + - get + - apiGroups: + - "" + resources: + - endpoints + verbs: + - get + - apiGroups: + - security.openshift.io + resourceNames: + - datadog + - hostaccess + - privileged + resources: + - securitycontextconstraints + verbs: + - use + - apiGroups: + - coordination.k8s.io + resources: + - leases + verbs: + - get + - apiGroups: + - metrics.eks.amazonaws.com + resources: + - kcm/metrics + - ksh/metrics + verbs: + - get +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + labels: + app.kubernetes.io/instance: datadog + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: datadog + app.kubernetes.io/version: "7" + name: datadog-cluster-agent +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: datadog-cluster-agent +subjects: + - kind: ServiceAccount + name: datadog-cluster-agent + namespace: datadog-agent +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + labels: + app.kubernetes.io/instance: datadog + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: datadog + app.kubernetes.io/version: "7" + name: datadog-ksm-core +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: datadog-ksm-core +subjects: + - kind: ServiceAccount + name: datadog-cluster-agent + namespace: datadog-agent +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + labels: + app.kubernetes.io/instance: datadog + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: datadog + app.kubernetes.io/version: "7" + name: datadog +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: datadog +subjects: + - kind: ServiceAccount + name: datadog + namespace: datadog-agent +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + labels: + app.kubernetes.io/instance: datadog + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: datadog + app.kubernetes.io/version: "7" + name: datadog-cluster-agent-main + namespace: datadog-agent +rules: + - apiGroups: + - "" + resources: + - secrets + verbs: + - get + - list + - watch + - update + - create +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + labels: + app.kubernetes.io/instance: datadog + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: datadog + app.kubernetes.io/version: "7" + name: datadog-dca-flare + namespace: datadog-agent +rules: + - apiGroups: + - "" + resources: + - secrets + - configmaps + verbs: + - get + - list +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + labels: + app.kubernetes.io/instance: datadog + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: datadog + app.kubernetes.io/version: "7" + name: datadog-cluster-agent-main + namespace: datadog-agent +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: datadog-cluster-agent-main +subjects: + - kind: ServiceAccount + name: datadog-cluster-agent + namespace: datadog-agent +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + labels: + app.kubernetes.io/instance: datadog + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: datadog + app.kubernetes.io/version: "7" + name: datadog-dca-flare + namespace: datadog-agent +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: datadog-dca-flare +subjects: + - kind: ServiceAccount + name: datadog-cluster-agent + namespace: datadog-agent +--- +apiVersion: v1 +kind: Service +metadata: + labels: + app.kubernetes.io/instance: datadog + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: datadog + app.kubernetes.io/version: "7" + name: datadog-cluster-agent + namespace: datadog-agent +spec: + ports: + - name: agentport + port: 5005 + protocol: TCP + selector: + app: datadog-cluster-agent + type: ClusterIP +--- +apiVersion: v1 +kind: Service +metadata: + labels: + app: datadog + app.kubernetes.io/instance: datadog + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: datadog + app.kubernetes.io/version: "7" + heritage: Helm + release: datadog + name: datadog-cluster-agent-admission-controller + namespace: datadog-agent +spec: + ports: + - name: datadog-webhook + port: 443 + protocol: TCP + targetPort: 8000 + selector: + app: datadog-cluster-agent +--- +apiVersion: v1 +kind: Service +metadata: + labels: + app: datadog + app.kubernetes.io/instance: datadog + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: datadog + app.kubernetes.io/version: "7" + heritage: Helm + release: datadog + name: datadog + namespace: datadog-agent +spec: + internalTrafficPolicy: Local + ports: + - name: dogstatsdport + port: 8125 + protocol: UDP + targetPort: 8125 + - name: traceport + port: 8126 + protocol: TCP + targetPort: 8126 + selector: + app: datadog +--- +apiVersion: apps/v1 +kind: DaemonSet +metadata: + labels: + app.kubernetes.io/component: agent + app.kubernetes.io/instance: datadog + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: datadog + app.kubernetes.io/version: "7" + env.datadoghq.com/kind: gke-gdc + name: datadog + namespace: datadog-agent +spec: + revisionHistoryLimit: 10 + selector: + matchLabels: + app: datadog + template: + metadata: + annotations: {} + labels: + admission.datadoghq.com/enabled: "false" + app: datadog + app.kubernetes.io/component: agent + app.kubernetes.io/instance: datadog + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: datadog + env.datadoghq.com/kind: gke-gdc + name: datadog + spec: + affinity: {} + automountServiceAccountToken: true + containers: + - command: + - agent + - run + env: + - name: DD_API_KEY + valueFrom: + secretKeyRef: + key: api-key + name: datadog-secret + - name: DD_REMOTE_CONFIGURATION_ENABLED + value: "false" + - name: DD_AUTH_TOKEN_FILE_PATH + value: /etc/datadog-agent/auth/token + - name: KUBERNETES + value: "yes" + - name: DD_KUBELET_CLIENT_CRT + value: /certs/tls.crt + - name: DD_KUBELET_CLIENT_KEY + value: /certs/tls.key + - name: DD_LANGUAGE_DETECTION_ENABLED + value: "false" + - name: DD_LANGUAGE_DETECTION_REPORTING_ENABLED + value: "false" + - name: DD_KUBERNETES_KUBELET_HOST + valueFrom: + fieldRef: + fieldPath: status.hostIP + - name: DD_NODE_NAME + valueFrom: + fieldRef: + apiVersion: v1 + fieldPath: spec.nodeName + - name: DD_HOSTNAME + value: $(DD_NODE_NAME)-$(DD_CLUSTER_NAME) + - name: DD_OTLP_CONFIG_LOGS_ENABLED + value: "false" + - name: DD_PROVIDER_KIND + value: gke-gdc + - name: DD_LOG_LEVEL + value: INFO + - name: DD_DOGSTATSD_PORT + value: "8125" + - name: DD_DOGSTATSD_NON_LOCAL_TRAFFIC + value: "true" + - name: DD_DOGSTATSD_TAG_CARDINALITY + value: low + - name: DD_CLUSTER_AGENT_ENABLED + value: "true" + - name: DD_CLUSTER_AGENT_KUBERNETES_SERVICE_NAME + value: datadog-cluster-agent + - name: DD_CLUSTER_AGENT_AUTH_TOKEN + valueFrom: + secretKeyRef: + key: token + name: datadog-cluster-agent + - name: DD_APM_ENABLED + value: "false" + - name: DD_LOGS_ENABLED + value: "false" + - name: DD_LOGS_CONFIG_CONTAINER_COLLECT_ALL + value: "false" + - name: DD_LOGS_CONFIG_K8S_CONTAINER_USE_FILE + value: "true" + - name: DD_LOGS_CONFIG_AUTO_MULTI_LINE_DETECTION + value: "false" + - name: DD_HEALTH_PORT + value: "5555" + - name: DD_EXTRA_CONFIG_PROVIDERS + value: clusterchecks endpointschecks + - name: DD_IGNORE_AUTOCONF + value: kubernetes_state + - name: DD_CONTAINER_LIFECYCLE_ENABLED + value: "true" + - name: DD_ORCHESTRATOR_EXPLORER_ENABLED + value: "true" + - name: DD_EXPVAR_PORT + value: "6000" + - name: DD_COMPLIANCE_CONFIG_ENABLED + value: "false" + - name: DD_CONTAINER_IMAGE_ENABLED + value: "true" + - name: DD_KUBELET_CORE_CHECK_ENABLED + value: "true" + image: gcr.io/datadoghq/agent:7.63.2 + imagePullPolicy: IfNotPresent + livenessProbe: + failureThreshold: 6 + httpGet: + path: /live + port: 5555 + scheme: HTTP + initialDelaySeconds: 15 + periodSeconds: 15 + successThreshold: 1 + timeoutSeconds: 5 + name: agent + ports: + - containerPort: 8125 + name: dogstatsdport + protocol: UDP + readinessProbe: + failureThreshold: 6 + httpGet: + path: /ready + port: 5555 + scheme: HTTP + initialDelaySeconds: 15 + periodSeconds: 15 + successThreshold: 1 + timeoutSeconds: 5 + resources: {} + startupProbe: + failureThreshold: 6 + httpGet: + path: /startup + port: 5555 + scheme: HTTP + initialDelaySeconds: 15 + periodSeconds: 15 + successThreshold: 1 + timeoutSeconds: 5 + volumeMounts: + - mountPath: /var/log/datadog + name: logdatadog + readOnly: false + - mountPath: /etc/datadog-agent/install_info + name: installinfo + readOnly: true + subPath: install_info + - mountPath: /tmp + name: tmpdir + readOnly: false + - mountPath: /etc/datadog-agent + name: config + readOnly: false + - mountPath: /etc/datadog-agent/auth + name: auth-token + readOnly: false + - mountPath: /certs + name: kubelet-cert-volume + initContainers: + - args: + - cp -r /etc/datadog-agent /opt + command: + - bash + - -c + image: gcr.io/datadoghq/agent:7.63.2 + imagePullPolicy: IfNotPresent + name: init-volume + resources: {} + volumeMounts: + - mountPath: /opt/datadog-agent + name: config + readOnly: false + - args: + - for script in $(find /etc/cont-init.d/ -type f -name '*.sh' | sort) ; do bash $script ; done + command: + - bash + - -c + env: + - name: DD_API_KEY + valueFrom: + secretKeyRef: + key: api-key + name: datadog-secret + - name: DD_REMOTE_CONFIGURATION_ENABLED + value: "false" + - name: DD_AUTH_TOKEN_FILE_PATH + value: /etc/datadog-agent/auth/token + - name: KUBERNETES + value: "yes" + - name: DD_KUBELET_CLIENT_CRT + value: /certs/tls.crt + - name: DD_KUBELET_CLIENT_KEY + value: /certs/tls.key + - name: DD_LANGUAGE_DETECTION_ENABLED + value: "false" + - name: DD_LANGUAGE_DETECTION_REPORTING_ENABLED + value: "false" + - name: DD_KUBERNETES_KUBELET_HOST + valueFrom: + fieldRef: + fieldPath: status.hostIP + - name: DD_NODE_NAME + valueFrom: + fieldRef: + apiVersion: v1 + fieldPath: spec.nodeName + - name: DD_HOSTNAME + value: $(DD_NODE_NAME)-$(DD_CLUSTER_NAME) + - name: DD_OTLP_CONFIG_LOGS_ENABLED + value: "false" + - name: DD_PROVIDER_KIND + value: gke-gdc + image: gcr.io/datadoghq/agent:7.63.2 + imagePullPolicy: IfNotPresent + name: init-config + resources: {} + volumeMounts: + - mountPath: /etc/datadog-agent + name: config + readOnly: false + nodeSelector: + kubernetes.io/os: linux + securityContext: + runAsUser: 0 + serviceAccountName: datadog + tolerations: null + volumes: + - emptyDir: {} + name: auth-token + - configMap: + name: datadog-installinfo + name: installinfo + - emptyDir: {} + name: config + - emptyDir: {} + name: logdatadog + - emptyDir: {} + name: tmpdir + - emptyDir: {} + name: s6-run + - name: kubelet-cert-volume + secret: + secretName: datadog-kubelet-cert + updateStrategy: + rollingUpdate: + maxUnavailable: 10% + type: RollingUpdate +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + labels: + app.kubernetes.io/component: cluster-agent + app.kubernetes.io/instance: datadog + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: datadog + app.kubernetes.io/version: "7" + env.datadoghq.com/kind: gke-gdc + name: datadog-cluster-agent + namespace: datadog-agent +spec: + replicas: 1 + revisionHistoryLimit: 10 + selector: + matchLabels: + app: datadog-cluster-agent + strategy: + rollingUpdate: + maxSurge: 1 + maxUnavailable: 0 + type: RollingUpdate + template: + metadata: + annotations: {} + labels: + admission.datadoghq.com/enabled: "false" + app: datadog-cluster-agent + app.kubernetes.io/component: cluster-agent + app.kubernetes.io/instance: datadog + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: datadog + env.datadoghq.com/kind: gke-gdc + name: datadog-cluster-agent + spec: + affinity: + podAntiAffinity: + preferredDuringSchedulingIgnoredDuringExecution: + - podAffinityTerm: + labelSelector: + matchLabels: + app: datadog-cluster-agent + topologyKey: kubernetes.io/hostname + weight: 50 + automountServiceAccountToken: true + containers: + - env: + - name: DD_POD_NAME + valueFrom: + fieldRef: + fieldPath: metadata.name + - name: DD_CLUSTER_AGENT_SERVICE_ACCOUNT_NAME + valueFrom: + fieldRef: + fieldPath: spec.serviceAccountName + - name: DD_HEALTH_PORT + value: "5556" + - name: DD_API_KEY + valueFrom: + secretKeyRef: + key: api-key + name: datadog-secret + optional: true + - name: KUBERNETES + value: "yes" + - name: DD_KUBELET_CLIENT_CRT + value: /certs/tls.crt + - name: DD_KUBELET_CLIENT_KEY + value: /certs/tls.key + - name: DD_LANGUAGE_DETECTION_ENABLED + value: "false" + - name: DD_LANGUAGE_DETECTION_REPORTING_ENABLED + value: "false" + - name: DD_ADMISSION_CONTROLLER_ENABLED + value: "true" + - name: DD_ADMISSION_CONTROLLER_VALIDATION_ENABLED + value: "true" + - name: DD_ADMISSION_CONTROLLER_MUTATION_ENABLED + value: "true" + - name: DD_ADMISSION_CONTROLLER_WEBHOOK_NAME + value: datadog-webhook + - name: DD_ADMISSION_CONTROLLER_MUTATE_UNLABELLED + value: "false" + - name: DD_ADMISSION_CONTROLLER_SERVICE_NAME + value: datadog-cluster-agent-admission-controller + - name: DD_ADMISSION_CONTROLLER_INJECT_CONFIG_MODE + value: socket + - name: DD_ADMISSION_CONTROLLER_INJECT_CONFIG_LOCAL_SERVICE_NAME + value: datadog + - name: DD_ADMISSION_CONTROLLER_FAILURE_POLICY + value: Ignore + - name: DD_ADMISSION_CONTROLLER_PORT + value: "8000" + - name: DD_ADMISSION_CONTROLLER_CONTAINER_REGISTRY + value: gcr.io/datadoghq + - name: DD_REMOTE_CONFIGURATION_ENABLED + value: "false" + - name: DD_CLUSTER_CHECKS_ENABLED + value: "true" + - name: DD_EXTRA_CONFIG_PROVIDERS + value: kube_endpoints kube_services + - name: DD_EXTRA_LISTENERS + value: kube_endpoints kube_services + - name: DD_LOG_LEVEL + value: INFO + - name: DD_LEADER_ELECTION + value: "true" + - name: DD_LEADER_ELECTION_DEFAULT_RESOURCE + value: configmap + - name: DD_LEADER_LEASE_NAME + value: datadog-leader-election + - name: DD_CLUSTER_AGENT_TOKEN_NAME + value: datadogtoken + - name: DD_COLLECT_KUBERNETES_EVENTS + value: "true" + - name: DD_KUBERNETES_USE_ENDPOINT_SLICES + value: "false" + - name: DD_KUBERNETES_EVENTS_SOURCE_DETECTION_ENABLED + value: "false" + - name: DD_CLUSTER_AGENT_KUBERNETES_SERVICE_NAME + value: datadog-cluster-agent + - name: DD_CLUSTER_AGENT_AUTH_TOKEN + valueFrom: + secretKeyRef: + key: token + name: datadog-cluster-agent + - name: DD_CLUSTER_AGENT_COLLECT_KUBERNETES_TAGS + value: "false" + - name: DD_KUBE_RESOURCES_NAMESPACE + value: datadog-agent + - name: CHART_RELEASE_NAME + value: datadog + - name: AGENT_DAEMONSET + value: datadog + - name: CLUSTER_AGENT_DEPLOYMENT + value: datadog-cluster-agent + - name: DD_ORCHESTRATOR_EXPLORER_ENABLED + value: "true" + - name: DD_ORCHESTRATOR_EXPLORER_CONTAINER_SCRUBBING_ENABLED + value: "true" + - name: DD_CLUSTER_AGENT_LANGUAGE_DETECTION_PATCHER_ENABLED + value: "false" + - name: DD_INSTRUMENTATION_INSTALL_TIME + valueFrom: + configMapKeyRef: + key: install_time + name: datadog-kpi-telemetry-configmap + - name: DD_INSTRUMENTATION_INSTALL_ID + valueFrom: + configMapKeyRef: + key: install_id + name: datadog-kpi-telemetry-configmap + - name: DD_INSTRUMENTATION_INSTALL_TYPE + valueFrom: + configMapKeyRef: + key: install_type + name: datadog-kpi-telemetry-configmap + image: gcr.io/datadoghq/cluster-agent:7.63.2 + imagePullPolicy: IfNotPresent + livenessProbe: + failureThreshold: 6 + httpGet: + path: /live + port: 5556 + scheme: HTTP + initialDelaySeconds: 15 + periodSeconds: 15 + successThreshold: 1 + timeoutSeconds: 5 + name: cluster-agent + ports: + - containerPort: 5005 + name: agentport + protocol: TCP + - containerPort: 5000 + name: agentmetrics + protocol: TCP + - containerPort: 8000 + name: datadog-webhook + protocol: TCP + readinessProbe: + failureThreshold: 6 + httpGet: + path: /ready + port: 5556 + scheme: HTTP + initialDelaySeconds: 15 + periodSeconds: 15 + successThreshold: 1 + timeoutSeconds: 5 + resources: {} + securityContext: + allowPrivilegeEscalation: false + readOnlyRootFilesystem: true + startupProbe: + failureThreshold: 6 + httpGet: + path: /startup + port: 5556 + scheme: HTTP + initialDelaySeconds: 15 + periodSeconds: 15 + successThreshold: 1 + timeoutSeconds: 5 + volumeMounts: + - mountPath: /opt/datadog-agent/run + name: datadogrun + readOnly: false + - mountPath: /var/log/datadog + name: varlog + readOnly: false + - mountPath: /tmp + name: tmpdir + readOnly: false + - mountPath: /etc/datadog-agent/install_info + name: installinfo + readOnly: true + subPath: install_info + - mountPath: /conf.d + name: confd + readOnly: true + - mountPath: /etc/datadog-agent + name: config + initContainers: + - args: + - /etc/datadog-agent + - /opt + command: + - cp + - -r + image: gcr.io/datadoghq/cluster-agent:7.63.2 + imagePullPolicy: IfNotPresent + name: init-volume + volumeMounts: + - mountPath: /opt/datadog-agent + name: config + nodeSelector: + kubernetes.io/os: linux + serviceAccountName: datadog-cluster-agent + volumes: + - emptyDir: {} + name: datadogrun + - emptyDir: {} + name: varlog + - emptyDir: {} + name: tmpdir + - configMap: + name: datadog-installinfo + name: installinfo + - configMap: + items: + - key: kubernetes_state_core.yaml.default + path: kubernetes_state_core.yaml.default + - key: kubernetes_apiserver.yaml + path: kubernetes_apiserver.yaml + name: datadog-cluster-agent-confd + name: confd + - emptyDir: {} + name: config +--- diff --git a/test/datadog/baseline/manifests/gdc_daemonset_logs_collection.yaml b/test/datadog/baseline/manifests/gdc_daemonset_logs_collection.yaml new file mode 100644 index 000000000..53075c2a7 --- /dev/null +++ b/test/datadog/baseline/manifests/gdc_daemonset_logs_collection.yaml @@ -0,0 +1,1250 @@ +apiVersion: v1 +automountServiceAccountToken: true +kind: ServiceAccount +metadata: + labels: + app: datadog + app.kubernetes.io/instance: datadog + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: datadog + app.kubernetes.io/version: "7" + heritage: Helm + release: datadog + name: datadog-cluster-agent + namespace: datadog-agent +--- +apiVersion: v1 +automountServiceAccountToken: true +kind: ServiceAccount +metadata: + labels: + app.kubernetes.io/instance: datadog + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: datadog + app.kubernetes.io/version: "7" + name: datadog + namespace: datadog-agent +--- +apiVersion: v1 +data: {} +kind: Secret +metadata: + labels: + app.kubernetes.io/instance: datadog + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: datadog + app.kubernetes.io/version: "7" + name: datadog-cluster-agent + namespace: datadog-agent +type: Opaque +--- +apiVersion: v1 +data: + kubernetes_apiserver.yaml: |- + init_config: + instances: + - + filtering_enabled: false + unbundle_events: false + kubernetes_state_core.yaml.default: |- + init_config: + instances: + - collectors: + - secrets + - configmaps + - nodes + - pods + - services + - resourcequotas + - replicationcontrollers + - limitranges + - persistentvolumeclaims + - persistentvolumes + - namespaces + - endpoints + - daemonsets + - deployments + - replicasets + - statefulsets + - cronjobs + - jobs + - horizontalpodautoscalers + - poddisruptionbudgets + - storageclasses + - volumeattachments + - ingresses + labels_as_tags: + {} + annotations_as_tags: + {} +kind: ConfigMap +metadata: + annotations: {} + labels: + app.kubernetes.io/instance: datadog + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: datadog + app.kubernetes.io/version: "7" + name: datadog-cluster-agent-confd + namespace: datadog-agent +--- +apiVersion: v1 +data: {} +kind: ConfigMap +metadata: + annotations: {} + labels: + app.kubernetes.io/instance: datadog + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: datadog + app.kubernetes.io/version: "7" + name: datadog-installinfo + namespace: datadog-agent +--- +apiVersion: v1 +data: + install_type: k8s_manual +kind: ConfigMap +metadata: + labels: + app.kubernetes.io/instance: datadog + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: datadog + app.kubernetes.io/version: "7" + name: datadog-kpi-telemetry-configmap + namespace: datadog-agent +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + labels: + app.kubernetes.io/instance: datadog + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: datadog + app.kubernetes.io/version: "7" + name: datadog-cluster-agent +rules: + - apiGroups: + - "" + resources: + - services + - endpoints + - pods + - nodes + - namespaces + - componentstatuses + - limitranges + verbs: + - get + - list + - watch + - apiGroups: + - "" + resources: + - events + verbs: + - get + - list + - watch + - create + - apiGroups: + - discovery.k8s.io + resources: + - endpointslices + verbs: + - get + - list + - watch + - apiGroups: + - quota.openshift.io + resources: + - clusterresourcequotas + verbs: + - get + - list + - apiGroups: + - autoscaling + resources: + - horizontalpodautoscalers + verbs: + - list + - watch + - apiGroups: + - "" + resourceNames: + - datadogtoken + - datadogtoken + resources: + - configmaps + verbs: + - get + - update + - apiGroups: + - "" + resourceNames: + - datadog-leader-election + - datadog-leader-election + resources: + - configmaps + verbs: + - get + - update + - apiGroups: + - coordination.k8s.io + resourceNames: + - datadog-leader-election + resources: + - leases + verbs: + - get + - update + - apiGroups: + - coordination.k8s.io + resources: + - leases + verbs: + - create + - apiGroups: + - "" + resources: + - configmaps + - events + verbs: + - create + - nonResourceURLs: + - /version + - /healthz + verbs: + - get + - apiGroups: + - "" + resourceNames: + - kube-system + resources: + - namespaces + verbs: + - get + - apiGroups: + - "" + resourceNames: + - datadog-cluster-id + resources: + - configmaps + verbs: + - create + - get + - update + - apiGroups: + - "" + resources: + - persistentvolumes + - persistentvolumeclaims + - serviceaccounts + verbs: + - list + - get + - watch + - apiGroups: + - apps + resources: + - deployments + - replicasets + - daemonsets + - statefulsets + verbs: + - list + - get + - watch + - apiGroups: + - batch + resources: + - cronjobs + - jobs + verbs: + - list + - get + - watch + - apiGroups: + - networking.k8s.io + resources: + - ingresses + - networkpolicies + verbs: + - list + - get + - watch + - apiGroups: + - rbac.authorization.k8s.io + resources: + - roles + - rolebindings + - clusterroles + - clusterrolebindings + verbs: + - list + - get + - watch + - apiGroups: + - storage.k8s.io + resources: + - storageclasses + verbs: + - list + - get + - watch + - apiGroups: + - autoscaling.k8s.io + resources: + - verticalpodautoscalers + verbs: + - list + - get + - watch + - apiGroups: + - apiextensions.k8s.io + resources: + - customresourcedefinitions + verbs: + - list + - get + - watch + - apiGroups: + - admissionregistration.k8s.io + resourceNames: + - datadog-webhook + resources: + - validatingwebhookconfigurations + - mutatingwebhookconfigurations + verbs: + - get + - list + - watch + - update + - delete + - apiGroups: + - admissionregistration.k8s.io + resources: + - validatingwebhookconfigurations + - mutatingwebhookconfigurations + verbs: + - create + - apiGroups: + - batch + resources: + - jobs + - cronjobs + verbs: + - get + - apiGroups: + - apps + resources: + - statefulsets + - replicasets + - deployments + - daemonsets + verbs: + - get + - apiGroups: + - security.openshift.io + resourceNames: + - datadog-cluster-agent + - hostnetwork + resources: + - securitycontextconstraints + verbs: + - use +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + labels: + app.kubernetes.io/instance: datadog + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: datadog + app.kubernetes.io/version: "7" + name: datadog-ksm-core +rules: + - apiGroups: + - "" + resources: + - secrets + - configmaps + - nodes + - pods + - services + - resourcequotas + - replicationcontrollers + - limitranges + - persistentvolumeclaims + - persistentvolumes + - namespaces + - endpoints + - events + verbs: + - list + - watch + - apiGroups: + - extensions + resources: + - daemonsets + - deployments + - replicasets + verbs: + - list + - watch + - apiGroups: + - apps + resources: + - statefulsets + - daemonsets + - deployments + - replicasets + verbs: + - list + - watch + - apiGroups: + - batch + resources: + - cronjobs + - jobs + verbs: + - list + - watch + - apiGroups: + - autoscaling + resources: + - horizontalpodautoscalers + verbs: + - list + - watch + - apiGroups: + - policy + resources: + - poddisruptionbudgets + verbs: + - list + - watch + - apiGroups: + - storage.k8s.io + resources: + - storageclasses + - volumeattachments + verbs: + - list + - watch + - apiGroups: + - networking.k8s.io + resources: + - ingresses + verbs: + - list + - watch + - apiGroups: + - apiextensions.k8s.io + resources: + - customresourcedefinitions + verbs: + - list + - watch +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + labels: + app.kubernetes.io/instance: datadog + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: datadog + app.kubernetes.io/version: "7" + name: datadog +rules: + - nonResourceURLs: + - /metrics + - /metrics/slis + verbs: + - get + - apiGroups: + - "" + resources: + - nodes/metrics + - nodes/spec + - nodes/proxy + - nodes/stats + verbs: + - get + - apiGroups: + - "" + resources: + - endpoints + verbs: + - get + - apiGroups: + - security.openshift.io + resourceNames: + - datadog + - hostaccess + - privileged + resources: + - securitycontextconstraints + verbs: + - use + - apiGroups: + - coordination.k8s.io + resources: + - leases + verbs: + - get + - apiGroups: + - metrics.eks.amazonaws.com + resources: + - kcm/metrics + - ksh/metrics + verbs: + - get +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + labels: + app.kubernetes.io/instance: datadog + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: datadog + app.kubernetes.io/version: "7" + name: datadog-cluster-agent +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: datadog-cluster-agent +subjects: + - kind: ServiceAccount + name: datadog-cluster-agent + namespace: datadog-agent +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + labels: + app.kubernetes.io/instance: datadog + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: datadog + app.kubernetes.io/version: "7" + name: datadog-ksm-core +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: datadog-ksm-core +subjects: + - kind: ServiceAccount + name: datadog-cluster-agent + namespace: datadog-agent +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + labels: + app.kubernetes.io/instance: datadog + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: datadog + app.kubernetes.io/version: "7" + name: datadog +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: datadog +subjects: + - kind: ServiceAccount + name: datadog + namespace: datadog-agent +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + labels: + app.kubernetes.io/instance: datadog + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: datadog + app.kubernetes.io/version: "7" + name: datadog-cluster-agent-main + namespace: datadog-agent +rules: + - apiGroups: + - "" + resources: + - secrets + verbs: + - get + - list + - watch + - update + - create +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + labels: + app.kubernetes.io/instance: datadog + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: datadog + app.kubernetes.io/version: "7" + name: datadog-dca-flare + namespace: datadog-agent +rules: + - apiGroups: + - "" + resources: + - secrets + - configmaps + verbs: + - get + - list +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + labels: + app.kubernetes.io/instance: datadog + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: datadog + app.kubernetes.io/version: "7" + name: datadog-cluster-agent-main + namespace: datadog-agent +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: datadog-cluster-agent-main +subjects: + - kind: ServiceAccount + name: datadog-cluster-agent + namespace: datadog-agent +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + labels: + app.kubernetes.io/instance: datadog + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: datadog + app.kubernetes.io/version: "7" + name: datadog-dca-flare + namespace: datadog-agent +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: datadog-dca-flare +subjects: + - kind: ServiceAccount + name: datadog-cluster-agent + namespace: datadog-agent +--- +apiVersion: v1 +kind: Service +metadata: + labels: + app.kubernetes.io/instance: datadog + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: datadog + app.kubernetes.io/version: "7" + name: datadog-cluster-agent + namespace: datadog-agent +spec: + ports: + - name: agentport + port: 5005 + protocol: TCP + selector: + app: datadog-cluster-agent + type: ClusterIP +--- +apiVersion: v1 +kind: Service +metadata: + labels: + app: datadog + app.kubernetes.io/instance: datadog + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: datadog + app.kubernetes.io/version: "7" + heritage: Helm + release: datadog + name: datadog-cluster-agent-admission-controller + namespace: datadog-agent +spec: + ports: + - name: datadog-webhook + port: 443 + protocol: TCP + targetPort: 8000 + selector: + app: datadog-cluster-agent +--- +apiVersion: v1 +kind: Service +metadata: + labels: + app: datadog + app.kubernetes.io/instance: datadog + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: datadog + app.kubernetes.io/version: "7" + heritage: Helm + release: datadog + name: datadog + namespace: datadog-agent +spec: + internalTrafficPolicy: Local + ports: + - name: dogstatsdport + port: 8125 + protocol: UDP + targetPort: 8125 + - name: traceport + port: 8126 + protocol: TCP + targetPort: 8126 + selector: + app: datadog +--- +apiVersion: apps/v1 +kind: DaemonSet +metadata: + labels: + app.kubernetes.io/component: agent + app.kubernetes.io/instance: datadog + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: datadog + app.kubernetes.io/version: "7" + env.datadoghq.com/kind: gke-gdc + name: datadog + namespace: datadog-agent +spec: + revisionHistoryLimit: 10 + selector: + matchLabels: + app: datadog + template: + metadata: + annotations: {} + labels: + admission.datadoghq.com/enabled: "false" + app: datadog + app.kubernetes.io/component: agent + app.kubernetes.io/instance: datadog + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: datadog + env.datadoghq.com/kind: gke-gdc + name: datadog + spec: + affinity: {} + automountServiceAccountToken: true + containers: + - command: + - agent + - run + env: + - name: DD_API_KEY + valueFrom: + secretKeyRef: + key: api-key + name: datadog-secret + - name: DD_REMOTE_CONFIGURATION_ENABLED + value: "false" + - name: DD_AUTH_TOKEN_FILE_PATH + value: /etc/datadog-agent/auth/token + - name: KUBERNETES + value: "yes" + - name: DD_KUBELET_CLIENT_CRT + value: /certs/tls.crt + - name: DD_KUBELET_CLIENT_KEY + value: /certs/tls.key + - name: DD_LANGUAGE_DETECTION_ENABLED + value: "false" + - name: DD_LANGUAGE_DETECTION_REPORTING_ENABLED + value: "false" + - name: DD_KUBERNETES_KUBELET_HOST + valueFrom: + fieldRef: + fieldPath: status.hostIP + - name: DD_NODE_NAME + valueFrom: + fieldRef: + apiVersion: v1 + fieldPath: spec.nodeName + - name: DD_HOSTNAME + value: $(DD_NODE_NAME)-$(DD_CLUSTER_NAME) + - name: DD_OTLP_CONFIG_LOGS_ENABLED + value: "false" + - name: DD_PROVIDER_KIND + value: gke-gdc + - name: DD_LOG_LEVEL + value: INFO + - name: DD_DOGSTATSD_PORT + value: "8125" + - name: DD_DOGSTATSD_NON_LOCAL_TRAFFIC + value: "true" + - name: DD_DOGSTATSD_TAG_CARDINALITY + value: low + - name: DD_CLUSTER_AGENT_ENABLED + value: "true" + - name: DD_CLUSTER_AGENT_KUBERNETES_SERVICE_NAME + value: datadog-cluster-agent + - name: DD_CLUSTER_AGENT_AUTH_TOKEN + valueFrom: + secretKeyRef: + key: token + name: datadog-cluster-agent + - name: DD_APM_ENABLED + value: "false" + - name: DD_LOGS_ENABLED + value: "true" + - name: DD_LOGS_CONFIG_CONTAINER_COLLECT_ALL + value: "true" + - name: DD_LOGS_CONFIG_K8S_CONTAINER_USE_FILE + value: "true" + - name: DD_LOGS_CONFIG_AUTO_MULTI_LINE_DETECTION + value: "true" + - name: DD_HEALTH_PORT + value: "5555" + - name: DD_EXTRA_CONFIG_PROVIDERS + value: clusterchecks endpointschecks + - name: DD_IGNORE_AUTOCONF + value: kubernetes_state + - name: DD_CONTAINER_LIFECYCLE_ENABLED + value: "true" + - name: DD_ORCHESTRATOR_EXPLORER_ENABLED + value: "true" + - name: DD_EXPVAR_PORT + value: "6000" + - name: DD_COMPLIANCE_CONFIG_ENABLED + value: "false" + - name: DD_CONTAINER_IMAGE_ENABLED + value: "true" + - name: DD_KUBELET_CORE_CHECK_ENABLED + value: "true" + image: gcr.io/datadoghq/agent:7.63.2 + imagePullPolicy: IfNotPresent + livenessProbe: + failureThreshold: 6 + httpGet: + path: /live + port: 5555 + scheme: HTTP + initialDelaySeconds: 15 + periodSeconds: 15 + successThreshold: 1 + timeoutSeconds: 5 + name: agent + ports: + - containerPort: 8125 + name: dogstatsdport + protocol: UDP + readinessProbe: + failureThreshold: 6 + httpGet: + path: /ready + port: 5555 + scheme: HTTP + initialDelaySeconds: 15 + periodSeconds: 15 + successThreshold: 1 + timeoutSeconds: 5 + resources: {} + startupProbe: + failureThreshold: 6 + httpGet: + path: /startup + port: 5555 + scheme: HTTP + initialDelaySeconds: 15 + periodSeconds: 15 + successThreshold: 1 + timeoutSeconds: 5 + volumeMounts: + - mountPath: /var/log/datadog + name: logdatadog + readOnly: false + - mountPath: /etc/datadog-agent/install_info + name: installinfo + readOnly: true + subPath: install_info + - mountPath: /tmp + name: tmpdir + readOnly: false + - mountPath: /etc/datadog-agent + name: config + readOnly: false + - mountPath: /etc/datadog-agent/auth + name: auth-token + readOnly: false + - mountPath: /opt/datadog-agent/run + mountPropagation: None + name: pointerdir + readOnly: false + - mountPath: /var/log/pods + mountPropagation: None + name: logpodpath + readOnly: true + - mountPath: /var/log/containers + mountPropagation: None + name: logscontainerspath + readOnly: true + - mountPath: /certs + name: kubelet-cert-volume + initContainers: + - args: + - cp -r /etc/datadog-agent /opt + command: + - bash + - -c + image: gcr.io/datadoghq/agent:7.63.2 + imagePullPolicy: IfNotPresent + name: init-volume + resources: {} + volumeMounts: + - mountPath: /opt/datadog-agent + name: config + readOnly: false + - args: + - for script in $(find /etc/cont-init.d/ -type f -name '*.sh' | sort) ; do bash $script ; done + command: + - bash + - -c + env: + - name: DD_API_KEY + valueFrom: + secretKeyRef: + key: api-key + name: datadog-secret + - name: DD_REMOTE_CONFIGURATION_ENABLED + value: "false" + - name: DD_AUTH_TOKEN_FILE_PATH + value: /etc/datadog-agent/auth/token + - name: KUBERNETES + value: "yes" + - name: DD_KUBELET_CLIENT_CRT + value: /certs/tls.crt + - name: DD_KUBELET_CLIENT_KEY + value: /certs/tls.key + - name: DD_LANGUAGE_DETECTION_ENABLED + value: "false" + - name: DD_LANGUAGE_DETECTION_REPORTING_ENABLED + value: "false" + - name: DD_KUBERNETES_KUBELET_HOST + valueFrom: + fieldRef: + fieldPath: status.hostIP + - name: DD_NODE_NAME + valueFrom: + fieldRef: + apiVersion: v1 + fieldPath: spec.nodeName + - name: DD_HOSTNAME + value: $(DD_NODE_NAME)-$(DD_CLUSTER_NAME) + - name: DD_OTLP_CONFIG_LOGS_ENABLED + value: "false" + - name: DD_PROVIDER_KIND + value: gke-gdc + image: gcr.io/datadoghq/agent:7.63.2 + imagePullPolicy: IfNotPresent + name: init-config + resources: {} + volumeMounts: + - mountPath: /etc/datadog-agent + name: config + readOnly: false + nodeSelector: + kubernetes.io/os: linux + securityContext: + runAsUser: 0 + serviceAccountName: datadog + tolerations: null + volumes: + - emptyDir: {} + name: auth-token + - configMap: + name: datadog-installinfo + name: installinfo + - emptyDir: {} + name: config + - emptyDir: {} + name: logdatadog + - emptyDir: {} + name: tmpdir + - emptyDir: {} + name: s6-run + - hostPath: + path: /var/datadog/logs + name: pointerdir + - hostPath: + path: /var/log/pods + name: logpodpath + - hostPath: + path: /var/log/containers + name: logscontainerspath + - name: kubelet-cert-volume + secret: + secretName: datadog-kubelet-cert + updateStrategy: + rollingUpdate: + maxUnavailable: 10% + type: RollingUpdate +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + labels: + app.kubernetes.io/component: cluster-agent + app.kubernetes.io/instance: datadog + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: datadog + app.kubernetes.io/version: "7" + env.datadoghq.com/kind: gke-gdc + name: datadog-cluster-agent + namespace: datadog-agent +spec: + replicas: 1 + revisionHistoryLimit: 10 + selector: + matchLabels: + app: datadog-cluster-agent + strategy: + rollingUpdate: + maxSurge: 1 + maxUnavailable: 0 + type: RollingUpdate + template: + metadata: + annotations: {} + labels: + admission.datadoghq.com/enabled: "false" + app: datadog-cluster-agent + app.kubernetes.io/component: cluster-agent + app.kubernetes.io/instance: datadog + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: datadog + env.datadoghq.com/kind: gke-gdc + name: datadog-cluster-agent + spec: + affinity: + podAntiAffinity: + preferredDuringSchedulingIgnoredDuringExecution: + - podAffinityTerm: + labelSelector: + matchLabels: + app: datadog-cluster-agent + topologyKey: kubernetes.io/hostname + weight: 50 + automountServiceAccountToken: true + containers: + - env: + - name: DD_POD_NAME + valueFrom: + fieldRef: + fieldPath: metadata.name + - name: DD_CLUSTER_AGENT_SERVICE_ACCOUNT_NAME + valueFrom: + fieldRef: + fieldPath: spec.serviceAccountName + - name: DD_HEALTH_PORT + value: "5556" + - name: DD_API_KEY + valueFrom: + secretKeyRef: + key: api-key + name: datadog-secret + optional: true + - name: KUBERNETES + value: "yes" + - name: DD_KUBELET_CLIENT_CRT + value: /certs/tls.crt + - name: DD_KUBELET_CLIENT_KEY + value: /certs/tls.key + - name: DD_LANGUAGE_DETECTION_ENABLED + value: "false" + - name: DD_LANGUAGE_DETECTION_REPORTING_ENABLED + value: "false" + - name: DD_ADMISSION_CONTROLLER_ENABLED + value: "true" + - name: DD_ADMISSION_CONTROLLER_VALIDATION_ENABLED + value: "true" + - name: DD_ADMISSION_CONTROLLER_MUTATION_ENABLED + value: "true" + - name: DD_ADMISSION_CONTROLLER_WEBHOOK_NAME + value: datadog-webhook + - name: DD_ADMISSION_CONTROLLER_MUTATE_UNLABELLED + value: "false" + - name: DD_ADMISSION_CONTROLLER_SERVICE_NAME + value: datadog-cluster-agent-admission-controller + - name: DD_ADMISSION_CONTROLLER_INJECT_CONFIG_MODE + value: socket + - name: DD_ADMISSION_CONTROLLER_INJECT_CONFIG_LOCAL_SERVICE_NAME + value: datadog + - name: DD_ADMISSION_CONTROLLER_FAILURE_POLICY + value: Ignore + - name: DD_ADMISSION_CONTROLLER_PORT + value: "8000" + - name: DD_ADMISSION_CONTROLLER_CONTAINER_REGISTRY + value: gcr.io/datadoghq + - name: DD_REMOTE_CONFIGURATION_ENABLED + value: "false" + - name: DD_CLUSTER_CHECKS_ENABLED + value: "true" + - name: DD_EXTRA_CONFIG_PROVIDERS + value: kube_endpoints kube_services + - name: DD_EXTRA_LISTENERS + value: kube_endpoints kube_services + - name: DD_LOG_LEVEL + value: INFO + - name: DD_LEADER_ELECTION + value: "true" + - name: DD_LEADER_ELECTION_DEFAULT_RESOURCE + value: configmap + - name: DD_LEADER_LEASE_NAME + value: datadog-leader-election + - name: DD_CLUSTER_AGENT_TOKEN_NAME + value: datadogtoken + - name: DD_COLLECT_KUBERNETES_EVENTS + value: "true" + - name: DD_KUBERNETES_USE_ENDPOINT_SLICES + value: "false" + - name: DD_KUBERNETES_EVENTS_SOURCE_DETECTION_ENABLED + value: "false" + - name: DD_CLUSTER_AGENT_KUBERNETES_SERVICE_NAME + value: datadog-cluster-agent + - name: DD_CLUSTER_AGENT_AUTH_TOKEN + valueFrom: + secretKeyRef: + key: token + name: datadog-cluster-agent + - name: DD_CLUSTER_AGENT_COLLECT_KUBERNETES_TAGS + value: "false" + - name: DD_KUBE_RESOURCES_NAMESPACE + value: datadog-agent + - name: CHART_RELEASE_NAME + value: datadog + - name: AGENT_DAEMONSET + value: datadog + - name: CLUSTER_AGENT_DEPLOYMENT + value: datadog-cluster-agent + - name: DD_ORCHESTRATOR_EXPLORER_ENABLED + value: "true" + - name: DD_ORCHESTRATOR_EXPLORER_CONTAINER_SCRUBBING_ENABLED + value: "true" + - name: DD_CLUSTER_AGENT_LANGUAGE_DETECTION_PATCHER_ENABLED + value: "false" + - name: DD_INSTRUMENTATION_INSTALL_TIME + valueFrom: + configMapKeyRef: + key: install_time + name: datadog-kpi-telemetry-configmap + - name: DD_INSTRUMENTATION_INSTALL_ID + valueFrom: + configMapKeyRef: + key: install_id + name: datadog-kpi-telemetry-configmap + - name: DD_INSTRUMENTATION_INSTALL_TYPE + valueFrom: + configMapKeyRef: + key: install_type + name: datadog-kpi-telemetry-configmap + image: gcr.io/datadoghq/cluster-agent:7.63.2 + imagePullPolicy: IfNotPresent + livenessProbe: + failureThreshold: 6 + httpGet: + path: /live + port: 5556 + scheme: HTTP + initialDelaySeconds: 15 + periodSeconds: 15 + successThreshold: 1 + timeoutSeconds: 5 + name: cluster-agent + ports: + - containerPort: 5005 + name: agentport + protocol: TCP + - containerPort: 5000 + name: agentmetrics + protocol: TCP + - containerPort: 8000 + name: datadog-webhook + protocol: TCP + readinessProbe: + failureThreshold: 6 + httpGet: + path: /ready + port: 5556 + scheme: HTTP + initialDelaySeconds: 15 + periodSeconds: 15 + successThreshold: 1 + timeoutSeconds: 5 + resources: {} + securityContext: + allowPrivilegeEscalation: false + readOnlyRootFilesystem: true + startupProbe: + failureThreshold: 6 + httpGet: + path: /startup + port: 5556 + scheme: HTTP + initialDelaySeconds: 15 + periodSeconds: 15 + successThreshold: 1 + timeoutSeconds: 5 + volumeMounts: + - mountPath: /opt/datadog-agent/run + name: datadogrun + readOnly: false + - mountPath: /var/log/datadog + name: varlog + readOnly: false + - mountPath: /tmp + name: tmpdir + readOnly: false + - mountPath: /etc/datadog-agent/install_info + name: installinfo + readOnly: true + subPath: install_info + - mountPath: /conf.d + name: confd + readOnly: true + - mountPath: /etc/datadog-agent + name: config + initContainers: + - args: + - /etc/datadog-agent + - /opt + command: + - cp + - -r + image: gcr.io/datadoghq/cluster-agent:7.63.2 + imagePullPolicy: IfNotPresent + name: init-volume + volumeMounts: + - mountPath: /opt/datadog-agent + name: config + nodeSelector: + kubernetes.io/os: linux + serviceAccountName: datadog-cluster-agent + volumes: + - emptyDir: {} + name: datadogrun + - emptyDir: {} + name: varlog + - emptyDir: {} + name: tmpdir + - configMap: + name: datadog-installinfo + name: installinfo + - configMap: + items: + - key: kubernetes_state_core.yaml.default + path: kubernetes_state_core.yaml.default + - key: kubernetes_apiserver.yaml + path: kubernetes_apiserver.yaml + name: datadog-cluster-agent-confd + name: confd + - emptyDir: {} + name: config +--- diff --git a/test/datadog/baseline/manifests/other_default.yaml b/test/datadog/baseline/manifests/other_default.yaml new file mode 100644 index 000000000..3c9a23708 --- /dev/null +++ b/test/datadog/baseline/manifests/other_default.yaml @@ -0,0 +1,1361 @@ +apiVersion: v1 +automountServiceAccountToken: true +kind: ServiceAccount +metadata: + labels: + app: datadog + app.kubernetes.io/instance: datadog + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: datadog + app.kubernetes.io/version: "7" + heritage: Helm + release: datadog + name: datadog-cluster-agent + namespace: datadog-agent +--- +apiVersion: v1 +automountServiceAccountToken: true +kind: ServiceAccount +metadata: + labels: + app.kubernetes.io/instance: datadog + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: datadog + app.kubernetes.io/version: "7" + name: datadog + namespace: datadog-agent +--- +apiVersion: v1 +data: {} +kind: Secret +metadata: + labels: + app.kubernetes.io/instance: datadog + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: datadog + app.kubernetes.io/version: "7" + name: datadog-cluster-agent + namespace: datadog-agent +type: Opaque +--- +apiVersion: v1 +data: + kubernetes_apiserver.yaml: |- + init_config: + instances: + - + filtering_enabled: false + unbundle_events: false + kubernetes_state_core.yaml.default: |- + init_config: + instances: + - collectors: + - secrets + - configmaps + - nodes + - pods + - services + - resourcequotas + - replicationcontrollers + - limitranges + - persistentvolumeclaims + - persistentvolumes + - namespaces + - endpoints + - daemonsets + - deployments + - replicasets + - statefulsets + - cronjobs + - jobs + - horizontalpodautoscalers + - poddisruptionbudgets + - storageclasses + - volumeattachments + - ingresses + labels_as_tags: + {} + annotations_as_tags: + {} +kind: ConfigMap +metadata: + annotations: {} + labels: + app.kubernetes.io/instance: datadog + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: datadog + app.kubernetes.io/version: "7" + name: datadog-cluster-agent-confd + namespace: datadog-agent +--- +apiVersion: v1 +data: {} +kind: ConfigMap +metadata: + annotations: {} + labels: + app.kubernetes.io/instance: datadog + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: datadog + app.kubernetes.io/version: "7" + name: datadog-installinfo + namespace: datadog-agent +--- +apiVersion: v1 +data: + install_type: k8s_manual +kind: ConfigMap +metadata: + labels: + app.kubernetes.io/instance: datadog + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: datadog + app.kubernetes.io/version: "7" + name: datadog-kpi-telemetry-configmap + namespace: datadog-agent +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + labels: + app.kubernetes.io/instance: datadog + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: datadog + app.kubernetes.io/version: "7" + name: datadog-cluster-agent +rules: + - apiGroups: + - "" + resources: + - services + - endpoints + - pods + - nodes + - namespaces + - componentstatuses + - limitranges + verbs: + - get + - list + - watch + - apiGroups: + - "" + resources: + - events + verbs: + - get + - list + - watch + - create + - apiGroups: + - discovery.k8s.io + resources: + - endpointslices + verbs: + - get + - list + - watch + - apiGroups: + - quota.openshift.io + resources: + - clusterresourcequotas + verbs: + - get + - list + - apiGroups: + - autoscaling + resources: + - horizontalpodautoscalers + verbs: + - list + - watch + - apiGroups: + - "" + resourceNames: + - datadogtoken + - datadogtoken + resources: + - configmaps + verbs: + - get + - update + - apiGroups: + - "" + resourceNames: + - datadog-leader-election + - datadog-leader-election + resources: + - configmaps + verbs: + - get + - update + - apiGroups: + - coordination.k8s.io + resourceNames: + - datadog-leader-election + resources: + - leases + verbs: + - get + - update + - apiGroups: + - coordination.k8s.io + resources: + - leases + verbs: + - create + - apiGroups: + - "" + resources: + - configmaps + - events + verbs: + - create + - nonResourceURLs: + - /version + - /healthz + verbs: + - get + - apiGroups: + - "" + resourceNames: + - kube-system + resources: + - namespaces + verbs: + - get + - apiGroups: + - "" + resourceNames: + - datadog-cluster-id + resources: + - configmaps + verbs: + - create + - get + - update + - apiGroups: + - "" + resources: + - persistentvolumes + - persistentvolumeclaims + - serviceaccounts + verbs: + - list + - get + - watch + - apiGroups: + - apps + resources: + - deployments + - replicasets + - daemonsets + - statefulsets + verbs: + - list + - get + - watch + - apiGroups: + - batch + resources: + - cronjobs + - jobs + verbs: + - list + - get + - watch + - apiGroups: + - networking.k8s.io + resources: + - ingresses + - networkpolicies + verbs: + - list + - get + - watch + - apiGroups: + - rbac.authorization.k8s.io + resources: + - roles + - rolebindings + - clusterroles + - clusterrolebindings + verbs: + - list + - get + - watch + - apiGroups: + - storage.k8s.io + resources: + - storageclasses + verbs: + - list + - get + - watch + - apiGroups: + - autoscaling.k8s.io + resources: + - verticalpodautoscalers + verbs: + - list + - get + - watch + - apiGroups: + - apiextensions.k8s.io + resources: + - customresourcedefinitions + verbs: + - list + - get + - watch + - apiGroups: + - admissionregistration.k8s.io + resourceNames: + - datadog-webhook + resources: + - validatingwebhookconfigurations + - mutatingwebhookconfigurations + verbs: + - get + - list + - watch + - update + - delete + - apiGroups: + - admissionregistration.k8s.io + resources: + - validatingwebhookconfigurations + - mutatingwebhookconfigurations + verbs: + - create + - apiGroups: + - batch + resources: + - jobs + - cronjobs + verbs: + - get + - apiGroups: + - apps + resources: + - statefulsets + - replicasets + - deployments + - daemonsets + verbs: + - get + - apiGroups: + - security.openshift.io + resourceNames: + - datadog-cluster-agent + - hostnetwork + resources: + - securitycontextconstraints + verbs: + - use +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + labels: + app.kubernetes.io/instance: datadog + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: datadog + app.kubernetes.io/version: "7" + name: datadog-ksm-core +rules: + - apiGroups: + - "" + resources: + - secrets + - configmaps + - nodes + - pods + - services + - resourcequotas + - replicationcontrollers + - limitranges + - persistentvolumeclaims + - persistentvolumes + - namespaces + - endpoints + - events + verbs: + - list + - watch + - apiGroups: + - extensions + resources: + - daemonsets + - deployments + - replicasets + verbs: + - list + - watch + - apiGroups: + - apps + resources: + - statefulsets + - daemonsets + - deployments + - replicasets + verbs: + - list + - watch + - apiGroups: + - batch + resources: + - cronjobs + - jobs + verbs: + - list + - watch + - apiGroups: + - autoscaling + resources: + - horizontalpodautoscalers + verbs: + - list + - watch + - apiGroups: + - policy + resources: + - poddisruptionbudgets + verbs: + - list + - watch + - apiGroups: + - storage.k8s.io + resources: + - storageclasses + - volumeattachments + verbs: + - list + - watch + - apiGroups: + - networking.k8s.io + resources: + - ingresses + verbs: + - list + - watch + - apiGroups: + - apiextensions.k8s.io + resources: + - customresourcedefinitions + verbs: + - list + - watch +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + labels: + app.kubernetes.io/instance: datadog + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: datadog + app.kubernetes.io/version: "7" + name: datadog +rules: + - nonResourceURLs: + - /metrics + - /metrics/slis + verbs: + - get + - apiGroups: + - "" + resources: + - nodes/metrics + - nodes/spec + - nodes/proxy + - nodes/stats + verbs: + - get + - apiGroups: + - "" + resources: + - endpoints + verbs: + - get + - apiGroups: + - security.openshift.io + resourceNames: + - datadog + - hostaccess + - privileged + resources: + - securitycontextconstraints + verbs: + - use + - apiGroups: + - coordination.k8s.io + resources: + - leases + verbs: + - get + - apiGroups: + - metrics.eks.amazonaws.com + resources: + - kcm/metrics + - ksh/metrics + verbs: + - get +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + labels: + app.kubernetes.io/instance: datadog + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: datadog + app.kubernetes.io/version: "7" + name: datadog-cluster-agent +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: datadog-cluster-agent +subjects: + - kind: ServiceAccount + name: datadog-cluster-agent + namespace: datadog-agent +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + labels: + app.kubernetes.io/instance: datadog + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: datadog + app.kubernetes.io/version: "7" + name: datadog-ksm-core +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: datadog-ksm-core +subjects: + - kind: ServiceAccount + name: datadog-cluster-agent + namespace: datadog-agent +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + labels: + app.kubernetes.io/instance: datadog + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: datadog + app.kubernetes.io/version: "7" + name: datadog +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: datadog +subjects: + - kind: ServiceAccount + name: datadog + namespace: datadog-agent +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + labels: + app.kubernetes.io/instance: datadog + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: datadog + app.kubernetes.io/version: "7" + name: datadog-cluster-agent-main + namespace: datadog-agent +rules: + - apiGroups: + - "" + resources: + - secrets + verbs: + - get + - list + - watch + - update + - create +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + labels: + app.kubernetes.io/instance: datadog + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: datadog + app.kubernetes.io/version: "7" + name: datadog-dca-flare + namespace: datadog-agent +rules: + - apiGroups: + - "" + resources: + - secrets + - configmaps + verbs: + - get + - list +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + labels: + app.kubernetes.io/instance: datadog + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: datadog + app.kubernetes.io/version: "7" + name: datadog-cluster-agent-main + namespace: datadog-agent +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: datadog-cluster-agent-main +subjects: + - kind: ServiceAccount + name: datadog-cluster-agent + namespace: datadog-agent +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + labels: + app.kubernetes.io/instance: datadog + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: datadog + app.kubernetes.io/version: "7" + name: datadog-dca-flare + namespace: datadog-agent +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: datadog-dca-flare +subjects: + - kind: ServiceAccount + name: datadog-cluster-agent + namespace: datadog-agent +--- +apiVersion: v1 +kind: Service +metadata: + labels: + app.kubernetes.io/instance: datadog + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: datadog + app.kubernetes.io/version: "7" + name: datadog-cluster-agent + namespace: datadog-agent +spec: + ports: + - name: agentport + port: 5005 + protocol: TCP + selector: + app: datadog-cluster-agent + type: ClusterIP +--- +apiVersion: v1 +kind: Service +metadata: + labels: + app: datadog + app.kubernetes.io/instance: datadog + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: datadog + app.kubernetes.io/version: "7" + heritage: Helm + release: datadog + name: datadog-cluster-agent-admission-controller + namespace: datadog-agent +spec: + ports: + - name: datadog-webhook + port: 443 + protocol: TCP + targetPort: 8000 + selector: + app: datadog-cluster-agent +--- +apiVersion: v1 +kind: Service +metadata: + labels: + app: datadog + app.kubernetes.io/instance: datadog + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: datadog + app.kubernetes.io/version: "7" + heritage: Helm + release: datadog + name: datadog + namespace: datadog-agent +spec: + internalTrafficPolicy: Local + ports: + - name: dogstatsdport + port: 8125 + protocol: UDP + targetPort: 8125 + - name: traceport + port: 8126 + protocol: TCP + targetPort: 8126 + selector: + app: datadog +--- +apiVersion: apps/v1 +kind: DaemonSet +metadata: + labels: + app.kubernetes.io/component: agent + app.kubernetes.io/instance: datadog + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: datadog + app.kubernetes.io/version: "7" + name: datadog + namespace: datadog-agent +spec: + revisionHistoryLimit: 10 + selector: + matchLabels: + app: datadog + template: + metadata: + annotations: {} + labels: + admission.datadoghq.com/enabled: "false" + app: datadog + app.kubernetes.io/component: agent + app.kubernetes.io/instance: datadog + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: datadog + name: datadog + spec: + affinity: {} + automountServiceAccountToken: true + containers: + - command: + - agent + - run + env: + - name: DD_API_KEY + valueFrom: + secretKeyRef: + key: api-key + name: datadog-secret + - name: DD_REMOTE_CONFIGURATION_ENABLED + value: "true" + - name: DD_AUTH_TOKEN_FILE_PATH + value: /etc/datadog-agent/auth/token + - name: KUBERNETES + value: "yes" + - name: DD_LANGUAGE_DETECTION_ENABLED + value: "false" + - name: DD_LANGUAGE_DETECTION_REPORTING_ENABLED + value: "false" + - name: DD_KUBERNETES_KUBELET_HOST + valueFrom: + fieldRef: + fieldPath: status.hostIP + - name: DD_OTLP_CONFIG_LOGS_ENABLED + value: "false" + - name: DD_PROCESS_CONFIG_PROCESS_COLLECTION_ENABLED + value: "false" + - name: DD_PROCESS_CONFIG_CONTAINER_COLLECTION_ENABLED + value: "true" + - name: DD_PROCESS_AGENT_DISCOVERY_ENABLED + value: "true" + - name: DD_STRIP_PROCESS_ARGS + value: "false" + - name: DD_PROCESS_CONFIG_RUN_IN_CORE_AGENT_ENABLED + value: "true" + - name: DD_LOG_LEVEL + value: INFO + - name: DD_DOGSTATSD_PORT + value: "8125" + - name: DD_DOGSTATSD_NON_LOCAL_TRAFFIC + value: "true" + - name: DD_DOGSTATSD_TAG_CARDINALITY + value: low + - name: DD_CLUSTER_AGENT_ENABLED + value: "true" + - name: DD_CLUSTER_AGENT_KUBERNETES_SERVICE_NAME + value: datadog-cluster-agent + - name: DD_CLUSTER_AGENT_AUTH_TOKEN + valueFrom: + secretKeyRef: + key: token + name: datadog-cluster-agent + - name: DD_APM_ENABLED + value: "true" + - name: DD_LOGS_ENABLED + value: "false" + - name: DD_LOGS_CONFIG_CONTAINER_COLLECT_ALL + value: "false" + - name: DD_LOGS_CONFIG_K8S_CONTAINER_USE_FILE + value: "true" + - name: DD_LOGS_CONFIG_AUTO_MULTI_LINE_DETECTION + value: "false" + - name: DD_HEALTH_PORT + value: "5555" + - name: DD_DOGSTATSD_SOCKET + value: /var/run/datadog/dsd.socket + - name: DD_EXTRA_CONFIG_PROVIDERS + value: clusterchecks endpointschecks + - name: DD_IGNORE_AUTOCONF + value: kubernetes_state + - name: DD_CONTAINER_LIFECYCLE_ENABLED + value: "true" + - name: DD_ORCHESTRATOR_EXPLORER_ENABLED + value: "true" + - name: DD_EXPVAR_PORT + value: "6000" + - name: DD_COMPLIANCE_CONFIG_ENABLED + value: "false" + - name: DD_CONTAINER_IMAGE_ENABLED + value: "true" + - name: DD_KUBELET_CORE_CHECK_ENABLED + value: "true" + image: gcr.io/datadoghq/agent:7.63.2 + imagePullPolicy: IfNotPresent + livenessProbe: + failureThreshold: 6 + httpGet: + path: /live + port: 5555 + scheme: HTTP + initialDelaySeconds: 15 + periodSeconds: 15 + successThreshold: 1 + timeoutSeconds: 5 + name: agent + ports: + - containerPort: 8125 + name: dogstatsdport + protocol: UDP + readinessProbe: + failureThreshold: 6 + httpGet: + path: /ready + port: 5555 + scheme: HTTP + initialDelaySeconds: 15 + periodSeconds: 15 + successThreshold: 1 + timeoutSeconds: 5 + resources: {} + startupProbe: + failureThreshold: 6 + httpGet: + path: /startup + port: 5555 + scheme: HTTP + initialDelaySeconds: 15 + periodSeconds: 15 + successThreshold: 1 + timeoutSeconds: 5 + volumeMounts: + - mountPath: /var/log/datadog + name: logdatadog + readOnly: false + - mountPath: /etc/datadog-agent/install_info + name: installinfo + readOnly: true + subPath: install_info + - mountPath: /tmp + name: tmpdir + readOnly: false + - mountPath: /host/etc/os-release + name: os-release-file + readOnly: true + - mountPath: /etc/datadog-agent + name: config + readOnly: false + - mountPath: /etc/datadog-agent/auth + name: auth-token + readOnly: false + - mountPath: /host/var/run + mountPropagation: None + name: runtimesocketdir + readOnly: true + - mountPath: /var/run/datadog + name: dsdsocket + readOnly: false + - mountPath: /host/proc + mountPropagation: None + name: procdir + readOnly: true + - mountPath: /host/sys/fs/cgroup + mountPropagation: None + name: cgroups + readOnly: true + - mountPath: /etc/passwd + name: passwd + readOnly: true + - command: + - trace-agent + - -config=/etc/datadog-agent/datadog.yaml + env: + - name: DD_API_KEY + valueFrom: + secretKeyRef: + key: api-key + name: datadog-secret + - name: DD_REMOTE_CONFIGURATION_ENABLED + value: "true" + - name: DD_AUTH_TOKEN_FILE_PATH + value: /etc/datadog-agent/auth/token + - name: KUBERNETES + value: "yes" + - name: DD_LANGUAGE_DETECTION_ENABLED + value: "false" + - name: DD_LANGUAGE_DETECTION_REPORTING_ENABLED + value: "false" + - name: DD_KUBERNETES_KUBELET_HOST + valueFrom: + fieldRef: + fieldPath: status.hostIP + - name: DD_OTLP_CONFIG_LOGS_ENABLED + value: "false" + - name: DD_CLUSTER_AGENT_ENABLED + value: "true" + - name: DD_CLUSTER_AGENT_KUBERNETES_SERVICE_NAME + value: datadog-cluster-agent + - name: DD_CLUSTER_AGENT_AUTH_TOKEN + valueFrom: + secretKeyRef: + key: token + name: datadog-cluster-agent + - name: DD_LOG_LEVEL + value: INFO + - name: DD_APM_ENABLED + value: "true" + - name: DD_APM_NON_LOCAL_TRAFFIC + value: "true" + - name: DD_APM_RECEIVER_PORT + value: "8126" + - name: DD_APM_RECEIVER_SOCKET + value: /var/run/datadog/apm.socket + - name: DD_DOGSTATSD_SOCKET + value: /var/run/datadog/dsd.socket + - name: DD_INSTRUMENTATION_INSTALL_TIME + valueFrom: + configMapKeyRef: + key: install_time + name: datadog-kpi-telemetry-configmap + - name: DD_INSTRUMENTATION_INSTALL_ID + valueFrom: + configMapKeyRef: + key: install_id + name: datadog-kpi-telemetry-configmap + - name: DD_INSTRUMENTATION_INSTALL_TYPE + valueFrom: + configMapKeyRef: + key: install_type + name: datadog-kpi-telemetry-configmap + image: gcr.io/datadoghq/agent:7.63.2 + imagePullPolicy: IfNotPresent + livenessProbe: + initialDelaySeconds: 15 + periodSeconds: 15 + tcpSocket: + port: 8126 + timeoutSeconds: 5 + name: trace-agent + ports: + - containerPort: 8126 + name: traceport + protocol: TCP + resources: {} + volumeMounts: + - mountPath: /etc/datadog-agent + name: config + readOnly: true + - mountPath: /var/log/datadog + name: logdatadog + readOnly: false + - mountPath: /etc/datadog-agent/auth + name: auth-token + readOnly: true + - mountPath: /host/proc + mountPropagation: None + name: procdir + readOnly: true + - mountPath: /host/sys/fs/cgroup + mountPropagation: None + name: cgroups + readOnly: true + - mountPath: /tmp + name: tmpdir + readOnly: false + - mountPath: /var/run/datadog + name: dsdsocket + readOnly: false + - mountPath: /host/var/run + mountPropagation: None + name: runtimesocketdir + readOnly: true + hostPID: true + initContainers: + - args: + - cp -r /etc/datadog-agent /opt + command: + - bash + - -c + image: gcr.io/datadoghq/agent:7.63.2 + imagePullPolicy: IfNotPresent + name: init-volume + resources: {} + volumeMounts: + - mountPath: /opt/datadog-agent + name: config + readOnly: false + - args: + - for script in $(find /etc/cont-init.d/ -type f -name '*.sh' | sort) ; do bash $script ; done + command: + - bash + - -c + env: + - name: DD_API_KEY + valueFrom: + secretKeyRef: + key: api-key + name: datadog-secret + - name: DD_REMOTE_CONFIGURATION_ENABLED + value: "true" + - name: DD_AUTH_TOKEN_FILE_PATH + value: /etc/datadog-agent/auth/token + - name: KUBERNETES + value: "yes" + - name: DD_LANGUAGE_DETECTION_ENABLED + value: "false" + - name: DD_LANGUAGE_DETECTION_REPORTING_ENABLED + value: "false" + - name: DD_KUBERNETES_KUBELET_HOST + valueFrom: + fieldRef: + fieldPath: status.hostIP + - name: DD_OTLP_CONFIG_LOGS_ENABLED + value: "false" + image: gcr.io/datadoghq/agent:7.63.2 + imagePullPolicy: IfNotPresent + name: init-config + resources: {} + volumeMounts: + - mountPath: /etc/datadog-agent + name: config + readOnly: false + - mountPath: /var/log/datadog + name: logdatadog + readOnly: false + - mountPath: /host/proc + mountPropagation: None + name: procdir + readOnly: true + - mountPath: /host/var/run + mountPropagation: None + name: runtimesocketdir + readOnly: true + nodeSelector: + kubernetes.io/os: linux + securityContext: + runAsUser: 0 + serviceAccountName: datadog + tolerations: null + volumes: + - emptyDir: {} + name: auth-token + - configMap: + name: datadog-installinfo + name: installinfo + - emptyDir: {} + name: config + - emptyDir: {} + name: logdatadog + - emptyDir: {} + name: tmpdir + - emptyDir: {} + name: s6-run + - hostPath: + path: /proc + name: procdir + - hostPath: + path: /sys/fs/cgroup + name: cgroups + - hostPath: + path: /etc/os-release + name: os-release-file + - hostPath: + path: /var/run/datadog/ + type: DirectoryOrCreate + name: dsdsocket + - hostPath: + path: /var/run/datadog/ + type: DirectoryOrCreate + name: apmsocket + - hostPath: + path: /etc/passwd + name: passwd + - hostPath: + path: /var/run + name: runtimesocketdir + updateStrategy: + rollingUpdate: + maxUnavailable: 10% + type: RollingUpdate +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + labels: + app.kubernetes.io/component: cluster-agent + app.kubernetes.io/instance: datadog + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: datadog + app.kubernetes.io/version: "7" + name: datadog-cluster-agent + namespace: datadog-agent +spec: + replicas: 1 + revisionHistoryLimit: 10 + selector: + matchLabels: + app: datadog-cluster-agent + strategy: + rollingUpdate: + maxSurge: 1 + maxUnavailable: 0 + type: RollingUpdate + template: + metadata: + annotations: {} + labels: + admission.datadoghq.com/enabled: "false" + app: datadog-cluster-agent + app.kubernetes.io/component: cluster-agent + app.kubernetes.io/instance: datadog + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: datadog + name: datadog-cluster-agent + spec: + affinity: + podAntiAffinity: + preferredDuringSchedulingIgnoredDuringExecution: + - podAffinityTerm: + labelSelector: + matchLabels: + app: datadog-cluster-agent + topologyKey: kubernetes.io/hostname + weight: 50 + automountServiceAccountToken: true + containers: + - env: + - name: DD_POD_NAME + valueFrom: + fieldRef: + fieldPath: metadata.name + - name: DD_CLUSTER_AGENT_SERVICE_ACCOUNT_NAME + valueFrom: + fieldRef: + fieldPath: spec.serviceAccountName + - name: DD_HEALTH_PORT + value: "5556" + - name: DD_API_KEY + valueFrom: + secretKeyRef: + key: api-key + name: datadog-secret + optional: true + - name: KUBERNETES + value: "yes" + - name: DD_LANGUAGE_DETECTION_ENABLED + value: "false" + - name: DD_LANGUAGE_DETECTION_REPORTING_ENABLED + value: "false" + - name: DD_ADMISSION_CONTROLLER_ENABLED + value: "true" + - name: DD_ADMISSION_CONTROLLER_VALIDATION_ENABLED + value: "true" + - name: DD_ADMISSION_CONTROLLER_MUTATION_ENABLED + value: "true" + - name: DD_ADMISSION_CONTROLLER_WEBHOOK_NAME + value: datadog-webhook + - name: DD_ADMISSION_CONTROLLER_MUTATE_UNLABELLED + value: "false" + - name: DD_ADMISSION_CONTROLLER_SERVICE_NAME + value: datadog-cluster-agent-admission-controller + - name: DD_ADMISSION_CONTROLLER_INJECT_CONFIG_MODE + value: socket + - name: DD_ADMISSION_CONTROLLER_INJECT_CONFIG_LOCAL_SERVICE_NAME + value: datadog + - name: DD_ADMISSION_CONTROLLER_FAILURE_POLICY + value: Ignore + - name: DD_ADMISSION_CONTROLLER_PORT + value: "8000" + - name: DD_ADMISSION_CONTROLLER_CONTAINER_REGISTRY + value: gcr.io/datadoghq + - name: DD_REMOTE_CONFIGURATION_ENABLED + value: "false" + - name: DD_CLUSTER_CHECKS_ENABLED + value: "true" + - name: DD_EXTRA_CONFIG_PROVIDERS + value: kube_endpoints kube_services + - name: DD_EXTRA_LISTENERS + value: kube_endpoints kube_services + - name: DD_LOG_LEVEL + value: INFO + - name: DD_LEADER_ELECTION + value: "true" + - name: DD_LEADER_ELECTION_DEFAULT_RESOURCE + value: configmap + - name: DD_LEADER_LEASE_NAME + value: datadog-leader-election + - name: DD_CLUSTER_AGENT_TOKEN_NAME + value: datadogtoken + - name: DD_COLLECT_KUBERNETES_EVENTS + value: "true" + - name: DD_KUBERNETES_USE_ENDPOINT_SLICES + value: "false" + - name: DD_KUBERNETES_EVENTS_SOURCE_DETECTION_ENABLED + value: "false" + - name: DD_CLUSTER_AGENT_KUBERNETES_SERVICE_NAME + value: datadog-cluster-agent + - name: DD_CLUSTER_AGENT_AUTH_TOKEN + valueFrom: + secretKeyRef: + key: token + name: datadog-cluster-agent + - name: DD_CLUSTER_AGENT_COLLECT_KUBERNETES_TAGS + value: "false" + - name: DD_KUBE_RESOURCES_NAMESPACE + value: datadog-agent + - name: CHART_RELEASE_NAME + value: datadog + - name: AGENT_DAEMONSET + value: datadog + - name: CLUSTER_AGENT_DEPLOYMENT + value: datadog-cluster-agent + - name: DD_ORCHESTRATOR_EXPLORER_ENABLED + value: "true" + - name: DD_ORCHESTRATOR_EXPLORER_CONTAINER_SCRUBBING_ENABLED + value: "true" + - name: DD_CLUSTER_AGENT_LANGUAGE_DETECTION_PATCHER_ENABLED + value: "false" + - name: DD_INSTRUMENTATION_INSTALL_TIME + valueFrom: + configMapKeyRef: + key: install_time + name: datadog-kpi-telemetry-configmap + - name: DD_INSTRUMENTATION_INSTALL_ID + valueFrom: + configMapKeyRef: + key: install_id + name: datadog-kpi-telemetry-configmap + - name: DD_INSTRUMENTATION_INSTALL_TYPE + valueFrom: + configMapKeyRef: + key: install_type + name: datadog-kpi-telemetry-configmap + image: gcr.io/datadoghq/cluster-agent:7.63.2 + imagePullPolicy: IfNotPresent + livenessProbe: + failureThreshold: 6 + httpGet: + path: /live + port: 5556 + scheme: HTTP + initialDelaySeconds: 15 + periodSeconds: 15 + successThreshold: 1 + timeoutSeconds: 5 + name: cluster-agent + ports: + - containerPort: 5005 + name: agentport + protocol: TCP + - containerPort: 5000 + name: agentmetrics + protocol: TCP + - containerPort: 8000 + name: datadog-webhook + protocol: TCP + readinessProbe: + failureThreshold: 6 + httpGet: + path: /ready + port: 5556 + scheme: HTTP + initialDelaySeconds: 15 + periodSeconds: 15 + successThreshold: 1 + timeoutSeconds: 5 + resources: {} + securityContext: + allowPrivilegeEscalation: false + readOnlyRootFilesystem: true + startupProbe: + failureThreshold: 6 + httpGet: + path: /startup + port: 5556 + scheme: HTTP + initialDelaySeconds: 15 + periodSeconds: 15 + successThreshold: 1 + timeoutSeconds: 5 + volumeMounts: + - mountPath: /opt/datadog-agent/run + name: datadogrun + readOnly: false + - mountPath: /var/log/datadog + name: varlog + readOnly: false + - mountPath: /tmp + name: tmpdir + readOnly: false + - mountPath: /etc/datadog-agent/install_info + name: installinfo + readOnly: true + subPath: install_info + - mountPath: /conf.d + name: confd + readOnly: true + - mountPath: /etc/datadog-agent + name: config + initContainers: + - args: + - /etc/datadog-agent + - /opt + command: + - cp + - -r + image: gcr.io/datadoghq/cluster-agent:7.63.2 + imagePullPolicy: IfNotPresent + name: init-volume + volumeMounts: + - mountPath: /opt/datadog-agent + name: config + nodeSelector: + kubernetes.io/os: linux + serviceAccountName: datadog-cluster-agent + volumes: + - emptyDir: {} + name: datadogrun + - emptyDir: {} + name: varlog + - emptyDir: {} + name: tmpdir + - configMap: + name: datadog-installinfo + name: installinfo + - configMap: + items: + - key: kubernetes_state_core.yaml.default + path: kubernetes_state_core.yaml.default + - key: kubernetes_apiserver.yaml + path: kubernetes_apiserver.yaml + name: datadog-cluster-agent-confd + name: confd + - emptyDir: {} + name: config +--- diff --git a/test/datadog/baseline/values/agent-clusterchecks-deployment_default.yaml b/test/datadog/baseline/values/agent-clusterchecks-deployment_default.yaml new file mode 100644 index 000000000..cb455bac1 --- /dev/null +++ b/test/datadog/baseline/values/agent-clusterchecks-deployment_default.yaml @@ -0,0 +1,9 @@ +datadog: + apiKeyExistingSecret: datadog-secret + appKeyExistingSecret: datadog-secret + kubeStateMetricsCore: + useClusterCheckRunners: true + clusterChecks: + enabled: true + clusterChecksRunner: + enabled: true diff --git a/test/datadog/baseline/values/cluster-agent-deployment_default.yaml b/test/datadog/baseline/values/cluster-agent-deployment_default.yaml new file mode 100644 index 000000000..e69de29bb diff --git a/test/datadog/baseline/values/cluster-agent-deployment_default_advanced_AC_injection.yaml b/test/datadog/baseline/values/cluster-agent-deployment_default_advanced_AC_injection.yaml new file mode 100644 index 000000000..9c5cae3bf --- /dev/null +++ b/test/datadog/baseline/values/cluster-agent-deployment_default_advanced_AC_injection.yaml @@ -0,0 +1,31 @@ +clusterAgent: + enabled: true + admissionController: + enabled: true + agentSidecarInjection: + enabled: true + clusterAgentCommunicationEnabled: false + containerRegistry: gcr.io/datadoghq + imageName: agent + imageTag: 7.52.0 + selectors: + - objectSelector: + matchLabels: + "runsOn": nodeless + "app": nginx + namespaceSelector: + matchLabels: + agentSidecars: "true" + profiles: + - env: + - name: DD_ORCHESTRATOR_EXPLORER_ENABLED + value: "false" + - name: DD_TAGS + value: "key1:value1 key2:value2" + resources: + requests: + cpu: "1" + memory: "512Mi" + limits: + cpu: "2" + memory: "1024Mi" diff --git a/test/datadog/baseline/values/cluster-agent-deployment_default_minimal_AC_injection.yaml b/test/datadog/baseline/values/cluster-agent-deployment_default_minimal_AC_injection.yaml new file mode 100644 index 000000000..9dbd3a20a --- /dev/null +++ b/test/datadog/baseline/values/cluster-agent-deployment_default_minimal_AC_injection.yaml @@ -0,0 +1,8 @@ +clusterAgent: + enabled: true + admissionController: + enabled: true + clusterAgentCommunicationEnabled: false + agentSidecarInjection: + enabled: true + provider: fargate diff --git a/test/datadog/baseline/values/daemonset_default.yaml b/test/datadog/baseline/values/daemonset_default.yaml new file mode 100644 index 000000000..709640314 --- /dev/null +++ b/test/datadog/baseline/values/daemonset_default.yaml @@ -0,0 +1,3 @@ +datadog: + apiKeyExistingSecret: datadog-secret + appKeyExistingSecret: datadog-secret diff --git a/test/datadog/baseline/values/default_all.yaml b/test/datadog/baseline/values/default_all.yaml new file mode 100644 index 000000000..709640314 --- /dev/null +++ b/test/datadog/baseline/values/default_all.yaml @@ -0,0 +1,3 @@ +datadog: + apiKeyExistingSecret: datadog-secret + appKeyExistingSecret: datadog-secret diff --git a/test/datadog/baseline/values/gdc_daemonset_default.yaml b/test/datadog/baseline/values/gdc_daemonset_default.yaml new file mode 100644 index 000000000..381a5a2af --- /dev/null +++ b/test/datadog/baseline/values/gdc_daemonset_default.yaml @@ -0,0 +1,6 @@ +datadog: + apiKeyExistingSecret: datadog-secret + appKeyExistingSecret: datadog-secret +providers: + gke: + gdc: true diff --git a/test/datadog/baseline/values/gdc_daemonset_logs_collection.yaml b/test/datadog/baseline/values/gdc_daemonset_logs_collection.yaml new file mode 100644 index 000000000..79756ebea --- /dev/null +++ b/test/datadog/baseline/values/gdc_daemonset_logs_collection.yaml @@ -0,0 +1,11 @@ +datadog: + apiKeyExistingSecret: datadog-secret + appKeyExistingSecret: datadog-secret + logs: + enabled: true + containerCollectAll: true + containerCollectUsingFiles: true + autoMultiLineDetection: true +providers: + gke: + gdc: true diff --git a/test/datadog/baseline/values/other_default.yaml b/test/datadog/baseline/values/other_default.yaml new file mode 100644 index 000000000..dcb117185 --- /dev/null +++ b/test/datadog/baseline/values/other_default.yaml @@ -0,0 +1,12 @@ +datadog: + apiKeyExistingSecret: datadog-secret + appKeyExistingSecret: datadog-secret + kubeStateMetricsCore: + useClusterCheckRunners": true + clusterChecks: + enabled": true + clusterChecksRunner: + enabled: true, + createPodDisruptionBudget": true + clusterAgent: + createPodDisruptionBudget": true diff --git a/test/datadog/baseline_test.go b/test/datadog/baseline_test.go index 25dd0dc7a..751610bc0 100644 --- a/test/datadog/baseline_test.go +++ b/test/datadog/baseline_test.go @@ -3,17 +3,15 @@ package datadog import ( "bufio" "io" + "os" "strings" "testing" "github.com/DataDog/helm-charts/test/common" "github.com/google/go-cmp/cmp" - "github.com/google/go-cmp/cmp/cmpopts" "github.com/stretchr/testify/assert" "github.com/stretchr/testify/require" yaml "gopkg.in/yaml.v3" - appsv1 "k8s.io/api/apps/v1" - corev1 "k8s.io/api/core/v1" yaml2 "k8s.io/apimachinery/pkg/util/yaml" ) @@ -40,201 +38,34 @@ var FilterKeys = map[string]interface{}{ "install_info": nil, } -func Test_baseline_manifests(t *testing.T) { - tests := []struct { - name string - command common.HelmCommand - baselineManifestPath string - assertions func(t *testing.T, baselineManifestPath, manifest string) - }{ - { - name: "Daemonset default", - command: common.HelmCommand{ +func Test_baseline_inputs(t *testing.T) { + files, err := os.ReadDir("./baseline/values") + assert.Nil(t, err, "couldn't read baseline values directory") + for _, file := range files { + t.Run(file.Name(), func(t *testing.T) { + manifest, err := common.RenderChart(t, common.HelmCommand{ ReleaseName: "datadog", ChartPath: "../../charts/datadog", - ShowOnly: []string{"templates/daemonset.yaml"}, - Values: []string{"../../charts/datadog/values.yaml"}, - Overrides: map[string]string{ - "datadog.apiKeyExistingSecret": "datadog-secret", - "datadog.appKeyExistingSecret": "datadog-secret", - }, - }, - baselineManifestPath: "./baseline/daemonset_default.yaml", - assertions: verifyDaemonset, - }, - { - name: "DCA Deployment default", - command: common.HelmCommand{ - ReleaseName: "datadog", - ChartPath: "../../charts/datadog", - ShowOnly: []string{"templates/cluster-agent-deployment.yaml"}, - Values: []string{"../../charts/datadog/values.yaml"}, - Overrides: map[string]string{}, - }, - baselineManifestPath: "./baseline/cluster-agent-deployment_default.yaml", - assertions: verifyDeployment, - }, - { - name: "DCA Deployment default with minimal AC sidecar injection", - command: common.HelmCommand{ - ReleaseName: "datadog", - ChartPath: "../../charts/datadog", - ShowOnly: []string{"templates/cluster-agent-deployment.yaml"}, - Values: []string{"../../charts/datadog/values.yaml", - "./manifests/dca_AC_sidecar_fargateMinimal.yaml"}, - Overrides: map[string]string{}, - }, - baselineManifestPath: "./baseline/cluster-agent-deployment_default_minimal_AC_injection.yaml", - assertions: verifyDeployment, - }, - { - name: "DCA Deployment default with advanced AC sidecar injection", - command: common.HelmCommand{ - ReleaseName: "datadog", - ChartPath: "../../charts/datadog", - ShowOnly: []string{"templates/cluster-agent-deployment.yaml"}, - Values: []string{"../../charts/datadog/values.yaml", - "./manifests/dca_AC_sidecar_advanced.yaml"}, - Overrides: map[string]string{}, - }, - baselineManifestPath: "./baseline/cluster-agent-deployment_default_advanced_AC_injection.yaml", - assertions: verifyDeployment, - }, - { - name: "CLC Deployment default", - command: common.HelmCommand{ - ReleaseName: "datadog", - ChartPath: "../../charts/datadog", - ShowOnly: []string{"templates/agent-clusterchecks-deployment.yaml"}, - Values: []string{"../../charts/datadog/values.yaml"}, - Overrides: map[string]string{ - "datadog.apiKeyExistingSecret": "datadog-secret", - "datadog.appKeyExistingSecret": "datadog-secret", - "datadog.kubeStateMetricsCore.useClusterCheckRunners": "true", - "datadog.clusterChecks.enabled": "true", - "clusterChecksRunner.enabled": "true", - }}, - baselineManifestPath: "./baseline/agent-clusterchecks-deployment_default.yaml", - assertions: verifyDeployment, - }, - { - name: "Other resources, skips Deployment, DaemonSet, Secret; creates PDBs", - command: common.HelmCommand{ - ReleaseName: "datadog", - ChartPath: "../../charts/datadog", - ShowOnly: []string{}, - Values: []string{"../../charts/datadog/values.yaml"}, - Overrides: map[string]string{ - "datadog.apiKeyExistingSecret": "datadog-secret", - "datadog.appKeyExistingSecret": "datadog-secret", - "datadog.kubeStateMetricsCore.useClusterCheckRunners": "true", - "datadog.clusterChecks.enabled": "true", - "clusterChecksRunner.enabled": "true", - // Create PDB for DCA and CLC - "clusterAgent.createPodDisruptionBudget": "true", - "clusterChecksRunner.createPodDisruptionBudget": "true", - }}, - baselineManifestPath: "./baseline/other_default.yaml", - assertions: verifyUntypedResources, - }, - { - name: "GDC DaemonSet default", - command: common.HelmCommand{ - ReleaseName: "datadog", - ChartPath: "../../charts/datadog", - ShowOnly: []string{"templates/daemonset.yaml"}, - Values: []string{"../../charts/datadog/values.yaml"}, - Overrides: map[string]string{ - "datadog.apiKeyExistingSecret": "datadog-secret", - "datadog.appKeyExistingSecret": "datadog-secret", - "providers.gke.gdc": "true", - }, - }, - baselineManifestPath: "./baseline/gdc_daemonset_default.yaml", - assertions: verifyDaemonset, - }, - { - name: "GDC DaemonSet logs collection enabled", - command: common.HelmCommand{ - ReleaseName: "datadog", - ChartPath: "../../charts/datadog", - ShowOnly: []string{"templates/daemonset.yaml"}, - Values: []string{"../../charts/datadog/values.yaml"}, - Overrides: map[string]string{ - "datadog.apiKeyExistingSecret": "datadog-secret", - "datadog.appKeyExistingSecret": "datadog-secret", - "datadog.logs.enabled": "true", - "datadog.logs.containerCollectAll": "true", - "datadog.logs.containerCollectUsingFiles": "true", - "datadog.logs.autoMultiLineDetection": "true", - "providers.gke.gdc": "true", - }, - }, - baselineManifestPath: "./baseline/gdc_daemonset_logs_collection.yaml", - assertions: verifyDaemonset, - }, - { - // All resources needs to be handled separately due to multiple yaml manifests - name: "datadog default all resources", - command: common.HelmCommand{ - ReleaseName: "datadog", - ChartPath: "../../charts/datadog", - Values: []string{"../../charts/datadog/values.yaml"}, - Overrides: map[string]string{ - "datadog.apiKeyExistingSecret": "datadog-secret", - "datadog.appKeyExistingSecret": "datadog-secret", - }, - }, - baselineManifestPath: "./baseline/default_all.yaml", - assertions: verifyUntypedResources, - }, - } - - for _, tt := range tests { - t.Run(tt.name, func(t *testing.T) { - manifest, err := common.RenderChart(t, tt.command) + Values: []string{"./baseline/values/" + file.Name()}, + }) assert.Nil(t, err, "couldn't render template") manifest, err = common.FilterYamlKeysMultiManifest(manifest, FilterKeys) + if err != nil { t.Fatalf("couldn't filter yaml keys: %v", err) } t.Log("update baselines", common.UpdateBaselines) if common.UpdateBaselines { - common.WriteToFile(t, tt.baselineManifestPath, manifest) + common.WriteToFile(t, "./baseline/manifests/"+file.Name(), manifest) } - tt.assertions(t, tt.baselineManifestPath, manifest) + + verifyUntypedResources(t, "./baseline/manifests/"+file.Name(), manifest) }) } } -func verifyDaemonset(t *testing.T, baselineManifestPath, manifest string) { - verifyBaseline(t, baselineManifestPath, manifest, appsv1.DaemonSet{}, appsv1.DaemonSet{}) -} - -func verifyDeployment(t *testing.T, baselineManifestPath, manifest string) { - verifyBaseline(t, baselineManifestPath, manifest, appsv1.Deployment{}, appsv1.Deployment{}) -} - -func verifyBaseline[T any](t *testing.T, baselineManifestPath, manifest string, baseline, actual T) { - common.Unmarshal(t, manifest, &actual) - common.LoadFromFile(t, baselineManifestPath, &baseline) - - // Exclude - // - "helm.sh/chart" label - // - checksum annotations - // - Image - // to avoid frequent baseline update and CI failures. - ops := make(cmp.Options, 0) - ops = append(ops, cmpopts.IgnoreMapEntries(func(k, v string) bool { - return k == "helm.sh/chart" || k == "checksum/clusteragent_token" || strings.Contains(k, "checksum") - })) - ops = append(ops, cmpopts.IgnoreFields(corev1.Container{}, "Image")) - - assert.True(t, cmp.Equal(baseline, actual, ops), cmp.Diff(baseline, actual)) -} - func verifyUntypedResources(t *testing.T, baselineManifestPath, actual string) { baselineManifest := common.ReadFile(t, baselineManifestPath) @@ -257,20 +88,6 @@ func verifyUntypedResources(t *testing.T, baselineManifestPath, actual string) { yaml.Unmarshal(baselineResource, &expected) yaml.Unmarshal(actualResource, &actual) - assert.Equal(t, expected["kind"], actual["kind"]) - kind := expected["kind"] - if kind == "Deployment" || kind == "DaemonSet" || kind == "Secret" { - continue - } - - ops := make(cmp.Options, 0) - ops = append(ops, cmpopts.IgnoreMapEntries(func(k string, v any) bool { - // skip these as these change frequently - t.Log(k, v) - return k == "helm.sh/chart" || k == "token" || strings.Contains(k, "checksum") || - k == "Image" || k == "install_id" || k == "install_time" - })) - - assert.True(t, cmp.Equal(expected, actual, ops), cmp.Diff(expected, actual)) + assert.True(t, cmp.Equal(expected, actual), cmp.Diff(expected, actual)) } } From 64e474ec3ae886ce2ef2b366ad672b966393bc36 Mon Sep 17 00:00:00 2001 From: Guilherme Borges Oliveira Date: Wed, 5 Mar 2025 10:31:03 +0100 Subject: [PATCH 35/45] =?UTF-8?q?build:=20=E2=AC=86=EF=B8=8F=20bump=20PL?= =?UTF-8?q?=20version=20to=201.55.0=20(#1732)?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit * build: ⬆️ bump PL version to 1.55.0 * fix: :memo: running .github/helm-docs.sh --- charts/synthetics-private-location/CHANGELOG.md | 4 ++++ charts/synthetics-private-location/Chart.yaml | 4 ++-- charts/synthetics-private-location/README.md | 4 ++-- charts/synthetics-private-location/values.yaml | 2 +- 4 files changed, 9 insertions(+), 5 deletions(-) diff --git a/charts/synthetics-private-location/CHANGELOG.md b/charts/synthetics-private-location/CHANGELOG.md index 6e417352f..a131ae148 100644 --- a/charts/synthetics-private-location/CHANGELOG.md +++ b/charts/synthetics-private-location/CHANGELOG.md @@ -1,5 +1,9 @@ # Datadog changelog +## 0.17.7 + +* Update private location image version to `1.55.0`. + ## 0.17.6 * Add optional annotations for service account. diff --git a/charts/synthetics-private-location/Chart.yaml b/charts/synthetics-private-location/Chart.yaml index 7d230dc66..98911590e 100644 --- a/charts/synthetics-private-location/Chart.yaml +++ b/charts/synthetics-private-location/Chart.yaml @@ -1,7 +1,7 @@ apiVersion: v2 name: synthetics-private-location -version: 0.17.6 -appVersion: 1.54.0 +version: 0.17.7 +appVersion: 1.55.0 description: Datadog Synthetics Private Location keywords: - monitoring diff --git a/charts/synthetics-private-location/README.md b/charts/synthetics-private-location/README.md index ca6824c55..79028fcea 100644 --- a/charts/synthetics-private-location/README.md +++ b/charts/synthetics-private-location/README.md @@ -1,6 +1,6 @@ # Datadog Synthetics Private Location -![Version: 0.17.6](https://img.shields.io/badge/Version-0.17.6-informational?style=flat-square) ![AppVersion: 1.54.0](https://img.shields.io/badge/AppVersion-1.54.0-informational?style=flat-square) +![Version: 0.17.7](https://img.shields.io/badge/Version-0.17.7-informational?style=flat-square) ![AppVersion: 1.55.0](https://img.shields.io/badge/AppVersion-1.55.0-informational?style=flat-square) [Datadog](https://www.datadoghq.com/) is a hosted infrastructure monitoring platform. This chart adds a Datadog Synthetics Private Location Deployment. For more information about synthetics monitoring with Datadog, please refer to the [Datadog documentation website](https://docs.datadoghq.com/synthetics/private_locations/?tab=helmchart). @@ -41,7 +41,7 @@ helm install datadog/synthetics-private-location --set-file confi | hostAliases | list | `[]` | Add entries to Datadog Synthetics Private Location PODs' /etc/hosts | | image.pullPolicy | string | `"IfNotPresent"` | Define the pullPolicy for Datadog Synthetics Private Location image | | image.repository | string | `"gcr.io/datadoghq/synthetics-private-location-worker"` | Repository to use for Datadog Synthetics Private Location image | -| image.tag | string | `"1.54.0"` | Define the Datadog Synthetics Private Location version to use | +| image.tag | string | `"1.55.0"` | Define the Datadog Synthetics Private Location version to use | | imagePullSecrets | list | `[]` | Datadog Synthetics Private Location repository pullSecret (ex: specify docker registry credentials) | | nameOverride | string | `""` | Override name of app | | nodeSelector | object | `{}` | Allows to schedule Datadog Synthetics Private Location on specific nodes | diff --git a/charts/synthetics-private-location/values.yaml b/charts/synthetics-private-location/values.yaml index c92dfd539..89a77ffcf 100644 --- a/charts/synthetics-private-location/values.yaml +++ b/charts/synthetics-private-location/values.yaml @@ -15,7 +15,7 @@ image: # image.pullPolicy -- Define the pullPolicy for Datadog Synthetics Private Location image pullPolicy: IfNotPresent # image.tag -- Define the Datadog Synthetics Private Location version to use - tag: 1.54.0 + tag: 1.55.0 # dnsPolicy -- DNS Policy to set to the Datadog Synthetics Private Location PODs dnsPolicy: ClusterFirst From 9603406fac1221e94680ca082db9b967e1f1ded0 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Guillermo=20Juli=C3=A1n?= Date: Wed, 5 Mar 2025 12:55:48 +0100 Subject: [PATCH 36/45] Reapply "Add PodResources mount (#1696)" (#1714) * Reapply "Add PodResources mount" (#1708) This reverts commit 645031f3b7e709cea09dd8d8ac3e08eea0789fe9. * Mount only for non-windows, non-gke * Fix for GDC and autopilot * Fix setting * Update baselines * Update baselines --- charts/datadog/CHANGELOG.md | 4 ++++ charts/datadog/Chart.yaml | 2 +- charts/datadog/README.md | 3 ++- charts/datadog/templates/_container-agent.yaml | 9 +++++++++ charts/datadog/templates/_daemonset-volumes-linux.yaml | 5 +++++ charts/datadog/values.yaml | 4 ++++ test/datadog/baseline/daemonset_default.yaml | 8 ++++++++ .../agent-clusterchecks-deployment_default.yaml | 8 ++++++++ test/datadog/baseline/manifests/daemonset_default.yaml | 8 ++++++++ test/datadog/baseline/manifests/default_all.yaml | 8 ++++++++ test/datadog/baseline/manifests/other_default.yaml | 8 ++++++++ 11 files changed, 65 insertions(+), 2 deletions(-) diff --git a/charts/datadog/CHANGELOG.md b/charts/datadog/CHANGELOG.md index cff42574f..f572f48b1 100644 --- a/charts/datadog/CHANGELOG.md +++ b/charts/datadog/CHANGELOG.md @@ -1,5 +1,9 @@ # Datadog changelog +## 3.102.0 + +* Add a mount for the Kubernetes PodResources socket. + ## 3.101.1 * Add the `NVIDIA_VISIBLE_DEVICES` environment variable to the containers when GPU monitoring is enabled: if the NVIDIA k8s device plugin does not support volume mounts for requesting devices (controlled by the `accept-nvidia-visible-devices-as-volume-mount` setting) we need to request devices via the environment variable. diff --git a/charts/datadog/Chart.yaml b/charts/datadog/Chart.yaml index e8721af95..116dd6687 100644 --- a/charts/datadog/Chart.yaml +++ b/charts/datadog/Chart.yaml @@ -1,7 +1,7 @@ --- apiVersion: v1 name: datadog -version: 3.101.1 +version: 3.102.0 appVersion: "7" description: Datadog Agent keywords: diff --git a/charts/datadog/README.md b/charts/datadog/README.md index 7254f79d9..cd2a07fbf 100644 --- a/charts/datadog/README.md +++ b/charts/datadog/README.md @@ -1,6 +1,6 @@ # Datadog -![Version: 3.101.1](https://img.shields.io/badge/Version-3.101.1-informational?style=flat-square) ![AppVersion: 7](https://img.shields.io/badge/AppVersion-7-informational?style=flat-square) +![Version: 3.102.0](https://img.shields.io/badge/Version-3.102.0-informational?style=flat-square) ![AppVersion: 7](https://img.shields.io/badge/AppVersion-7-informational?style=flat-square) [Datadog](https://www.datadoghq.com/) is a hosted infrastructure monitoring platform. This chart adds the Datadog Agent to all nodes in your cluster via a DaemonSet. It also optionally depends on the [kube-state-metrics chart](https://github.com/prometheus-community/helm-charts/tree/main/charts/kube-state-metrics). For more information about monitoring Kubernetes with Datadog, please refer to the [Datadog documentation website](https://docs.datadoghq.com/agent/basic_agent_usage/kubernetes/). @@ -778,6 +778,7 @@ helm install \ | datadog.kubelet.host | object | `{"valueFrom":{"fieldRef":{"fieldPath":"status.hostIP"}}}` | Override kubelet IP | | datadog.kubelet.hostCAPath | string | None (no mount from host) | Path (on host) where the Kubelet CA certificate is stored | | datadog.kubelet.podLogsPath | string | /var/log/pods on Linux, C:\var\log\pods on Windows | Path (on host) where the PODs logs are located | +| datadog.kubelet.podResourcesSocketDir | string | /var/lib/kubelet/pod-resources | Path (on host) where the kubelet.sock socket for the PodResources API is located | | datadog.kubelet.tlsVerify | string | true | Toggle kubelet TLS verification | | datadog.kubernetesEvents.collectedEventTypes | list | `[{"kind":"Pod","reasons":["Failed","BackOff","Unhealthy","FailedScheduling","FailedMount","FailedAttachVolume"]},{"kind":"Node","reasons":["TerminatingEvictedPod","NodeNotReady","Rebooted","HostPortConflict"]},{"kind":"CronJob","reasons":["SawCompletedJob"]}]` | Event types to be collected. This requires datadog.kubernetesEvents.unbundleEvents to be set to true. | | datadog.kubernetesEvents.filteringEnabled | bool | `false` | Enable this to only include events that match the pre-defined allowed events. (Requires Cluster Agent 7.57.0+). | diff --git a/charts/datadog/templates/_container-agent.yaml b/charts/datadog/templates/_container-agent.yaml index b90ba1e44..9c50bb356 100644 --- a/charts/datadog/templates/_container-agent.yaml +++ b/charts/datadog/templates/_container-agent.yaml @@ -205,6 +205,10 @@ - name: DD_OTELCOLLECTOR_ENABLED value: "true" {{- end }} + {{- if and (not .Values.providers.gke.gdc) (not .Values.providers.gke.autopilot) }} + - name: DD_KUBERNETES_KUBELET_PODRESOURCES_SOCKET + value: {{ printf "%s/kubelet.sock" .Values.datadog.kubelet.podResourcesSocketDir | quote }} + {{- end }} {{- if .Values.datadog.gpuMonitoring.enabled }} # depending on the NVIDIA container toolkit configuration, we might need to request visible devices via this env var or via the /var/run/nvidia-container-devices/all volume mount - name: NVIDIA_VISIBLE_DEVICES @@ -246,6 +250,11 @@ readOnly: true {{- end }} {{- if eq .Values.targetSystem "linux" }} + {{- if and (not .Values.providers.gke.gdc) (not .Values.providers.gke.autopilot) }} + - name: pod-resources-socket + mountPath: {{ .Values.datadog.kubelet.podResourcesSocketDir }} + readOnly: false + {{- end }} {{- if not .Values.providers.gke.gdc }} - name: dsdsocket mountPath: {{ (dir .Values.datadog.dogstatsd.socketPath) }} diff --git a/charts/datadog/templates/_daemonset-volumes-linux.yaml b/charts/datadog/templates/_daemonset-volumes-linux.yaml index da78a43ba..4916c18cf 100644 --- a/charts/datadog/templates/_daemonset-volumes-linux.yaml +++ b/charts/datadog/templates/_daemonset-volumes-linux.yaml @@ -10,6 +10,11 @@ configMap: name: {{ include "agents.confd-configmap-name" . }} {{- end }} +{{- if and (not .Values.providers.gke.gdc) (not .Values.providers.gke.autopilot) }} +- name: pod-resources-socket + hostPath: + path: {{ .Values.datadog.kubelet.podResourcesSocketDir }} +{{- end }} {{- if not .Values.providers.gke.gdc }} - hostPath: path: /proc diff --git a/charts/datadog/values.yaml b/charts/datadog/values.yaml index f58a5d45e..c6bd97571 100644 --- a/charts/datadog/values.yaml +++ b/charts/datadog/values.yaml @@ -313,6 +313,10 @@ datadog: # datadog.kubelet.coreCheckEnabled -- Toggle if kubelet core check should be used instead of Python check. (Requires Agent/Cluster Agent 7.53.0+) # @default -- true coreCheckEnabled: true + # datadog.kubelet.podResourcesSocketDir -- Path (on host) where the kubelet.sock socket for the PodResources API is located + # @default -- /var/lib/kubelet/pod-resources + podResourcesSocketDir: /var/lib/kubelet/pod-resources + # datadog.expvarPort -- Specify the port to expose pprof and expvar to not interfere with the agent metrics port from the cluster-agent, which defaults to 5000 expvarPort: 6000 diff --git a/test/datadog/baseline/daemonset_default.yaml b/test/datadog/baseline/daemonset_default.yaml index b7432b3bb..1571fa3dc 100644 --- a/test/datadog/baseline/daemonset_default.yaml +++ b/test/datadog/baseline/daemonset_default.yaml @@ -111,6 +111,8 @@ spec: value: "true" - name: DD_KUBELET_CORE_CHECK_ENABLED value: "true" + - name: DD_KUBERNETES_KUBELET_PODRESOURCES_SOCKET + value: /var/lib/kubelet/pod-resources/kubelet.sock image: gcr.io/datadoghq/agent:7.63.2 imagePullPolicy: IfNotPresent livenessProbe: @@ -173,6 +175,9 @@ spec: mountPropagation: None name: runtimesocketdir readOnly: true + - mountPath: /var/lib/kubelet/pod-resources + name: pod-resources-socket + readOnly: false - mountPath: /var/run/datadog name: dsdsocket readOnly: false @@ -371,6 +376,9 @@ spec: name: tmpdir - emptyDir: {} name: s6-run + - hostPath: + path: /var/lib/kubelet/pod-resources + name: pod-resources-socket - hostPath: path: /proc name: procdir diff --git a/test/datadog/baseline/manifests/agent-clusterchecks-deployment_default.yaml b/test/datadog/baseline/manifests/agent-clusterchecks-deployment_default.yaml index 514c74106..c7b67b912 100644 --- a/test/datadog/baseline/manifests/agent-clusterchecks-deployment_default.yaml +++ b/test/datadog/baseline/manifests/agent-clusterchecks-deployment_default.yaml @@ -851,6 +851,8 @@ spec: value: "true" - name: DD_KUBELET_CORE_CHECK_ENABLED value: "true" + - name: DD_KUBERNETES_KUBELET_PODRESOURCES_SOCKET + value: /var/lib/kubelet/pod-resources/kubelet.sock image: gcr.io/datadoghq/agent:7.63.2 imagePullPolicy: IfNotPresent livenessProbe: @@ -913,6 +915,9 @@ spec: mountPropagation: None name: runtimesocketdir readOnly: true + - mountPath: /var/lib/kubelet/pod-resources + name: pod-resources-socket + readOnly: false - mountPath: /var/run/datadog name: dsdsocket readOnly: false @@ -1111,6 +1116,9 @@ spec: name: tmpdir - emptyDir: {} name: s6-run + - hostPath: + path: /var/lib/kubelet/pod-resources + name: pod-resources-socket - hostPath: path: /proc name: procdir diff --git a/test/datadog/baseline/manifests/daemonset_default.yaml b/test/datadog/baseline/manifests/daemonset_default.yaml index 3c9a23708..9c3f3d8f7 100644 --- a/test/datadog/baseline/manifests/daemonset_default.yaml +++ b/test/datadog/baseline/manifests/daemonset_default.yaml @@ -816,6 +816,8 @@ spec: value: "true" - name: DD_KUBELET_CORE_CHECK_ENABLED value: "true" + - name: DD_KUBERNETES_KUBELET_PODRESOURCES_SOCKET + value: /var/lib/kubelet/pod-resources/kubelet.sock image: gcr.io/datadoghq/agent:7.63.2 imagePullPolicy: IfNotPresent livenessProbe: @@ -878,6 +880,9 @@ spec: mountPropagation: None name: runtimesocketdir readOnly: true + - mountPath: /var/lib/kubelet/pod-resources + name: pod-resources-socket + readOnly: false - mountPath: /var/run/datadog name: dsdsocket readOnly: false @@ -1076,6 +1081,9 @@ spec: name: tmpdir - emptyDir: {} name: s6-run + - hostPath: + path: /var/lib/kubelet/pod-resources + name: pod-resources-socket - hostPath: path: /proc name: procdir diff --git a/test/datadog/baseline/manifests/default_all.yaml b/test/datadog/baseline/manifests/default_all.yaml index 3c9a23708..9c3f3d8f7 100644 --- a/test/datadog/baseline/manifests/default_all.yaml +++ b/test/datadog/baseline/manifests/default_all.yaml @@ -816,6 +816,8 @@ spec: value: "true" - name: DD_KUBELET_CORE_CHECK_ENABLED value: "true" + - name: DD_KUBERNETES_KUBELET_PODRESOURCES_SOCKET + value: /var/lib/kubelet/pod-resources/kubelet.sock image: gcr.io/datadoghq/agent:7.63.2 imagePullPolicy: IfNotPresent livenessProbe: @@ -878,6 +880,9 @@ spec: mountPropagation: None name: runtimesocketdir readOnly: true + - mountPath: /var/lib/kubelet/pod-resources + name: pod-resources-socket + readOnly: false - mountPath: /var/run/datadog name: dsdsocket readOnly: false @@ -1076,6 +1081,9 @@ spec: name: tmpdir - emptyDir: {} name: s6-run + - hostPath: + path: /var/lib/kubelet/pod-resources + name: pod-resources-socket - hostPath: path: /proc name: procdir diff --git a/test/datadog/baseline/manifests/other_default.yaml b/test/datadog/baseline/manifests/other_default.yaml index 3c9a23708..9c3f3d8f7 100644 --- a/test/datadog/baseline/manifests/other_default.yaml +++ b/test/datadog/baseline/manifests/other_default.yaml @@ -816,6 +816,8 @@ spec: value: "true" - name: DD_KUBELET_CORE_CHECK_ENABLED value: "true" + - name: DD_KUBERNETES_KUBELET_PODRESOURCES_SOCKET + value: /var/lib/kubelet/pod-resources/kubelet.sock image: gcr.io/datadoghq/agent:7.63.2 imagePullPolicy: IfNotPresent livenessProbe: @@ -878,6 +880,9 @@ spec: mountPropagation: None name: runtimesocketdir readOnly: true + - mountPath: /var/lib/kubelet/pod-resources + name: pod-resources-socket + readOnly: false - mountPath: /var/run/datadog name: dsdsocket readOnly: false @@ -1076,6 +1081,9 @@ spec: name: tmpdir - emptyDir: {} name: s6-run + - hostPath: + path: /var/lib/kubelet/pod-resources + name: pod-resources-socket - hostPath: path: /proc name: procdir From eac70fca68cfb35f562cafba0d7dec99ea484832 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Josu=C3=A9=20AGBEKODO?= <70853334+20agbekodo@users.noreply.github.com> Date: Wed, 5 Mar 2025 16:36:34 +0100 Subject: [PATCH 37/45] [observability-pipelines-worker] 2.4.0 release (#1734) --- charts/observability-pipelines-worker/CHANGELOG.md | 4 ++++ charts/observability-pipelines-worker/Chart.yaml | 4 ++-- charts/observability-pipelines-worker/README.md | 4 ++-- charts/observability-pipelines-worker/values.yaml | 2 +- 4 files changed, 9 insertions(+), 5 deletions(-) diff --git a/charts/observability-pipelines-worker/CHANGELOG.md b/charts/observability-pipelines-worker/CHANGELOG.md index 29a623fc6..9d553153a 100644 --- a/charts/observability-pipelines-worker/CHANGELOG.md +++ b/charts/observability-pipelines-worker/CHANGELOG.md @@ -1,5 +1,9 @@ # Changelog +## 2.4.0 + +* Official image `2.4.0` + ## 2.3.0 * Official image `2.3.0` diff --git a/charts/observability-pipelines-worker/Chart.yaml b/charts/observability-pipelines-worker/Chart.yaml index 367c868c8..e8f16d3d6 100644 --- a/charts/observability-pipelines-worker/Chart.yaml +++ b/charts/observability-pipelines-worker/Chart.yaml @@ -1,6 +1,6 @@ apiVersion: v2 name: observability-pipelines-worker -version: "2.3.0" +version: "2.4.0" description: Observability Pipelines Worker type: application keywords: @@ -13,7 +13,7 @@ icon: https://datadog-live.imgix.net/img/dd_logo_70x75.png maintainers: - name: Datadog email: support@datadoghq.com -appVersion: "2.3.0" +appVersion: "2.4.0" annotations: artifacthub.io/links: | - name: Chart Source diff --git a/charts/observability-pipelines-worker/README.md b/charts/observability-pipelines-worker/README.md index 4054396a4..9b0817e8c 100644 --- a/charts/observability-pipelines-worker/README.md +++ b/charts/observability-pipelines-worker/README.md @@ -1,6 +1,6 @@ # Observability Pipelines Worker -![Version: 2.3.0](https://img.shields.io/badge/Version-2.3.0-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 2.3.0](https://img.shields.io/badge/AppVersion-2.3.0-informational?style=flat-square) +![Version: 2.4.0](https://img.shields.io/badge/Version-2.4.0-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 2.4.0](https://img.shields.io/badge/AppVersion-2.4.0-informational?style=flat-square) ## How to use Datadog Helm repository @@ -110,7 +110,7 @@ The command removes all the Kubernetes components associated with the chart and | image.pullPolicy | string | `"IfNotPresent"` | Specify the [pullPolicy](https://kubernetes.io/docs/concepts/containers/images/#image-pull-policy). | | image.pullSecrets | list | `[]` | Specify the [imagePullSecrets](https://kubernetes.io/docs/concepts/containers/images/#specifying-imagepullsecrets-on-a-pod). | | image.repository | string | `"gcr.io/datadoghq"` | Specify the image repository to use. | -| image.tag | string | `"2.3.0"` | Specify the image tag to use. | +| image.tag | string | `"2.4.0"` | Specify the image tag to use. | | ingress.annotations | object | `{}` | Specify annotations for the Ingress. | | ingress.className | string | `""` | Specify the [ingressClassName](https://kubernetes.io/blog/2020/04/02/improvements-to-the-ingress-api-in-kubernetes-1.18/#specifying-the-class-of-an-ingress), requires Kubernetes >= 1.18. | | ingress.enabled | bool | `false` | If **true**, create an Ingress resource. | diff --git a/charts/observability-pipelines-worker/values.yaml b/charts/observability-pipelines-worker/values.yaml index 81e3f6f1e..daa678e01 100644 --- a/charts/observability-pipelines-worker/values.yaml +++ b/charts/observability-pipelines-worker/values.yaml @@ -42,7 +42,7 @@ image: # image.name -- Specify the image name to use (relative to `image.repository`). name: observability-pipelines-worker # image.tag -- Specify the image tag to use. - tag: 2.3.0 + tag: 2.4.0 # image.digest -- (string) Specify the image digest to use; takes precedence over `image.tag`. digest: ## Currently, we offer images at: From 3e389bcda349d3fef8520d0a0052f6f25273177a Mon Sep 17 00:00:00 2001 From: levan-m <116471169+levan-m@users.noreply.github.com> Date: Wed, 5 Mar 2025 14:31:29 -0500 Subject: [PATCH 38/45] Add baseline for Windows and OTEL collector (#1738) * Add windows baseline; cleanup stale ones * add baseline for otelCollector enabled --- ...gent-clusterchecks-deployment_default.yaml | 179 -- .../cluster-agent-deployment_default.yaml | 255 --- ...loyment_default_advanced_AC_injection.yaml | 269 --- ...ployment_default_minimal_AC_injection.yaml | 265 --- test/datadog/baseline/daemonset_default.yaml | 409 ----- .../baseline/gdc_daemonset_default.yaml | 263 --- .../gdc_daemonset_logs_collection.yaml | 284 --- .../manifests/default_all_windows.yaml | 1274 ++++++++++++++ .../baseline/manifests/otel_enabled.yaml | 1535 +++++++++++++++++ .../baseline/values/default_all_windows.yaml | 5 + .../datadog/baseline/values/otel_enabled.yaml | 6 + 11 files changed, 2820 insertions(+), 1924 deletions(-) delete mode 100644 test/datadog/baseline/agent-clusterchecks-deployment_default.yaml delete mode 100644 test/datadog/baseline/cluster-agent-deployment_default.yaml delete mode 100644 test/datadog/baseline/cluster-agent-deployment_default_advanced_AC_injection.yaml delete mode 100644 test/datadog/baseline/cluster-agent-deployment_default_minimal_AC_injection.yaml delete mode 100644 test/datadog/baseline/daemonset_default.yaml delete mode 100644 test/datadog/baseline/gdc_daemonset_default.yaml delete mode 100644 test/datadog/baseline/gdc_daemonset_logs_collection.yaml create mode 100644 test/datadog/baseline/manifests/default_all_windows.yaml create mode 100644 test/datadog/baseline/manifests/otel_enabled.yaml create mode 100644 test/datadog/baseline/values/default_all_windows.yaml create mode 100644 test/datadog/baseline/values/otel_enabled.yaml diff --git a/test/datadog/baseline/agent-clusterchecks-deployment_default.yaml b/test/datadog/baseline/agent-clusterchecks-deployment_default.yaml deleted file mode 100644 index ef37bce14..000000000 --- a/test/datadog/baseline/agent-clusterchecks-deployment_default.yaml +++ /dev/null @@ -1,179 +0,0 @@ -apiVersion: apps/v1 -kind: Deployment -metadata: - labels: - app.kubernetes.io/component: clusterchecks-agent - app.kubernetes.io/instance: datadog - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/name: datadog - app.kubernetes.io/version: "7" - name: datadog-clusterchecks - namespace: datadog-agent -spec: - replicas: 2 - revisionHistoryLimit: 10 - selector: - matchLabels: - app: datadog-clusterchecks - strategy: - rollingUpdate: - maxSurge: 1 - maxUnavailable: 0 - type: RollingUpdate - template: - metadata: - annotations: {} - labels: - admission.datadoghq.com/enabled: "false" - app: datadog-clusterchecks - app.kubernetes.io/component: clusterchecks-agent - app.kubernetes.io/instance: datadog - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/name: datadog - name: datadog-clusterchecks - spec: - affinity: - podAntiAffinity: - preferredDuringSchedulingIgnoredDuringExecution: - - podAffinityTerm: - labelSelector: - matchLabels: - app: datadog-clusterchecks - topologyKey: kubernetes.io/hostname - weight: 50 - automountServiceAccountToken: true - containers: - - args: - - find /etc/datadog-agent/conf.d/ -name "*.yaml.default" -type f -delete && touch /etc/datadog-agent/datadog.yaml && exec agent run - command: - - bash - - -c - env: - - name: KUBERNETES - value: "yes" - - name: DD_API_KEY - valueFrom: - secretKeyRef: - key: api-key - name: datadog-secret - - name: DD_LOG_LEVEL - value: INFO - - name: DD_EXTRA_CONFIG_PROVIDERS - value: clusterchecks - - name: DD_HEALTH_PORT - value: "5557" - - name: DD_CLUSTER_AGENT_ENABLED - value: "true" - - name: DD_CLUSTER_AGENT_KUBERNETES_SERVICE_NAME - value: datadog-cluster-agent - - name: DD_CLUSTER_AGENT_AUTH_TOKEN - valueFrom: - secretKeyRef: - key: token - name: datadog-cluster-agent - - name: DD_ENABLE_METADATA_COLLECTION - value: "false" - - name: DD_CLC_RUNNER_ENABLED - value: "true" - - name: DD_CLC_RUNNER_HOST - valueFrom: - fieldRef: - fieldPath: status.podIP - - name: DD_CLC_RUNNER_ID - valueFrom: - fieldRef: - fieldPath: metadata.name - - name: DD_USE_DOGSTATSD - value: "false" - - name: DD_PROCESS_AGENT_ENABLED - value: "false" - - name: DD_LOGS_ENABLED - value: "false" - - name: DD_APM_ENABLED - value: "false" - - name: DD_REMOTE_CONFIGURATION_ENABLED - value: "false" - - name: DD_HOSTNAME - valueFrom: - fieldRef: - fieldPath: spec.nodeName - image: gcr.io/datadoghq/agent:7.63.2 - imagePullPolicy: IfNotPresent - livenessProbe: - failureThreshold: 6 - httpGet: - path: /live - port: 5557 - scheme: HTTP - initialDelaySeconds: 15 - periodSeconds: 15 - successThreshold: 1 - timeoutSeconds: 5 - name: agent - readinessProbe: - failureThreshold: 6 - httpGet: - path: /ready - port: 5557 - scheme: HTTP - initialDelaySeconds: 15 - periodSeconds: 15 - successThreshold: 1 - timeoutSeconds: 5 - resources: {} - startupProbe: - failureThreshold: 6 - httpGet: - path: /startup - port: 5557 - scheme: HTTP - initialDelaySeconds: 15 - periodSeconds: 15 - successThreshold: 1 - timeoutSeconds: 5 - volumeMounts: - - mountPath: /etc/datadog-agent/install_info - name: installinfo - readOnly: true - subPath: install_info - - mountPath: /etc/datadog-agent - name: config - readOnly: false - imagePullSecrets: [] - initContainers: - - args: - - cp -r /etc/datadog-agent /opt - command: - - bash - - -c - image: gcr.io/datadoghq/agent:7.63.2 - imagePullPolicy: IfNotPresent - name: init-volume - resources: {} - volumeMounts: - - mountPath: /opt/datadog-agent - name: config - readOnly: false - - args: - - for script in $(find /etc/cont-init.d/ -type f -name '*.sh' | sort) ; do bash $script ; done - command: - - bash - - -c - image: gcr.io/datadoghq/agent:7.63.2 - imagePullPolicy: IfNotPresent - name: init-config - resources: {} - volumeMounts: - - mountPath: /etc/datadog-agent - name: config - readOnly: false - nodeSelector: - kubernetes.io/os: linux - serviceAccountName: datadog-cluster-checks - volumes: - - configMap: - name: datadog-installinfo - name: installinfo - - emptyDir: {} - name: config ---- diff --git a/test/datadog/baseline/cluster-agent-deployment_default.yaml b/test/datadog/baseline/cluster-agent-deployment_default.yaml deleted file mode 100644 index 638eb31b7..000000000 --- a/test/datadog/baseline/cluster-agent-deployment_default.yaml +++ /dev/null @@ -1,255 +0,0 @@ -apiVersion: apps/v1 -kind: Deployment -metadata: - labels: - app.kubernetes.io/component: cluster-agent - app.kubernetes.io/instance: datadog - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/name: datadog - app.kubernetes.io/version: "7" - name: datadog-cluster-agent - namespace: datadog-agent -spec: - replicas: 1 - revisionHistoryLimit: 10 - selector: - matchLabels: - app: datadog-cluster-agent - strategy: - rollingUpdate: - maxSurge: 1 - maxUnavailable: 0 - type: RollingUpdate - template: - metadata: - annotations: {} - labels: - admission.datadoghq.com/enabled: "false" - app: datadog-cluster-agent - app.kubernetes.io/component: cluster-agent - app.kubernetes.io/instance: datadog - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/name: datadog - name: datadog-cluster-agent - spec: - affinity: - podAntiAffinity: - preferredDuringSchedulingIgnoredDuringExecution: - - podAffinityTerm: - labelSelector: - matchLabels: - app: datadog-cluster-agent - topologyKey: kubernetes.io/hostname - weight: 50 - automountServiceAccountToken: true - containers: - - env: - - name: DD_POD_NAME - valueFrom: - fieldRef: - fieldPath: metadata.name - - name: DD_CLUSTER_AGENT_SERVICE_ACCOUNT_NAME - valueFrom: - fieldRef: - fieldPath: spec.serviceAccountName - - name: DD_HEALTH_PORT - value: "5556" - - name: DD_API_KEY - valueFrom: - secretKeyRef: - key: api-key - name: datadog - optional: true - - name: KUBERNETES - value: "yes" - - name: DD_LANGUAGE_DETECTION_ENABLED - value: "false" - - name: DD_LANGUAGE_DETECTION_REPORTING_ENABLED - value: "false" - - name: DD_ADMISSION_CONTROLLER_ENABLED - value: "true" - - name: DD_ADMISSION_CONTROLLER_VALIDATION_ENABLED - value: "true" - - name: DD_ADMISSION_CONTROLLER_MUTATION_ENABLED - value: "true" - - name: DD_ADMISSION_CONTROLLER_WEBHOOK_NAME - value: datadog-webhook - - name: DD_ADMISSION_CONTROLLER_MUTATE_UNLABELLED - value: "false" - - name: DD_ADMISSION_CONTROLLER_SERVICE_NAME - value: datadog-cluster-agent-admission-controller - - name: DD_ADMISSION_CONTROLLER_INJECT_CONFIG_MODE - value: socket - - name: DD_ADMISSION_CONTROLLER_INJECT_CONFIG_LOCAL_SERVICE_NAME - value: datadog - - name: DD_ADMISSION_CONTROLLER_FAILURE_POLICY - value: Ignore - - name: DD_ADMISSION_CONTROLLER_PORT - value: "8000" - - name: DD_ADMISSION_CONTROLLER_CONTAINER_REGISTRY - value: gcr.io/datadoghq - - name: DD_REMOTE_CONFIGURATION_ENABLED - value: "false" - - name: DD_CLUSTER_CHECKS_ENABLED - value: "true" - - name: DD_EXTRA_CONFIG_PROVIDERS - value: kube_endpoints kube_services - - name: DD_EXTRA_LISTENERS - value: kube_endpoints kube_services - - name: DD_LOG_LEVEL - value: INFO - - name: DD_LEADER_ELECTION - value: "true" - - name: DD_LEADER_ELECTION_DEFAULT_RESOURCE - value: configmap - - name: DD_LEADER_LEASE_NAME - value: datadog-leader-election - - name: DD_CLUSTER_AGENT_TOKEN_NAME - value: datadogtoken - - name: DD_COLLECT_KUBERNETES_EVENTS - value: "true" - - name: DD_KUBERNETES_USE_ENDPOINT_SLICES - value: "false" - - name: DD_KUBERNETES_EVENTS_SOURCE_DETECTION_ENABLED - value: "false" - - name: DD_CLUSTER_AGENT_KUBERNETES_SERVICE_NAME - value: datadog-cluster-agent - - name: DD_CLUSTER_AGENT_AUTH_TOKEN - valueFrom: - secretKeyRef: - key: token - name: datadog-cluster-agent - - name: DD_CLUSTER_AGENT_COLLECT_KUBERNETES_TAGS - value: "false" - - name: DD_KUBE_RESOURCES_NAMESPACE - value: datadog-agent - - name: CHART_RELEASE_NAME - value: datadog - - name: AGENT_DAEMONSET - value: datadog - - name: CLUSTER_AGENT_DEPLOYMENT - value: datadog-cluster-agent - - name: DD_ORCHESTRATOR_EXPLORER_ENABLED - value: "true" - - name: DD_ORCHESTRATOR_EXPLORER_CONTAINER_SCRUBBING_ENABLED - value: "true" - - name: DD_CLUSTER_AGENT_LANGUAGE_DETECTION_PATCHER_ENABLED - value: "false" - - name: DD_INSTRUMENTATION_INSTALL_TIME - valueFrom: - configMapKeyRef: - key: install_time - name: datadog-kpi-telemetry-configmap - - name: DD_INSTRUMENTATION_INSTALL_ID - valueFrom: - configMapKeyRef: - key: install_id - name: datadog-kpi-telemetry-configmap - - name: DD_INSTRUMENTATION_INSTALL_TYPE - valueFrom: - configMapKeyRef: - key: install_type - name: datadog-kpi-telemetry-configmap - image: gcr.io/datadoghq/cluster-agent:7.63.2 - imagePullPolicy: IfNotPresent - livenessProbe: - failureThreshold: 6 - httpGet: - path: /live - port: 5556 - scheme: HTTP - initialDelaySeconds: 15 - periodSeconds: 15 - successThreshold: 1 - timeoutSeconds: 5 - name: cluster-agent - ports: - - containerPort: 5005 - name: agentport - protocol: TCP - - containerPort: 5000 - name: agentmetrics - protocol: TCP - - containerPort: 8000 - name: datadog-webhook - protocol: TCP - readinessProbe: - failureThreshold: 6 - httpGet: - path: /ready - port: 5556 - scheme: HTTP - initialDelaySeconds: 15 - periodSeconds: 15 - successThreshold: 1 - timeoutSeconds: 5 - resources: {} - securityContext: - allowPrivilegeEscalation: false - readOnlyRootFilesystem: true - startupProbe: - failureThreshold: 6 - httpGet: - path: /startup - port: 5556 - scheme: HTTP - initialDelaySeconds: 15 - periodSeconds: 15 - successThreshold: 1 - timeoutSeconds: 5 - volumeMounts: - - mountPath: /opt/datadog-agent/run - name: datadogrun - readOnly: false - - mountPath: /var/log/datadog - name: varlog - readOnly: false - - mountPath: /tmp - name: tmpdir - readOnly: false - - mountPath: /etc/datadog-agent/install_info - name: installinfo - readOnly: true - subPath: install_info - - mountPath: /conf.d - name: confd - readOnly: true - - mountPath: /etc/datadog-agent - name: config - initContainers: - - args: - - /etc/datadog-agent - - /opt - command: - - cp - - -r - image: gcr.io/datadoghq/cluster-agent:7.63.2 - imagePullPolicy: IfNotPresent - name: init-volume - volumeMounts: - - mountPath: /opt/datadog-agent - name: config - nodeSelector: - kubernetes.io/os: linux - serviceAccountName: datadog-cluster-agent - volumes: - - emptyDir: {} - name: datadogrun - - emptyDir: {} - name: varlog - - emptyDir: {} - name: tmpdir - - configMap: - name: datadog-installinfo - name: installinfo - - configMap: - items: - - key: kubernetes_state_core.yaml.default - path: kubernetes_state_core.yaml.default - - key: kubernetes_apiserver.yaml - path: kubernetes_apiserver.yaml - name: datadog-cluster-agent-confd - name: confd - - emptyDir: {} - name: config ---- diff --git a/test/datadog/baseline/cluster-agent-deployment_default_advanced_AC_injection.yaml b/test/datadog/baseline/cluster-agent-deployment_default_advanced_AC_injection.yaml deleted file mode 100644 index 247643b97..000000000 --- a/test/datadog/baseline/cluster-agent-deployment_default_advanced_AC_injection.yaml +++ /dev/null @@ -1,269 +0,0 @@ -apiVersion: apps/v1 -kind: Deployment -metadata: - labels: - app.kubernetes.io/component: cluster-agent - app.kubernetes.io/instance: datadog - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/name: datadog - app.kubernetes.io/version: "7" - name: datadog-cluster-agent - namespace: datadog-agent -spec: - replicas: 1 - revisionHistoryLimit: 10 - selector: - matchLabels: - app: datadog-cluster-agent - strategy: - rollingUpdate: - maxSurge: 1 - maxUnavailable: 0 - type: RollingUpdate - template: - metadata: - annotations: {} - labels: - admission.datadoghq.com/enabled: "false" - app: datadog-cluster-agent - app.kubernetes.io/component: cluster-agent - app.kubernetes.io/instance: datadog - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/name: datadog - name: datadog-cluster-agent - spec: - affinity: - podAntiAffinity: - preferredDuringSchedulingIgnoredDuringExecution: - - podAffinityTerm: - labelSelector: - matchLabels: - app: datadog-cluster-agent - topologyKey: kubernetes.io/hostname - weight: 50 - automountServiceAccountToken: true - containers: - - env: - - name: DD_POD_NAME - valueFrom: - fieldRef: - fieldPath: metadata.name - - name: DD_CLUSTER_AGENT_SERVICE_ACCOUNT_NAME - valueFrom: - fieldRef: - fieldPath: spec.serviceAccountName - - name: DD_HEALTH_PORT - value: "5556" - - name: DD_API_KEY - valueFrom: - secretKeyRef: - key: api-key - name: datadog - optional: true - - name: KUBERNETES - value: "yes" - - name: DD_LANGUAGE_DETECTION_ENABLED - value: "false" - - name: DD_LANGUAGE_DETECTION_REPORTING_ENABLED - value: "false" - - name: DD_ADMISSION_CONTROLLER_ENABLED - value: "true" - - name: DD_ADMISSION_CONTROLLER_VALIDATION_ENABLED - value: "true" - - name: DD_ADMISSION_CONTROLLER_MUTATION_ENABLED - value: "true" - - name: DD_ADMISSION_CONTROLLER_WEBHOOK_NAME - value: datadog-webhook - - name: DD_ADMISSION_CONTROLLER_MUTATE_UNLABELLED - value: "false" - - name: DD_ADMISSION_CONTROLLER_SERVICE_NAME - value: datadog-cluster-agent-admission-controller - - name: DD_ADMISSION_CONTROLLER_INJECT_CONFIG_MODE - value: socket - - name: DD_ADMISSION_CONTROLLER_INJECT_CONFIG_LOCAL_SERVICE_NAME - value: datadog - - name: DD_ADMISSION_CONTROLLER_FAILURE_POLICY - value: Ignore - - name: DD_ADMISSION_CONTROLLER_PORT - value: "8000" - - name: DD_ADMISSION_CONTROLLER_CONTAINER_REGISTRY - value: gcr.io/datadoghq - - name: DD_ADMISSION_CONTROLLER_AGENT_SIDECAR_ENABLED - value: "true" - - name: DD_ADMISSION_CONTROLLER_AGENT_SIDECAR_CLUSTER_AGENT_ENABLED - value: "false" - - name: DD_ADMISSION_CONTROLLER_AGENT_SIDECAR_CONTAINER_REGISTRY - value: gcr.io/datadoghq - - name: DD_ADMISSION_CONTROLLER_AGENT_SIDECAR_IMAGE_NAME - value: agent - - name: DD_ADMISSION_CONTROLLER_AGENT_SIDECAR_IMAGE_TAG - value: 7.52.0 - - name: DD_ADMISSION_CONTROLLER_AGENT_SIDECAR_SELECTORS - value: '[{"namespaceSelector":{"matchLabels":{"agentSidecars":"true"}},"objectSelector":{"matchLabels":{"app":"nginx","runsOn":"nodeless"}}}]' - - name: DD_ADMISSION_CONTROLLER_AGENT_SIDECAR_PROFILES - value: '[{"env":[{"name":"DD_ORCHESTRATOR_EXPLORER_ENABLED","value":"false"},{"name":"DD_TAGS","value":"key1:value1 key2:value2"}],"resources":{"limits":{"cpu":"2","memory":"1024Mi"},"requests":{"cpu":"1","memory":"512Mi"}}}]' - - name: DD_REMOTE_CONFIGURATION_ENABLED - value: "false" - - name: DD_CLUSTER_CHECKS_ENABLED - value: "true" - - name: DD_EXTRA_CONFIG_PROVIDERS - value: kube_endpoints kube_services - - name: DD_EXTRA_LISTENERS - value: kube_endpoints kube_services - - name: DD_LOG_LEVEL - value: INFO - - name: DD_LEADER_ELECTION - value: "true" - - name: DD_LEADER_ELECTION_DEFAULT_RESOURCE - value: configmap - - name: DD_LEADER_LEASE_NAME - value: datadog-leader-election - - name: DD_CLUSTER_AGENT_TOKEN_NAME - value: datadogtoken - - name: DD_COLLECT_KUBERNETES_EVENTS - value: "true" - - name: DD_KUBERNETES_USE_ENDPOINT_SLICES - value: "false" - - name: DD_KUBERNETES_EVENTS_SOURCE_DETECTION_ENABLED - value: "false" - - name: DD_CLUSTER_AGENT_KUBERNETES_SERVICE_NAME - value: datadog-cluster-agent - - name: DD_CLUSTER_AGENT_AUTH_TOKEN - valueFrom: - secretKeyRef: - key: token - name: datadog-cluster-agent - - name: DD_CLUSTER_AGENT_COLLECT_KUBERNETES_TAGS - value: "false" - - name: DD_KUBE_RESOURCES_NAMESPACE - value: datadog-agent - - name: CHART_RELEASE_NAME - value: datadog - - name: AGENT_DAEMONSET - value: datadog - - name: CLUSTER_AGENT_DEPLOYMENT - value: datadog-cluster-agent - - name: DD_ORCHESTRATOR_EXPLORER_ENABLED - value: "true" - - name: DD_ORCHESTRATOR_EXPLORER_CONTAINER_SCRUBBING_ENABLED - value: "true" - - name: DD_CLUSTER_AGENT_LANGUAGE_DETECTION_PATCHER_ENABLED - value: "false" - - name: DD_INSTRUMENTATION_INSTALL_TIME - valueFrom: - configMapKeyRef: - key: install_time - name: datadog-kpi-telemetry-configmap - - name: DD_INSTRUMENTATION_INSTALL_ID - valueFrom: - configMapKeyRef: - key: install_id - name: datadog-kpi-telemetry-configmap - - name: DD_INSTRUMENTATION_INSTALL_TYPE - valueFrom: - configMapKeyRef: - key: install_type - name: datadog-kpi-telemetry-configmap - image: gcr.io/datadoghq/cluster-agent:7.63.2 - imagePullPolicy: IfNotPresent - livenessProbe: - failureThreshold: 6 - httpGet: - path: /live - port: 5556 - scheme: HTTP - initialDelaySeconds: 15 - periodSeconds: 15 - successThreshold: 1 - timeoutSeconds: 5 - name: cluster-agent - ports: - - containerPort: 5005 - name: agentport - protocol: TCP - - containerPort: 5000 - name: agentmetrics - protocol: TCP - - containerPort: 8000 - name: datadog-webhook - protocol: TCP - readinessProbe: - failureThreshold: 6 - httpGet: - path: /ready - port: 5556 - scheme: HTTP - initialDelaySeconds: 15 - periodSeconds: 15 - successThreshold: 1 - timeoutSeconds: 5 - resources: {} - securityContext: - allowPrivilegeEscalation: false - readOnlyRootFilesystem: true - startupProbe: - failureThreshold: 6 - httpGet: - path: /startup - port: 5556 - scheme: HTTP - initialDelaySeconds: 15 - periodSeconds: 15 - successThreshold: 1 - timeoutSeconds: 5 - volumeMounts: - - mountPath: /opt/datadog-agent/run - name: datadogrun - readOnly: false - - mountPath: /var/log/datadog - name: varlog - readOnly: false - - mountPath: /tmp - name: tmpdir - readOnly: false - - mountPath: /etc/datadog-agent/install_info - name: installinfo - readOnly: true - subPath: install_info - - mountPath: /conf.d - name: confd - readOnly: true - - mountPath: /etc/datadog-agent - name: config - initContainers: - - args: - - /etc/datadog-agent - - /opt - command: - - cp - - -r - image: gcr.io/datadoghq/cluster-agent:7.63.2 - imagePullPolicy: IfNotPresent - name: init-volume - volumeMounts: - - mountPath: /opt/datadog-agent - name: config - nodeSelector: - kubernetes.io/os: linux - serviceAccountName: datadog-cluster-agent - volumes: - - emptyDir: {} - name: datadogrun - - emptyDir: {} - name: varlog - - emptyDir: {} - name: tmpdir - - configMap: - name: datadog-installinfo - name: installinfo - - configMap: - items: - - key: kubernetes_state_core.yaml.default - path: kubernetes_state_core.yaml.default - - key: kubernetes_apiserver.yaml - path: kubernetes_apiserver.yaml - name: datadog-cluster-agent-confd - name: confd - - emptyDir: {} - name: config ---- diff --git a/test/datadog/baseline/cluster-agent-deployment_default_minimal_AC_injection.yaml b/test/datadog/baseline/cluster-agent-deployment_default_minimal_AC_injection.yaml deleted file mode 100644 index 2f5632367..000000000 --- a/test/datadog/baseline/cluster-agent-deployment_default_minimal_AC_injection.yaml +++ /dev/null @@ -1,265 +0,0 @@ -apiVersion: apps/v1 -kind: Deployment -metadata: - labels: - app.kubernetes.io/component: cluster-agent - app.kubernetes.io/instance: datadog - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/name: datadog - app.kubernetes.io/version: "7" - name: datadog-cluster-agent - namespace: datadog-agent -spec: - replicas: 1 - revisionHistoryLimit: 10 - selector: - matchLabels: - app: datadog-cluster-agent - strategy: - rollingUpdate: - maxSurge: 1 - maxUnavailable: 0 - type: RollingUpdate - template: - metadata: - annotations: {} - labels: - admission.datadoghq.com/enabled: "false" - app: datadog-cluster-agent - app.kubernetes.io/component: cluster-agent - app.kubernetes.io/instance: datadog - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/name: datadog - name: datadog-cluster-agent - spec: - affinity: - podAntiAffinity: - preferredDuringSchedulingIgnoredDuringExecution: - - podAffinityTerm: - labelSelector: - matchLabels: - app: datadog-cluster-agent - topologyKey: kubernetes.io/hostname - weight: 50 - automountServiceAccountToken: true - containers: - - env: - - name: DD_POD_NAME - valueFrom: - fieldRef: - fieldPath: metadata.name - - name: DD_CLUSTER_AGENT_SERVICE_ACCOUNT_NAME - valueFrom: - fieldRef: - fieldPath: spec.serviceAccountName - - name: DD_HEALTH_PORT - value: "5556" - - name: DD_API_KEY - valueFrom: - secretKeyRef: - key: api-key - name: datadog - optional: true - - name: KUBERNETES - value: "yes" - - name: DD_LANGUAGE_DETECTION_ENABLED - value: "false" - - name: DD_LANGUAGE_DETECTION_REPORTING_ENABLED - value: "false" - - name: DD_ADMISSION_CONTROLLER_ENABLED - value: "true" - - name: DD_ADMISSION_CONTROLLER_VALIDATION_ENABLED - value: "true" - - name: DD_ADMISSION_CONTROLLER_MUTATION_ENABLED - value: "true" - - name: DD_ADMISSION_CONTROLLER_WEBHOOK_NAME - value: datadog-webhook - - name: DD_ADMISSION_CONTROLLER_MUTATE_UNLABELLED - value: "false" - - name: DD_ADMISSION_CONTROLLER_SERVICE_NAME - value: datadog-cluster-agent-admission-controller - - name: DD_ADMISSION_CONTROLLER_INJECT_CONFIG_MODE - value: socket - - name: DD_ADMISSION_CONTROLLER_INJECT_CONFIG_LOCAL_SERVICE_NAME - value: datadog - - name: DD_ADMISSION_CONTROLLER_FAILURE_POLICY - value: Ignore - - name: DD_ADMISSION_CONTROLLER_PORT - value: "8000" - - name: DD_ADMISSION_CONTROLLER_CONTAINER_REGISTRY - value: gcr.io/datadoghq - - name: DD_ADMISSION_CONTROLLER_AGENT_SIDECAR_ENABLED - value: "true" - - name: DD_ADMISSION_CONTROLLER_AGENT_SIDECAR_CLUSTER_AGENT_ENABLED - value: "true" - - name: DD_ADMISSION_CONTROLLER_AGENT_SIDECAR_PROVIDER - value: fargate - - name: DD_ADMISSION_CONTROLLER_AGENT_SIDECAR_IMAGE_NAME - value: agent - - name: DD_ADMISSION_CONTROLLER_AGENT_SIDECAR_IMAGE_TAG - value: 7.63.2 - - name: DD_REMOTE_CONFIGURATION_ENABLED - value: "false" - - name: DD_CLUSTER_CHECKS_ENABLED - value: "true" - - name: DD_EXTRA_CONFIG_PROVIDERS - value: kube_endpoints kube_services - - name: DD_EXTRA_LISTENERS - value: kube_endpoints kube_services - - name: DD_LOG_LEVEL - value: INFO - - name: DD_LEADER_ELECTION - value: "true" - - name: DD_LEADER_ELECTION_DEFAULT_RESOURCE - value: configmap - - name: DD_LEADER_LEASE_NAME - value: datadog-leader-election - - name: DD_CLUSTER_AGENT_TOKEN_NAME - value: datadogtoken - - name: DD_COLLECT_KUBERNETES_EVENTS - value: "true" - - name: DD_KUBERNETES_USE_ENDPOINT_SLICES - value: "false" - - name: DD_KUBERNETES_EVENTS_SOURCE_DETECTION_ENABLED - value: "false" - - name: DD_CLUSTER_AGENT_KUBERNETES_SERVICE_NAME - value: datadog-cluster-agent - - name: DD_CLUSTER_AGENT_AUTH_TOKEN - valueFrom: - secretKeyRef: - key: token - name: datadog-cluster-agent - - name: DD_CLUSTER_AGENT_COLLECT_KUBERNETES_TAGS - value: "false" - - name: DD_KUBE_RESOURCES_NAMESPACE - value: datadog-agent - - name: CHART_RELEASE_NAME - value: datadog - - name: AGENT_DAEMONSET - value: datadog - - name: CLUSTER_AGENT_DEPLOYMENT - value: datadog-cluster-agent - - name: DD_ORCHESTRATOR_EXPLORER_ENABLED - value: "true" - - name: DD_ORCHESTRATOR_EXPLORER_CONTAINER_SCRUBBING_ENABLED - value: "true" - - name: DD_CLUSTER_AGENT_LANGUAGE_DETECTION_PATCHER_ENABLED - value: "false" - - name: DD_INSTRUMENTATION_INSTALL_TIME - valueFrom: - configMapKeyRef: - key: install_time - name: datadog-kpi-telemetry-configmap - - name: DD_INSTRUMENTATION_INSTALL_ID - valueFrom: - configMapKeyRef: - key: install_id - name: datadog-kpi-telemetry-configmap - - name: DD_INSTRUMENTATION_INSTALL_TYPE - valueFrom: - configMapKeyRef: - key: install_type - name: datadog-kpi-telemetry-configmap - image: gcr.io/datadoghq/cluster-agent:7.63.2 - imagePullPolicy: IfNotPresent - livenessProbe: - failureThreshold: 6 - httpGet: - path: /live - port: 5556 - scheme: HTTP - initialDelaySeconds: 15 - periodSeconds: 15 - successThreshold: 1 - timeoutSeconds: 5 - name: cluster-agent - ports: - - containerPort: 5005 - name: agentport - protocol: TCP - - containerPort: 5000 - name: agentmetrics - protocol: TCP - - containerPort: 8000 - name: datadog-webhook - protocol: TCP - readinessProbe: - failureThreshold: 6 - httpGet: - path: /ready - port: 5556 - scheme: HTTP - initialDelaySeconds: 15 - periodSeconds: 15 - successThreshold: 1 - timeoutSeconds: 5 - resources: {} - securityContext: - allowPrivilegeEscalation: false - readOnlyRootFilesystem: true - startupProbe: - failureThreshold: 6 - httpGet: - path: /startup - port: 5556 - scheme: HTTP - initialDelaySeconds: 15 - periodSeconds: 15 - successThreshold: 1 - timeoutSeconds: 5 - volumeMounts: - - mountPath: /opt/datadog-agent/run - name: datadogrun - readOnly: false - - mountPath: /var/log/datadog - name: varlog - readOnly: false - - mountPath: /tmp - name: tmpdir - readOnly: false - - mountPath: /etc/datadog-agent/install_info - name: installinfo - readOnly: true - subPath: install_info - - mountPath: /conf.d - name: confd - readOnly: true - - mountPath: /etc/datadog-agent - name: config - initContainers: - - args: - - /etc/datadog-agent - - /opt - command: - - cp - - -r - image: gcr.io/datadoghq/cluster-agent:7.63.2 - imagePullPolicy: IfNotPresent - name: init-volume - volumeMounts: - - mountPath: /opt/datadog-agent - name: config - nodeSelector: - kubernetes.io/os: linux - serviceAccountName: datadog-cluster-agent - volumes: - - emptyDir: {} - name: datadogrun - - emptyDir: {} - name: varlog - - emptyDir: {} - name: tmpdir - - configMap: - name: datadog-installinfo - name: installinfo - - configMap: - items: - - key: kubernetes_state_core.yaml.default - path: kubernetes_state_core.yaml.default - - key: kubernetes_apiserver.yaml - path: kubernetes_apiserver.yaml - name: datadog-cluster-agent-confd - name: confd - - emptyDir: {} - name: config ---- diff --git a/test/datadog/baseline/daemonset_default.yaml b/test/datadog/baseline/daemonset_default.yaml deleted file mode 100644 index 1571fa3dc..000000000 --- a/test/datadog/baseline/daemonset_default.yaml +++ /dev/null @@ -1,409 +0,0 @@ -apiVersion: apps/v1 -kind: DaemonSet -metadata: - labels: - app.kubernetes.io/component: agent - app.kubernetes.io/instance: datadog - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/name: datadog - app.kubernetes.io/version: "7" - name: datadog - namespace: datadog-agent -spec: - revisionHistoryLimit: 10 - selector: - matchLabels: - app: datadog - template: - metadata: - annotations: {} - labels: - admission.datadoghq.com/enabled: "false" - app: datadog - app.kubernetes.io/component: agent - app.kubernetes.io/instance: datadog - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/name: datadog - name: datadog - spec: - affinity: {} - automountServiceAccountToken: true - containers: - - command: - - agent - - run - env: - - name: DD_API_KEY - valueFrom: - secretKeyRef: - key: api-key - name: datadog-secret - - name: DD_REMOTE_CONFIGURATION_ENABLED - value: "true" - - name: DD_AUTH_TOKEN_FILE_PATH - value: /etc/datadog-agent/auth/token - - name: KUBERNETES - value: "yes" - - name: DD_LANGUAGE_DETECTION_ENABLED - value: "false" - - name: DD_LANGUAGE_DETECTION_REPORTING_ENABLED - value: "false" - - name: DD_KUBERNETES_KUBELET_HOST - valueFrom: - fieldRef: - fieldPath: status.hostIP - - name: DD_OTLP_CONFIG_LOGS_ENABLED - value: "false" - - name: DD_PROCESS_CONFIG_PROCESS_COLLECTION_ENABLED - value: "false" - - name: DD_PROCESS_CONFIG_CONTAINER_COLLECTION_ENABLED - value: "true" - - name: DD_PROCESS_AGENT_DISCOVERY_ENABLED - value: "true" - - name: DD_STRIP_PROCESS_ARGS - value: "false" - - name: DD_PROCESS_CONFIG_RUN_IN_CORE_AGENT_ENABLED - value: "true" - - name: DD_LOG_LEVEL - value: INFO - - name: DD_DOGSTATSD_PORT - value: "8125" - - name: DD_DOGSTATSD_NON_LOCAL_TRAFFIC - value: "true" - - name: DD_DOGSTATSD_TAG_CARDINALITY - value: low - - name: DD_CLUSTER_AGENT_ENABLED - value: "true" - - name: DD_CLUSTER_AGENT_KUBERNETES_SERVICE_NAME - value: datadog-cluster-agent - - name: DD_CLUSTER_AGENT_AUTH_TOKEN - valueFrom: - secretKeyRef: - key: token - name: datadog-cluster-agent - - name: DD_APM_ENABLED - value: "true" - - name: DD_LOGS_ENABLED - value: "false" - - name: DD_LOGS_CONFIG_CONTAINER_COLLECT_ALL - value: "false" - - name: DD_LOGS_CONFIG_K8S_CONTAINER_USE_FILE - value: "true" - - name: DD_LOGS_CONFIG_AUTO_MULTI_LINE_DETECTION - value: "false" - - name: DD_HEALTH_PORT - value: "5555" - - name: DD_DOGSTATSD_SOCKET - value: /var/run/datadog/dsd.socket - - name: DD_EXTRA_CONFIG_PROVIDERS - value: clusterchecks endpointschecks - - name: DD_IGNORE_AUTOCONF - value: kubernetes_state - - name: DD_CONTAINER_LIFECYCLE_ENABLED - value: "true" - - name: DD_ORCHESTRATOR_EXPLORER_ENABLED - value: "true" - - name: DD_EXPVAR_PORT - value: "6000" - - name: DD_COMPLIANCE_CONFIG_ENABLED - value: "false" - - name: DD_CONTAINER_IMAGE_ENABLED - value: "true" - - name: DD_KUBELET_CORE_CHECK_ENABLED - value: "true" - - name: DD_KUBERNETES_KUBELET_PODRESOURCES_SOCKET - value: /var/lib/kubelet/pod-resources/kubelet.sock - image: gcr.io/datadoghq/agent:7.63.2 - imagePullPolicy: IfNotPresent - livenessProbe: - failureThreshold: 6 - httpGet: - path: /live - port: 5555 - scheme: HTTP - initialDelaySeconds: 15 - periodSeconds: 15 - successThreshold: 1 - timeoutSeconds: 5 - name: agent - ports: - - containerPort: 8125 - name: dogstatsdport - protocol: UDP - readinessProbe: - failureThreshold: 6 - httpGet: - path: /ready - port: 5555 - scheme: HTTP - initialDelaySeconds: 15 - periodSeconds: 15 - successThreshold: 1 - timeoutSeconds: 5 - resources: {} - startupProbe: - failureThreshold: 6 - httpGet: - path: /startup - port: 5555 - scheme: HTTP - initialDelaySeconds: 15 - periodSeconds: 15 - successThreshold: 1 - timeoutSeconds: 5 - volumeMounts: - - mountPath: /var/log/datadog - name: logdatadog - readOnly: false - - mountPath: /etc/datadog-agent/install_info - name: installinfo - readOnly: true - subPath: install_info - - mountPath: /tmp - name: tmpdir - readOnly: false - - mountPath: /host/etc/os-release - name: os-release-file - readOnly: true - - mountPath: /etc/datadog-agent - name: config - readOnly: false - - mountPath: /etc/datadog-agent/auth - name: auth-token - readOnly: false - - mountPath: /host/var/run - mountPropagation: None - name: runtimesocketdir - readOnly: true - - mountPath: /var/lib/kubelet/pod-resources - name: pod-resources-socket - readOnly: false - - mountPath: /var/run/datadog - name: dsdsocket - readOnly: false - - mountPath: /host/proc - mountPropagation: None - name: procdir - readOnly: true - - mountPath: /host/sys/fs/cgroup - mountPropagation: None - name: cgroups - readOnly: true - - mountPath: /etc/passwd - name: passwd - readOnly: true - - command: - - trace-agent - - -config=/etc/datadog-agent/datadog.yaml - env: - - name: DD_API_KEY - valueFrom: - secretKeyRef: - key: api-key - name: datadog-secret - - name: DD_REMOTE_CONFIGURATION_ENABLED - value: "true" - - name: DD_AUTH_TOKEN_FILE_PATH - value: /etc/datadog-agent/auth/token - - name: KUBERNETES - value: "yes" - - name: DD_LANGUAGE_DETECTION_ENABLED - value: "false" - - name: DD_LANGUAGE_DETECTION_REPORTING_ENABLED - value: "false" - - name: DD_KUBERNETES_KUBELET_HOST - valueFrom: - fieldRef: - fieldPath: status.hostIP - - name: DD_OTLP_CONFIG_LOGS_ENABLED - value: "false" - - name: DD_CLUSTER_AGENT_ENABLED - value: "true" - - name: DD_CLUSTER_AGENT_KUBERNETES_SERVICE_NAME - value: datadog-cluster-agent - - name: DD_CLUSTER_AGENT_AUTH_TOKEN - valueFrom: - secretKeyRef: - key: token - name: datadog-cluster-agent - - name: DD_LOG_LEVEL - value: INFO - - name: DD_APM_ENABLED - value: "true" - - name: DD_APM_NON_LOCAL_TRAFFIC - value: "true" - - name: DD_APM_RECEIVER_PORT - value: "8126" - - name: DD_APM_RECEIVER_SOCKET - value: /var/run/datadog/apm.socket - - name: DD_DOGSTATSD_SOCKET - value: /var/run/datadog/dsd.socket - - name: DD_INSTRUMENTATION_INSTALL_TIME - valueFrom: - configMapKeyRef: - key: install_time - name: datadog-kpi-telemetry-configmap - - name: DD_INSTRUMENTATION_INSTALL_ID - valueFrom: - configMapKeyRef: - key: install_id - name: datadog-kpi-telemetry-configmap - - name: DD_INSTRUMENTATION_INSTALL_TYPE - valueFrom: - configMapKeyRef: - key: install_type - name: datadog-kpi-telemetry-configmap - image: gcr.io/datadoghq/agent:7.63.2 - imagePullPolicy: IfNotPresent - livenessProbe: - initialDelaySeconds: 15 - periodSeconds: 15 - tcpSocket: - port: 8126 - timeoutSeconds: 5 - name: trace-agent - ports: - - containerPort: 8126 - name: traceport - protocol: TCP - resources: {} - volumeMounts: - - mountPath: /etc/datadog-agent - name: config - readOnly: true - - mountPath: /var/log/datadog - name: logdatadog - readOnly: false - - mountPath: /etc/datadog-agent/auth - name: auth-token - readOnly: true - - mountPath: /host/proc - mountPropagation: None - name: procdir - readOnly: true - - mountPath: /host/sys/fs/cgroup - mountPropagation: None - name: cgroups - readOnly: true - - mountPath: /tmp - name: tmpdir - readOnly: false - - mountPath: /var/run/datadog - name: dsdsocket - readOnly: false - - mountPath: /host/var/run - mountPropagation: None - name: runtimesocketdir - readOnly: true - hostPID: true - initContainers: - - args: - - cp -r /etc/datadog-agent /opt - command: - - bash - - -c - image: gcr.io/datadoghq/agent:7.63.2 - imagePullPolicy: IfNotPresent - name: init-volume - resources: {} - volumeMounts: - - mountPath: /opt/datadog-agent - name: config - readOnly: false - - args: - - for script in $(find /etc/cont-init.d/ -type f -name '*.sh' | sort) ; do bash $script ; done - command: - - bash - - -c - env: - - name: DD_API_KEY - valueFrom: - secretKeyRef: - key: api-key - name: datadog-secret - - name: DD_REMOTE_CONFIGURATION_ENABLED - value: "true" - - name: DD_AUTH_TOKEN_FILE_PATH - value: /etc/datadog-agent/auth/token - - name: KUBERNETES - value: "yes" - - name: DD_LANGUAGE_DETECTION_ENABLED - value: "false" - - name: DD_LANGUAGE_DETECTION_REPORTING_ENABLED - value: "false" - - name: DD_KUBERNETES_KUBELET_HOST - valueFrom: - fieldRef: - fieldPath: status.hostIP - - name: DD_OTLP_CONFIG_LOGS_ENABLED - value: "false" - image: gcr.io/datadoghq/agent:7.63.2 - imagePullPolicy: IfNotPresent - name: init-config - resources: {} - volumeMounts: - - mountPath: /etc/datadog-agent - name: config - readOnly: false - - mountPath: /var/log/datadog - name: logdatadog - readOnly: false - - mountPath: /host/proc - mountPropagation: None - name: procdir - readOnly: true - - mountPath: /host/var/run - mountPropagation: None - name: runtimesocketdir - readOnly: true - nodeSelector: - kubernetes.io/os: linux - securityContext: - runAsUser: 0 - serviceAccountName: datadog - tolerations: null - volumes: - - emptyDir: {} - name: auth-token - - configMap: - name: datadog-installinfo - name: installinfo - - emptyDir: {} - name: config - - emptyDir: {} - name: logdatadog - - emptyDir: {} - name: tmpdir - - emptyDir: {} - name: s6-run - - hostPath: - path: /var/lib/kubelet/pod-resources - name: pod-resources-socket - - hostPath: - path: /proc - name: procdir - - hostPath: - path: /sys/fs/cgroup - name: cgroups - - hostPath: - path: /etc/os-release - name: os-release-file - - hostPath: - path: /var/run/datadog/ - type: DirectoryOrCreate - name: dsdsocket - - hostPath: - path: /var/run/datadog/ - type: DirectoryOrCreate - name: apmsocket - - hostPath: - path: /etc/passwd - name: passwd - - hostPath: - path: /var/run - name: runtimesocketdir - updateStrategy: - rollingUpdate: - maxUnavailable: 10% - type: RollingUpdate ---- diff --git a/test/datadog/baseline/gdc_daemonset_default.yaml b/test/datadog/baseline/gdc_daemonset_default.yaml deleted file mode 100644 index 2044c9c1b..000000000 --- a/test/datadog/baseline/gdc_daemonset_default.yaml +++ /dev/null @@ -1,263 +0,0 @@ -apiVersion: apps/v1 -kind: DaemonSet -metadata: - labels: - app.kubernetes.io/component: agent - app.kubernetes.io/instance: datadog - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/name: datadog - app.kubernetes.io/version: "7" - env.datadoghq.com/kind: gke-gdc - name: datadog - namespace: datadog-agent -spec: - revisionHistoryLimit: 10 - selector: - matchLabels: - app: datadog - template: - metadata: - annotations: {} - labels: - admission.datadoghq.com/enabled: "false" - app: datadog - app.kubernetes.io/component: agent - app.kubernetes.io/instance: datadog - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/name: datadog - env.datadoghq.com/kind: gke-gdc - name: datadog - spec: - affinity: {} - automountServiceAccountToken: true - containers: - - command: - - agent - - run - env: - - name: DD_API_KEY - valueFrom: - secretKeyRef: - key: api-key - name: datadog-secret - - name: DD_REMOTE_CONFIGURATION_ENABLED - value: "false" - - name: DD_AUTH_TOKEN_FILE_PATH - value: /etc/datadog-agent/auth/token - - name: KUBERNETES - value: "yes" - - name: DD_KUBELET_CLIENT_CRT - value: /certs/tls.crt - - name: DD_KUBELET_CLIENT_KEY - value: /certs/tls.key - - name: DD_LANGUAGE_DETECTION_ENABLED - value: "false" - - name: DD_LANGUAGE_DETECTION_REPORTING_ENABLED - value: "false" - - name: DD_KUBERNETES_KUBELET_HOST - valueFrom: - fieldRef: - fieldPath: status.hostIP - - name: DD_NODE_NAME - valueFrom: - fieldRef: - apiVersion: v1 - fieldPath: spec.nodeName - - name: DD_HOSTNAME - value: $(DD_NODE_NAME)-$(DD_CLUSTER_NAME) - - name: DD_OTLP_CONFIG_LOGS_ENABLED - value: "false" - - name: DD_PROVIDER_KIND - value: gke-gdc - - name: DD_LOG_LEVEL - value: INFO - - name: DD_DOGSTATSD_PORT - value: "8125" - - name: DD_DOGSTATSD_NON_LOCAL_TRAFFIC - value: "true" - - name: DD_DOGSTATSD_TAG_CARDINALITY - value: low - - name: DD_CLUSTER_AGENT_ENABLED - value: "true" - - name: DD_CLUSTER_AGENT_KUBERNETES_SERVICE_NAME - value: datadog-cluster-agent - - name: DD_CLUSTER_AGENT_AUTH_TOKEN - valueFrom: - secretKeyRef: - key: token - name: datadog-cluster-agent - - name: DD_APM_ENABLED - value: "false" - - name: DD_LOGS_ENABLED - value: "false" - - name: DD_LOGS_CONFIG_CONTAINER_COLLECT_ALL - value: "false" - - name: DD_LOGS_CONFIG_K8S_CONTAINER_USE_FILE - value: "true" - - name: DD_LOGS_CONFIG_AUTO_MULTI_LINE_DETECTION - value: "false" - - name: DD_HEALTH_PORT - value: "5555" - - name: DD_EXTRA_CONFIG_PROVIDERS - value: clusterchecks endpointschecks - - name: DD_IGNORE_AUTOCONF - value: kubernetes_state - - name: DD_CONTAINER_LIFECYCLE_ENABLED - value: "true" - - name: DD_ORCHESTRATOR_EXPLORER_ENABLED - value: "true" - - name: DD_EXPVAR_PORT - value: "6000" - - name: DD_COMPLIANCE_CONFIG_ENABLED - value: "false" - - name: DD_CONTAINER_IMAGE_ENABLED - value: "true" - - name: DD_KUBELET_CORE_CHECK_ENABLED - value: "true" - image: gcr.io/datadoghq/agent:7.63.2 - imagePullPolicy: IfNotPresent - livenessProbe: - failureThreshold: 6 - httpGet: - path: /live - port: 5555 - scheme: HTTP - initialDelaySeconds: 15 - periodSeconds: 15 - successThreshold: 1 - timeoutSeconds: 5 - name: agent - ports: - - containerPort: 8125 - name: dogstatsdport - protocol: UDP - readinessProbe: - failureThreshold: 6 - httpGet: - path: /ready - port: 5555 - scheme: HTTP - initialDelaySeconds: 15 - periodSeconds: 15 - successThreshold: 1 - timeoutSeconds: 5 - resources: {} - startupProbe: - failureThreshold: 6 - httpGet: - path: /startup - port: 5555 - scheme: HTTP - initialDelaySeconds: 15 - periodSeconds: 15 - successThreshold: 1 - timeoutSeconds: 5 - volumeMounts: - - mountPath: /var/log/datadog - name: logdatadog - readOnly: false - - mountPath: /etc/datadog-agent/install_info - name: installinfo - readOnly: true - subPath: install_info - - mountPath: /tmp - name: tmpdir - readOnly: false - - mountPath: /etc/datadog-agent - name: config - readOnly: false - - mountPath: /etc/datadog-agent/auth - name: auth-token - readOnly: false - - mountPath: /certs - name: kubelet-cert-volume - initContainers: - - args: - - cp -r /etc/datadog-agent /opt - command: - - bash - - -c - image: gcr.io/datadoghq/agent:7.63.2 - imagePullPolicy: IfNotPresent - name: init-volume - resources: {} - volumeMounts: - - mountPath: /opt/datadog-agent - name: config - readOnly: false - - args: - - for script in $(find /etc/cont-init.d/ -type f -name '*.sh' | sort) ; do bash $script ; done - command: - - bash - - -c - env: - - name: DD_API_KEY - valueFrom: - secretKeyRef: - key: api-key - name: datadog-secret - - name: DD_REMOTE_CONFIGURATION_ENABLED - value: "false" - - name: DD_AUTH_TOKEN_FILE_PATH - value: /etc/datadog-agent/auth/token - - name: KUBERNETES - value: "yes" - - name: DD_KUBELET_CLIENT_CRT - value: /certs/tls.crt - - name: DD_KUBELET_CLIENT_KEY - value: /certs/tls.key - - name: DD_LANGUAGE_DETECTION_ENABLED - value: "false" - - name: DD_LANGUAGE_DETECTION_REPORTING_ENABLED - value: "false" - - name: DD_KUBERNETES_KUBELET_HOST - valueFrom: - fieldRef: - fieldPath: status.hostIP - - name: DD_NODE_NAME - valueFrom: - fieldRef: - apiVersion: v1 - fieldPath: spec.nodeName - - name: DD_HOSTNAME - value: $(DD_NODE_NAME)-$(DD_CLUSTER_NAME) - - name: DD_OTLP_CONFIG_LOGS_ENABLED - value: "false" - - name: DD_PROVIDER_KIND - value: gke-gdc - image: gcr.io/datadoghq/agent:7.63.2 - imagePullPolicy: IfNotPresent - name: init-config - resources: {} - volumeMounts: - - mountPath: /etc/datadog-agent - name: config - readOnly: false - nodeSelector: - kubernetes.io/os: linux - securityContext: - runAsUser: 0 - serviceAccountName: datadog - tolerations: null - volumes: - - emptyDir: {} - name: auth-token - - configMap: - name: datadog-installinfo - name: installinfo - - emptyDir: {} - name: config - - emptyDir: {} - name: logdatadog - - emptyDir: {} - name: tmpdir - - emptyDir: {} - name: s6-run - - name: kubelet-cert-volume - secret: - secretName: datadog-kubelet-cert - updateStrategy: - rollingUpdate: - maxUnavailable: 10% - type: RollingUpdate ---- diff --git a/test/datadog/baseline/gdc_daemonset_logs_collection.yaml b/test/datadog/baseline/gdc_daemonset_logs_collection.yaml deleted file mode 100644 index b0e82243d..000000000 --- a/test/datadog/baseline/gdc_daemonset_logs_collection.yaml +++ /dev/null @@ -1,284 +0,0 @@ -apiVersion: apps/v1 -kind: DaemonSet -metadata: - labels: - app.kubernetes.io/component: agent - app.kubernetes.io/instance: datadog - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/name: datadog - app.kubernetes.io/version: "7" - env.datadoghq.com/kind: gke-gdc - name: datadog - namespace: datadog-agent -spec: - revisionHistoryLimit: 10 - selector: - matchLabels: - app: datadog - template: - metadata: - annotations: {} - labels: - admission.datadoghq.com/enabled: "false" - app: datadog - app.kubernetes.io/component: agent - app.kubernetes.io/instance: datadog - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/name: datadog - env.datadoghq.com/kind: gke-gdc - name: datadog - spec: - affinity: {} - automountServiceAccountToken: true - containers: - - command: - - agent - - run - env: - - name: DD_API_KEY - valueFrom: - secretKeyRef: - key: api-key - name: datadog-secret - - name: DD_REMOTE_CONFIGURATION_ENABLED - value: "false" - - name: DD_AUTH_TOKEN_FILE_PATH - value: /etc/datadog-agent/auth/token - - name: KUBERNETES - value: "yes" - - name: DD_KUBELET_CLIENT_CRT - value: /certs/tls.crt - - name: DD_KUBELET_CLIENT_KEY - value: /certs/tls.key - - name: DD_LANGUAGE_DETECTION_ENABLED - value: "false" - - name: DD_LANGUAGE_DETECTION_REPORTING_ENABLED - value: "false" - - name: DD_KUBERNETES_KUBELET_HOST - valueFrom: - fieldRef: - fieldPath: status.hostIP - - name: DD_NODE_NAME - valueFrom: - fieldRef: - apiVersion: v1 - fieldPath: spec.nodeName - - name: DD_HOSTNAME - value: $(DD_NODE_NAME)-$(DD_CLUSTER_NAME) - - name: DD_OTLP_CONFIG_LOGS_ENABLED - value: "false" - - name: DD_PROVIDER_KIND - value: gke-gdc - - name: DD_LOG_LEVEL - value: INFO - - name: DD_DOGSTATSD_PORT - value: "8125" - - name: DD_DOGSTATSD_NON_LOCAL_TRAFFIC - value: "true" - - name: DD_DOGSTATSD_TAG_CARDINALITY - value: low - - name: DD_CLUSTER_AGENT_ENABLED - value: "true" - - name: DD_CLUSTER_AGENT_KUBERNETES_SERVICE_NAME - value: datadog-cluster-agent - - name: DD_CLUSTER_AGENT_AUTH_TOKEN - valueFrom: - secretKeyRef: - key: token - name: datadog-cluster-agent - - name: DD_APM_ENABLED - value: "false" - - name: DD_LOGS_ENABLED - value: "true" - - name: DD_LOGS_CONFIG_CONTAINER_COLLECT_ALL - value: "true" - - name: DD_LOGS_CONFIG_K8S_CONTAINER_USE_FILE - value: "true" - - name: DD_LOGS_CONFIG_AUTO_MULTI_LINE_DETECTION - value: "true" - - name: DD_HEALTH_PORT - value: "5555" - - name: DD_EXTRA_CONFIG_PROVIDERS - value: clusterchecks endpointschecks - - name: DD_IGNORE_AUTOCONF - value: kubernetes_state - - name: DD_CONTAINER_LIFECYCLE_ENABLED - value: "true" - - name: DD_ORCHESTRATOR_EXPLORER_ENABLED - value: "true" - - name: DD_EXPVAR_PORT - value: "6000" - - name: DD_COMPLIANCE_CONFIG_ENABLED - value: "false" - - name: DD_CONTAINER_IMAGE_ENABLED - value: "true" - - name: DD_KUBELET_CORE_CHECK_ENABLED - value: "true" - image: gcr.io/datadoghq/agent:7.63.2 - imagePullPolicy: IfNotPresent - livenessProbe: - failureThreshold: 6 - httpGet: - path: /live - port: 5555 - scheme: HTTP - initialDelaySeconds: 15 - periodSeconds: 15 - successThreshold: 1 - timeoutSeconds: 5 - name: agent - ports: - - containerPort: 8125 - name: dogstatsdport - protocol: UDP - readinessProbe: - failureThreshold: 6 - httpGet: - path: /ready - port: 5555 - scheme: HTTP - initialDelaySeconds: 15 - periodSeconds: 15 - successThreshold: 1 - timeoutSeconds: 5 - resources: {} - startupProbe: - failureThreshold: 6 - httpGet: - path: /startup - port: 5555 - scheme: HTTP - initialDelaySeconds: 15 - periodSeconds: 15 - successThreshold: 1 - timeoutSeconds: 5 - volumeMounts: - - mountPath: /var/log/datadog - name: logdatadog - readOnly: false - - mountPath: /etc/datadog-agent/install_info - name: installinfo - readOnly: true - subPath: install_info - - mountPath: /tmp - name: tmpdir - readOnly: false - - mountPath: /etc/datadog-agent - name: config - readOnly: false - - mountPath: /etc/datadog-agent/auth - name: auth-token - readOnly: false - - mountPath: /opt/datadog-agent/run - mountPropagation: None - name: pointerdir - readOnly: false - - mountPath: /var/log/pods - mountPropagation: None - name: logpodpath - readOnly: true - - mountPath: /var/log/containers - mountPropagation: None - name: logscontainerspath - readOnly: true - - mountPath: /certs - name: kubelet-cert-volume - initContainers: - - args: - - cp -r /etc/datadog-agent /opt - command: - - bash - - -c - image: gcr.io/datadoghq/agent:7.63.2 - imagePullPolicy: IfNotPresent - name: init-volume - resources: {} - volumeMounts: - - mountPath: /opt/datadog-agent - name: config - readOnly: false - - args: - - for script in $(find /etc/cont-init.d/ -type f -name '*.sh' | sort) ; do bash $script ; done - command: - - bash - - -c - env: - - name: DD_API_KEY - valueFrom: - secretKeyRef: - key: api-key - name: datadog-secret - - name: DD_REMOTE_CONFIGURATION_ENABLED - value: "false" - - name: DD_AUTH_TOKEN_FILE_PATH - value: /etc/datadog-agent/auth/token - - name: KUBERNETES - value: "yes" - - name: DD_KUBELET_CLIENT_CRT - value: /certs/tls.crt - - name: DD_KUBELET_CLIENT_KEY - value: /certs/tls.key - - name: DD_LANGUAGE_DETECTION_ENABLED - value: "false" - - name: DD_LANGUAGE_DETECTION_REPORTING_ENABLED - value: "false" - - name: DD_KUBERNETES_KUBELET_HOST - valueFrom: - fieldRef: - fieldPath: status.hostIP - - name: DD_NODE_NAME - valueFrom: - fieldRef: - apiVersion: v1 - fieldPath: spec.nodeName - - name: DD_HOSTNAME - value: $(DD_NODE_NAME)-$(DD_CLUSTER_NAME) - - name: DD_OTLP_CONFIG_LOGS_ENABLED - value: "false" - - name: DD_PROVIDER_KIND - value: gke-gdc - image: gcr.io/datadoghq/agent:7.63.2 - imagePullPolicy: IfNotPresent - name: init-config - resources: {} - volumeMounts: - - mountPath: /etc/datadog-agent - name: config - readOnly: false - nodeSelector: - kubernetes.io/os: linux - securityContext: - runAsUser: 0 - serviceAccountName: datadog - tolerations: null - volumes: - - emptyDir: {} - name: auth-token - - configMap: - name: datadog-installinfo - name: installinfo - - emptyDir: {} - name: config - - emptyDir: {} - name: logdatadog - - emptyDir: {} - name: tmpdir - - emptyDir: {} - name: s6-run - - hostPath: - path: /var/datadog/logs - name: pointerdir - - hostPath: - path: /var/log/pods - name: logpodpath - - hostPath: - path: /var/log/containers - name: logscontainerspath - - name: kubelet-cert-volume - secret: - secretName: datadog-kubelet-cert - updateStrategy: - rollingUpdate: - maxUnavailable: 10% - type: RollingUpdate ---- diff --git a/test/datadog/baseline/manifests/default_all_windows.yaml b/test/datadog/baseline/manifests/default_all_windows.yaml new file mode 100644 index 000000000..027b96473 --- /dev/null +++ b/test/datadog/baseline/manifests/default_all_windows.yaml @@ -0,0 +1,1274 @@ +apiVersion: v1 +automountServiceAccountToken: true +kind: ServiceAccount +metadata: + labels: + app: datadog + app.kubernetes.io/instance: datadog + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: datadog + app.kubernetes.io/version: "7" + heritage: Helm + release: datadog + name: datadog-cluster-agent + namespace: datadog-agent +--- +apiVersion: v1 +automountServiceAccountToken: true +kind: ServiceAccount +metadata: + labels: + app.kubernetes.io/instance: datadog + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: datadog + app.kubernetes.io/version: "7" + name: datadog + namespace: datadog-agent +--- +apiVersion: v1 +data: {} +kind: Secret +metadata: + labels: + app.kubernetes.io/instance: datadog + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: datadog + app.kubernetes.io/version: "7" + name: datadog-cluster-agent + namespace: datadog-agent +type: Opaque +--- +apiVersion: v1 +data: + kubernetes_apiserver.yaml: |- + init_config: + instances: + - + filtering_enabled: false + unbundle_events: false + kubernetes_state_core.yaml.default: |- + init_config: + instances: + - collectors: + - secrets + - configmaps + - nodes + - pods + - services + - resourcequotas + - replicationcontrollers + - limitranges + - persistentvolumeclaims + - persistentvolumes + - namespaces + - endpoints + - daemonsets + - deployments + - replicasets + - statefulsets + - cronjobs + - jobs + - horizontalpodautoscalers + - poddisruptionbudgets + - storageclasses + - volumeattachments + - ingresses + labels_as_tags: + {} + annotations_as_tags: + {} +kind: ConfigMap +metadata: + annotations: {} + labels: + app.kubernetes.io/instance: datadog + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: datadog + app.kubernetes.io/version: "7" + name: datadog-cluster-agent-confd + namespace: datadog-agent +--- +apiVersion: v1 +data: {} +kind: ConfigMap +metadata: + annotations: {} + labels: + app.kubernetes.io/instance: datadog + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: datadog + app.kubernetes.io/version: "7" + name: datadog-installinfo + namespace: datadog-agent +--- +apiVersion: v1 +data: + install_type: k8s_manual +kind: ConfigMap +metadata: + labels: + app.kubernetes.io/instance: datadog + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: datadog + app.kubernetes.io/version: "7" + name: datadog-kpi-telemetry-configmap + namespace: datadog-agent +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + labels: + app.kubernetes.io/instance: datadog + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: datadog + app.kubernetes.io/version: "7" + name: datadog-cluster-agent +rules: + - apiGroups: + - "" + resources: + - services + - endpoints + - pods + - nodes + - namespaces + - componentstatuses + - limitranges + verbs: + - get + - list + - watch + - apiGroups: + - "" + resources: + - events + verbs: + - get + - list + - watch + - create + - apiGroups: + - discovery.k8s.io + resources: + - endpointslices + verbs: + - get + - list + - watch + - apiGroups: + - quota.openshift.io + resources: + - clusterresourcequotas + verbs: + - get + - list + - apiGroups: + - autoscaling + resources: + - horizontalpodautoscalers + verbs: + - list + - watch + - apiGroups: + - "" + resourceNames: + - datadogtoken + - datadogtoken + resources: + - configmaps + verbs: + - get + - update + - apiGroups: + - "" + resourceNames: + - datadog-leader-election + - datadog-leader-election + resources: + - configmaps + verbs: + - get + - update + - apiGroups: + - coordination.k8s.io + resourceNames: + - datadog-leader-election + resources: + - leases + verbs: + - get + - update + - apiGroups: + - coordination.k8s.io + resources: + - leases + verbs: + - create + - apiGroups: + - "" + resources: + - configmaps + - events + verbs: + - create + - nonResourceURLs: + - /version + - /healthz + verbs: + - get + - apiGroups: + - "" + resourceNames: + - kube-system + resources: + - namespaces + verbs: + - get + - apiGroups: + - "" + resourceNames: + - datadog-cluster-id + resources: + - configmaps + verbs: + - create + - get + - update + - apiGroups: + - "" + resources: + - persistentvolumes + - persistentvolumeclaims + - serviceaccounts + verbs: + - list + - get + - watch + - apiGroups: + - apps + resources: + - deployments + - replicasets + - daemonsets + - statefulsets + verbs: + - list + - get + - watch + - apiGroups: + - batch + resources: + - cronjobs + - jobs + verbs: + - list + - get + - watch + - apiGroups: + - networking.k8s.io + resources: + - ingresses + - networkpolicies + verbs: + - list + - get + - watch + - apiGroups: + - rbac.authorization.k8s.io + resources: + - roles + - rolebindings + - clusterroles + - clusterrolebindings + verbs: + - list + - get + - watch + - apiGroups: + - storage.k8s.io + resources: + - storageclasses + verbs: + - list + - get + - watch + - apiGroups: + - autoscaling.k8s.io + resources: + - verticalpodautoscalers + verbs: + - list + - get + - watch + - apiGroups: + - apiextensions.k8s.io + resources: + - customresourcedefinitions + verbs: + - list + - get + - watch + - apiGroups: + - admissionregistration.k8s.io + resourceNames: + - datadog-webhook + resources: + - validatingwebhookconfigurations + - mutatingwebhookconfigurations + verbs: + - get + - list + - watch + - update + - delete + - apiGroups: + - admissionregistration.k8s.io + resources: + - validatingwebhookconfigurations + - mutatingwebhookconfigurations + verbs: + - create + - apiGroups: + - batch + resources: + - jobs + - cronjobs + verbs: + - get + - apiGroups: + - apps + resources: + - statefulsets + - replicasets + - deployments + - daemonsets + verbs: + - get + - apiGroups: + - security.openshift.io + resourceNames: + - datadog-cluster-agent + - hostnetwork + resources: + - securitycontextconstraints + verbs: + - use +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + labels: + app.kubernetes.io/instance: datadog + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: datadog + app.kubernetes.io/version: "7" + name: datadog-ksm-core +rules: + - apiGroups: + - "" + resources: + - secrets + - configmaps + - nodes + - pods + - services + - resourcequotas + - replicationcontrollers + - limitranges + - persistentvolumeclaims + - persistentvolumes + - namespaces + - endpoints + - events + verbs: + - list + - watch + - apiGroups: + - extensions + resources: + - daemonsets + - deployments + - replicasets + verbs: + - list + - watch + - apiGroups: + - apps + resources: + - statefulsets + - daemonsets + - deployments + - replicasets + verbs: + - list + - watch + - apiGroups: + - batch + resources: + - cronjobs + - jobs + verbs: + - list + - watch + - apiGroups: + - autoscaling + resources: + - horizontalpodautoscalers + verbs: + - list + - watch + - apiGroups: + - policy + resources: + - poddisruptionbudgets + verbs: + - list + - watch + - apiGroups: + - storage.k8s.io + resources: + - storageclasses + - volumeattachments + verbs: + - list + - watch + - apiGroups: + - networking.k8s.io + resources: + - ingresses + verbs: + - list + - watch + - apiGroups: + - apiextensions.k8s.io + resources: + - customresourcedefinitions + verbs: + - list + - watch +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + labels: + app.kubernetes.io/instance: datadog + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: datadog + app.kubernetes.io/version: "7" + name: datadog +rules: + - nonResourceURLs: + - /metrics + - /metrics/slis + verbs: + - get + - apiGroups: + - "" + resources: + - nodes/metrics + - nodes/spec + - nodes/proxy + - nodes/stats + verbs: + - get + - apiGroups: + - "" + resources: + - endpoints + verbs: + - get + - apiGroups: + - security.openshift.io + resourceNames: + - datadog + - hostaccess + - privileged + resources: + - securitycontextconstraints + verbs: + - use + - apiGroups: + - coordination.k8s.io + resources: + - leases + verbs: + - get + - apiGroups: + - metrics.eks.amazonaws.com + resources: + - kcm/metrics + - ksh/metrics + verbs: + - get +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + labels: + app.kubernetes.io/instance: datadog + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: datadog + app.kubernetes.io/version: "7" + name: datadog-cluster-agent +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: datadog-cluster-agent +subjects: + - kind: ServiceAccount + name: datadog-cluster-agent + namespace: datadog-agent +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + labels: + app.kubernetes.io/instance: datadog + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: datadog + app.kubernetes.io/version: "7" + name: datadog-ksm-core +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: datadog-ksm-core +subjects: + - kind: ServiceAccount + name: datadog-cluster-agent + namespace: datadog-agent +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + labels: + app.kubernetes.io/instance: datadog + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: datadog + app.kubernetes.io/version: "7" + name: datadog +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: datadog +subjects: + - kind: ServiceAccount + name: datadog + namespace: datadog-agent +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + labels: + app.kubernetes.io/instance: datadog + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: datadog + app.kubernetes.io/version: "7" + name: datadog-cluster-agent-main + namespace: datadog-agent +rules: + - apiGroups: + - "" + resources: + - secrets + verbs: + - get + - list + - watch + - update + - create +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + labels: + app.kubernetes.io/instance: datadog + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: datadog + app.kubernetes.io/version: "7" + name: datadog-dca-flare + namespace: datadog-agent +rules: + - apiGroups: + - "" + resources: + - secrets + - configmaps + verbs: + - get + - list +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + labels: + app.kubernetes.io/instance: datadog + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: datadog + app.kubernetes.io/version: "7" + name: datadog-cluster-agent-main + namespace: datadog-agent +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: datadog-cluster-agent-main +subjects: + - kind: ServiceAccount + name: datadog-cluster-agent + namespace: datadog-agent +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + labels: + app.kubernetes.io/instance: datadog + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: datadog + app.kubernetes.io/version: "7" + name: datadog-dca-flare + namespace: datadog-agent +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: datadog-dca-flare +subjects: + - kind: ServiceAccount + name: datadog-cluster-agent + namespace: datadog-agent +--- +apiVersion: v1 +kind: Service +metadata: + labels: + app.kubernetes.io/instance: datadog + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: datadog + app.kubernetes.io/version: "7" + name: datadog-cluster-agent + namespace: datadog-agent +spec: + ports: + - name: agentport + port: 5005 + protocol: TCP + selector: + app: datadog-cluster-agent + type: ClusterIP +--- +apiVersion: v1 +kind: Service +metadata: + labels: + app: datadog + app.kubernetes.io/instance: datadog + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: datadog + app.kubernetes.io/version: "7" + heritage: Helm + release: datadog + name: datadog-cluster-agent-admission-controller + namespace: datadog-agent +spec: + ports: + - name: datadog-webhook + port: 443 + protocol: TCP + targetPort: 8000 + selector: + app: datadog-cluster-agent +--- +apiVersion: v1 +kind: Service +metadata: + labels: + app: datadog + app.kubernetes.io/instance: datadog + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: datadog + app.kubernetes.io/version: "7" + heritage: Helm + release: datadog + name: datadog + namespace: datadog-agent +spec: + internalTrafficPolicy: Local + ports: + - name: dogstatsdport + port: 8125 + protocol: UDP + targetPort: 8125 + - name: traceport + port: 8126 + protocol: TCP + targetPort: 8126 + selector: + app: datadog +--- +apiVersion: apps/v1 +kind: DaemonSet +metadata: + labels: + app.kubernetes.io/component: agent + app.kubernetes.io/instance: datadog + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: datadog + app.kubernetes.io/version: "7" + name: datadog + namespace: datadog-agent +spec: + revisionHistoryLimit: 10 + selector: + matchLabels: + app: datadog + template: + metadata: + annotations: {} + labels: + admission.datadoghq.com/enabled: "false" + app: datadog + app.kubernetes.io/component: agent + app.kubernetes.io/instance: datadog + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: datadog + name: datadog + spec: + affinity: {} + automountServiceAccountToken: true + containers: + - command: + - agent + - run + env: + - name: DD_API_KEY + valueFrom: + secretKeyRef: + key: api-key + name: datadog-secret + - name: DD_REMOTE_CONFIGURATION_ENABLED + value: "true" + - name: DD_AUTH_TOKEN_FILE_PATH + value: C:/ProgramData/Datadog/auth/token + - name: KUBERNETES + value: "yes" + - name: DD_LANGUAGE_DETECTION_ENABLED + value: "false" + - name: DD_LANGUAGE_DETECTION_REPORTING_ENABLED + value: "false" + - name: DD_KUBERNETES_KUBELET_HOST + valueFrom: + fieldRef: + fieldPath: status.hostIP + - name: DD_OTLP_CONFIG_LOGS_ENABLED + value: "false" + - name: DD_PROCESS_CONFIG_PROCESS_COLLECTION_ENABLED + value: "false" + - name: DD_PROCESS_CONFIG_CONTAINER_COLLECTION_ENABLED + value: "true" + - name: DD_PROCESS_AGENT_DISCOVERY_ENABLED + value: "true" + - name: DD_STRIP_PROCESS_ARGS + value: "false" + - name: DD_LOG_LEVEL + value: INFO + - name: DD_DOGSTATSD_PORT + value: "8125" + - name: DD_DOGSTATSD_NON_LOCAL_TRAFFIC + value: "true" + - name: DD_DOGSTATSD_TAG_CARDINALITY + value: low + - name: DD_CLUSTER_AGENT_ENABLED + value: "true" + - name: DD_CLUSTER_AGENT_KUBERNETES_SERVICE_NAME + value: datadog-cluster-agent + - name: DD_CLUSTER_AGENT_AUTH_TOKEN + valueFrom: + secretKeyRef: + key: token + name: datadog-cluster-agent + - name: DD_APM_ENABLED + value: "false" + - name: DD_LOGS_ENABLED + value: "false" + - name: DD_LOGS_CONFIG_CONTAINER_COLLECT_ALL + value: "false" + - name: DD_LOGS_CONFIG_K8S_CONTAINER_USE_FILE + value: "true" + - name: DD_LOGS_CONFIG_AUTO_MULTI_LINE_DETECTION + value: "false" + - name: DD_HEALTH_PORT + value: "5555" + - name: DD_EXTRA_CONFIG_PROVIDERS + value: clusterchecks endpointschecks + - name: DD_IGNORE_AUTOCONF + value: kubernetes_state + - name: DD_CONTAINER_LIFECYCLE_ENABLED + value: "true" + - name: DD_ORCHESTRATOR_EXPLORER_ENABLED + value: "true" + - name: DD_EXPVAR_PORT + value: "6000" + - name: DD_COMPLIANCE_CONFIG_ENABLED + value: "false" + - name: DD_CONTAINER_IMAGE_ENABLED + value: "true" + - name: DD_KUBELET_CORE_CHECK_ENABLED + value: "true" + - name: DD_KUBERNETES_KUBELET_PODRESOURCES_SOCKET + value: /var/lib/kubelet/pod-resources/kubelet.sock + image: gcr.io/datadoghq/agent:7.63.2 + imagePullPolicy: IfNotPresent + livenessProbe: + failureThreshold: 6 + httpGet: + path: /live + port: 5555 + scheme: HTTP + initialDelaySeconds: 15 + periodSeconds: 15 + successThreshold: 1 + timeoutSeconds: 5 + name: agent + ports: + - containerPort: 8125 + name: dogstatsdport + protocol: UDP + readinessProbe: + failureThreshold: 6 + httpGet: + path: /ready + port: 5555 + scheme: HTTP + initialDelaySeconds: 15 + periodSeconds: 15 + successThreshold: 1 + timeoutSeconds: 5 + resources: {} + startupProbe: + failureThreshold: 6 + httpGet: + path: /startup + port: 5555 + scheme: HTTP + initialDelaySeconds: 15 + periodSeconds: 15 + successThreshold: 1 + timeoutSeconds: 5 + volumeMounts: + - mountPath: C:/ProgramData/Datadog/logs + name: logdatadog + readOnly: false + - mountPath: C:/ProgramData/Datadog + name: config + readOnly: false + - mountPath: C:/ProgramData/Datadog/auth + name: auth-token + readOnly: false + - mountPath: \\.\pipe\docker_engine + name: runtimesocket + - mountPath: \\.\pipe\containerd-containerd + name: containerdsocket + - command: + - process-agent + - -foreground + - --cfgpath=C:/ProgramData/Datadog/datadog.yaml + env: + - name: DD_API_KEY + valueFrom: + secretKeyRef: + key: api-key + name: datadog-secret + - name: DD_REMOTE_CONFIGURATION_ENABLED + value: "true" + - name: DD_AUTH_TOKEN_FILE_PATH + value: C:/ProgramData/Datadog/auth/token + - name: KUBERNETES + value: "yes" + - name: DD_LANGUAGE_DETECTION_ENABLED + value: "false" + - name: DD_LANGUAGE_DETECTION_REPORTING_ENABLED + value: "false" + - name: DD_KUBERNETES_KUBELET_HOST + valueFrom: + fieldRef: + fieldPath: status.hostIP + - name: DD_OTLP_CONFIG_LOGS_ENABLED + value: "false" + - name: DD_CLUSTER_AGENT_ENABLED + value: "true" + - name: DD_CLUSTER_AGENT_KUBERNETES_SERVICE_NAME + value: datadog-cluster-agent + - name: DD_CLUSTER_AGENT_AUTH_TOKEN + valueFrom: + secretKeyRef: + key: token + name: datadog-cluster-agent + - name: DD_PROCESS_CONFIG_PROCESS_COLLECTION_ENABLED + value: "false" + - name: DD_PROCESS_CONFIG_CONTAINER_COLLECTION_ENABLED + value: "true" + - name: DD_PROCESS_AGENT_DISCOVERY_ENABLED + value: "true" + - name: DD_STRIP_PROCESS_ARGS + value: "false" + - name: DD_LOG_LEVEL + value: INFO + - name: DD_SYSTEM_PROBE_ENABLED + value: "false" + - name: DD_ORCHESTRATOR_EXPLORER_ENABLED + value: "true" + image: gcr.io/datadoghq/agent:7.63.2 + imagePullPolicy: IfNotPresent + name: process-agent + resources: {} + volumeMounts: + - mountPath: C:/ProgramData/Datadog + name: config + readOnly: true + - mountPath: C:/ProgramData/Datadog/logs + name: logdatadog + readOnly: false + - mountPath: \\.\pipe\docker_engine + name: runtimesocket + - mountPath: \\.\pipe\containerd-containerd + name: containerdsocket + initContainers: + - args: + - | + Copy-Item -Recurse -Force C:/ProgramData/Datadog C:/Temp + Copy-Item -Force C:/Temp/install_info/install_info C:/Temp/Datadog/install_info + command: + - pwsh + - -Command + image: gcr.io/datadoghq/agent:7.63.2 + imagePullPolicy: IfNotPresent + name: init-volume + resources: {} + volumeMounts: + - mountPath: C:/Temp/Datadog + name: config + readOnly: false + - mountPath: C:/Temp/install_info + name: installinfo + readOnly: true + - args: + - Get-ChildItem 'entrypoint-ps1' | ForEach-Object { & $_.FullName if (-Not $?) { exit 1 } } + command: + - pwsh + - -Command + env: + - name: DD_API_KEY + valueFrom: + secretKeyRef: + key: api-key + name: datadog-secret + - name: DD_REMOTE_CONFIGURATION_ENABLED + value: "true" + - name: DD_AUTH_TOKEN_FILE_PATH + value: C:/ProgramData/Datadog/auth/token + - name: KUBERNETES + value: "yes" + - name: DD_LANGUAGE_DETECTION_ENABLED + value: "false" + - name: DD_LANGUAGE_DETECTION_REPORTING_ENABLED + value: "false" + - name: DD_KUBERNETES_KUBELET_HOST + valueFrom: + fieldRef: + fieldPath: status.hostIP + - name: DD_OTLP_CONFIG_LOGS_ENABLED + value: "false" + image: gcr.io/datadoghq/agent:7.63.2 + imagePullPolicy: IfNotPresent + name: init-config + resources: {} + volumeMounts: + - mountPath: C:/ProgramData/Datadog + name: config + readOnly: false + - mountPath: \\.\pipe\docker_engine + name: runtimesocket + - mountPath: \\.\pipe\containerd-containerd + name: containerdsocket + nodeSelector: + kubernetes.io/os: windows + serviceAccountName: datadog + tolerations: + - effect: NoSchedule + key: node.kubernetes.io/os + operator: Equal + value: windows + volumes: + - emptyDir: {} + name: auth-token + - configMap: + name: datadog-installinfo + name: installinfo + - emptyDir: {} + name: config + - hostPath: + path: \\.\pipe\docker_engine + name: runtimesocket + - hostPath: + path: \\.\pipe\containerd-containerd + name: containerdsocket + - emptyDir: {} + name: logdatadog + updateStrategy: + rollingUpdate: + maxUnavailable: 10% + type: RollingUpdate +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + labels: + app.kubernetes.io/component: cluster-agent + app.kubernetes.io/instance: datadog + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: datadog + app.kubernetes.io/version: "7" + name: datadog-cluster-agent + namespace: datadog-agent +spec: + replicas: 1 + revisionHistoryLimit: 10 + selector: + matchLabels: + app: datadog-cluster-agent + strategy: + rollingUpdate: + maxSurge: 1 + maxUnavailable: 0 + type: RollingUpdate + template: + metadata: + annotations: {} + labels: + admission.datadoghq.com/enabled: "false" + app: datadog-cluster-agent + app.kubernetes.io/component: cluster-agent + app.kubernetes.io/instance: datadog + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: datadog + name: datadog-cluster-agent + spec: + affinity: + podAntiAffinity: + preferredDuringSchedulingIgnoredDuringExecution: + - podAffinityTerm: + labelSelector: + matchLabels: + app: datadog-cluster-agent + topologyKey: kubernetes.io/hostname + weight: 50 + automountServiceAccountToken: true + containers: + - env: + - name: DD_POD_NAME + valueFrom: + fieldRef: + fieldPath: metadata.name + - name: DD_CLUSTER_AGENT_SERVICE_ACCOUNT_NAME + valueFrom: + fieldRef: + fieldPath: spec.serviceAccountName + - name: DD_HEALTH_PORT + value: "5556" + - name: DD_API_KEY + valueFrom: + secretKeyRef: + key: api-key + name: datadog-secret + optional: true + - name: KUBERNETES + value: "yes" + - name: DD_LANGUAGE_DETECTION_ENABLED + value: "false" + - name: DD_LANGUAGE_DETECTION_REPORTING_ENABLED + value: "false" + - name: DD_ADMISSION_CONTROLLER_ENABLED + value: "true" + - name: DD_ADMISSION_CONTROLLER_VALIDATION_ENABLED + value: "true" + - name: DD_ADMISSION_CONTROLLER_MUTATION_ENABLED + value: "true" + - name: DD_ADMISSION_CONTROLLER_WEBHOOK_NAME + value: datadog-webhook + - name: DD_ADMISSION_CONTROLLER_MUTATE_UNLABELLED + value: "false" + - name: DD_ADMISSION_CONTROLLER_SERVICE_NAME + value: datadog-cluster-agent-admission-controller + - name: DD_ADMISSION_CONTROLLER_INJECT_CONFIG_MODE + value: socket + - name: DD_ADMISSION_CONTROLLER_INJECT_CONFIG_LOCAL_SERVICE_NAME + value: datadog + - name: DD_ADMISSION_CONTROLLER_FAILURE_POLICY + value: Ignore + - name: DD_ADMISSION_CONTROLLER_PORT + value: "8000" + - name: DD_ADMISSION_CONTROLLER_CONTAINER_REGISTRY + value: gcr.io/datadoghq + - name: DD_REMOTE_CONFIGURATION_ENABLED + value: "false" + - name: DD_CLUSTER_CHECKS_ENABLED + value: "true" + - name: DD_EXTRA_CONFIG_PROVIDERS + value: kube_endpoints kube_services + - name: DD_EXTRA_LISTENERS + value: kube_endpoints kube_services + - name: DD_LOG_LEVEL + value: INFO + - name: DD_LEADER_ELECTION + value: "true" + - name: DD_LEADER_ELECTION_DEFAULT_RESOURCE + value: configmap + - name: DD_LEADER_LEASE_NAME + value: datadog-leader-election + - name: DD_CLUSTER_AGENT_TOKEN_NAME + value: datadogtoken + - name: DD_COLLECT_KUBERNETES_EVENTS + value: "true" + - name: DD_KUBERNETES_USE_ENDPOINT_SLICES + value: "false" + - name: DD_KUBERNETES_EVENTS_SOURCE_DETECTION_ENABLED + value: "false" + - name: DD_CLUSTER_AGENT_KUBERNETES_SERVICE_NAME + value: datadog-cluster-agent + - name: DD_CLUSTER_AGENT_AUTH_TOKEN + valueFrom: + secretKeyRef: + key: token + name: datadog-cluster-agent + - name: DD_CLUSTER_AGENT_COLLECT_KUBERNETES_TAGS + value: "false" + - name: DD_KUBE_RESOURCES_NAMESPACE + value: datadog-agent + - name: CHART_RELEASE_NAME + value: datadog + - name: AGENT_DAEMONSET + value: datadog + - name: CLUSTER_AGENT_DEPLOYMENT + value: datadog-cluster-agent + - name: DD_ORCHESTRATOR_EXPLORER_ENABLED + value: "true" + - name: DD_ORCHESTRATOR_EXPLORER_CONTAINER_SCRUBBING_ENABLED + value: "true" + - name: DD_CLUSTER_AGENT_LANGUAGE_DETECTION_PATCHER_ENABLED + value: "false" + - name: DD_INSTRUMENTATION_INSTALL_TIME + valueFrom: + configMapKeyRef: + key: install_time + name: datadog-kpi-telemetry-configmap + - name: DD_INSTRUMENTATION_INSTALL_ID + valueFrom: + configMapKeyRef: + key: install_id + name: datadog-kpi-telemetry-configmap + - name: DD_INSTRUMENTATION_INSTALL_TYPE + valueFrom: + configMapKeyRef: + key: install_type + name: datadog-kpi-telemetry-configmap + image: gcr.io/datadoghq/cluster-agent:7.63.2 + imagePullPolicy: IfNotPresent + livenessProbe: + failureThreshold: 6 + httpGet: + path: /live + port: 5556 + scheme: HTTP + initialDelaySeconds: 15 + periodSeconds: 15 + successThreshold: 1 + timeoutSeconds: 5 + name: cluster-agent + ports: + - containerPort: 5005 + name: agentport + protocol: TCP + - containerPort: 5000 + name: agentmetrics + protocol: TCP + - containerPort: 8000 + name: datadog-webhook + protocol: TCP + readinessProbe: + failureThreshold: 6 + httpGet: + path: /ready + port: 5556 + scheme: HTTP + initialDelaySeconds: 15 + periodSeconds: 15 + successThreshold: 1 + timeoutSeconds: 5 + resources: {} + securityContext: + allowPrivilegeEscalation: false + readOnlyRootFilesystem: true + startupProbe: + failureThreshold: 6 + httpGet: + path: /startup + port: 5556 + scheme: HTTP + initialDelaySeconds: 15 + periodSeconds: 15 + successThreshold: 1 + timeoutSeconds: 5 + volumeMounts: + - mountPath: /opt/datadog-agent/run + name: datadogrun + readOnly: false + - mountPath: /var/log/datadog + name: varlog + readOnly: false + - mountPath: /tmp + name: tmpdir + readOnly: false + - mountPath: C:/ProgramData/Datadog/install_info + name: installinfo + readOnly: true + subPath: install_info + - mountPath: /conf.d + name: confd + readOnly: true + - mountPath: /etc/datadog-agent + name: config + initContainers: + - args: + - /etc/datadog-agent + - /opt + command: + - cp + - -r + image: gcr.io/datadoghq/cluster-agent:7.63.2 + imagePullPolicy: IfNotPresent + name: init-volume + volumeMounts: + - mountPath: /opt/datadog-agent + name: config + nodeSelector: + kubernetes.io/os: windows + serviceAccountName: datadog-cluster-agent + volumes: + - emptyDir: {} + name: datadogrun + - emptyDir: {} + name: varlog + - emptyDir: {} + name: tmpdir + - configMap: + name: datadog-installinfo + name: installinfo + - configMap: + items: + - key: kubernetes_state_core.yaml.default + path: kubernetes_state_core.yaml.default + - key: kubernetes_apiserver.yaml + path: kubernetes_apiserver.yaml + name: datadog-cluster-agent-confd + name: confd + - emptyDir: {} + name: config +--- diff --git a/test/datadog/baseline/manifests/otel_enabled.yaml b/test/datadog/baseline/manifests/otel_enabled.yaml new file mode 100644 index 000000000..7f74974d0 --- /dev/null +++ b/test/datadog/baseline/manifests/otel_enabled.yaml @@ -0,0 +1,1535 @@ +apiVersion: v1 +automountServiceAccountToken: true +kind: ServiceAccount +metadata: + labels: + app: datadog + app.kubernetes.io/instance: datadog + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: datadog + app.kubernetes.io/version: "7" + heritage: Helm + release: datadog + name: datadog-cluster-agent + namespace: datadog-agent +--- +apiVersion: v1 +automountServiceAccountToken: true +kind: ServiceAccount +metadata: + labels: + app.kubernetes.io/instance: datadog + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: datadog + app.kubernetes.io/version: "7" + name: datadog + namespace: datadog-agent +--- +apiVersion: v1 +data: {} +kind: Secret +metadata: + labels: + app.kubernetes.io/instance: datadog + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: datadog + app.kubernetes.io/version: "7" + name: datadog-cluster-agent + namespace: datadog-agent +type: Opaque +--- +apiVersion: v1 +data: + kubernetes_apiserver.yaml: |- + init_config: + instances: + - + filtering_enabled: false + unbundle_events: false + kubernetes_state_core.yaml.default: |- + init_config: + instances: + - collectors: + - secrets + - configmaps + - nodes + - pods + - services + - resourcequotas + - replicationcontrollers + - limitranges + - persistentvolumeclaims + - persistentvolumes + - namespaces + - endpoints + - daemonsets + - deployments + - replicasets + - statefulsets + - cronjobs + - jobs + - horizontalpodautoscalers + - poddisruptionbudgets + - storageclasses + - volumeattachments + - ingresses + labels_as_tags: + {} + annotations_as_tags: + {} +kind: ConfigMap +metadata: + annotations: {} + labels: + app.kubernetes.io/instance: datadog + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: datadog + app.kubernetes.io/version: "7" + name: datadog-cluster-agent-confd + namespace: datadog-agent +--- +apiVersion: v1 +data: {} +kind: ConfigMap +metadata: + annotations: {} + labels: + app.kubernetes.io/instance: datadog + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: datadog + app.kubernetes.io/version: "7" + name: datadog-installinfo + namespace: datadog-agent +--- +apiVersion: v1 +data: + install_type: k8s_manual +kind: ConfigMap +metadata: + labels: + app.kubernetes.io/instance: datadog + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: datadog + app.kubernetes.io/version: "7" + name: datadog-kpi-telemetry-configmap + namespace: datadog-agent +--- +apiVersion: v1 +data: + otel-config.yaml: | + receivers: + prometheus: + config: + scrape_configs: + - job_name: "otelcol" + scrape_interval: 10s + static_configs: + - targets: ["0.0.0.0:8888"] + otlp: + protocols: + grpc: + endpoint: 0.0.0.0:4317 + http: + endpoint: 0.0.0.0:4318 + exporters: + debug: + verbosity: detailed + datadog: + api: + key: ${env:DD_API_KEY} + site: "" + processors: + infraattributes: + cardinality: 2 + batch: + timeout: 10s + connectors: + datadog/connector: + traces: + compute_top_level_by_span_kind: true + peer_tags_aggregation: true + compute_stats_by_span_kind: true + service: + pipelines: + traces: + receivers: [otlp] + processors: [infraattributes, batch] + exporters: [datadog, datadog/connector] + metrics: + receivers: [otlp, datadog/connector, prometheus] + processors: [infraattributes, batch] + exporters: [datadog] + logs: + receivers: [otlp] + processors: [infraattributes, batch] + exporters: [datadog] +kind: ConfigMap +metadata: + annotations: + checksum/otel-config: 7442a7b9ad409386207bbf9d49106e0a931ebd258432e9c551f0c32e28dc9d85 + labels: + app.kubernetes.io/instance: datadog + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: datadog + app.kubernetes.io/version: "7" + name: datadog-otel-config + namespace: datadog-agent +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + labels: + app.kubernetes.io/instance: datadog + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: datadog + app.kubernetes.io/version: "7" + name: datadog-cluster-agent +rules: + - apiGroups: + - "" + resources: + - services + - endpoints + - pods + - nodes + - namespaces + - componentstatuses + - limitranges + verbs: + - get + - list + - watch + - apiGroups: + - "" + resources: + - events + verbs: + - get + - list + - watch + - create + - apiGroups: + - discovery.k8s.io + resources: + - endpointslices + verbs: + - get + - list + - watch + - apiGroups: + - quota.openshift.io + resources: + - clusterresourcequotas + verbs: + - get + - list + - apiGroups: + - autoscaling + resources: + - horizontalpodautoscalers + verbs: + - list + - watch + - apiGroups: + - "" + resourceNames: + - datadogtoken + - datadogtoken + resources: + - configmaps + verbs: + - get + - update + - apiGroups: + - "" + resourceNames: + - datadog-leader-election + - datadog-leader-election + resources: + - configmaps + verbs: + - get + - update + - apiGroups: + - coordination.k8s.io + resourceNames: + - datadog-leader-election + resources: + - leases + verbs: + - get + - update + - apiGroups: + - coordination.k8s.io + resources: + - leases + verbs: + - create + - apiGroups: + - "" + resources: + - configmaps + - events + verbs: + - create + - nonResourceURLs: + - /version + - /healthz + verbs: + - get + - apiGroups: + - "" + resourceNames: + - kube-system + resources: + - namespaces + verbs: + - get + - apiGroups: + - "" + resourceNames: + - datadog-cluster-id + resources: + - configmaps + verbs: + - create + - get + - update + - apiGroups: + - "" + resources: + - persistentvolumes + - persistentvolumeclaims + - serviceaccounts + verbs: + - list + - get + - watch + - apiGroups: + - apps + resources: + - deployments + - replicasets + - daemonsets + - statefulsets + verbs: + - list + - get + - watch + - apiGroups: + - batch + resources: + - cronjobs + - jobs + verbs: + - list + - get + - watch + - apiGroups: + - networking.k8s.io + resources: + - ingresses + - networkpolicies + verbs: + - list + - get + - watch + - apiGroups: + - rbac.authorization.k8s.io + resources: + - roles + - rolebindings + - clusterroles + - clusterrolebindings + verbs: + - list + - get + - watch + - apiGroups: + - storage.k8s.io + resources: + - storageclasses + verbs: + - list + - get + - watch + - apiGroups: + - autoscaling.k8s.io + resources: + - verticalpodautoscalers + verbs: + - list + - get + - watch + - apiGroups: + - apiextensions.k8s.io + resources: + - customresourcedefinitions + verbs: + - list + - get + - watch + - apiGroups: + - admissionregistration.k8s.io + resourceNames: + - datadog-webhook + resources: + - validatingwebhookconfigurations + - mutatingwebhookconfigurations + verbs: + - get + - list + - watch + - update + - delete + - apiGroups: + - admissionregistration.k8s.io + resources: + - validatingwebhookconfigurations + - mutatingwebhookconfigurations + verbs: + - create + - apiGroups: + - batch + resources: + - jobs + - cronjobs + verbs: + - get + - apiGroups: + - apps + resources: + - statefulsets + - replicasets + - deployments + - daemonsets + verbs: + - get + - apiGroups: + - security.openshift.io + resourceNames: + - datadog-cluster-agent + - hostnetwork + resources: + - securitycontextconstraints + verbs: + - use +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + labels: + app.kubernetes.io/instance: datadog + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: datadog + app.kubernetes.io/version: "7" + name: datadog-ksm-core +rules: + - apiGroups: + - "" + resources: + - secrets + - configmaps + - nodes + - pods + - services + - resourcequotas + - replicationcontrollers + - limitranges + - persistentvolumeclaims + - persistentvolumes + - namespaces + - endpoints + - events + verbs: + - list + - watch + - apiGroups: + - extensions + resources: + - daemonsets + - deployments + - replicasets + verbs: + - list + - watch + - apiGroups: + - apps + resources: + - statefulsets + - daemonsets + - deployments + - replicasets + verbs: + - list + - watch + - apiGroups: + - batch + resources: + - cronjobs + - jobs + verbs: + - list + - watch + - apiGroups: + - autoscaling + resources: + - horizontalpodautoscalers + verbs: + - list + - watch + - apiGroups: + - policy + resources: + - poddisruptionbudgets + verbs: + - list + - watch + - apiGroups: + - storage.k8s.io + resources: + - storageclasses + - volumeattachments + verbs: + - list + - watch + - apiGroups: + - networking.k8s.io + resources: + - ingresses + verbs: + - list + - watch + - apiGroups: + - apiextensions.k8s.io + resources: + - customresourcedefinitions + verbs: + - list + - watch +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + labels: + app.kubernetes.io/instance: datadog + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: datadog + app.kubernetes.io/version: "7" + name: datadog +rules: + - nonResourceURLs: + - /metrics + - /metrics/slis + verbs: + - get + - apiGroups: + - "" + resources: + - nodes/metrics + - nodes/spec + - nodes/proxy + - nodes/stats + verbs: + - get + - apiGroups: + - "" + resources: + - endpoints + verbs: + - get + - apiGroups: + - security.openshift.io + resourceNames: + - datadog + - hostaccess + - privileged + resources: + - securitycontextconstraints + verbs: + - use + - apiGroups: + - coordination.k8s.io + resources: + - leases + verbs: + - get + - apiGroups: + - metrics.eks.amazonaws.com + resources: + - kcm/metrics + - ksh/metrics + verbs: + - get +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + labels: + app.kubernetes.io/instance: datadog + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: datadog + app.kubernetes.io/version: "7" + name: datadog-cluster-agent +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: datadog-cluster-agent +subjects: + - kind: ServiceAccount + name: datadog-cluster-agent + namespace: datadog-agent +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + labels: + app.kubernetes.io/instance: datadog + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: datadog + app.kubernetes.io/version: "7" + name: datadog-ksm-core +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: datadog-ksm-core +subjects: + - kind: ServiceAccount + name: datadog-cluster-agent + namespace: datadog-agent +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + labels: + app.kubernetes.io/instance: datadog + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: datadog + app.kubernetes.io/version: "7" + name: datadog +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: datadog +subjects: + - kind: ServiceAccount + name: datadog + namespace: datadog-agent +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + labels: + app.kubernetes.io/instance: datadog + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: datadog + app.kubernetes.io/version: "7" + name: datadog-cluster-agent-main + namespace: datadog-agent +rules: + - apiGroups: + - "" + resources: + - secrets + verbs: + - get + - list + - watch + - update + - create +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + labels: + app.kubernetes.io/instance: datadog + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: datadog + app.kubernetes.io/version: "7" + name: datadog-dca-flare + namespace: datadog-agent +rules: + - apiGroups: + - "" + resources: + - secrets + - configmaps + verbs: + - get + - list +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + labels: + app.kubernetes.io/instance: datadog + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: datadog + app.kubernetes.io/version: "7" + name: datadog-cluster-agent-main + namespace: datadog-agent +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: datadog-cluster-agent-main +subjects: + - kind: ServiceAccount + name: datadog-cluster-agent + namespace: datadog-agent +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + labels: + app.kubernetes.io/instance: datadog + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: datadog + app.kubernetes.io/version: "7" + name: datadog-dca-flare + namespace: datadog-agent +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: datadog-dca-flare +subjects: + - kind: ServiceAccount + name: datadog-cluster-agent + namespace: datadog-agent +--- +apiVersion: v1 +kind: Service +metadata: + labels: + app.kubernetes.io/instance: datadog + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: datadog + app.kubernetes.io/version: "7" + name: datadog-cluster-agent + namespace: datadog-agent +spec: + ports: + - name: agentport + port: 5005 + protocol: TCP + selector: + app: datadog-cluster-agent + type: ClusterIP +--- +apiVersion: v1 +kind: Service +metadata: + labels: + app: datadog + app.kubernetes.io/instance: datadog + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: datadog + app.kubernetes.io/version: "7" + heritage: Helm + release: datadog + name: datadog-cluster-agent-admission-controller + namespace: datadog-agent +spec: + ports: + - name: datadog-webhook + port: 443 + protocol: TCP + targetPort: 8000 + selector: + app: datadog-cluster-agent +--- +apiVersion: v1 +kind: Service +metadata: + labels: + app: datadog + app.kubernetes.io/instance: datadog + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: datadog + app.kubernetes.io/version: "7" + heritage: Helm + release: datadog + name: datadog + namespace: datadog-agent +spec: + internalTrafficPolicy: Local + ports: + - name: dogstatsdport + port: 8125 + protocol: UDP + targetPort: 8125 + - name: traceport + port: 8126 + protocol: TCP + targetPort: 8126 + - name: otel-grpc + port: 4317 + protocol: TCP + targetPort: 4317 + - name: otel-http + port: 4318 + protocol: TCP + targetPort: 4318 + selector: + app: datadog +--- +apiVersion: apps/v1 +kind: DaemonSet +metadata: + labels: + app.kubernetes.io/component: agent + app.kubernetes.io/instance: datadog + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: datadog + app.kubernetes.io/version: "7" + name: datadog + namespace: datadog-agent +spec: + revisionHistoryLimit: 10 + selector: + matchLabels: + app: datadog + template: + metadata: + annotations: + checksum/otel-config: 946aa0996cb960514d901a597d35250d82c029a7453a05a6bc14e79e46cc6c1c + labels: + admission.datadoghq.com/enabled: "false" + app: datadog + app.kubernetes.io/component: agent + app.kubernetes.io/instance: datadog + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: datadog + name: datadog + spec: + affinity: {} + automountServiceAccountToken: true + containers: + - command: + - agent + - run + env: + - name: DD_API_KEY + valueFrom: + secretKeyRef: + key: api-key + name: datadog-secret + - name: DD_REMOTE_CONFIGURATION_ENABLED + value: "true" + - name: DD_AUTH_TOKEN_FILE_PATH + value: /etc/datadog-agent/auth/token + - name: KUBERNETES + value: "yes" + - name: DD_LANGUAGE_DETECTION_ENABLED + value: "false" + - name: DD_LANGUAGE_DETECTION_REPORTING_ENABLED + value: "false" + - name: DD_KUBERNETES_KUBELET_HOST + valueFrom: + fieldRef: + fieldPath: status.hostIP + - name: DD_OTLP_CONFIG_LOGS_ENABLED + value: "false" + - name: DD_PROCESS_CONFIG_PROCESS_COLLECTION_ENABLED + value: "false" + - name: DD_PROCESS_CONFIG_CONTAINER_COLLECTION_ENABLED + value: "true" + - name: DD_PROCESS_AGENT_DISCOVERY_ENABLED + value: "true" + - name: DD_STRIP_PROCESS_ARGS + value: "false" + - name: DD_PROCESS_CONFIG_RUN_IN_CORE_AGENT_ENABLED + value: "true" + - name: DD_AGENT_IPC_PORT + value: "5009" + - name: DD_AGENT_IPC_CONFIG_REFRESH_INTERVAL + value: "60" + - name: DD_LOG_LEVEL + value: INFO + - name: DD_DOGSTATSD_PORT + value: "8125" + - name: DD_DOGSTATSD_NON_LOCAL_TRAFFIC + value: "true" + - name: DD_DOGSTATSD_TAG_CARDINALITY + value: low + - name: DD_CLUSTER_AGENT_ENABLED + value: "true" + - name: DD_CLUSTER_AGENT_KUBERNETES_SERVICE_NAME + value: datadog-cluster-agent + - name: DD_CLUSTER_AGENT_AUTH_TOKEN + valueFrom: + secretKeyRef: + key: token + name: datadog-cluster-agent + - name: DD_APM_ENABLED + value: "true" + - name: DD_LOGS_ENABLED + value: "false" + - name: DD_LOGS_CONFIG_CONTAINER_COLLECT_ALL + value: "false" + - name: DD_LOGS_CONFIG_K8S_CONTAINER_USE_FILE + value: "true" + - name: DD_LOGS_CONFIG_AUTO_MULTI_LINE_DETECTION + value: "false" + - name: DD_HEALTH_PORT + value: "5555" + - name: DD_DOGSTATSD_SOCKET + value: /var/run/datadog/dsd.socket + - name: DD_EXTRA_CONFIG_PROVIDERS + value: clusterchecks endpointschecks + - name: DD_IGNORE_AUTOCONF + value: kubernetes_state + - name: DD_CONTAINER_LIFECYCLE_ENABLED + value: "true" + - name: DD_ORCHESTRATOR_EXPLORER_ENABLED + value: "true" + - name: DD_EXPVAR_PORT + value: "6000" + - name: DD_COMPLIANCE_CONFIG_ENABLED + value: "false" + - name: DD_CONTAINER_IMAGE_ENABLED + value: "true" + - name: DD_KUBELET_CORE_CHECK_ENABLED + value: "true" + - name: DD_OTELCOLLECTOR_ENABLED + value: "true" + - name: DD_KUBERNETES_KUBELET_PODRESOURCES_SOCKET + value: /var/lib/kubelet/pod-resources/kubelet.sock + image: gcr.io/datadoghq/agent:7.63.2 + imagePullPolicy: IfNotPresent + livenessProbe: + failureThreshold: 6 + httpGet: + path: /live + port: 5555 + scheme: HTTP + initialDelaySeconds: 15 + periodSeconds: 15 + successThreshold: 1 + timeoutSeconds: 5 + name: agent + ports: + - containerPort: 8125 + name: dogstatsdport + protocol: UDP + readinessProbe: + failureThreshold: 6 + httpGet: + path: /ready + port: 5555 + scheme: HTTP + initialDelaySeconds: 15 + periodSeconds: 15 + successThreshold: 1 + timeoutSeconds: 5 + resources: {} + startupProbe: + failureThreshold: 6 + httpGet: + path: /startup + port: 5555 + scheme: HTTP + initialDelaySeconds: 15 + periodSeconds: 15 + successThreshold: 1 + timeoutSeconds: 5 + volumeMounts: + - mountPath: /var/log/datadog + name: logdatadog + readOnly: false + - mountPath: /etc/datadog-agent/install_info + name: installinfo + readOnly: true + subPath: install_info + - mountPath: /tmp + name: tmpdir + readOnly: false + - mountPath: /host/etc/os-release + name: os-release-file + readOnly: true + - mountPath: /etc/datadog-agent + name: config + readOnly: false + - mountPath: /etc/datadog-agent/auth + name: auth-token + readOnly: false + - mountPath: /host/var/run + mountPropagation: None + name: runtimesocketdir + readOnly: true + - mountPath: /var/lib/kubelet/pod-resources + name: pod-resources-socket + readOnly: false + - mountPath: /var/run/datadog + name: dsdsocket + readOnly: false + - mountPath: /host/proc + mountPropagation: None + name: procdir + readOnly: true + - mountPath: /host/sys/fs/cgroup + mountPropagation: None + name: cgroups + readOnly: true + - mountPath: /etc/passwd + name: passwd + readOnly: true + - command: + - trace-agent + - -config=/etc/datadog-agent/datadog.yaml + env: + - name: DD_API_KEY + valueFrom: + secretKeyRef: + key: api-key + name: datadog-secret + - name: DD_REMOTE_CONFIGURATION_ENABLED + value: "true" + - name: DD_AUTH_TOKEN_FILE_PATH + value: /etc/datadog-agent/auth/token + - name: KUBERNETES + value: "yes" + - name: DD_LANGUAGE_DETECTION_ENABLED + value: "false" + - name: DD_LANGUAGE_DETECTION_REPORTING_ENABLED + value: "false" + - name: DD_KUBERNETES_KUBELET_HOST + valueFrom: + fieldRef: + fieldPath: status.hostIP + - name: DD_OTLP_CONFIG_LOGS_ENABLED + value: "false" + - name: DD_CLUSTER_AGENT_ENABLED + value: "true" + - name: DD_CLUSTER_AGENT_KUBERNETES_SERVICE_NAME + value: datadog-cluster-agent + - name: DD_CLUSTER_AGENT_AUTH_TOKEN + valueFrom: + secretKeyRef: + key: token + name: datadog-cluster-agent + - name: DD_LOG_LEVEL + value: INFO + - name: DD_APM_ENABLED + value: "true" + - name: DD_APM_NON_LOCAL_TRAFFIC + value: "true" + - name: DD_APM_RECEIVER_PORT + value: "8126" + - name: DD_APM_RECEIVER_SOCKET + value: /var/run/datadog/apm.socket + - name: DD_DOGSTATSD_SOCKET + value: /var/run/datadog/dsd.socket + - name: DD_INSTRUMENTATION_INSTALL_TIME + valueFrom: + configMapKeyRef: + key: install_time + name: datadog-kpi-telemetry-configmap + - name: DD_INSTRUMENTATION_INSTALL_ID + valueFrom: + configMapKeyRef: + key: install_id + name: datadog-kpi-telemetry-configmap + - name: DD_INSTRUMENTATION_INSTALL_TYPE + valueFrom: + configMapKeyRef: + key: install_type + name: datadog-kpi-telemetry-configmap + image: gcr.io/datadoghq/agent:7.63.2 + imagePullPolicy: IfNotPresent + livenessProbe: + initialDelaySeconds: 15 + periodSeconds: 15 + tcpSocket: + port: 8126 + timeoutSeconds: 5 + name: trace-agent + ports: + - containerPort: 8126 + name: traceport + protocol: TCP + resources: {} + volumeMounts: + - mountPath: /etc/datadog-agent + name: config + readOnly: true + - mountPath: /var/log/datadog + name: logdatadog + readOnly: false + - mountPath: /etc/datadog-agent/auth + name: auth-token + readOnly: true + - mountPath: /host/proc + mountPropagation: None + name: procdir + readOnly: true + - mountPath: /host/sys/fs/cgroup + mountPropagation: None + name: cgroups + readOnly: true + - mountPath: /tmp + name: tmpdir + readOnly: false + - mountPath: /var/run/datadog + name: dsdsocket + readOnly: false + - mountPath: /host/var/run + mountPropagation: None + name: runtimesocketdir + readOnly: true + - command: + - otel-agent + - --config=/etc/otel-agent/otel-config.yaml + - --core-config=/etc/datadog-agent/datadog.yaml + - --sync-delay=30s + env: + - name: DD_API_KEY + valueFrom: + secretKeyRef: + key: api-key + name: datadog-secret + - name: DD_REMOTE_CONFIGURATION_ENABLED + value: "true" + - name: DD_AUTH_TOKEN_FILE_PATH + value: /etc/datadog-agent/auth/token + - name: KUBERNETES + value: "yes" + - name: DD_LANGUAGE_DETECTION_ENABLED + value: "false" + - name: DD_LANGUAGE_DETECTION_REPORTING_ENABLED + value: "false" + - name: DD_KUBERNETES_KUBELET_HOST + valueFrom: + fieldRef: + fieldPath: status.hostIP + - name: DD_OTLP_CONFIG_LOGS_ENABLED + value: "false" + - name: DD_CLUSTER_AGENT_ENABLED + value: "true" + - name: DD_CLUSTER_AGENT_KUBERNETES_SERVICE_NAME + value: datadog-cluster-agent + - name: DD_CLUSTER_AGENT_AUTH_TOKEN + valueFrom: + secretKeyRef: + key: token + name: datadog-cluster-agent + - name: DD_AGENT_IPC_PORT + value: "5009" + - name: DD_AGENT_IPC_CONFIG_REFRESH_INTERVAL + value: "60" + - name: DD_LOG_LEVEL + value: INFO + image: gcr.io/datadoghq/agent:7.63.2 + imagePullPolicy: IfNotPresent + name: otel-agent + ports: + - containerPort: 4317 + name: otel-grpc + protocol: TCP + - containerPort: 4318 + name: otel-http + protocol: TCP + resources: {} + volumeMounts: + - mountPath: /etc/datadog-agent + name: config + readOnly: true + - mountPath: /var/log/datadog + name: logdatadog + readOnly: false + - mountPath: /etc/datadog-agent/auth + name: auth-token + readOnly: true + - mountPath: /etc/otel-agent + name: otelconfig + readOnly: true + - mountPath: /host/proc + mountPropagation: None + name: procdir + readOnly: true + - mountPath: /host/sys/fs/cgroup + mountPropagation: None + name: cgroups + readOnly: true + - mountPath: /tmp + name: tmpdir + readOnly: false + - mountPath: /var/run/datadog + name: dsdsocket + readOnly: true + - mountPath: /host/var/run + mountPropagation: None + name: runtimesocketdir + readOnly: true + hostPID: true + initContainers: + - args: + - cp -r /etc/datadog-agent /opt + command: + - bash + - -c + image: gcr.io/datadoghq/agent:7.63.2 + imagePullPolicy: IfNotPresent + name: init-volume + resources: {} + volumeMounts: + - mountPath: /opt/datadog-agent + name: config + readOnly: false + - args: + - for script in $(find /etc/cont-init.d/ -type f -name '*.sh' | sort) ; do bash $script ; done + command: + - bash + - -c + env: + - name: DD_API_KEY + valueFrom: + secretKeyRef: + key: api-key + name: datadog-secret + - name: DD_REMOTE_CONFIGURATION_ENABLED + value: "true" + - name: DD_AUTH_TOKEN_FILE_PATH + value: /etc/datadog-agent/auth/token + - name: KUBERNETES + value: "yes" + - name: DD_LANGUAGE_DETECTION_ENABLED + value: "false" + - name: DD_LANGUAGE_DETECTION_REPORTING_ENABLED + value: "false" + - name: DD_KUBERNETES_KUBELET_HOST + valueFrom: + fieldRef: + fieldPath: status.hostIP + - name: DD_OTLP_CONFIG_LOGS_ENABLED + value: "false" + image: gcr.io/datadoghq/agent:7.63.2 + imagePullPolicy: IfNotPresent + name: init-config + resources: {} + volumeMounts: + - mountPath: /etc/datadog-agent + name: config + readOnly: false + - mountPath: /var/log/datadog + name: logdatadog + readOnly: false + - mountPath: /host/proc + mountPropagation: None + name: procdir + readOnly: true + - mountPath: /host/var/run + mountPropagation: None + name: runtimesocketdir + readOnly: true + nodeSelector: + kubernetes.io/os: linux + securityContext: + runAsUser: 0 + serviceAccountName: datadog + tolerations: null + volumes: + - emptyDir: {} + name: auth-token + - configMap: + name: datadog-installinfo + name: installinfo + - emptyDir: {} + name: config + - emptyDir: {} + name: logdatadog + - emptyDir: {} + name: tmpdir + - emptyDir: {} + name: s6-run + - hostPath: + path: /var/lib/kubelet/pod-resources + name: pod-resources-socket + - hostPath: + path: /proc + name: procdir + - hostPath: + path: /sys/fs/cgroup + name: cgroups + - hostPath: + path: /etc/os-release + name: os-release-file + - hostPath: + path: /var/run/datadog/ + type: DirectoryOrCreate + name: dsdsocket + - hostPath: + path: /var/run/datadog/ + type: DirectoryOrCreate + name: apmsocket + - hostPath: + path: /etc/passwd + name: passwd + - hostPath: + path: /var/run + name: runtimesocketdir + - configMap: + items: + - key: otel-config.yaml + path: otel-config.yaml + name: datadog-otel-config + name: otelconfig + updateStrategy: + rollingUpdate: + maxUnavailable: 10% + type: RollingUpdate +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + labels: + app.kubernetes.io/component: cluster-agent + app.kubernetes.io/instance: datadog + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: datadog + app.kubernetes.io/version: "7" + name: datadog-cluster-agent + namespace: datadog-agent +spec: + replicas: 1 + revisionHistoryLimit: 10 + selector: + matchLabels: + app: datadog-cluster-agent + strategy: + rollingUpdate: + maxSurge: 1 + maxUnavailable: 0 + type: RollingUpdate + template: + metadata: + annotations: {} + labels: + admission.datadoghq.com/enabled: "false" + app: datadog-cluster-agent + app.kubernetes.io/component: cluster-agent + app.kubernetes.io/instance: datadog + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: datadog + name: datadog-cluster-agent + spec: + affinity: + podAntiAffinity: + preferredDuringSchedulingIgnoredDuringExecution: + - podAffinityTerm: + labelSelector: + matchLabels: + app: datadog-cluster-agent + topologyKey: kubernetes.io/hostname + weight: 50 + automountServiceAccountToken: true + containers: + - env: + - name: DD_POD_NAME + valueFrom: + fieldRef: + fieldPath: metadata.name + - name: DD_CLUSTER_AGENT_SERVICE_ACCOUNT_NAME + valueFrom: + fieldRef: + fieldPath: spec.serviceAccountName + - name: DD_HEALTH_PORT + value: "5556" + - name: DD_API_KEY + valueFrom: + secretKeyRef: + key: api-key + name: datadog-secret + optional: true + - name: KUBERNETES + value: "yes" + - name: DD_LANGUAGE_DETECTION_ENABLED + value: "false" + - name: DD_LANGUAGE_DETECTION_REPORTING_ENABLED + value: "false" + - name: DD_ADMISSION_CONTROLLER_ENABLED + value: "true" + - name: DD_ADMISSION_CONTROLLER_VALIDATION_ENABLED + value: "true" + - name: DD_ADMISSION_CONTROLLER_MUTATION_ENABLED + value: "true" + - name: DD_ADMISSION_CONTROLLER_WEBHOOK_NAME + value: datadog-webhook + - name: DD_ADMISSION_CONTROLLER_MUTATE_UNLABELLED + value: "false" + - name: DD_ADMISSION_CONTROLLER_SERVICE_NAME + value: datadog-cluster-agent-admission-controller + - name: DD_ADMISSION_CONTROLLER_INJECT_CONFIG_MODE + value: socket + - name: DD_ADMISSION_CONTROLLER_INJECT_CONFIG_LOCAL_SERVICE_NAME + value: datadog + - name: DD_ADMISSION_CONTROLLER_FAILURE_POLICY + value: Ignore + - name: DD_ADMISSION_CONTROLLER_PORT + value: "8000" + - name: DD_ADMISSION_CONTROLLER_CONTAINER_REGISTRY + value: gcr.io/datadoghq + - name: DD_REMOTE_CONFIGURATION_ENABLED + value: "false" + - name: DD_CLUSTER_CHECKS_ENABLED + value: "true" + - name: DD_EXTRA_CONFIG_PROVIDERS + value: kube_endpoints kube_services + - name: DD_EXTRA_LISTENERS + value: kube_endpoints kube_services + - name: DD_LOG_LEVEL + value: INFO + - name: DD_LEADER_ELECTION + value: "true" + - name: DD_LEADER_ELECTION_DEFAULT_RESOURCE + value: configmap + - name: DD_LEADER_LEASE_NAME + value: datadog-leader-election + - name: DD_CLUSTER_AGENT_TOKEN_NAME + value: datadogtoken + - name: DD_COLLECT_KUBERNETES_EVENTS + value: "true" + - name: DD_KUBERNETES_USE_ENDPOINT_SLICES + value: "false" + - name: DD_KUBERNETES_EVENTS_SOURCE_DETECTION_ENABLED + value: "false" + - name: DD_CLUSTER_AGENT_KUBERNETES_SERVICE_NAME + value: datadog-cluster-agent + - name: DD_CLUSTER_AGENT_AUTH_TOKEN + valueFrom: + secretKeyRef: + key: token + name: datadog-cluster-agent + - name: DD_CLUSTER_AGENT_COLLECT_KUBERNETES_TAGS + value: "false" + - name: DD_KUBE_RESOURCES_NAMESPACE + value: datadog-agent + - name: CHART_RELEASE_NAME + value: datadog + - name: AGENT_DAEMONSET + value: datadog + - name: CLUSTER_AGENT_DEPLOYMENT + value: datadog-cluster-agent + - name: DD_ORCHESTRATOR_EXPLORER_ENABLED + value: "true" + - name: DD_ORCHESTRATOR_EXPLORER_CONTAINER_SCRUBBING_ENABLED + value: "true" + - name: DD_CLUSTER_AGENT_LANGUAGE_DETECTION_PATCHER_ENABLED + value: "false" + - name: DD_INSTRUMENTATION_INSTALL_TIME + valueFrom: + configMapKeyRef: + key: install_time + name: datadog-kpi-telemetry-configmap + - name: DD_INSTRUMENTATION_INSTALL_ID + valueFrom: + configMapKeyRef: + key: install_id + name: datadog-kpi-telemetry-configmap + - name: DD_INSTRUMENTATION_INSTALL_TYPE + valueFrom: + configMapKeyRef: + key: install_type + name: datadog-kpi-telemetry-configmap + image: gcr.io/datadoghq/cluster-agent:7.63.2 + imagePullPolicy: IfNotPresent + livenessProbe: + failureThreshold: 6 + httpGet: + path: /live + port: 5556 + scheme: HTTP + initialDelaySeconds: 15 + periodSeconds: 15 + successThreshold: 1 + timeoutSeconds: 5 + name: cluster-agent + ports: + - containerPort: 5005 + name: agentport + protocol: TCP + - containerPort: 5000 + name: agentmetrics + protocol: TCP + - containerPort: 8000 + name: datadog-webhook + protocol: TCP + readinessProbe: + failureThreshold: 6 + httpGet: + path: /ready + port: 5556 + scheme: HTTP + initialDelaySeconds: 15 + periodSeconds: 15 + successThreshold: 1 + timeoutSeconds: 5 + resources: {} + securityContext: + allowPrivilegeEscalation: false + readOnlyRootFilesystem: true + startupProbe: + failureThreshold: 6 + httpGet: + path: /startup + port: 5556 + scheme: HTTP + initialDelaySeconds: 15 + periodSeconds: 15 + successThreshold: 1 + timeoutSeconds: 5 + volumeMounts: + - mountPath: /opt/datadog-agent/run + name: datadogrun + readOnly: false + - mountPath: /var/log/datadog + name: varlog + readOnly: false + - mountPath: /tmp + name: tmpdir + readOnly: false + - mountPath: /etc/datadog-agent/install_info + name: installinfo + readOnly: true + subPath: install_info + - mountPath: /conf.d + name: confd + readOnly: true + - mountPath: /etc/datadog-agent + name: config + initContainers: + - args: + - /etc/datadog-agent + - /opt + command: + - cp + - -r + image: gcr.io/datadoghq/cluster-agent:7.63.2 + imagePullPolicy: IfNotPresent + name: init-volume + volumeMounts: + - mountPath: /opt/datadog-agent + name: config + nodeSelector: + kubernetes.io/os: linux + serviceAccountName: datadog-cluster-agent + volumes: + - emptyDir: {} + name: datadogrun + - emptyDir: {} + name: varlog + - emptyDir: {} + name: tmpdir + - configMap: + name: datadog-installinfo + name: installinfo + - configMap: + items: + - key: kubernetes_state_core.yaml.default + path: kubernetes_state_core.yaml.default + - key: kubernetes_apiserver.yaml + path: kubernetes_apiserver.yaml + name: datadog-cluster-agent-confd + name: confd + - emptyDir: {} + name: config +--- diff --git a/test/datadog/baseline/values/default_all_windows.yaml b/test/datadog/baseline/values/default_all_windows.yaml new file mode 100644 index 000000000..edc1989d6 --- /dev/null +++ b/test/datadog/baseline/values/default_all_windows.yaml @@ -0,0 +1,5 @@ +targetSystem: windows + +datadog: + apiKeyExistingSecret: datadog-secret + appKeyExistingSecret: datadog-secret diff --git a/test/datadog/baseline/values/otel_enabled.yaml b/test/datadog/baseline/values/otel_enabled.yaml new file mode 100644 index 000000000..c475dc26c --- /dev/null +++ b/test/datadog/baseline/values/otel_enabled.yaml @@ -0,0 +1,6 @@ +datadog: + apiKeyExistingSecret: datadog-secret + appKeyExistingSecret: datadog-secret + + otelCollector: + enabled: true \ No newline at end of file From ad18c5d5234f77c04569ba840276f5a65832feff Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Timoth=C3=A9e=20Bavelier?= <97530782+tbavelier@users.noreply.github.com> Date: Thu, 6 Mar 2025 13:27:52 +0100 Subject: [PATCH 39/45] [datadog] Update Agent components to `7.63.3` (#1740) * bump 7.63.3 * baseline test --- charts/datadog/CHANGELOG.md | 4 ++++ charts/datadog/Chart.yaml | 2 +- charts/datadog/README.md | 8 ++++---- charts/datadog/values.yaml | 6 +++--- ...agent-clusterchecks-deployment_default.yaml | 18 +++++++++--------- .../cluster-agent-deployment_default.yaml | 4 ++-- ...ployment_default_advanced_AC_injection.yaml | 4 ++-- ...eployment_default_minimal_AC_injection.yaml | 6 +++--- .../baseline/manifests/daemonset_default.yaml | 12 ++++++------ .../baseline/manifests/default_all.yaml | 12 ++++++------ .../manifests/default_all_windows.yaml | 12 ++++++------ .../manifests/gdc_daemonset_default.yaml | 10 +++++----- .../gdc_daemonset_logs_collection.yaml | 10 +++++----- .../baseline/manifests/otel_enabled.yaml | 16 ++++++++-------- .../baseline/manifests/other_default.yaml | 12 ++++++------ 15 files changed, 70 insertions(+), 66 deletions(-) diff --git a/charts/datadog/CHANGELOG.md b/charts/datadog/CHANGELOG.md index f572f48b1..33f2d6b12 100644 --- a/charts/datadog/CHANGELOG.md +++ b/charts/datadog/CHANGELOG.md @@ -1,5 +1,9 @@ # Datadog changelog +## 3.103.0 + +* Upgrade default Agent version to `7.63.3`. + ## 3.102.0 * Add a mount for the Kubernetes PodResources socket. diff --git a/charts/datadog/Chart.yaml b/charts/datadog/Chart.yaml index 116dd6687..e1974cebe 100644 --- a/charts/datadog/Chart.yaml +++ b/charts/datadog/Chart.yaml @@ -1,7 +1,7 @@ --- apiVersion: v1 name: datadog -version: 3.102.0 +version: 3.103.0 appVersion: "7" description: Datadog Agent keywords: diff --git a/charts/datadog/README.md b/charts/datadog/README.md index cd2a07fbf..927f60479 100644 --- a/charts/datadog/README.md +++ b/charts/datadog/README.md @@ -1,6 +1,6 @@ # Datadog -![Version: 3.102.0](https://img.shields.io/badge/Version-3.102.0-informational?style=flat-square) ![AppVersion: 7](https://img.shields.io/badge/AppVersion-7-informational?style=flat-square) +![Version: 3.103.0](https://img.shields.io/badge/Version-3.103.0-informational?style=flat-square) ![AppVersion: 7](https://img.shields.io/badge/AppVersion-7-informational?style=flat-square) [Datadog](https://www.datadoghq.com/) is a hosted infrastructure monitoring platform. This chart adds the Datadog Agent to all nodes in your cluster via a DaemonSet. It also optionally depends on the [kube-state-metrics chart](https://github.com/prometheus-community/helm-charts/tree/main/charts/kube-state-metrics). For more information about monitoring Kubernetes with Datadog, please refer to the [Datadog documentation website](https://docs.datadoghq.com/agent/basic_agent_usage/kubernetes/). @@ -525,7 +525,7 @@ helm install \ | agents.image.pullPolicy | string | `"IfNotPresent"` | Datadog Agent image pull policy | | agents.image.pullSecrets | list | `[]` | Datadog Agent repository pullSecret (ex: specify docker registry credentials) | | agents.image.repository | string | `nil` | Override default registry + image.name for Agent | -| agents.image.tag | string | `"7.63.2"` | Define the Agent version to use | +| agents.image.tag | string | `"7.63.3"` | Define the Agent version to use | | agents.image.tagSuffix | string | `""` | Suffix to append to Agent tag | | agents.localService.forceLocalServiceEnabled | bool | `false` | Force the creation of the internal traffic policy service to target the agent running on the local node. By default, the internal traffic service is created only on Kubernetes 1.22+ where the feature became beta and enabled by default. This option allows to force the creation of the internal traffic service on kubernetes 1.21 where the feature was alpha and required a feature gate to be explicitly enabled. | | agents.localService.overrideName | string | `""` | Name of the internal traffic service to target the agent running on the local node | @@ -608,7 +608,7 @@ helm install \ | clusterAgent.image.pullPolicy | string | `"IfNotPresent"` | Cluster Agent image pullPolicy | | clusterAgent.image.pullSecrets | list | `[]` | Cluster Agent repository pullSecret (ex: specify docker registry credentials) | | clusterAgent.image.repository | string | `nil` | Override default registry + image.name for Cluster Agent | -| clusterAgent.image.tag | string | `"7.63.2"` | Cluster Agent image tag to use | +| clusterAgent.image.tag | string | `"7.63.3"` | Cluster Agent image tag to use | | clusterAgent.kubernetesApiserverCheck.disableUseComponentStatus | bool | `false` | Set this to true to disable use_component_status for the kube_apiserver integration. | | clusterAgent.livenessProbe | object | Every 15s / 6 KO / 1 OK | Override default Cluster Agent liveness probe settings | | clusterAgent.metricsProvider.aggregator | string | `"avg"` | Define the aggregator the cluster agent will use to process the metrics. The options are (avg, min, max, sum) | @@ -664,7 +664,7 @@ helm install \ | clusterChecksRunner.image.pullPolicy | string | `"IfNotPresent"` | Datadog Agent image pull policy | | clusterChecksRunner.image.pullSecrets | list | `[]` | Datadog Agent repository pullSecret (ex: specify docker registry credentials) | | clusterChecksRunner.image.repository | string | `nil` | Override default registry + image.name for Cluster Check Runners | -| clusterChecksRunner.image.tag | string | `"7.63.2"` | Define the Agent version to use | +| clusterChecksRunner.image.tag | string | `"7.63.3"` | Define the Agent version to use | | clusterChecksRunner.image.tagSuffix | string | `""` | Suffix to append to Agent tag | | clusterChecksRunner.livenessProbe | object | Every 15s / 6 KO / 1 OK | Override default agent liveness probe settings | | clusterChecksRunner.networkPolicy.create | bool | `false` | If true, create a NetworkPolicy for the cluster checks runners. DEPRECATED. Use datadog.networkPolicy.create instead | diff --git a/charts/datadog/values.yaml b/charts/datadog/values.yaml index c6bd97571..bd9ffc550 100644 --- a/charts/datadog/values.yaml +++ b/charts/datadog/values.yaml @@ -1066,7 +1066,7 @@ clusterAgent: name: cluster-agent # clusterAgent.image.tag -- Cluster Agent image tag to use - tag: 7.63.2 + tag: 7.63.3 # clusterAgent.image.digest -- Cluster Agent image digest to use, takes precedence over tag if specified digest: "" @@ -1590,7 +1590,7 @@ agents: name: agent # agents.image.tag -- Define the Agent version to use - tag: 7.63.2 + tag: 7.63.3 # agents.image.digest -- Define Agent image digest to use, takes precedence over tag if specified digest: "" @@ -2099,7 +2099,7 @@ clusterChecksRunner: name: agent # clusterChecksRunner.image.tag -- Define the Agent version to use - tag: 7.63.2 + tag: 7.63.3 # clusterChecksRunner.image.digest -- Define Agent image digest to use, takes precedence over tag if specified digest: "" diff --git a/test/datadog/baseline/manifests/agent-clusterchecks-deployment_default.yaml b/test/datadog/baseline/manifests/agent-clusterchecks-deployment_default.yaml index c7b67b912..a02ab9aad 100644 --- a/test/datadog/baseline/manifests/agent-clusterchecks-deployment_default.yaml +++ b/test/datadog/baseline/manifests/agent-clusterchecks-deployment_default.yaml @@ -853,7 +853,7 @@ spec: value: "true" - name: DD_KUBERNETES_KUBELET_PODRESOURCES_SOCKET value: /var/lib/kubelet/pod-resources/kubelet.sock - image: gcr.io/datadoghq/agent:7.63.2 + image: gcr.io/datadoghq/agent:7.63.3 imagePullPolicy: IfNotPresent livenessProbe: failureThreshold: 6 @@ -993,7 +993,7 @@ spec: configMapKeyRef: key: install_type name: datadog-kpi-telemetry-configmap - image: gcr.io/datadoghq/agent:7.63.2 + image: gcr.io/datadoghq/agent:7.63.3 imagePullPolicy: IfNotPresent livenessProbe: initialDelaySeconds: 15 @@ -1042,7 +1042,7 @@ spec: command: - bash - -c - image: gcr.io/datadoghq/agent:7.63.2 + image: gcr.io/datadoghq/agent:7.63.3 imagePullPolicy: IfNotPresent name: init-volume resources: {} @@ -1077,7 +1077,7 @@ spec: fieldPath: status.hostIP - name: DD_OTLP_CONFIG_LOGS_ENABLED value: "false" - image: gcr.io/datadoghq/agent:7.63.2 + image: gcr.io/datadoghq/agent:7.63.3 imagePullPolicy: IfNotPresent name: init-config resources: {} @@ -1246,7 +1246,7 @@ spec: valueFrom: fieldRef: fieldPath: spec.nodeName - image: gcr.io/datadoghq/agent:7.63.2 + image: gcr.io/datadoghq/agent:7.63.3 imagePullPolicy: IfNotPresent livenessProbe: failureThreshold: 6 @@ -1295,7 +1295,7 @@ spec: command: - bash - -c - image: gcr.io/datadoghq/agent:7.63.2 + image: gcr.io/datadoghq/agent:7.63.3 imagePullPolicy: IfNotPresent name: init-volume resources: {} @@ -1308,7 +1308,7 @@ spec: command: - bash - -c - image: gcr.io/datadoghq/agent:7.63.2 + image: gcr.io/datadoghq/agent:7.63.3 imagePullPolicy: IfNotPresent name: init-config resources: {} @@ -1480,7 +1480,7 @@ spec: configMapKeyRef: key: install_type name: datadog-kpi-telemetry-configmap - image: gcr.io/datadoghq/cluster-agent:7.63.2 + image: gcr.io/datadoghq/cluster-agent:7.63.3 imagePullPolicy: IfNotPresent livenessProbe: failureThreshold: 6 @@ -1553,7 +1553,7 @@ spec: command: - cp - -r - image: gcr.io/datadoghq/cluster-agent:7.63.2 + image: gcr.io/datadoghq/cluster-agent:7.63.3 imagePullPolicy: IfNotPresent name: init-volume volumeMounts: diff --git a/test/datadog/baseline/manifests/cluster-agent-deployment_default.yaml b/test/datadog/baseline/manifests/cluster-agent-deployment_default.yaml index 5aeaad6b2..b2e152868 100644 --- a/test/datadog/baseline/manifests/cluster-agent-deployment_default.yaml +++ b/test/datadog/baseline/manifests/cluster-agent-deployment_default.yaml @@ -869,7 +869,7 @@ spec: configMapKeyRef: key: install_type name: datadog-kpi-telemetry-configmap - image: gcr.io/datadoghq/cluster-agent:7.63.2 + image: gcr.io/datadoghq/cluster-agent:7.63.3 imagePullPolicy: IfNotPresent livenessProbe: failureThreshold: 6 @@ -942,7 +942,7 @@ spec: command: - cp - -r - image: gcr.io/datadoghq/cluster-agent:7.63.2 + image: gcr.io/datadoghq/cluster-agent:7.63.3 imagePullPolicy: IfNotPresent name: init-volume volumeMounts: diff --git a/test/datadog/baseline/manifests/cluster-agent-deployment_default_advanced_AC_injection.yaml b/test/datadog/baseline/manifests/cluster-agent-deployment_default_advanced_AC_injection.yaml index d2f2022e6..595475011 100644 --- a/test/datadog/baseline/manifests/cluster-agent-deployment_default_advanced_AC_injection.yaml +++ b/test/datadog/baseline/manifests/cluster-agent-deployment_default_advanced_AC_injection.yaml @@ -883,7 +883,7 @@ spec: configMapKeyRef: key: install_type name: datadog-kpi-telemetry-configmap - image: gcr.io/datadoghq/cluster-agent:7.63.2 + image: gcr.io/datadoghq/cluster-agent:7.63.3 imagePullPolicy: IfNotPresent livenessProbe: failureThreshold: 6 @@ -956,7 +956,7 @@ spec: command: - cp - -r - image: gcr.io/datadoghq/cluster-agent:7.63.2 + image: gcr.io/datadoghq/cluster-agent:7.63.3 imagePullPolicy: IfNotPresent name: init-volume volumeMounts: diff --git a/test/datadog/baseline/manifests/cluster-agent-deployment_default_minimal_AC_injection.yaml b/test/datadog/baseline/manifests/cluster-agent-deployment_default_minimal_AC_injection.yaml index 75256d776..9d609db5c 100644 --- a/test/datadog/baseline/manifests/cluster-agent-deployment_default_minimal_AC_injection.yaml +++ b/test/datadog/baseline/manifests/cluster-agent-deployment_default_minimal_AC_injection.yaml @@ -816,7 +816,7 @@ spec: - name: DD_ADMISSION_CONTROLLER_AGENT_SIDECAR_IMAGE_NAME value: agent - name: DD_ADMISSION_CONTROLLER_AGENT_SIDECAR_IMAGE_TAG - value: 7.63.2 + value: 7.63.3 - name: DD_REMOTE_CONFIGURATION_ENABLED value: "false" - name: DD_CLUSTER_CHECKS_ENABLED @@ -879,7 +879,7 @@ spec: configMapKeyRef: key: install_type name: datadog-kpi-telemetry-configmap - image: gcr.io/datadoghq/cluster-agent:7.63.2 + image: gcr.io/datadoghq/cluster-agent:7.63.3 imagePullPolicy: IfNotPresent livenessProbe: failureThreshold: 6 @@ -952,7 +952,7 @@ spec: command: - cp - -r - image: gcr.io/datadoghq/cluster-agent:7.63.2 + image: gcr.io/datadoghq/cluster-agent:7.63.3 imagePullPolicy: IfNotPresent name: init-volume volumeMounts: diff --git a/test/datadog/baseline/manifests/daemonset_default.yaml b/test/datadog/baseline/manifests/daemonset_default.yaml index 9c3f3d8f7..0186c12b2 100644 --- a/test/datadog/baseline/manifests/daemonset_default.yaml +++ b/test/datadog/baseline/manifests/daemonset_default.yaml @@ -818,7 +818,7 @@ spec: value: "true" - name: DD_KUBERNETES_KUBELET_PODRESOURCES_SOCKET value: /var/lib/kubelet/pod-resources/kubelet.sock - image: gcr.io/datadoghq/agent:7.63.2 + image: gcr.io/datadoghq/agent:7.63.3 imagePullPolicy: IfNotPresent livenessProbe: failureThreshold: 6 @@ -958,7 +958,7 @@ spec: configMapKeyRef: key: install_type name: datadog-kpi-telemetry-configmap - image: gcr.io/datadoghq/agent:7.63.2 + image: gcr.io/datadoghq/agent:7.63.3 imagePullPolicy: IfNotPresent livenessProbe: initialDelaySeconds: 15 @@ -1007,7 +1007,7 @@ spec: command: - bash - -c - image: gcr.io/datadoghq/agent:7.63.2 + image: gcr.io/datadoghq/agent:7.63.3 imagePullPolicy: IfNotPresent name: init-volume resources: {} @@ -1042,7 +1042,7 @@ spec: fieldPath: status.hostIP - name: DD_OTLP_CONFIG_LOGS_ENABLED value: "false" - image: gcr.io/datadoghq/agent:7.63.2 + image: gcr.io/datadoghq/agent:7.63.3 imagePullPolicy: IfNotPresent name: init-config resources: {} @@ -1264,7 +1264,7 @@ spec: configMapKeyRef: key: install_type name: datadog-kpi-telemetry-configmap - image: gcr.io/datadoghq/cluster-agent:7.63.2 + image: gcr.io/datadoghq/cluster-agent:7.63.3 imagePullPolicy: IfNotPresent livenessProbe: failureThreshold: 6 @@ -1337,7 +1337,7 @@ spec: command: - cp - -r - image: gcr.io/datadoghq/cluster-agent:7.63.2 + image: gcr.io/datadoghq/cluster-agent:7.63.3 imagePullPolicy: IfNotPresent name: init-volume volumeMounts: diff --git a/test/datadog/baseline/manifests/default_all.yaml b/test/datadog/baseline/manifests/default_all.yaml index 9c3f3d8f7..0186c12b2 100644 --- a/test/datadog/baseline/manifests/default_all.yaml +++ b/test/datadog/baseline/manifests/default_all.yaml @@ -818,7 +818,7 @@ spec: value: "true" - name: DD_KUBERNETES_KUBELET_PODRESOURCES_SOCKET value: /var/lib/kubelet/pod-resources/kubelet.sock - image: gcr.io/datadoghq/agent:7.63.2 + image: gcr.io/datadoghq/agent:7.63.3 imagePullPolicy: IfNotPresent livenessProbe: failureThreshold: 6 @@ -958,7 +958,7 @@ spec: configMapKeyRef: key: install_type name: datadog-kpi-telemetry-configmap - image: gcr.io/datadoghq/agent:7.63.2 + image: gcr.io/datadoghq/agent:7.63.3 imagePullPolicy: IfNotPresent livenessProbe: initialDelaySeconds: 15 @@ -1007,7 +1007,7 @@ spec: command: - bash - -c - image: gcr.io/datadoghq/agent:7.63.2 + image: gcr.io/datadoghq/agent:7.63.3 imagePullPolicy: IfNotPresent name: init-volume resources: {} @@ -1042,7 +1042,7 @@ spec: fieldPath: status.hostIP - name: DD_OTLP_CONFIG_LOGS_ENABLED value: "false" - image: gcr.io/datadoghq/agent:7.63.2 + image: gcr.io/datadoghq/agent:7.63.3 imagePullPolicy: IfNotPresent name: init-config resources: {} @@ -1264,7 +1264,7 @@ spec: configMapKeyRef: key: install_type name: datadog-kpi-telemetry-configmap - image: gcr.io/datadoghq/cluster-agent:7.63.2 + image: gcr.io/datadoghq/cluster-agent:7.63.3 imagePullPolicy: IfNotPresent livenessProbe: failureThreshold: 6 @@ -1337,7 +1337,7 @@ spec: command: - cp - -r - image: gcr.io/datadoghq/cluster-agent:7.63.2 + image: gcr.io/datadoghq/cluster-agent:7.63.3 imagePullPolicy: IfNotPresent name: init-volume volumeMounts: diff --git a/test/datadog/baseline/manifests/default_all_windows.yaml b/test/datadog/baseline/manifests/default_all_windows.yaml index 027b96473..ab8a305b6 100644 --- a/test/datadog/baseline/manifests/default_all_windows.yaml +++ b/test/datadog/baseline/manifests/default_all_windows.yaml @@ -814,7 +814,7 @@ spec: value: "true" - name: DD_KUBERNETES_KUBELET_PODRESOURCES_SOCKET value: /var/lib/kubelet/pod-resources/kubelet.sock - image: gcr.io/datadoghq/agent:7.63.2 + image: gcr.io/datadoghq/agent:7.63.3 imagePullPolicy: IfNotPresent livenessProbe: failureThreshold: 6 @@ -915,7 +915,7 @@ spec: value: "false" - name: DD_ORCHESTRATOR_EXPLORER_ENABLED value: "true" - image: gcr.io/datadoghq/agent:7.63.2 + image: gcr.io/datadoghq/agent:7.63.3 imagePullPolicy: IfNotPresent name: process-agent resources: {} @@ -938,7 +938,7 @@ spec: command: - pwsh - -Command - image: gcr.io/datadoghq/agent:7.63.2 + image: gcr.io/datadoghq/agent:7.63.3 imagePullPolicy: IfNotPresent name: init-volume resources: {} @@ -976,7 +976,7 @@ spec: fieldPath: status.hostIP - name: DD_OTLP_CONFIG_LOGS_ENABLED value: "false" - image: gcr.io/datadoghq/agent:7.63.2 + image: gcr.io/datadoghq/agent:7.63.3 imagePullPolicy: IfNotPresent name: init-config resources: {} @@ -1169,7 +1169,7 @@ spec: configMapKeyRef: key: install_type name: datadog-kpi-telemetry-configmap - image: gcr.io/datadoghq/cluster-agent:7.63.2 + image: gcr.io/datadoghq/cluster-agent:7.63.3 imagePullPolicy: IfNotPresent livenessProbe: failureThreshold: 6 @@ -1242,7 +1242,7 @@ spec: command: - cp - -r - image: gcr.io/datadoghq/cluster-agent:7.63.2 + image: gcr.io/datadoghq/cluster-agent:7.63.3 imagePullPolicy: IfNotPresent name: init-volume volumeMounts: diff --git a/test/datadog/baseline/manifests/gdc_daemonset_default.yaml b/test/datadog/baseline/manifests/gdc_daemonset_default.yaml index c62d63c26..2b785325e 100644 --- a/test/datadog/baseline/manifests/gdc_daemonset_default.yaml +++ b/test/datadog/baseline/manifests/gdc_daemonset_default.yaml @@ -819,7 +819,7 @@ spec: value: "true" - name: DD_KUBELET_CORE_CHECK_ENABLED value: "true" - image: gcr.io/datadoghq/agent:7.63.2 + image: gcr.io/datadoghq/agent:7.63.3 imagePullPolicy: IfNotPresent livenessProbe: failureThreshold: 6 @@ -882,7 +882,7 @@ spec: command: - bash - -c - image: gcr.io/datadoghq/agent:7.63.2 + image: gcr.io/datadoghq/agent:7.63.3 imagePullPolicy: IfNotPresent name: init-volume resources: {} @@ -930,7 +930,7 @@ spec: value: "false" - name: DD_PROVIDER_KIND value: gke-gdc - image: gcr.io/datadoghq/agent:7.63.2 + image: gcr.io/datadoghq/agent:7.63.3 imagePullPolicy: IfNotPresent name: init-config resources: {} @@ -1124,7 +1124,7 @@ spec: configMapKeyRef: key: install_type name: datadog-kpi-telemetry-configmap - image: gcr.io/datadoghq/cluster-agent:7.63.2 + image: gcr.io/datadoghq/cluster-agent:7.63.3 imagePullPolicy: IfNotPresent livenessProbe: failureThreshold: 6 @@ -1197,7 +1197,7 @@ spec: command: - cp - -r - image: gcr.io/datadoghq/cluster-agent:7.63.2 + image: gcr.io/datadoghq/cluster-agent:7.63.3 imagePullPolicy: IfNotPresent name: init-volume volumeMounts: diff --git a/test/datadog/baseline/manifests/gdc_daemonset_logs_collection.yaml b/test/datadog/baseline/manifests/gdc_daemonset_logs_collection.yaml index 53075c2a7..8a80316d0 100644 --- a/test/datadog/baseline/manifests/gdc_daemonset_logs_collection.yaml +++ b/test/datadog/baseline/manifests/gdc_daemonset_logs_collection.yaml @@ -819,7 +819,7 @@ spec: value: "true" - name: DD_KUBELET_CORE_CHECK_ENABLED value: "true" - image: gcr.io/datadoghq/agent:7.63.2 + image: gcr.io/datadoghq/agent:7.63.3 imagePullPolicy: IfNotPresent livenessProbe: failureThreshold: 6 @@ -894,7 +894,7 @@ spec: command: - bash - -c - image: gcr.io/datadoghq/agent:7.63.2 + image: gcr.io/datadoghq/agent:7.63.3 imagePullPolicy: IfNotPresent name: init-volume resources: {} @@ -942,7 +942,7 @@ spec: value: "false" - name: DD_PROVIDER_KIND value: gke-gdc - image: gcr.io/datadoghq/agent:7.63.2 + image: gcr.io/datadoghq/agent:7.63.3 imagePullPolicy: IfNotPresent name: init-config resources: {} @@ -1145,7 +1145,7 @@ spec: configMapKeyRef: key: install_type name: datadog-kpi-telemetry-configmap - image: gcr.io/datadoghq/cluster-agent:7.63.2 + image: gcr.io/datadoghq/cluster-agent:7.63.3 imagePullPolicy: IfNotPresent livenessProbe: failureThreshold: 6 @@ -1218,7 +1218,7 @@ spec: command: - cp - -r - image: gcr.io/datadoghq/cluster-agent:7.63.2 + image: gcr.io/datadoghq/cluster-agent:7.63.3 imagePullPolicy: IfNotPresent name: init-volume volumeMounts: diff --git a/test/datadog/baseline/manifests/otel_enabled.yaml b/test/datadog/baseline/manifests/otel_enabled.yaml index 7f74974d0..8027a6cf4 100644 --- a/test/datadog/baseline/manifests/otel_enabled.yaml +++ b/test/datadog/baseline/manifests/otel_enabled.yaml @@ -166,7 +166,7 @@ data: kind: ConfigMap metadata: annotations: - checksum/otel-config: 7442a7b9ad409386207bbf9d49106e0a931ebd258432e9c551f0c32e28dc9d85 + checksum/otel-config: 0c5563c5e9a82132926709c072b925fd278450344419379d6d0738853d82e315 labels: app.kubernetes.io/instance: datadog app.kubernetes.io/managed-by: Helm @@ -894,7 +894,7 @@ spec: value: "true" - name: DD_KUBERNETES_KUBELET_PODRESOURCES_SOCKET value: /var/lib/kubelet/pod-resources/kubelet.sock - image: gcr.io/datadoghq/agent:7.63.2 + image: gcr.io/datadoghq/agent:7.63.3 imagePullPolicy: IfNotPresent livenessProbe: failureThreshold: 6 @@ -1034,7 +1034,7 @@ spec: configMapKeyRef: key: install_type name: datadog-kpi-telemetry-configmap - image: gcr.io/datadoghq/agent:7.63.2 + image: gcr.io/datadoghq/agent:7.63.3 imagePullPolicy: IfNotPresent livenessProbe: initialDelaySeconds: 15 @@ -1118,7 +1118,7 @@ spec: value: "60" - name: DD_LOG_LEVEL value: INFO - image: gcr.io/datadoghq/agent:7.63.2 + image: gcr.io/datadoghq/agent:7.63.3 imagePullPolicy: IfNotPresent name: otel-agent ports: @@ -1167,7 +1167,7 @@ spec: command: - bash - -c - image: gcr.io/datadoghq/agent:7.63.2 + image: gcr.io/datadoghq/agent:7.63.3 imagePullPolicy: IfNotPresent name: init-volume resources: {} @@ -1202,7 +1202,7 @@ spec: fieldPath: status.hostIP - name: DD_OTLP_CONFIG_LOGS_ENABLED value: "false" - image: gcr.io/datadoghq/agent:7.63.2 + image: gcr.io/datadoghq/agent:7.63.3 imagePullPolicy: IfNotPresent name: init-config resources: {} @@ -1430,7 +1430,7 @@ spec: configMapKeyRef: key: install_type name: datadog-kpi-telemetry-configmap - image: gcr.io/datadoghq/cluster-agent:7.63.2 + image: gcr.io/datadoghq/cluster-agent:7.63.3 imagePullPolicy: IfNotPresent livenessProbe: failureThreshold: 6 @@ -1503,7 +1503,7 @@ spec: command: - cp - -r - image: gcr.io/datadoghq/cluster-agent:7.63.2 + image: gcr.io/datadoghq/cluster-agent:7.63.3 imagePullPolicy: IfNotPresent name: init-volume volumeMounts: diff --git a/test/datadog/baseline/manifests/other_default.yaml b/test/datadog/baseline/manifests/other_default.yaml index 9c3f3d8f7..0186c12b2 100644 --- a/test/datadog/baseline/manifests/other_default.yaml +++ b/test/datadog/baseline/manifests/other_default.yaml @@ -818,7 +818,7 @@ spec: value: "true" - name: DD_KUBERNETES_KUBELET_PODRESOURCES_SOCKET value: /var/lib/kubelet/pod-resources/kubelet.sock - image: gcr.io/datadoghq/agent:7.63.2 + image: gcr.io/datadoghq/agent:7.63.3 imagePullPolicy: IfNotPresent livenessProbe: failureThreshold: 6 @@ -958,7 +958,7 @@ spec: configMapKeyRef: key: install_type name: datadog-kpi-telemetry-configmap - image: gcr.io/datadoghq/agent:7.63.2 + image: gcr.io/datadoghq/agent:7.63.3 imagePullPolicy: IfNotPresent livenessProbe: initialDelaySeconds: 15 @@ -1007,7 +1007,7 @@ spec: command: - bash - -c - image: gcr.io/datadoghq/agent:7.63.2 + image: gcr.io/datadoghq/agent:7.63.3 imagePullPolicy: IfNotPresent name: init-volume resources: {} @@ -1042,7 +1042,7 @@ spec: fieldPath: status.hostIP - name: DD_OTLP_CONFIG_LOGS_ENABLED value: "false" - image: gcr.io/datadoghq/agent:7.63.2 + image: gcr.io/datadoghq/agent:7.63.3 imagePullPolicy: IfNotPresent name: init-config resources: {} @@ -1264,7 +1264,7 @@ spec: configMapKeyRef: key: install_type name: datadog-kpi-telemetry-configmap - image: gcr.io/datadoghq/cluster-agent:7.63.2 + image: gcr.io/datadoghq/cluster-agent:7.63.3 imagePullPolicy: IfNotPresent livenessProbe: failureThreshold: 6 @@ -1337,7 +1337,7 @@ spec: command: - cp - -r - image: gcr.io/datadoghq/cluster-agent:7.63.2 + image: gcr.io/datadoghq/cluster-agent:7.63.3 imagePullPolicy: IfNotPresent name: init-volume volumeMounts: From b274b0b19cc99e74e85aaf2d50a2ef4be599b730 Mon Sep 17 00:00:00 2001 From: levan-m <116471169+levan-m@users.noreply.github.com> Date: Thu, 6 Mar 2025 09:54:26 -0500 Subject: [PATCH 40/45] fix otel baseline test (#1742) --- test/datadog/baseline/manifests/otel_enabled.yaml | 6 ++---- test/datadog/baseline_test.go | 1 + 2 files changed, 3 insertions(+), 4 deletions(-) diff --git a/test/datadog/baseline/manifests/otel_enabled.yaml b/test/datadog/baseline/manifests/otel_enabled.yaml index 8027a6cf4..1edc170c9 100644 --- a/test/datadog/baseline/manifests/otel_enabled.yaml +++ b/test/datadog/baseline/manifests/otel_enabled.yaml @@ -165,8 +165,7 @@ data: exporters: [datadog] kind: ConfigMap metadata: - annotations: - checksum/otel-config: 0c5563c5e9a82132926709c072b925fd278450344419379d6d0738853d82e315 + annotations: {} labels: app.kubernetes.io/instance: datadog app.kubernetes.io/managed-by: Helm @@ -790,8 +789,7 @@ spec: app: datadog template: metadata: - annotations: - checksum/otel-config: 946aa0996cb960514d901a597d35250d82c029a7453a05a6bc14e79e46cc6c1c + annotations: {} labels: admission.datadoghq.com/enabled: "false" app: datadog diff --git a/test/datadog/baseline_test.go b/test/datadog/baseline_test.go index 751610bc0..05697b237 100644 --- a/test/datadog/baseline_test.go +++ b/test/datadog/baseline_test.go @@ -24,6 +24,7 @@ var FilterKeys = map[string]interface{}{ "checksum/autoconf-config": nil, "checksum/checksd-config": nil, "checksum/confd-config": nil, + "checksum/otel-config": nil, "checksum/api_key": nil, "checksum/application_key": nil, // ServiceAccount From 89f29bb29200bbf4b193b76baaaa14afaeeacf93 Mon Sep 17 00:00:00 2001 From: louis-cqrl <93274433+louis-cqrl@users.noreply.github.com> Date: Thu, 6 Mar 2025 17:50:21 +0100 Subject: [PATCH 41/45] Update tag version for fips image (#1741) Co-authored-by: levan-m <116471169+levan-m@users.noreply.github.com> --- charts/datadog/CHANGELOG.md | 4 ++++ charts/datadog/Chart.yaml | 2 +- charts/datadog/README.md | 4 ++-- charts/datadog/values.yaml | 2 +- 4 files changed, 8 insertions(+), 4 deletions(-) diff --git a/charts/datadog/CHANGELOG.md b/charts/datadog/CHANGELOG.md index 33f2d6b12..7297c16d5 100644 --- a/charts/datadog/CHANGELOG.md +++ b/charts/datadog/CHANGELOG.md @@ -1,5 +1,9 @@ # Datadog changelog +## 3.103.1 + +* Update `fips.image.tag` to `1.1.8` fixing CVEs + ## 3.103.0 * Upgrade default Agent version to `7.63.3`. diff --git a/charts/datadog/Chart.yaml b/charts/datadog/Chart.yaml index e1974cebe..8026bbd0a 100644 --- a/charts/datadog/Chart.yaml +++ b/charts/datadog/Chart.yaml @@ -1,7 +1,7 @@ --- apiVersion: v1 name: datadog -version: 3.103.0 +version: 3.103.1 appVersion: "7" description: Datadog Agent keywords: diff --git a/charts/datadog/README.md b/charts/datadog/README.md index 927f60479..fc122c92b 100644 --- a/charts/datadog/README.md +++ b/charts/datadog/README.md @@ -1,6 +1,6 @@ # Datadog -![Version: 3.103.0](https://img.shields.io/badge/Version-3.103.0-informational?style=flat-square) ![AppVersion: 7](https://img.shields.io/badge/AppVersion-7-informational?style=flat-square) +![Version: 3.103.1](https://img.shields.io/badge/Version-3.103.1-informational?style=flat-square) ![AppVersion: 7](https://img.shields.io/badge/AppVersion-7-informational?style=flat-square) [Datadog](https://www.datadoghq.com/) is a hosted infrastructure monitoring platform. This chart adds the Datadog Agent to all nodes in your cluster via a DaemonSet. It also optionally depends on the [kube-state-metrics chart](https://github.com/prometheus-community/helm-charts/tree/main/charts/kube-state-metrics). For more information about monitoring Kubernetes with Datadog, please refer to the [Datadog documentation website](https://docs.datadoghq.com/agent/basic_agent_usage/kubernetes/). @@ -898,7 +898,7 @@ helm install \ | fips.image.name | string | `"fips-proxy"` | | | fips.image.pullPolicy | string | `"IfNotPresent"` | Datadog the FIPS sidecar image pull policy | | fips.image.repository | string | `nil` | Override default registry + image.name for the FIPS sidecar container. | -| fips.image.tag | string | `"1.1.7"` | Define the FIPS sidecar container version to use. | +| fips.image.tag | string | `"1.1.8"` | Define the FIPS sidecar container version to use. | | fips.local_address | string | `"127.0.0.1"` | Set local IP address | | fips.port | int | `9803` | Specifies which port is used by the containers to communicate to the FIPS sidecar. | | fips.portRange | int | `15` | Specifies the number of ports used, defaults to 13 https://github.com/DataDog/datadog-agent/blob/7.44.x/pkg/config/config.go#L1564-L1577 | diff --git a/charts/datadog/values.yaml b/charts/datadog/values.yaml index bd9ffc550..ef45c1c53 100644 --- a/charts/datadog/values.yaml +++ b/charts/datadog/values.yaml @@ -1547,7 +1547,7 @@ fips: name: fips-proxy # fips.image.tag -- Define the FIPS sidecar container version to use. - tag: 1.1.7 + tag: 1.1.8 # fips.image.pullPolicy -- Datadog the FIPS sidecar image pull policy pullPolicy: IfNotPresent From 4f0be9666212069cd55bf41574b3c0e2c80b1ea5 Mon Sep 17 00:00:00 2001 From: eugene kirillov <3404064+krlv@users.noreply.github.com> Date: Thu, 6 Mar 2025 12:56:48 -0800 Subject: [PATCH 42/45] OTAGENT-254 Add support for enhanced RBAC permissions for otel-agent (#1693) * OTAGENT-254 Add support for enhanced RBAC permissions for otel-agent * OTAGENT-254 Fix SerivceAccount name for OTel Agent ClusterRoleBinding --- charts/datadog/CHANGELOG.md | 5 ++ charts/datadog/Chart.yaml | 2 +- charts/datadog/README.md | 4 +- ...llector-with-rbac-custom-rules-values.yaml | 47 +++++++++++++++++++ ...agent-otel-collector-with-rbac-values.yaml | 41 ++++++++++++++++ charts/datadog/templates/_helpers.tpl | 16 +++++++ charts/datadog/templates/otel-agent-rbac.yaml | 40 ++++++++++++++++ charts/datadog/values.yaml | 11 +++++ 8 files changed, 164 insertions(+), 2 deletions(-) create mode 100644 charts/datadog/ci/agent-otel-collector-with-rbac-custom-rules-values.yaml create mode 100644 charts/datadog/ci/agent-otel-collector-with-rbac-values.yaml create mode 100644 charts/datadog/templates/otel-agent-rbac.yaml diff --git a/charts/datadog/CHANGELOG.md b/charts/datadog/CHANGELOG.md index 7297c16d5..7f5a34a14 100644 --- a/charts/datadog/CHANGELOG.md +++ b/charts/datadog/CHANGELOG.md @@ -1,5 +1,10 @@ # Datadog changelog +## 3.104.0 + +* Add `datadog.otelCollector.rbac.create` to control creation additional ClusterRole for `otel-agent` required by Kubernetes Attributes processor. +* Add `datadog.otelCollector.rbac.rules` to support additional RBAC permissions required by OTel components that are not included by default with `otel-agent`. + ## 3.103.1 * Update `fips.image.tag` to `1.1.8` fixing CVEs diff --git a/charts/datadog/Chart.yaml b/charts/datadog/Chart.yaml index 8026bbd0a..aef151caa 100644 --- a/charts/datadog/Chart.yaml +++ b/charts/datadog/Chart.yaml @@ -1,7 +1,7 @@ --- apiVersion: v1 name: datadog -version: 3.103.1 +version: 3.104.0 appVersion: "7" description: Datadog Agent keywords: diff --git a/charts/datadog/README.md b/charts/datadog/README.md index fc122c92b..5ac986050 100644 --- a/charts/datadog/README.md +++ b/charts/datadog/README.md @@ -1,6 +1,6 @@ # Datadog -![Version: 3.103.1](https://img.shields.io/badge/Version-3.103.1-informational?style=flat-square) ![AppVersion: 7](https://img.shields.io/badge/AppVersion-7-informational?style=flat-square) +![Version: 3.104.0](https://img.shields.io/badge/Version-3.104.0-informational?style=flat-square) ![AppVersion: 7](https://img.shields.io/badge/AppVersion-7-informational?style=flat-square) [Datadog](https://www.datadoghq.com/) is a hosted infrastructure monitoring platform. This chart adds the Datadog Agent to all nodes in your cluster via a DaemonSet. It also optionally depends on the [kube-state-metrics chart](https://github.com/prometheus-community/helm-charts/tree/main/charts/kube-state-metrics). For more information about monitoring Kubernetes with Datadog, please refer to the [Datadog documentation website](https://docs.datadoghq.com/agent/basic_agent_usage/kubernetes/). @@ -810,6 +810,8 @@ helm install \ | datadog.otelCollector.config | string | `nil` | OTel collector configuration | | datadog.otelCollector.enabled | bool | `false` | Enable the OTel Collector | | datadog.otelCollector.ports | list | `[{"containerPort":"4317","name":"otel-grpc"},{"containerPort":"4318","name":"otel-http"}]` | Ports that OTel Collector is listening | +| datadog.otelCollector.rbac.create | bool | `true` | If true, check OTel Collector config for k8sattributes processor and create required ClusterRole to access Kubernetes API | +| datadog.otelCollector.rbac.rules | list | `[]` | A set of additional RBAC rules to apply to OTel Collector's ClusterRole | | datadog.otlp.logs.enabled | bool | `false` | Enable logs support in the OTLP ingest endpoint | | datadog.otlp.receiver.protocols.grpc.enabled | bool | `false` | Enable the OTLP/gRPC endpoint | | datadog.otlp.receiver.protocols.grpc.endpoint | string | `"0.0.0.0:4317"` | OTLP/gRPC endpoint | diff --git a/charts/datadog/ci/agent-otel-collector-with-rbac-custom-rules-values.yaml b/charts/datadog/ci/agent-otel-collector-with-rbac-custom-rules-values.yaml new file mode 100644 index 000000000..c89789c1b --- /dev/null +++ b/charts/datadog/ci/agent-otel-collector-with-rbac-custom-rules-values.yaml @@ -0,0 +1,47 @@ +targetSystem: "linux" +agents: + image: + repository: datadog/agent-dev + tag: nightly-ot-beta-main + doNotCheckTag: true + containers: + agent: + env: + - name: DD_HOSTNAME + value: "datadog" +datadog: + apiKey: "00000000000000000000000000000000" + appKey: "0000000000000000000000000000000000000000" + otelCollector: + enabled: true + rbac: + create: true + rules: + - apiGroups: [""] + resources: ["nodes"] + verbs: ["get", "watch", "list"] + config: | + processors: + k8sattributes/passthrough: + passthrough: true + k8sattributes: + receivers: + otlp: + exporters: + datadog: + api: + key: "00000000000000000000000000000000" + service: + pipelines: + traces: + receivers: [otlp] + processors: [k8sattributes] + exporters: [datadog] + metrics: + receivers: [otlp] + processors: [k8sattributes] + exporters: [datadog] + logs: + receivers: [otlp] + processors: [k8sattributes] + exporters: [datadog] diff --git a/charts/datadog/ci/agent-otel-collector-with-rbac-values.yaml b/charts/datadog/ci/agent-otel-collector-with-rbac-values.yaml new file mode 100644 index 000000000..d5596eb02 --- /dev/null +++ b/charts/datadog/ci/agent-otel-collector-with-rbac-values.yaml @@ -0,0 +1,41 @@ +targetSystem: "linux" +agents: + image: + repository: datadog/agent-dev + tag: nightly-ot-beta-main + doNotCheckTag: true + containers: + agent: + env: + - name: DD_HOSTNAME + value: "datadog" +datadog: + apiKey: "00000000000000000000000000000000" + appKey: "0000000000000000000000000000000000000000" + otelCollector: + enabled: true + config: | + processors: + k8sattributes: + k8sattributes/passthrough: + passthrough: true + receivers: + otlp: + exporters: + datadog: + api: + key: "00000000000000000000000000000000" + service: + pipelines: + traces: + receivers: [otlp] + processors: [k8sattributes] + exporters: [datadog] + metrics: + receivers: [otlp] + processors: [k8sattributes] + exporters: [datadog] + logs: + receivers: [otlp] + processors: [k8sattributes] + exporters: [datadog] diff --git a/charts/datadog/templates/_helpers.tpl b/charts/datadog/templates/_helpers.tpl index db31eb837..da8754222 100644 --- a/charts/datadog/templates/_helpers.tpl +++ b/charts/datadog/templates/_helpers.tpl @@ -155,6 +155,22 @@ false {{- end -}} {{- end -}} +{{/* +Return true if k8sattributes RBAC rules should be added to the OTel Agent ClusterRole +*/}} +{{- define "should-add-otel-agent-k8sattributes-rules" -}} +{{- $return := false }} +{{- $config := .Values.datadog.otelCollector.config | default "" | fromYaml }} +{{- range $key, $val := $config.processors }} + {{- if hasPrefix "k8sattributes" $key }} + {{- if or (empty $val) (empty $val.passthrough) }} + {{- $return = true }} + {{- end }} + {{- end }} +{{- end }} +{{- $return }} +{{- end -}} + {{/* Return secret name to be used based on provided values. */}} diff --git a/charts/datadog/templates/otel-agent-rbac.yaml b/charts/datadog/templates/otel-agent-rbac.yaml new file mode 100644 index 000000000..60862093d --- /dev/null +++ b/charts/datadog/templates/otel-agent-rbac.yaml @@ -0,0 +1,40 @@ +{{- if and .Values.agents.rbac.create (eq (include "should-enable-otel-agent" .) "true") .Values.datadog.otelCollector.rbac.create -}} +{{- if or (eq (include "should-add-otel-agent-k8sattributes-rules" .) "true") .Values.datadog.otelCollector.rbac.rules -}} +apiVersion: {{ template "rbac.apiVersion" . }} +kind: ClusterRole +metadata: + name: {{ template "datadog.fullname" . }}-otel-agent + labels: +{{ include "datadog.labels" . | indent 4 }} +rules: +{{- if eq (include "should-add-otel-agent-k8sattributes-rules" .) "true" }} + - apiGroups: [""] + resources: ["pods", "namespaces"] + verbs: ["get", "watch", "list"] + - apiGroups: ["apps"] + resources: ["replicasets"] + verbs: ["get", "list", "watch"] + - apiGroups: ["extensions"] + resources: ["replicasets"] + verbs: ["get", "list", "watch"] +{{- end -}} +{{- if .Values.datadog.otelCollector.rbac.rules -}} +{{ toYaml .Values.datadog.otelCollector.rbac.rules | nindent 2 -}} +{{- end }} +--- +apiVersion: {{ template "rbac.apiVersion" . }} +kind: ClusterRoleBinding +metadata: + name: {{ template "datadog.fullname" . }}-otel-agent + labels: +{{ include "datadog.labels" . | indent 4 }} +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: {{ template "datadog.fullname" . }}-otel-agent +subjects: + - kind: ServiceAccount + name: {{ include "agents.serviceAccountName" . }} + namespace: {{ .Release.Namespace }} +{{- end -}} +{{- end -}} diff --git a/charts/datadog/values.yaml b/charts/datadog/values.yaml index ef45c1c53..da2691747 100644 --- a/charts/datadog/values.yaml +++ b/charts/datadog/values.yaml @@ -604,6 +604,17 @@ datadog: # datadog.otelCollector.config -- OTel collector configuration config: null + ## Provide OTel Collector RBAC configuration + rbac: + # datadog.otelCollector.rbac.create -- If true, check OTel Collector config for k8sattributes processor + # and create required ClusterRole to access Kubernetes API + create: true + # datadog.otelCollector.rbac.rules -- A set of additional RBAC rules to apply to OTel Collector's ClusterRole + rules: [] + # - apiGroups: [""] + # resources: ["pods", "nodes"] + # verbs: ["get", "list", "watch"] + ## Continuous Profiler configuration ## ## Continuous Profiler is disabled by default and can be enabled by setting the `enabled` field to From d46b7f3c703db2e8ce477a6f640860880affad24 Mon Sep 17 00:00:00 2001 From: Guillaume Pagnoux Date: Fri, 7 Mar 2025 11:20:57 +0100 Subject: [PATCH 43/45] [DSCVR-75] Add config option for Service Discovery network stats collection (#1739) * [DSCVR-75] Add config option for Service Discovery network stats collection * add default value for networkStats option * only add mounts if SD is enabled * update chart version * update chart version --- charts/datadog/CHANGELOG.md | 4 ++++ charts/datadog/Chart.yaml | 2 +- charts/datadog/README.md | 3 ++- charts/datadog/templates/_helpers.tpl | 2 +- charts/datadog/templates/system-probe-configmap.yaml | 2 ++ charts/datadog/values.yaml | 4 ++++ 6 files changed, 14 insertions(+), 3 deletions(-) diff --git a/charts/datadog/CHANGELOG.md b/charts/datadog/CHANGELOG.md index 7f5a34a14..2574fccc4 100644 --- a/charts/datadog/CHANGELOG.md +++ b/charts/datadog/CHANGELOG.md @@ -1,5 +1,9 @@ # Datadog changelog +## 3.105.0 + +* Add `datadog.discovery.networkStats.enabled` configuration to control Service Discovery network stats collection. + ## 3.104.0 * Add `datadog.otelCollector.rbac.create` to control creation additional ClusterRole for `otel-agent` required by Kubernetes Attributes processor. diff --git a/charts/datadog/Chart.yaml b/charts/datadog/Chart.yaml index aef151caa..8b7c0a81a 100644 --- a/charts/datadog/Chart.yaml +++ b/charts/datadog/Chart.yaml @@ -1,7 +1,7 @@ --- apiVersion: v1 name: datadog -version: 3.104.0 +version: 3.105.0 appVersion: "7" description: Datadog Agent keywords: diff --git a/charts/datadog/README.md b/charts/datadog/README.md index 5ac986050..c44914e7e 100644 --- a/charts/datadog/README.md +++ b/charts/datadog/README.md @@ -1,6 +1,6 @@ # Datadog -![Version: 3.104.0](https://img.shields.io/badge/Version-3.104.0-informational?style=flat-square) ![AppVersion: 7](https://img.shields.io/badge/AppVersion-7-informational?style=flat-square) +![Version: 3.105.0](https://img.shields.io/badge/Version-3.105.0-informational?style=flat-square) ![AppVersion: 7](https://img.shields.io/badge/AppVersion-7-informational?style=flat-square) [Datadog](https://www.datadoghq.com/) is a hosted infrastructure monitoring platform. This chart adds the Datadog Agent to all nodes in your cluster via a DaemonSet. It also optionally depends on the [kube-state-metrics chart](https://github.com/prometheus-community/helm-charts/tree/main/charts/kube-state-metrics). For more information about monitoring Kubernetes with Datadog, please refer to the [Datadog documentation website](https://docs.datadoghq.com/agent/basic_agent_usage/kubernetes/). @@ -736,6 +736,7 @@ helm install \ | datadog.disableDefaultOsReleasePaths | bool | `false` | Set this to true to disable mounting datadog.osReleasePath in all containers | | datadog.disablePasswdMount | bool | `false` | Set this to true to disable mounting /etc/passwd in all containers | | datadog.discovery.enabled | bool | `nil` | Enable Service Discovery | +| datadog.discovery.networkStats.enabled | bool | `true` | Enable Service Discovery Network Stats | | datadog.dockerSocketPath | string | `nil` | Path to the docker socket | | datadog.dogstatsd.hostSocketPath | string | `"/var/run/datadog/"` | Host path to the DogStatsD socket | | datadog.dogstatsd.nonLocalTraffic | bool | `true` | Enable this to make each node accept non-local statsd traffic (from outside of the pod) | diff --git a/charts/datadog/templates/_helpers.tpl b/charts/datadog/templates/_helpers.tpl index da8754222..2d2704430 100644 --- a/charts/datadog/templates/_helpers.tpl +++ b/charts/datadog/templates/_helpers.tpl @@ -796,7 +796,7 @@ Return the local service name Return true if runtime compilation is enabled in the system-probe */}} {{- define "runtime-compilation-enabled" -}} -{{- if or .Values.datadog.systemProbe.enableTCPQueueLength .Values.datadog.systemProbe.enableOOMKill .Values.datadog.serviceMonitoring.enabled -}} +{{- if or .Values.datadog.systemProbe.enableTCPQueueLength .Values.datadog.systemProbe.enableOOMKill .Values.datadog.serviceMonitoring.enabled (and .Values.datadog.discovery.enabled .Values.datadog.discovery.networkStats.enabled) -}} true {{- else -}} false diff --git a/charts/datadog/templates/system-probe-configmap.yaml b/charts/datadog/templates/system-probe-configmap.yaml index 88471d801..3b3f4eb45 100644 --- a/charts/datadog/templates/system-probe-configmap.yaml +++ b/charts/datadog/templates/system-probe-configmap.yaml @@ -69,6 +69,8 @@ data: {{- if not (eq .Values.datadog.discovery.enabled nil) }} discovery: enabled: {{ $.Values.datadog.discovery.enabled }} + network_stats: + enabled: {{ $.Values.datadog.discovery.networkStats.enabled }} {{- end }} gpu_monitoring: enabled: {{ $.Values.datadog.gpuMonitoring.enabled }} diff --git a/charts/datadog/values.yaml b/charts/datadog/values.yaml index da2691747..eda1f1a64 100644 --- a/charts/datadog/values.yaml +++ b/charts/datadog/values.yaml @@ -870,6 +870,10 @@ datadog: # datadog.discovery.enabled -- (bool) Enable Service Discovery enabled: # false + # datadog.discovery.networkStats.enabled -- (bool) Enable Service Discovery Network Stats + networkStats: + enabled: true + gpuMonitoring: # datadog.gpuMonitoring.enabled -- Enable GPU monitoring enabled: false From 2dcfaf14d15bb9a4f927b63656a05392b664e8cf Mon Sep 17 00:00:00 2001 From: Gabriel Plassard <138318954+dd-gplassard@users.noreply.github.com> Date: Fri, 7 Mar 2025 13:28:51 +0100 Subject: [PATCH 44/45] Upgrade PAR version to v0.1.14-beta (#1737) * Upgrade PAR version to v0.1.13-beta * Upgrade PAR version to v0.1.14-beta * regen doc * Fix readme version pointer * Fix readme version pointer --- charts/private-action-runner/CHANGELOG.md | 4 ++++ charts/private-action-runner/Chart.yaml | 2 +- charts/private-action-runner/README.md | 4 ++-- charts/private-action-runner/README.md.gotmpl | 2 +- charts/private-action-runner/values.yaml | 2 +- test/private-action-runner/__snapshot__/default.yaml | 2 +- .../__snapshot__/enable-kubernetes-actions.yaml | 2 +- 7 files changed, 11 insertions(+), 7 deletions(-) diff --git a/charts/private-action-runner/CHANGELOG.md b/charts/private-action-runner/CHANGELOG.md index 6b4197e30..6195a41f5 100644 --- a/charts/private-action-runner/CHANGELOG.md +++ b/charts/private-action-runner/CHANGELOG.md @@ -1,5 +1,9 @@ # Datadog changelog +## 0.15.8 + +* Update private action image version to `v0.1.14-beta` + ## 0.15.7 * Update private action image version to `v0.1.12-beta` diff --git a/charts/private-action-runner/Chart.yaml b/charts/private-action-runner/Chart.yaml index 59adb118a..6d33baa70 100644 --- a/charts/private-action-runner/Chart.yaml +++ b/charts/private-action-runner/Chart.yaml @@ -3,7 +3,7 @@ name: private-action-runner description: A Helm chart to deploy the private action runner type: application -version: 0.15.7 +version: 0.15.8 appVersion: "1.22.0" keywords: - app builder diff --git a/charts/private-action-runner/README.md b/charts/private-action-runner/README.md index 6f2b099a8..bc57e9f47 100644 --- a/charts/private-action-runner/README.md +++ b/charts/private-action-runner/README.md @@ -1,6 +1,6 @@ # Datadog Private Action Runner -![Version: 0.15.7](https://img.shields.io/badge/Version-0.15.7-informational?style=flat-square) ![AppVersion: v0.1.12-beta](https://img.shields.io/badge/AppVersion-v0.1.12--beta-informational?style=flat-square) +![Version: 0.15.8](https://img.shields.io/badge/Version-0.15.8-informational?style=flat-square) ![AppVersion: v0.1.14-beta](https://img.shields.io/badge/AppVersion-v0.1.14--beta-informational?style=flat-square) This Helm Chart deploys the Datadog Private Action runner inside a Kubernetes cluster. It allows you to use private actions from the Datadog Workflow and Datadog App Builder products. When deploying this chart, you can give permissions to the runner in order to be able to run Kubernetes actions. @@ -42,7 +42,7 @@ helm repo update | Key | Type | Default | Description | |-----|------|---------|-------------| -| common.image | object | `{"repository":"gcr.io/datadoghq/private-action-runner","tag":"v0.1.12-beta"}` | Current Datadog Private Action Runner image | +| common.image | object | `{"repository":"gcr.io/datadoghq/private-action-runner","tag":"v0.1.14-beta"}` | Current Datadog Private Action Runner image | | credentialFiles | list | `[]` | List of credential files to be used by the Datadog Private Action Runner | | runners[0].config | object | `{"actionsAllowlist":[],"ddBaseURL":"https://app.datadoghq.com","modes":["workflowAutomation","appBuilder"],"port":9016,"privateKey":"CHANGE_ME_PRIVATE_KEY_FROM_CONFIG","urn":"CHANGE_ME_URN_FROM_CONFIG"}` | Configuration for the Datadog Private Action Runner | | runners[0].config.actionsAllowlist | list | `[]` | List of actions that the Datadog Private Action Runner is allowed to execute | diff --git a/charts/private-action-runner/README.md.gotmpl b/charts/private-action-runner/README.md.gotmpl index 879184dff..613d5f751 100644 --- a/charts/private-action-runner/README.md.gotmpl +++ b/charts/private-action-runner/README.md.gotmpl @@ -1,6 +1,6 @@ # Datadog Private Action Runner -![Version: 0.15.7](https://img.shields.io/badge/Version-0.15.7-informational?style=flat-square) ![AppVersion: v0.1.12-beta](https://img.shields.io/badge/AppVersion-v0.1.12--beta-informational?style=flat-square) +![Version: 0.15.8](https://img.shields.io/badge/Version-0.15.8-informational?style=flat-square) ![AppVersion: v0.1.14-beta](https://img.shields.io/badge/AppVersion-v0.1.14--beta-informational?style=flat-square) This Helm Chart deploys the Datadog Private Action runner inside a Kubernetes cluster. It allows you to use private actions from the Datadog Workflow and Datadog App Builder products. When deploying this chart, you can give permissions to the runner in order to be able to run Kubernetes actions. diff --git a/charts/private-action-runner/values.yaml b/charts/private-action-runner/values.yaml index 2b99fc2e3..c7deecfa0 100644 --- a/charts/private-action-runner/values.yaml +++ b/charts/private-action-runner/values.yaml @@ -6,7 +6,7 @@ common: # -- Current Datadog Private Action Runner image image: repository: gcr.io/datadoghq/private-action-runner - tag: v0.1.12-beta + tag: v0.1.14-beta runners: # runners[0].name -- Name of the Datadog Private Action Runner diff --git a/test/private-action-runner/__snapshot__/default.yaml b/test/private-action-runner/__snapshot__/default.yaml index bfb6afdca..dde465491 100644 --- a/test/private-action-runner/__snapshot__/default.yaml +++ b/test/private-action-runner/__snapshot__/default.yaml @@ -100,7 +100,7 @@ spec: value: nodeless containers: - name: runner - image: "gcr.io/datadoghq/private-action-runner:v0.1.12-beta" + image: "gcr.io/datadoghq/private-action-runner:v0.1.14-beta" imagePullPolicy: IfNotPresent ports: - name: http diff --git a/test/private-action-runner/__snapshot__/enable-kubernetes-actions.yaml b/test/private-action-runner/__snapshot__/enable-kubernetes-actions.yaml index 44a906533..7642a2e89 100644 --- a/test/private-action-runner/__snapshot__/enable-kubernetes-actions.yaml +++ b/test/private-action-runner/__snapshot__/enable-kubernetes-actions.yaml @@ -144,7 +144,7 @@ spec: value: nodeless containers: - name: runner - image: "gcr.io/datadoghq/private-action-runner:v0.1.12-beta" + image: "gcr.io/datadoghq/private-action-runner:v0.1.14-beta" imagePullPolicy: IfNotPresent ports: - name: http From 7ee6d21846ffd3618c1ee77813344cc043f14fdd Mon Sep 17 00:00:00 2001 From: Mark Spicer Date: Fri, 7 Mar 2025 10:22:02 -0500 Subject: [PATCH 45/45] feat(ssi): add target based workload selection (#1745) * feat(ssi): add target based workload selection This commit adds support for targets that are available in Cluster Agent 7.64.0. * Add example * Add ci values --- charts/datadog/CHANGELOG.md | 4 ++++ charts/datadog/Chart.yaml | 2 +- charts/datadog/README.md | 3 ++- ...trumentation-admission-controller-values.yaml | 13 +++++++++++++ .../templates/cluster-agent-deployment.yaml | 4 ++++ charts/datadog/values.yaml | 16 ++++++++++++++++ 6 files changed, 40 insertions(+), 2 deletions(-) diff --git a/charts/datadog/CHANGELOG.md b/charts/datadog/CHANGELOG.md index 2574fccc4..3da3aac32 100644 --- a/charts/datadog/CHANGELOG.md +++ b/charts/datadog/CHANGELOG.md @@ -1,5 +1,9 @@ # Datadog changelog +## 3.106.0 + +* Target based workload selection for Single Step Instrumentation has been added in preview (requires Cluster Agent 7.64.0+) + ## 3.105.0 * Add `datadog.discovery.networkStats.enabled` configuration to control Service Discovery network stats collection. diff --git a/charts/datadog/Chart.yaml b/charts/datadog/Chart.yaml index 8b7c0a81a..26f1d0255 100644 --- a/charts/datadog/Chart.yaml +++ b/charts/datadog/Chart.yaml @@ -1,7 +1,7 @@ --- apiVersion: v1 name: datadog -version: 3.105.0 +version: 3.106.0 appVersion: "7" description: Datadog Agent keywords: diff --git a/charts/datadog/README.md b/charts/datadog/README.md index c44914e7e..b7c979c3c 100644 --- a/charts/datadog/README.md +++ b/charts/datadog/README.md @@ -1,6 +1,6 @@ # Datadog -![Version: 3.105.0](https://img.shields.io/badge/Version-3.105.0-informational?style=flat-square) ![AppVersion: 7](https://img.shields.io/badge/AppVersion-7-informational?style=flat-square) +![Version: 3.106.0](https://img.shields.io/badge/Version-3.106.0-informational?style=flat-square) ![AppVersion: 7](https://img.shields.io/badge/AppVersion-7-informational?style=flat-square) [Datadog](https://www.datadoghq.com/) is a hosted infrastructure monitoring platform. This chart adds the Datadog Agent to all nodes in your cluster via a DaemonSet. It also optionally depends on the [kube-state-metrics chart](https://github.com/prometheus-community/helm-charts/tree/main/charts/kube-state-metrics). For more information about monitoring Kubernetes with Datadog, please refer to the [Datadog documentation website](https://docs.datadoghq.com/agent/basic_agent_usage/kubernetes/). @@ -703,6 +703,7 @@ helm install \ | datadog.apm.instrumentation.language_detection.enabled | bool | `true` | Run language detection to automatically detect languages of user workloads (preview). | | datadog.apm.instrumentation.libVersions | object | `{}` | Inject specific version of tracing libraries with Single Step Instrumentation (preview). | | datadog.apm.instrumentation.skipKPITelemetry | bool | `false` | Disable generating Configmap for APM Instrumentation KPIs | +| datadog.apm.instrumentation.targets | list | `[]` | Enable target based workload selection (preview). Requires Cluster Agent 7.64.0+ | | datadog.apm.port | int | `8126` | Override the trace Agent port | | datadog.apm.portEnabled | bool | `false` | Enable APM over TCP communication (hostPort 8126 by default) | | datadog.apm.socketEnabled | bool | `true` | Enable APM over Socket (Unix Socket or windows named pipe) | diff --git a/charts/datadog/ci/apm-single-step-instrumentation-admission-controller-values.yaml b/charts/datadog/ci/apm-single-step-instrumentation-admission-controller-values.yaml index e16325d78..63d36fa8b 100644 --- a/charts/datadog/ci/apm-single-step-instrumentation-admission-controller-values.yaml +++ b/charts/datadog/ci/apm-single-step-instrumentation-admission-controller-values.yaml @@ -8,3 +8,16 @@ clusterAgent: enabled: true admissionController: enabled: true + targets: + - name: "example" + podSelector: + matchLabels: + language: "python" + namespaceSelector: + matchNames: + - "applications" + ddTraceVersions: + python: "v2" + ddTraceConfigs: + - name: "DD_PROFILING_ENABLED" + value: "true" diff --git a/charts/datadog/templates/cluster-agent-deployment.yaml b/charts/datadog/templates/cluster-agent-deployment.yaml index de82b3615..7386d767b 100644 --- a/charts/datadog/templates/cluster-agent-deployment.yaml +++ b/charts/datadog/templates/cluster-agent-deployment.yaml @@ -281,6 +281,10 @@ spec: - name: DD_APM_INSTRUMENTATION_LIB_VERSIONS value: {{ .Values.datadog.apm.instrumentation.libVersions | toJson | quote }} {{- end }} + {{- if .Values.datadog.apm.instrumentation.targets }} + - name: DD_APM_INSTRUMENTATION_TARGETS + value: {{ .Values.datadog.apm.instrumentation.targets | toJson | quote }} + {{- end }} {{- if .Values.datadog.apm.instrumentation.injector.imageTag }} - name: DD_APM_INSTRUMENTATION_INJECTOR_IMAGE_TAG value: {{ .Values.datadog.apm.instrumentation.injector.imageTag | quote }} diff --git a/charts/datadog/values.yaml b/charts/datadog/values.yaml index eda1f1a64..d889d1a39 100644 --- a/charts/datadog/values.yaml +++ b/charts/datadog/values.yaml @@ -530,6 +530,22 @@ datadog: # datadog.apm.instrumentation.libVersions -- Inject specific version of tracing libraries with Single Step Instrumentation (preview). libVersions: {} + # datadog.apm.instrumentation.targets -- Enable target based workload selection (preview). + # Requires Cluster Agent 7.64.0+ + targets: [] + # - name: "example" + # podSelector: + # matchLabels: + # language: "python" + # namespaceSelector: + # matchNames: + # - "applications" + # ddTraceVersions: + # python: "v2" + # ddTraceConfigs: + # - name: "DD_PROFILING_ENABLED" + # value: "true" + # datadog.apm.instrumentation.skipKPITelemetry -- Disable generating Configmap for APM Instrumentation KPIs skipKPITelemetry: false